On Mon, 6 Jan 2014 15:01:58 -0500
Jim Jagielski wrote:
>
> On Jan 6, 2014, at 2:40 PM, Blaise Tarr wrote:
> >
> > So mod_rewrite is not recognizing the "unix:" prefix as being
> > valid. I temporarily commented out the call of fully_qualify_uri(r)
> > at mod_rewrite.c:4130, and now r->filename
So I've received at least two people asking me for more details about
CVE-2013-1896. I thinking it might be better to provide more than a couple
sentences on the issues. It can be hard to understand the impact of an issue
from what we're providing now.
If the unsigned quantity can be expressed as a signed
quantity, then all is well. The only undefined behavior
(implementation specific) is if it can't be. However,
the conversion from a non-0 quantity to a 0 would
be extremely unlikely. You'd get an unexpected signed
value, but I can't imagine any
From: Yann Ylavic
Sent: Mittwoch, 8. Januar 2014 16:57
To: httpd; apr
Subject: Re: Event and atomics, round II
On Wed, Jan 8, 2014 at 2:03 PM, Jim Jagielski
mailto:j...@jagunet.com>> wrote:
On Jan 7, 2014, at 3:15 PM, Jeff Trawick
mailto:traw...@gmail.com>> wrote:
>
> +1 for APR trunk, +0.9 f
On Wed, Jan 8, 2014 at 2:03 PM, Jim Jagielski wrote:
>
> On Jan 7, 2014, at 3:15 PM, Jeff Trawick wrote:
> >
> > +1 for APR trunk, +0.9 for future APR 1.6.x, -0.9 for APR 1.5.x...
> >
> > alternate opinions?
> >
>
> As far as I know, C guarantees that
>
> if (a)
>
> is the same as
>
>
> -Original Message-
> From: Jim Jagielski
> Sent: Mittwoch, 8. Januar 2014 14:03
> To: Jeff Trawick
> Cc: Apache HTTP Server Development List; apr
> Subject: Re: Event and atomics, round II
>
>
> On Jan 7, 2014, at 3:15 PM, Jeff Trawick wrote:
> >
> > +1 for APR trunk, +0.9 for futur
On Jan 7, 2014, at 3:15 PM, Jeff Trawick wrote:
>
> +1 for APR trunk, +0.9 for future APR 1.6.x, -0.9 for APR 1.5.x...
>
> alternate opinions?
>
As far as I know, C guarantees that
if (a)
is the same as
if (a != 0)
So I'm unsure of the need for this patch.
On 06.01.2014 08:46, Jan Kaluža wrote:
> On 01/05/2014 11:10 AM, Kaspar Brand wrote:
> I think I have no problem with changing the code to work as you
> describe. I've only thought the way it works now is better, because
> otherwise httpd could dump some files which it does not consider later.
>