On 9 Apr 2014, at 14:46, Eric Covener wrote:
> r1023398 for 2.2:
>
> http://people.apache.org/~covener/patches/httpd-2.2.x-thunder.diff
>
> The remove_url() prevents other threads from serving a stale cached
> file during refresh of a slow response, but it's unnecessary to have a
> separate pa
On 09.04.2014 21:42, Rainer Jung wrote:
> On 09.04.2014 18:05, Reindl Harald wrote:
>>
>>
>> Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
>>> Combined with typical ssl session shmcb ... That single process still has
>>> session keys of other prefork processes,
>>> as well as the common ssl se
r1023398 for 2.2:
http://people.apache.org/~covener/patches/httpd-2.2.x-thunder.diff
The remove_url() prevents other threads from serving a stale cached
file during refresh of a slow response, but it's unnecessary to have a
separate path because the refresh has to deal with 200s already. When
Am 09.04.2014 21:42, schrieb Rainer Jung:
> On 09.04.2014 18:05, Reindl Harald wrote:
>> Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
>>> Combined with typical ssl session shmcb ... That single process still has
>>> session keys of other prefork processes,
>>> as well as the common ssl sess
Thanks, promoted in r1586125.
On Wed, Apr 9, 2014 at 7:15 PM, Christophe JAILLET
wrote:
> Hi,
>
> this is already in the proposal list, first one at the top, just waiting for
> a last vote to be accepted.
>
> CJ
>
> Le 07/04/2014 11:24, yla...@apache.org a écrit :
>
>> Author: ylavic
>> Date: Mon
On Wed, Apr 9, 2014 at 2:24 AM, wrote:
> Author: kbrand
> Date: Wed Apr 9 08:24:25 2014
> New Revision: 1585902
>
> URL: http://svn.apache.org/r1585902
> Log:
> Update SSLPassPhraseDialog directive docs to correctly describe the
> current behavior for "exec"-type programs in 2.4.x, at least.
> T
On 09.04.2014 18:05, Reindl Harald wrote:
>
>
> Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
>> Combined with typical ssl session shmcb ... That single process still has
>> session keys of other prefork processes,
>> as well as the common ssl session ticket key and ssl cert keys. In practi
On Wed, Apr 9, 2014 at 10:24 AM, Jeff Trawick wrote:
> On Fri, Apr 4, 2014 at 7:48 PM, Jeff Trawick wrote:
>
>> On Tue, Feb 18, 2014 at 3:50 PM, Scott Deboy wrote:
>>
>>> Hi folks,
>>>
>>> I was wondering if someone would be willing/interested in reviewing the
>>> patch I've attached to issue 55
Hi,
this is already in the proposal list, first one at the top, just waiting
for a last vote to be accepted.
CJ
Le 07/04/2014 11:24, yla...@apache.org a écrit :
Author: ylavic
Date: Mon Apr 7 09:24:05 2014
New Revision: 1585438
URL: http://svn.apache.org/r1585438
Log:
Propose mod_auth_form
On Fri, Apr 4, 2014 at 7:48 PM, Jeff Trawick wrote:
> On Tue, Feb 18, 2014 at 3:50 PM, Scott Deboy wrote:
>
>> Hi folks,
>>
>> I was wondering if someone would be willing/interested in reviewing the
>> patch I've attached to issue 55467.
>>
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=55
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
> Combined with typical ssl session shmcb ... That single process still has
> session keys of other prefork processes,
> as well as the common ssl session ticket key and ssl cert keys. In practice
> the benefits of prefork are somewhat
> limite
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes, as well as the common ssl session
ticket key and ssl cert keys. In practice the benefits of prefork are
somewhat limited to casual attacks.
On Wed, Apr 9, 2014 at 5:48 AM, Reindl Harald wrote:
> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other worke
Am 09.04.2014 14:19, schrieb Graham Leggett:
> On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller wrote:
>
>> There have been some zero-before-free changes in mozilla-nss recently.
>> It may be time to have object reuse issues in mind for both core and at
>> least the auth* modules.
>
> The follow
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller wrote:
> There have been some zero-before-free changes in mozilla-nss recently.
> It may be time to have object reuse issues in mind for both core and at
> least the auth* modules.
The following function was added to apr-util to do that:
/**
* @b
> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other workers?
>
The address space boundary of the process is t
Am 09.04.2014 13:53, schrieb Graham Leggett:
> On 09 Apr 2014, at 1:48 PM, Reindl Harald wrote:
>> after update openssl and re-new all certificates one question
>> remains: in case of httpd-prefork would a attacker only have
>> been able to compromise the private key and data of his
>> worker-pro
On 09 Apr 2014, at 1:48 PM, Reindl Harald wrote:
> after update openssl and re-new all certificates one question
> remains: in case of httpd-prefork would a attacker only have
> been able to compromise the private key and data of his
> worker-process or as well access the memory of other workers?
Hi
i know that this is more or less off-topic but i doubt there
are better sources to ask then the httpd-developers
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
wo
19 matches
Mail list logo
