If you have the similar tool chain revs as .27, terrific! Otherwise, I'll tag
in the a.m.
+1 from me, of course.
Jim Jagielski wrote:
>If so, I can RM.
On 15 Jul 2014, at 15:38, Rüdiger Plüm wrote:
> -Original Message-
>> From: Eric Covener [mailto:cove...@gmail.com]
>> Sent: Dienstag, 15. Juli 2014 15:25
>> To: Apache HTTP Server Development List
>> Subject: Re: stop copying footers to r->headers_in?
>> What do people think about allow
Le 15/07/2014 10:15, Plüm, Rüdiger, Vodafone Group a écrit :
- in 'ap_method_list_remove()',
l->method_mask |= ~(AP_METHOD_BIT << methnum);
Doesn't this need to be
l->method_mask &= ~(AP_METHOD_BIT << methnum);
in order to remove it? Otherwise I set all methods but methnum.
On Tue, Jul 15, 2014 at 3:44 PM, Ruediger Pluem wrote:
> # testing : trailer (pid)
> # expected: '25829'
> # received: 'No chunked trailer available!'
> not ok 3
thanks, r1610833:
#ifdef APACHE1
trailer_header = ap_table_get(r->headers_in, "X-Chunk-Trailer");
+#elif (MODULE_MAGIC_COOKIE >=
cove...@apache.org wrote:
> Author: covener
> Date: Tue Jul 15 19:11:02 2014
> New Revision: 1610814
>
> URL: http://svn.apache.org/r1610814
> Log:
> *) SECURITY: CVE-2013-5704 (cve.mitre.org)
> core: HTTP trailers could be used to replace HTTP headers
> late during request processin
Testing Linux and OSX 1st (all using Event MPM):
So far, +1 on all the below:
CentOS 7
Linux centos7.localdomain 3.10.0-123.4.2.el7.x86_64 #1 SMP Mon Jun 30
16:09:14 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
OSX 10.9.4 / Xcode 5.1.1
Darwin jimsys 13.3.0 Darwin Kernel Version 13.3.0: T
If so, I can RM.
The pre-release test tarballs for Apache httpd 2.4.10 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.10 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.
Vote will last the normal 72 hr
On Tue, Jul 15, 2014 at 11:59 AM, Joe Orton wrote:
> On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote:
> > I've stuck it in STATUS. Any other opinions?
>
> Come on... one more for this, either way?
>
>* mod_proxy Connection handling crasher, CVE-2014-0117
>trunk patch: http://sv
On Tue, Jul 15, 2014 at 11:59 AM, Joe Orton wrote:
> On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote:
> > I've stuck it in STATUS. Any other opinions?
>
> Come on... one more for this, either way?
>
>* mod_proxy Connection handling crasher, CVE-2014-0117
>trunk patch: http://sv
On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote:
> I've stuck it in STATUS. Any other opinions?
Come on... one more for this, either way?
* mod_proxy Connection handling crasher, CVE-2014-0117
trunk patch: http://svn.apache.org/r1610674
ALTERNATIVE #1
2.4.x patch: http://pe
That would be at least half my fault for responding off-list... Here it is:
Thanks -- I went with ^
Shouldn't have much worry about responding to dev@
On Tue, Jul 15, 2014 at 9:42 AM, Houser, Rick wrote:
> New to this list, so responding directly until I have a be
On Tue, Jul 15, 2014 at 11:07 AM, Plüm, Rüdiger, Vodafone Group
wrote:
> This should work. But don't you need to register then ^Ti instead of Ti?
yeah, it needs to be registered and used in httpd.conf w/ the ^
--
Eric Covener
cove...@gmail.com
> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Dienstag, 15. Juli 2014 17:02
> To: Apache HTTP Server Development List
> Subject: Re: stop copying footers to r->headers_in?
>
> On Tue, Jul 15, 2014 at 10:56 AM, Plüm, Rüdiger, Vodafone Group
> wrote:
> >
> >
On Tue, Jul 15, 2014 at 10:56 AM, Plüm, Rüdiger, Vodafone Group
wrote:
>
>
>> -Original Message-
>> From: Eric Covener [mailto:cove...@gmail.com]
>> Sent: Dienstag, 15. Juli 2014 16:52
>> To: Apache HTTP Server Development List
>> Subject: Re: stop copying footers to r->headers_in?
>>
>> O
> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Dienstag, 15. Juli 2014 16:52
> To: Apache HTTP Server Development List
> Subject: Re: stop copying footers to r->headers_in?
>
> On Tue, Jul 15, 2014 at 10:38 AM, Plüm, Rüdiger, Vodafone Group
> wrote:
> > Is
On Tue, Jul 15, 2014 at 10:38 AM, Plüm, Rüdiger, Vodafone Group
wrote:
> Is there a way for people with such a setup to fix this with a different
> config?
> From the top of my head I would say no and that would be a blocker.
Do you think the required '^' prefix in the followup is enough? In
th
On Jul 15, 2014, at 10:38 AM, Plüm, Rüdiger, Vodafone Group
wrote:
>
>
>> -Original Message-
>> From: Eric Covener [mailto:cove...@gmail.com]
>> Sent: Dienstag, 15. Juli 2014 15:25
>> To: Apache HTTP Server Development List
>> Subject: Re: stop copying footers to r->headers_in?
>>
>>
> -Original Message-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Dienstag, 15. Juli 2014 15:25
> To: Apache HTTP Server Development List
> Subject: Re: stop copying footers to r->headers_in?
>
> Candidate patch uses %I and %O but they are used by mod_logio. It is
> hard to f
Yes, thanks! The patch I started with had out but not in initialized there
On Tue, Jul 15, 2014 at 10:20 AM, Plüm, Rüdiger, Vodafone Group
wrote:
> Can you try if the following patch on top fixes this:
>
> Index: mod_proxy_http.c
> =
Can you try if the following patch on top fixes this:
Index: mod_proxy_http.c
===
--- mod_proxy_http.c(revision 1610607)
+++ mod_proxy_http.c(working copy)
@@ -1003,9 +1003,11 @@
rp->status = HTTP_OK;
rp->h
something odd in proxy path when backend has
#0 0x7f16f51b92e1 in apr_table_clear (t=0x0) at tables/apr_tables.c:467
467 t->a.nelts = 0;
(gdb) where
#0 0x7f16f51b92e1 in apr_table_clear (t=0x0) at tables/apr_tables.c:467
#1 0x00483bfc in read_chunked_trailers (ctx=0x7f16
On Tue, Jul 15, 2014 at 09:25:20AM -0400, Jim Jagielski wrote:
> I am very hesitant about adding this with so little
> review time... I would like to propose that we simply
> release 2.4.10 with the simple, trivial crash-fixer
> and allow us to spend more time on the below, in order
> to ensure it'
I am very hesitant about adding this with so little
review time... I would like to propose that we simply
release 2.4.10 with the simple, trivial crash-fixer
and allow us to spend more time on the below, in order
to ensure it's solid.
I'm -0.99 (for 2.4.x) :)
On Jul 15, 2014, at 9:18 AM, Joe Orto
Candidate patch uses %I and %O but they are used by mod_logio. It is
hard to find two good unused characters.
What do people think about allowing two-character log formats? I
think patch below only breaks someone who had a %XX where XX is a
registered two digit tag and they expect the 1 char + l
I am +1 on folding in the simpler patch that fixes the
immediate problem and holding off on anything more
complicated for the next release
On Jul 15, 2014, at 8:38 AM, Joe Orton wrote:
> On Tue, Jul 15, 2014 at 12:27:00PM -, jor...@apache.org wrote:
>> Author: jorton
>> Date: Tue Jul 15
On Tue, Jul 15, 2014 at 03:14:56PM +0200, Yann Ylavic wrote:
> On Tue, Jul 15, 2014 at 3:07 PM, Plüm, Rüdiger, Vodafone Group
> wrote:
> > Isn't
> >
> > x.is_req = (headers == r->headers_in);
> >
> > in ap_proxy_clear_connection an issue, when only called with the copy of
> > r->headers_in?
>
>
On Tue, Jul 15, 2014 at 3:07 PM, Plüm, Rüdiger, Vodafone Group
wrote:
> Isn't
>
> x.is_req = (headers == r->headers_in);
>
> in ap_proxy_clear_connection an issue, when only called with the copy of
> r->headers_in?
Hm, you are right.
Here is a v2 which introduces ap_proxy_clear_connection_ex()
Isn't
x.is_req = (headers == r->headers_in);
in ap_proxy_clear_connection an issue, when only called with the copy of
r->headers_in?
Regards
Rüdiger
> -Original Message-
> From: Yann Ylavic > Sent: Dienstag, 15. Juli 2014 15:00
> To: httpd
> Subject: Re: svn commit: r1610674 - in /ht
On Tue, Jul 15, 2014 at 2:38 PM, Joe Orton wrote:
If somebody wants to propose a backport of r1610674 for 2.4.x
> please jump to it ASAP!
Attached is a 2.4.x version of r1610674 that should work.
r1588527 copies headers_in sooner in the function but
ap_proxy_clear_connection() can still be calle
On Tue, Jul 15, 2014 at 12:27:00PM -, jor...@apache.org wrote:
> Author: jorton
> Date: Tue Jul 15 12:27:00 2014
> New Revision: 1610674
>
> URL: http://svn.apache.org/r1610674
> Log:
> SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
> proxy configuration, a remote attacker c
I will be tagging and rolling today, right around noon eastern.
> -Original Message-
> From: Christophe JAILLET [mailto:christophe.jail...@wanadoo.fr]
> Sent: Montag, 14. Juli 2014 22:55
> To: dev@httpd.apache.org
> Subject: Question on ap_method_* functions
>
> Hi,
>
> I was about to submit a patch in order to remove the 'register' keyword
> in a v
33 matches
Mail list logo
