Hi All,
I just want to ping again to see if there is any updates on this?
Thanks,
Yingqi
-Original Message-
From: Lu, Yingqi [mailto:yingqi...@intel.com]
Sent: Friday, January 09, 2015 9:57 AM
To: dev@httpd.apache.org
Subject: RE: Time for 2.4.11
Hi Jim,
Thanks for your email. I think
> But the damage has been done for some months on 2.2, and we are noticing
this, now?
All distros still shipping Apache 2.2 still are using older mod_wsgi 3.X
versions which I don't at this point believe are affected by this issue.
People who build stuff from source code themselves would be using
- Original Message - Subject: Re: CVE-2013-5704 fix breaks
mod_wsgi
From: "Joe Orton"
Date: 1/12/15 11:05 am
To: dev@httpd.apache.org
On Mon, Jan 12, 2015 at 11:25:53AM -0500, Eric Covener wrote:
> On Fri, Jan 9, 2015 at 3:23 PM, Joe Orton wrote:
> > Either way, the fix for CV
Hi,
the commit message is wrong for this one. Cut'n paste error from the
previous one.
Won't have time myself to fix it in the comming days.
Best regards
CJ
Le 12/01/2015 14:39, j...@apache.org a écrit :
Author: jim
Date: Mon Jan 12 13:39:07 2015
New Revision: 1651084
URL: http://svn.apac
- Original Message - Subject: Re: CVE-2013-5704 fix breaks
mod_wsgi
From: "Joe Orton"
Date: 1/12/15 5:27 am
To: "Graham Dumpleton"
Cc: "dev@httpd.apache.org"
On Sat, Jan 10, 2015 at 09:04:12AM +1100, Graham Dumpleton wrote:
> 1. Verify that recompiling mod_wsgi is actually suf
On Mon, Jan 12, 2015 at 11:25:53AM -0500, Eric Covener wrote:
> On Fri, Jan 9, 2015 at 3:23 PM, Joe Orton wrote:
> > Either way, the fix for CVE-2013-5704 ends up breaking backwards
> > compatibility with existing 2.4.x builds of mod_wsgi, which is kind of
> > Bad. I don't have a good proposal fo
On Mon, Jan 12, 2015 at 11:25 AM, Eric Covener wrote:
> Part of that question is probably "who else has figured out how to cope
ignore this trailing bit.
On Fri, Jan 9, 2015 at 3:23 PM, Joe Orton wrote:
> Either way, the fix for CVE-2013-5704 ends up breaking backwards
> compatibility with existing 2.4.x builds of mod_wsgi, which is kind of
> Bad. I don't have a good proposal for how to fix or avoid this. Worst
> case, we make clear the mod_wsgi
Would like to get this one in 2.4.11 if any eyes available.
-- Forwarded message --
From:
Date: Mon, Jan 12, 2015 at 8:45 AM
Subject: svn commit: r1651090 - /httpd/httpd/branches/2.4.x/STATUS
To: c...@httpd.apache.org
Author: covener
Date: Mon Jan 12 13:45:47 2015
New Revision
BTW. I need to go back and check, but I actually suspect that the crash
will only occur in mod_wsgi where mod_wsgi 4.4.0 or later was being used.
It was only in 4.4.0 that content started to be passed between the Apache
child worker processes and the mod_wsgi daemon process using chunking.
The WSG
On 12 January 2015 at 22:27, Joe Orton wrote:
> On Sat, Jan 10, 2015 at 09:04:12AM +1100, Graham Dumpleton wrote:
> > 1. Verify that recompiling mod_wsgi is actually sufficient given than my
> > direct use of request_rec isn't going to populate the extra fields and
> they
> > will remain NULL sti
On Sat, Jan 10, 2015 at 07:38:03AM -0500, Jeff Trawick wrote:
> On Fri, Jan 9, 2015 at 3:48 PM, Jeff Trawick wrote:
> > * Add helper functions to allocate a request_rec, conn_rec, server_rec.
> > It doesn't solve all possible problems of course but can drastically reduce
> > the frequency of needi
On Sat, Jan 10, 2015 at 09:04:12AM +1100, Graham Dumpleton wrote:
> 1. Verify that recompiling mod_wsgi is actually sufficient given than my
> direct use of request_rec isn't going to populate the extra fields and they
> will remain NULL still. As trailers shouldn't be expected in context the
> req
13 matches
Mail list logo
