Re: svn commit: r1681002 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS docs/conf/extra/httpd-ssl.conf.in

On Fri, May 22, 2015 at 8:43 AM, wrote: > Author: wrowe > Date: Fri May 22 06:43:12 2015 > New Revision: 1681002 > [] > > Modified: > httpd/httpd/branches/2.2.x/CHANGES [] > > Modified: httpd/httpd/branches/2.2.x/CHANGES > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGE

CONNECT 2.2 behavior

Folks, someone please give this a third pair of eyeballs, the change discussed in bugzilla is the correct behavior. * mod_proxy: use the original (non absolute) form of the request-line's URI for requests embedded in CONNECT payloads used to connect SSL backends via a ProxyRemote forw

Platform specific CTR/RTC?

I think this has sat enough in STATUS that I'll commit by lazy consensus prior to tag and roll of 2.2.30, unless anyone has a legitimate correction/objection? It might be worth mentioning that it's been in production for about 3-4 years or so, and only was delayed in 2.2 due to the unavoidable dri

Re: svn commit: r1680895 - in /httpd/httpd/trunk: docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c

Am 21.05.2015 um 20:57 schrieb Eric Covener: On Thu, May 21, 2015 at 2:54 PM, Jeff Trawick wrote: This is a very nice improvement over introducing "M", and Yann's suggestion to expand "T" instead of "D" is an increment above that. Any concerns if I switch them out? +1 here No concern. I'm

Re: svn commit: r1680895 - in /httpd/httpd/trunk: docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c

On 05/21/2015 02:57 PM, Eric Covener wrote: On Thu, May 21, 2015 at 2:54 PM, Jeff Trawick wrote: This is a very nice improvement over introducing "M", and Yann's suggestion to expand "T" instead of "D" is an increment above that. Any concerns if I switch them out? +1 here done; now fixing up

Re: svn commit: r1680895 - in /httpd/httpd/trunk: docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c

On Thu, May 21, 2015 at 2:54 PM, Jeff Trawick wrote: > This is a very nice improvement over introducing "M", and Yann's suggestion > to expand "T" instead of "D" is an increment above that. > > Any concerns if I switch them out? +1 here

Re: httpd - side channel attack - timing of digest comparisons

Very quick and dirty list of the most obvious places where we compare stuff. Currently trying to find some time to figure out if these are all vulnerable; or if it is just the two outer ones. Dw. Index: modules/aaa/mod_auth_digest.c ==

Re: svn commit: r1680895 - in /httpd/httpd/trunk: docs/manual/mod/mod_log_config.xml modules/loggers/mod_log_config.c

On 05/21/2015 11:07 AM, rj...@apache.org wrote: Author: rjung Date: Thu May 21 15:07:15 2015 New Revision: 1680895 URL: http://svn.apache.org/r1680895 Log: mod_log_config: instead of using the new dedicated pattern format "%M" for duration milliseconds, overload the existing "%D" to choose the t

httpd - side channel attack - timing of digest comparisons

Folks, security@ got a notification of a potential side channel attack. The original message is below (sans details on the poster who wants to remain private). In short - we’re comparing the digest in mod-auth-digest in a manner that may reveal how much is actually correct; leading potentially

Re: svn commit: r1680905 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS docs/manual/mod/mod_ssl.xml modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl

Just a reminder to not loose rjung's comment... On Thu, May 21, 2015 at 5:27 PM, wrote: > > Modified: httpd/httpd/branches/2.2.x/STATUS > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1680905&r1=1680904&r2=1680905&view=diff > =

Re: Style checker?

> I still develop in what a lot of folks would consider a fairly "primitive" > environment (vi) that doesn't do anything for style checking things like line > width/spacing before and after control statements/indentation/variable > declaration/etc. I know of the indent tool available on most un