On Wed, 2015-06-24 at 16:03 -0400, Eric Covener wrote:
> For 2.4, do we need some kind of global property for people who were
> already working around the merge?
My commit was to trunk (after someone prodded us on-list).
For 2.4 we should not change existing behaviour. At least,
not as a default.
On Wed, Jun 24, 2015 at 5:04 PM, Yann Ylavic wrote:
> I think we need that yes (backport probably proposed the too early).
> Would something like SubstituteBaseFirst (server scope), on by default
> on 2.4.x and off on trunk, be OK?
I'm not sure about the default, I think changed behavior might be
I think we need that yes (backport probably proposed the too early).
Would something like SubstituteBaseFirst (server scope), on by default
on 2.4.x and off on trunk, be OK?
Maybe a better name?
On Wed, Jun 24, 2015 at 10:03 PM, Eric Covener wrote:
> For 2.4, do we need some kind of global proper
All LBmethods have an "age" function which is designed to appropriately
"age" the data so that things even out after awhile. Of course, right
now, none actually *uses* that.
But I think the reason is because there is no real good way,
currently, in mod_proxy to do that...
Well, in the LBmethod I
For 2.4, do we need some kind of global property for people who were
already working around the merge?
On Thu, Jun 11, 2015 at 10:22 AM, wrote:
> Author: niq
> Date: Thu Jun 11 14:22:21 2015
> New Revision: 1684900
>
> URL: http://svn.apache.org/r1684900
> Log:
> mod_substitute: Fix configuraton
On Wed, Jun 24, 2015 at 6:04 PM, William A Rowe Jr wrote:
>
> *) SECURITY: CVE-2015-3183 (cve.mitre.org)
> core: Fix chunk header parsing defect.
> Remove apr_brigade_flatten(), buffering and duplicated code from
> the HTTP_IN filter, parse chunks in a single pass with zero copy.
On Wed, Jun 24, 2015 at 6:12 PM, Graham Leggett wrote:
> On 24 Jun 2015, at 6:04 PM, William A Rowe Jr wrote:
>
>> If you had offered to review security patches in Jeff's 2.2 interest thread
>> of a month ago, please consider taking a bit of time to compare this change
>> to the corresponding c
Forget my question, it is not a bug report.
Q: Is my assumption wright that when not build with a driver ( OpenSSL and/or
NSS) it should use apr-crypto ?
If no, should be good to have an error logged, instead of a crash.
Ps.
With no driver the module loads fine, only when using crypto it cras
On 24 Jun 2015, at 6:04 PM, William A Rowe Jr wrote:
> If you had offered to review security patches in Jeff's 2.2 interest thread
> of a month ago, please consider taking a bit of time to compare this change
> to the corresponding change already approved in 2.4.x branch (and rather
> extensiv
On Fri, Jun 19, 2015 at 11:42 AM, William A Rowe Jr
wrote:
>
> On Jun 18, 2015 1:45 PM, "William A Rowe Jr" wrote:
> >
> > On Jun 11, 2015 8:22 AM, "Eric Covener" wrote:
> > >
> > > On Thu, Jun 11, 2015 at 9:08 AM William A Rowe Jr
> wrote:
> > >>
> > >> But withholding a security fix for lega
If asking about crash-bugs on dev@, could you please include the backtrace?
.pdb symbols make it useful, while
https://msdn.microsoft.com/en-us/library/windows/hardware/ff551063(v=vs.85).aspx
shows how to load the user.dmp file and produce that backtrace.
User in that link seems to be changing to
When build on Windows with no openssl or nss driver , I was assuming
that mod_session crypto would use apr-crypto.
Seems I was wrong, then Apache crashes without anything in the log,
quite some reports, see the latest at
http://www.apachelounge.com/viewtopic.php?p=30892#30892
When I bu
On Jun 24, 2015 8:39 AM, "Eric Covener" wrote:
>
> On Wed, Jun 24, 2015 at 9:26 AM, Graham Leggett wrote:
> > I believe we should be treating the “pseudo” connections as real
connections, and perhaps by linking a “subconnection” to a “connection”
(c->main) in the same way we currently link a subr
On 24 Jun 2015, at 4:07 PM, Stefan Eissing wrote:
> Hmm, yes, well. It's the thought that counts... ;-)
>
> I think this will not be enough, though, if I understood the failures of my
> various attempts correctly. But it will certainly be good if more heads than
> one have a go at this.
>
> L
> Am 24.06.2015 um 16:14 schrieb Eric Covener :
>
> On Wed, Jun 24, 2015 at 10:07 AM, Stefan Eissing
> wrote:
>> Hmm, yes, well. It's the thought that counts... ;-)
>>
>> I think this will not be enough, though, if I understood the failures of my
>> various attempts correctly. But it will cert
On Wed, Jun 24, 2015 at 10:07 AM, Stefan Eissing
wrote:
> Hmm, yes, well. It's the thought that counts... ;-)
>
> I think this will not be enough, though, if I understood the failures of my
> various attempts correctly. But it will certainly be good if more heads than
> one have a go at this.
>
> Am 24.06.2015 um 15:50 schrieb Jim Jagielski :
>
>
>> On Jun 24, 2015, at 9:39 AM, Eric Covener wrote:
>>
>> On Wed, Jun 24, 2015 at 9:26 AM, Graham Leggett wrote:
>>> I believe we should be treating the “pseudo” connections as real
>>> connections, and perhaps by linking a “subconnection”
On 24 Jun 2015, at 3:58 PM, Stefan Eissing wrote:
> Totally agree. That is why it is not implemented like that. With the side
> effect that mod_logio, for example, does not aggregate data for the main
> connection.
>
> The only exception in the current implementation is mod_ssl. mod_h2 copies
> Am 24.06.2015 um 15:26 schrieb Graham Leggett :
>
> I would argue that the copying option above is most dangerous, as this has
> side effects that may not be catered for by pool cleanups.
Totally agree. That is why it is not implemented like that. With the side
effect that mod_logio, for exa
> On Jun 24, 2015, at 9:39 AM, Eric Covener wrote:
>
> On Wed, Jun 24, 2015 at 9:26 AM, Graham Leggett wrote:
>> I believe we should be treating the “pseudo” connections as real
>> connections, and perhaps by linking a “subconnection” to a “connection”
>> (c->main) in the same way we currentl
Could we check that the proposed patch works and that "everyone" is
OK w/ the implementation as well as maintaining the behavior.
My hope would be to T&R 2.4.16 the end of this week :)
On Wed, Jun 24, 2015 at 9:26 AM, Graham Leggett wrote:
> I believe we should be treating the “pseudo” connections as real connections,
> and perhaps by linking a “subconnection” to a “connection” (c->main) in the
> same way we currently link a subrequest to a request (r->main).
There are some b
On 22 Jun 2015, at 2:48 PM, Stefan Eissing wrote:
> Eric, thanks for the help! When enabling mod_logio it became immediately
> clear that mod_h2 wrongly prevented some pre_connection hooks to run.
> mod_logio however expects its allocated module config to be there when a
> request gets cleaned
23 matches
Mail list logo
