On 4/30/15 2:52 PM, William A Rowe Jr wrote:
> It seems that we have 2 groups of good things to come out of ApacheCon,
> some immediate fixes for things like BSD project efforts, some pretty
> straightforward defects that have been resolved... and then there's a bunch
> of energy about enhancements
On 5/3/15 8:05 AM, Jim Jagielski wrote:
> Thx!
>
>> On May 1, 2015, at 3:29 PM, Ben Reser wrote:
>>
>> On 4/30/15 2:52 PM, William A Rowe Jr wrote:
>>> It seems that we have 2 groups of good things to come out of ApacheCon,
>>> some immediate fixes
On 5/4/15 7:40 AM, Brian J. France wrote:
> While you are in mod_dav, could you review these patches and see if it makes
> sense to add them?
>
> httpd-2.2.x :
> http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.22
> httpd-2.4.x :
> http://www.brianfrance.com/software/apache/dav/mo
On 6/8/15 10:17 AM, William A Rowe Jr wrote:
> In this example, the patch was enhanced and the original reviewers' efforts
> were thrown away. It's a shame to waste the limited review cycles.
>
> Moving forwards, can we please do two things. 1) retain the original patch
> and
> vote in the STATU
I submitted this patch quite a while ago. Another situation has come
up where better error logging would have been nice in this case.
Which reminded me that I hadn't see any action on this patch. I know
that everyone is busy, but was hoping someone could take some time to
look at it.
Thanks.
Thanks.
On Wed, Apr 3, 2013 at 5:23 PM, Jeff Trawick wrote:
> On Wed, Apr 3, 2013 at 7:56 PM, Ben Reser wrote:
>>
>> I submitted this patch quite a while ago. Another situation has come
>> up where better error logging would have been nice in this case.
>> Which re
On Tue, Apr 30, 2013 at 3:03 AM, André Warnier wrote:
> Let us imagine for a moment that this suggestion is implemented in the
> Apache webservers,
> and is enabled in the default configuration. And let's imagine that after a
> while, 20% of
> the Apache webservers deployed on the Internet have t
On Tue, Apr 30, 2013 at 4:09 PM, André Warnier wrote:
> But I have been trying to figure out a real use case, where expecting 404
> responses in the course of legitimate applications or website access would
> be a normal thing to do, and I admit that I haven't been able to think of
> any.
> Can yo
On Wed, May 1, 2013 at 7:16 AM, André Warnier wrote:
> If it tries just one URL per server, and walks off if the response takes
> longer than some pre-determined value, then it all depends on what this
> value is.
> If the value is very small, then it will miss a larger proportion of the
> potenti
On Tue, Apr 30, 2013 at 5:23 PM, André Warnier wrote:
> Alternatives :
> 1) if you were running such a site (which I would still suppose is a
> minority of the 600 Million websites which exist), you could easily disable
> the feature.
> 2) you could instead return a redirect response, to a page sa
On Thu, May 2, 2013 at 4:53 PM, Guenter Knauf wrote:
> isnt that one of the core issues - that folks who dont know what they do run
> a webserver? And then, shouldnt these get punished with being hacked so that
> they try to learn and finally *know* what they do, and do it right next
> time? ;-)
On Fri, May 24, 2013 at 8:13 AM, William A. Rowe Jr.
wrote:
> That fortunately is documented, with some pretty good notes in
> the wiki as well that aught to percolate into the docs. That
> said, documenting every Microsoft-version-quirk seems out of
> scope for a general purpose 'compiling' doc.
On Fri, May 24, 2013 at 8:23 AM, William A. Rowe Jr.
wrote:
> Another question is where exactly do we stand with OS/X right now?
>
> Apple HFS+ is still not supported, there exists a forced lower-case
> canonicalization hack authored by Apple, but AFAICT still no progress
> on retrieving the true
On Mon, May 27, 2013 at 8:42 PM, kalyan sita wrote:
> I see that the below functions have specific assembly implementations for
> os32,ia32 architectures:
>
> apr_atomic_add32
> apr_atomic_sub32
> apr_atomic_inc32
> apr_atomic_dec32
> apr_atomic_set32
> apr_atomic_cas32
> apr_atomic_casptr
> apr_a
On Wed, Jul 10, 2013 at 8:25 AM, peter_bateman wrote:
> I just haven't seen the apache processes listing with the -k start option on
> any of my other servers, and wasn't sure why it was being displayed here...
If you've been using a platform where the ps command doesn't list the
command argument
On Wed, Jul 10, 2013 at 3:30 PM, Guenter Knauf wrote:
> I was also thinking about learning how to release - but the lack of proper
> documentation for the whole process holds me back; I remember how Graham
> fell from one trap into another when he did his 1st APR release, and I dont
> want to get
This patch fixes a regression created by the PR54610. COPY does not
modify the parent of the source, so it should not be validating the
parent. This issue actually disallows the ability to COPY the root of
a DAV repository since a properly implemented DAV provider will return
NULL and dav_method_
On Wed, Jul 31, 2013 at 8:02 AM, Mikhail T. wrote:
> As a minimum, testing the subsequent children of RequireAll after one of
> them already responded with "denied" seems like a bug...
I'm not sure about the AuthMerging but I can say that trying the "tiv
expiration" is not a bug.
First of all yo
initial request, even if that URI matches the same set of access
control configuration directives, then use AP_AUTH_INTERNAL_PER_URI.
]]]
> 01.08.2013 21:05, Ben Reser wrote:
> If the resulting response is AUTHZ_DENIED_NO_USER then processing continues.
>
>
> Is that so that if any of th
On Thu, Aug 1, 2013 at 7:54 PM, Mikhail T. wrote:
> 01.08.2013 22:47, Ben Reser написав(ла):
>> That's not a bug at all. In some cases it may be necessary for
>> authorization to run for sub-requests.
>
> Could you give an example or two? Thanks,
Sure.
mod_autoinde
On Fri, Aug 2, 2013 at 8:24 PM, Mikhail T. wrote:
> The modules in your examples deliberately use the authz mechanism to
> generate different output based on the results. But what is doing it in the
> case I describe -- where the generated content is exactly the same?
Obviously nothing is doing a
On Sat, Aug 3, 2013 at 11:34 AM, Mikhail T. wrote:
> Point is, it is erring. I asked Ben for possible use-cases and his two
> examples were modules, which use the authorization rules to generate
> different content depending on the result. Rather than to decide, whether to
> authorize the request
On Mon, Aug 5, 2013 at 5:51 AM, Tim Bannister wrote:
> How about implementing XHTML → JSON as a filter? Either with existing modules
> or with something dedicated to autoindex.
That sounds really ugly if you ask me. For one thing he's trying to
avoid parsing XHMTL so now you're suggesting that
On 8/30/13 5:25 AM, Jeff Trawick wrote:
> I will be throwing a bit more time at the cmake effort in the short term,
> starting with comparing the installed artifacts with those of existing Windows
> builds and adding missing pieces to the todo lists. I might not do much else
> proactively until my
On 9/1/13 4:50 AM, Jeff Trawick wrote:
> *Doesn't it take more than one level of Visual Studio to get it into something
> that the most recent versions will use?
I don't think going through more than one version of Visual Studio helps, at
least not if you're trying to build with Visual Studio 2012
On 9/5/13 6:08 AM, Jim Jagielski wrote:
> Are there items that we'd *really* like to see in 2.4.7
> that we should try to prioritize?
I'd really like to have a fix for the following bug included:
https://issues.apache.org/bugzilla/show_bug.cgi?id=55397
I've started work on it but it's causing som
On 10/12/13 2:19 PM, Graham Leggett wrote:
> A quick reminder, these fixes had been back ported to v2.2 as well, would it
> be possible to propose them there too?
Yes, there are some minor conflicts. I'm finishing up testing them with 2.2.x,
though I'm about to catch a plane to London, so I migh
On 10/13/13 4:51 AM, minf...@apache.org wrote:
> Author: minfrin
> Date: Sun Oct 13 11:51:03 2013
> New Revision: 1531670
>
> URL: http://svn.apache.org/r1531670
> Log:
> Vote, comment.
>
> Modified:
> httpd/httpd/branches/2.2.x/STATUS
>
> Modified: httpd/httpd/branches/2.2.x/STATUS
> URL:
On 10/20/13 5:31 AM, Ruediger Pluem wrote:
>> apr_pool_create(&newlog.pool, status->pool);
>> +if (config->create_path) {
>> +char *ptr = strrchr(newlog.name, '/');
>> +if (ptr && ptr > newlog.name) {
>> +char *path = apr_pstrmemdup(newlog.pool, newlog.name, ptr
On 10/20/13 5:37 AM, André Malo wrote:
> * bre...@apache.org wrote:
>
>> Author: breser
>> Date: Sat Oct 19 19:10:33 2013
>> New Revision: 1533810
>
>> * docs/man/rotatelogs.8,
>> docs/manual/programs/rotatelogs.html.en: Update for -d option.
>
> Huh. These files are both generated (or should
On 10/20/13 11:23 AM, Jeff Trawick wrote:
> trunk and 2.4.x branch:
>
> checking for APR... configure: WARNING: APR version 1.4.0 or later is
> required,
> found 1.3.13
> configure: WARNING: Found APR in /home/trawick/inst/apr13-64/bin/apr-1-config,
> but we think it is considered unacceptable
>
On 10/20/13 5:31 AM, Ruediger Pluem wrote:
> Can't we use apr_psprintf with %pm instead of the constant length buffer
> char [120]?
Done in r1534895, r1534896 and r1534914.
Does anyone have a timetable for a 2.2.26 release?
Subversion users have been running into the issues introduced in 2.2.25 and
we've been pointing them at patches. Some but not all of the binaries floating
around have been patched. It would be really nice to be able to have a httpd
release to po
On Tue Nov 12 11:25:57 2013, Jim Jagielski wrote:
> Oh yeah... I recall you had an issue with me building
> because of potential issues with using a later, but
> still 100% valid autoconf/libtool setup. I am not
> going to downgrade just to build 2.2 so if that is
> *really* a concern, backed-up by
On 11/13/13 9:03 AM, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.2.26 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.2.26 GA.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Dan
On 11/19/13 9:45 AM, Jim Jagielski wrote:
> I'm calling a VOTE on releasing these as Apache httpd 2.4.7 GA.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
+1: OS X 10.7.5 and Ubuntu 12.04: Subversion test suite passes with trunk, 1.8
and 1.7 using Subversion's HTTPv
We've recently made a change to mod_dav_svn to start implementing
translate_name and map_to_storage hooks in order to prevent r->filename from
being set to a bogus path since Subversion is servering content that isn't
actually accessible via the standard file I/O APIs...
You can see the reasoning
On 12/11/13 4:00 PM, Kean Johnston wrote:
> Am I being too obsessive? If not, would you like patches to correct these as I
> find them, and if so, should I open a bug about this or just post patches here
> (they are all likely to be a simple move of 1 or 2 lines)?
There are two ways this sort of t
So I've received at least two people asking me for more details about
CVE-2013-1896. I thinking it might be better to provide more than a couple
sentences on the issues. It can be hard to understand the impact of an issue
from what we're providing now.
On 1/10/14, 5:38 AM, Jeff Trawick wrote:
> [ ] It is an accepted practice (but not required) to obscure or omit the
> vulnerability impact in CHANGES or commit log information when committing
> fixes
> for vulnerabilities to any branch.
>
> [ ] It is mandatory to provide best available descriptio
On 1/13/14, 12:29 AM, vancaho wrote:
> Hi everyone,
> I'm learning WebDAV protocol with apache httpd server and subversion.
> Atfer reading the source code of Mod_Dav.so(which is responsible for
> interpreting the WebDAV protocol), I find that there are methods
> dav_method_bind(http://www.
e href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
]
vs this change (which was not):
*) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no
On 1/14/14, 7:35 AM, Jeff Trawick wrote:
> The simple answer to all of this is "look how httpd releases with security
> fixes have been handled in the past." The RM commits the fixes just before
> Tag
> & Roll and, depending on the impact of the vulnerabilities, may call for an
> abbreviated test
On 1/14/14, 12:10 AM, vancaho wrote:
> How to write these DAV providers?
I'm not sure how much more info I could give short of writing it myself. The
closest we have to documentation is what's in mod_dav.h.
There's a nice HTMLized version of what's in mod_dav.h here:
http://ci.apache.org/project
On 1/16/14, 9:57 AM, Jeff Trawick wrote:
> The conference announcement has a very vague reference to hackathons and
> barcamp; we'll need to find out when space is set aside for these activities.
> AFAIK this has not yet been communicated internally. (Hackathons usually
> take
> place on the sam
On 1/16/14, 10:07 AM, Eric Covener wrote:
> Me. I modified this existing topic in the wiki if anyone wants to
> track there or propose anything.
>
> https://wiki.apache.org/httpd/Face2Face
If someone can give me (BenReser) edit rights I'll add myself.
On 6/14/14 2:34 AM, Takashi Sato wrote:
> +1
>
> How about automated test?
> http://svn.apache.org/repos/asf/httpd/test/
Yes there should be automated testing that runs. But sadly that test suite is
pretty limited. It needs a lot of work and a commitment to adding regression
tests for bugs as w
On 6/17/14 3:24 PM, Rich Bowen wrote:
> There is no requirement that a project site look like the main foundation
> site.
> Pick any project. Say, http://flume.apache.org/ or
> http://cloudstack.apache.org/ or http://etch.apache.org/ - each has their own
> unique feel.
>
> And, frankly, at this p
On 6/24/14 12:35 PM, Bert Huijben wrote:
> I would really like to see the mod_dav escaping fixes (where breser is
> looking at) to be backported for this next release.
>
> Without those patches Subversion doesn't properly support some special
> characters inside repository paths. (Regression again
On 7/9/14 7:57 AM, Yann Ylavic wrote:
> Maybe one more vote for the latest mod_deflate fix (PR 56196) so it
> has no know issue in 2.4.10?
I see several more mod_deflate fixes. I'll try to take a look at these
tomorrow because I've run into some issues with 2.2.x and mod_deflate and I'm
hoping th
On 7/15/14 10:45 AM, Jim Jagielski wrote:
> If so, I can RM.
Yes please, need the mod_dav fix that's already approved for 2.2.x.
On 7/15/14 10:20 AM, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.10 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.10 GA.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Dan
On 8/5/14 2:21 PM, Mark Blackman wrote:
> This might be more of user than dev question, but as the discussions about
> timing were here, I’ll go with here.
>
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201407.mbox/<20140721075315.ec908e91c20de17e6e448089a4bc3ed2.f963b4ea46.wbe%40email11.
On 8/21/14 6:26 PM, William A. Rowe Jr. wrote:
> That about sums it up. Sorry, I am still drowning in my late father's
> affairs for another 3-4 weeks, but will make time to do this in 2 hours
> from now, sum up votes and move files Sun a.m. for a Mon a.m. release.
> That saves anyone else from cr
54 matches
Mail list logo
