On Tue, Mar 07, 2017 at 12:45:54PM -0600, William A Rowe Jr wrote:
> Six months ago, rjung forked 2.4.x and began to backport our
> compatibility fixes for OpenSSL 1.1.0. Today, from the state of
> trunk, it seems the compatibility efforts look very good and are
> nearly ready to apply to 2.4.x.
On Wed, Feb 22, 2017 at 10:00:08PM +0100, Yann Ylavic wrote:
> On Wed, Feb 22, 2017 at 11:47 AM, Joe Orton <jor...@redhat.com> wrote:
> > (b) for match both "foo" and "<foo".
>
> I'd vote for this, it's very unlikely that some day we want to add
On Tue, Feb 21, 2017 at 02:28:52PM -0800, Jacob Champion wrote:
> I haven't tried your patch yet, but from inspection it looks like you'd have
> to do something like this if you're looking for a :
>
>
> ...
>
> (Note the missing closing angle bracket in the argument.) Assuming I've
For cases like HttpProtocolOptions where a new directive is introduced
to multiple active branches simultaneously, it gets awkward to use
to write conf files which use the new directive but are
compatible across multiple versions.
Triggered by a conversation with a user, but also e.g. see
On Fri, Feb 17, 2017 at 12:38:30PM -0500, Eric Covener wrote:
> +1
>
> On Fri, Feb 17, 2017 at 12:37 PM, William A Rowe Jr
> wrote:
> > Great catch; +1 to commit to 2.2.x and
> > http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x-merge-http-strict/
> > branches.
> >
Found during QA of the CVE-2016-8743 patch here. The merging logic in
merge_core_server_configs is (confusingly) inverted from 2.2 to 2.4, so
e.g. HttpProtocolOptions doesn't inherit from global to vhost configs in
2.2.32. :(
Index: server/core.c
On Thu, Feb 02, 2017 at 03:09:35PM +0200, Issac Goldstand wrote:
> AFAIK, underscores are forbidden from being part of a host name as per RFC
> 1123 Sec 2.1/RFC 952 (Assummptions Sec 1)
>
> It's also spelled out in RFC 3986:
> "
> A registered name intended for lookup in the DNS (...)
>
Another 2.4.25 regression reported from a Fedora user is that
underscores in hostnames are rejected by default now. I couldn't see a
specific discussion of this, was it deliberate?
Following breadcrumbs...
https://tools.ietf.org/html/rfc7230#section-5.4
Host = uri-host [ ":" port ] ;
On Mon, Jan 30, 2017 at 07:52:03AM -0500, Eric Covener wrote:
> I have a fix but not sure if the change should just be reverted. In
> the PR, the user changed the 2.2 config to make the ProxyPass within
> location and expected similar behavior.
>
> Should have probably just told them that
On Fri, Dec 09, 2016 at 02:00:51PM -, cove...@apache.org wrote:
> Author: covener
> Date: Fri Dec 9 14:00:51 2016
> New Revision: 1773397
>
> URL: http://svn.apache.org/viewvc?rev=1773397=rev
> Log:
> ProxyPass ! doesn't block per-directory ProxyPass
>
> *) mod_proxy: Honor a server scoped
On Wed, Jan 11, 2017 at 11:08:29AM -0500, Jim Jagielski wrote:
> This is to address the following bug:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1410883
Thanks a lot Jim!
> The only reason why I can see why the orig idea to use s->process->pool
> was to make watchdog run independent of
On Thu, Dec 15, 2016 at 02:05:32AM -0600, William A Rowe Jr wrote:
> Joe, did you forget an svn add? I see no ext_filter/ subdirectory on trunk;
>
> https://svn.apache.org/repos/asf/httpd/test/framework/trunk/t/htdocs/modules/filter/
Oops :( Added now, sorry guys.
On Tue, Dec 13, 2016 at 10:14:21AM -0500, Jim Jagielski wrote:
>
> > On Dec 13, 2016, at 8:33 AM, Jim Jagielski wrote:
> >
> > This fails on all systems that have sed in /usr/bin/sed
> > or someplace other than /bin :(
> >
>
> Hmmm... even w/ the change to /usr/bin/sed I'm
On Mon, Nov 28, 2016 at 05:16:12PM -0600, William A Rowe Jr wrote:
> httpd: Syntax error on line 295 of
> /home/wrowe/dev/test/test24-apr16-ossl102/t/conf/httpd.conf: Cannot load
> /home/wrowe/dev/test/test24-apr16-ossl102/c-modules/test_session/.libs/mod_test_session.so
> into server:
>
On Tue, Sep 06, 2016 at 02:26:54PM +0200, Yann Ylavic wrote:
> Maybe we could backport r1702948 (and this commit, which I think is a
> better naming for the attribute) ?
+1 from me to doing both, these new warnings are annoying. MAYBE_UNSUED
is definitely a better name.
> Alternatively, if
On Mon, Jun 13, 2016 at 10:33:36PM -, minf...@apache.org wrote:
> Author: minfrin
> Date: Mon Jun 13 22:33:35 2016
> New Revision: 1748322
>
> URL: http://svn.apache.org/viewvc?rev=1748322=rev
> Log:
> Allow other modules to become providers and add ACLs
> to the DAV response. Requires
On Fri, Aug 19, 2016 at 04:44:21PM +0300, Evgeny Kotkov wrote:
...
> The problem is caused by how mod_dav passes the output filter list to its
> providers. Please see the deliver() hook definition in mod_dav.h:1948 and
> its usage in mod_dav.c:888:
>
> /* Repository provider hooks */
>
Thanks a lot, all. I dropped the last sentence and pushed to trunk &
2.4.x. r1750750 & r1750752
We had a couple of people complaining about the language around TRACE in
the docs, which say disabling TRACE "makes your server noncompliant", a
claim I found hard to support.
All methods but HEAD and GET are defined as OPTIONAL, so I'm not sure
how this is true, am I missing something?
On Tue, Jun 07, 2016 at 06:39:46AM -0400, Rich Bowen wrote:
> In troubleshooting something with dbmmanage, I came across this:
>
> http://marc.info/?l=fedora-extras-commits=137148193030744=2
>
> I'm sure there's more context here that I haven't unearthed yet, but
> does anyone (Joe?) happen to
On Wed, May 25, 2016 at 10:11:40AM -0500, William A Rowe Jr wrote:
> you are personally prepared to participate. [If you aren't a 2.2.x
> legacy branch participant, testing RCs or applying backports, then no
> response is needed.]
>
> *) I intend to help maintain/test 2.2.x releases over the
On Fri, Feb 12, 2016 at 02:25:49PM -0500, Eric Covener wrote:
> Recall that 2.2 ran piped loggers under a shell until somewhat late in
> life, and 2.4 runs them directly [by default].
>
> rotatelogs currently doesn't do anything to block sigterm. The
> default ahndler for sigterm writes a short
On Wed, Oct 07, 2015 at 01:35:38AM +0200, Yann Ylavic wrote:
> For the server case, openssl will use its own buffering mechanism
> during the handshake "so that the output is sent in a way that TCP
> likes", according to the comment in the code, so we shouldn't be
> flushing small chunks.
> Yet
On Tue, Oct 06, 2015 at 02:37:32PM +, Plüm, Rüdiger, Vodafone Group wrote:
> The drawback is that it will flush every time the handshake writes.
> The handshake may write multiple times before it wants to read.
> So the current approach probably causes bigger amounts of data sent
> across the
On Fri, Sep 25, 2015 at 03:54:56PM +0200, Yann Ylavic wrote:
> Couldn't we completely remove the flush from bio_filter_in_read() then?
> Or make it conditional to OpenSSL < 0.9.8m (since we support 0.9.8a at least)?
That looks correct to me, +1.
Regards, Joe
On Fri, Sep 25, 2015 at 09:50:04AM +0200, Yann Ylavic wrote:
> On Fri, Sep 25, 2015 at 1:00 AM, Yann Ylavic wrote:
> > On Fri, Sep 25, 2015 at 12:22 AM, Eric Covener wrote:
> >>
> >> two logs (http/https) sorted to top of autoindex here:
> >>
On Sun, Aug 02, 2015 at 09:33:48AM +0200, Kaspar Brand wrote:
On 19.07.2015 17:24, Kaspar Brand wrote:
But, to be on the safe side, I think we could a) move the OBJ_create()
call to ssl_hook_pre_config and b) omit OBJ_cleanup(). Do you concur?
For the record: I have now committed this to
On Sat, Jul 11, 2015 at 04:40:20PM +0200, Kaspar Brand wrote:
@@ -1902,5 +1907,7 @@ apr_status_t ssl_init_ModuleKill(void *data)
free_dh_params();
+OBJ_cleanup();
+
return APR_SUCCESS;
From being burnt previously three or four times, I get scared by OpenSSL
process
On Thu, Apr 16, 2015 at 06:42:04AM +0200, Kaspar Brand wrote:
On 15.04.2015 18:36, Stefan Sperling wrote:
However, the actual issue here is that mod_ssl is squatting the SSL_
namespace.
Historically this may have made sense (it seems mod_ssl and OpenSSL have
shared history/authors). Bill
On Sat, Jan 10, 2015 at 07:38:03AM -0500, Jeff Trawick wrote:
On Fri, Jan 9, 2015 at 3:48 PM, Jeff Trawick traw...@gmail.com wrote:
* Add helper functions to allocate a request_rec, conn_rec, server_rec.
It doesn't solve all possible problems of course but can drastically reduce
the
On Sat, Jan 10, 2015 at 09:04:12AM +1100, Graham Dumpleton wrote:
1. Verify that recompiling mod_wsgi is actually sufficient given than my
direct use of request_rec isn't going to populate the extra fields and they
will remain NULL still. As trailers shouldn't be expected in context the
On Mon, Jan 12, 2015 at 11:25:53AM -0500, Eric Covener wrote:
On Fri, Jan 9, 2015 at 3:23 PM, Joe Orton jor...@redhat.com wrote:
Either way, the fix for CVE-2013-5704 ends up breaking backwards
compatibility with existing 2.4.x builds of mod_wsgi, which is kind of
Bad. I don't have a good
Since Jim is talking 2.4.11, I should report this now. We discovered
this week in Fedora: mod_wsgi does some interesting things in daemon
mode, notably that it allocates a request_rec internally which ends up
getting used by httpd.
Reason is, the fix for CVE-2013-5704 extends the request_rec:
On Wed, Oct 01, 2014 at 02:16:17PM -0400, Eric Covener wrote:
The default handler (static file handler) is a fall-through, and there is
not currently a way to tell it NOT to respond for something because a
configured module unexpectedly passed control back. It is a relatively
easy opt-in
On Wed, Aug 27, 2014 at 10:05:40AM -0400, Simo Sorce wrote:
Yes the spec is strange wrt digest, which is why the code looks
strange too, here is the quote from RFC 5929 (4.1):
Great, thanks. It took me two commits due to PEBKAC issues...
On Tue, Jul 15, 2014 at 01:20:59PM -0400, Jim Jagielski wrote:
The pre-release test tarballs for Apache httpd 2.4.10 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.10 GA.
CHANGES, test suite, sigs, install
On Tue, Jul 15, 2014 at 12:27:00PM -, jor...@apache.org wrote:
Author: jorton
Date: Tue Jul 15 12:27:00 2014
New Revision: 1610674
URL: http://svn.apache.org/r1610674
Log:
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
proxy configuration, a remote attacker could
On Tue, Jul 15, 2014 at 03:14:56PM +0200, Yann Ylavic wrote:
On Tue, Jul 15, 2014 at 3:07 PM, Plüm, Rüdiger, Vodafone Group
ruediger.pl...@vodafone.com wrote:
Isn't
x.is_req = (headers == r-headers_in);
in ap_proxy_clear_connection an issue, when only called with the copy of
On Tue, Jul 15, 2014 at 09:25:20AM -0400, Jim Jagielski wrote:
I am very hesitant about adding this with so little
review time... I would like to propose that we simply
release 2.4.10 with the simple, trivial crash-fixer
and allow us to spend more time on the below, in order
to ensure it's
On Tue, Jul 15, 2014 at 02:41:44PM +0100, Joe Orton wrote:
I've stuck it in STATUS. Any other opinions?
Come on... one more for this, either way?
* mod_proxy Connection handling crasher, CVE-2014-0117
trunk patch: http://svn.apache.org/r1610674
ALTERNATIVE #1
2.4.x patch: http
On Mon, Jun 30, 2014 at 06:16:52PM +0400, Andrey Ponomarenko wrote:
See also ABI tracker for httpd:
http://upstream-tracker.org/versions/httpd.html
The tracker uses ABI compliance checker tool to create reports. The
report between latest git and previous release version is updated
daily:
On Sat, Jun 21, 2014 at 09:24:05AM +0200, Kaspar Brand wrote:
On 19.06.2014 23:17, Joe Orton wrote:
I was reminded that there was a request to use the larger key sizes as
well.
Using ephemeral DH keys with sizes 4096 bits in TLS seems way overkill
for the next decade or so (3072 bits
I've had a user hit this: with FakeBasicAuth the client DN gets
translated into a Basic auth blob of base64(username:password), which
then fails when the username part contains a : colon character.
At minimum mod_ssl could/should catch and fail auth under FakeBasicAuth
when DN is seen with a
On Sat, Jun 14, 2014 at 10:35:28AM +0200, Kaspar Brand wrote:
Just a quick reminder... I think it's important to backport
r1597349/r1598107 + the additional adjustment for 2.4.10 (happy to vote
once it's settled on trunk).
Sorry guys. http://svn.apache.org/viewvc?view=revisionrevision=1603915
One more tweak here, proposed by Hubert from our QA team who has been
reviewing all this stuff. Hubert argued we should be erring on the side
of stronger not weaker here, particularly because of the possibility of
2048-bit keys being identified as 2047 in rare cases.
Is this reasonable?
On Thu, Jun 19, 2014 at 04:29:17PM +0100, Joe Orton wrote:
One more tweak here, proposed by Hubert from our QA team who has been
reviewing all this stuff. Hubert argued we should be erring on the side
of stronger not weaker here, particularly because of the possibility of
2048-bit keys
On Wed, May 28, 2014 at 10:10:16PM +0200, Ruediger Pluem wrote:
Thanks, but I missed some stuff during review:
1. We don't need to have two DH pointers in make_dh_params
Doh!
2. There possible frees on NULL pointers in free_dh_params:
This is unnecessary because DH_free() does that
On Wed, May 28, 2014 at 09:05:06AM +0200, Kaspar Brand wrote:
Agree, CPU time is not a concern, get_dh_XXX() is only about populating
DH with builtin constants (DH_generate_key happens at connection time,
and is fast anyway).
Ah, I did not realise. That is even more reason to do this at
On Wed, May 28, 2014 at 01:58:05PM +, Plüm, Rüdiger, Vodafone Group wrote:
Looks great. Care to commit?
http://svn.apache.org/viewvc?view=revisionrevision=1598107
On Sat, May 24, 2014 at 10:32:35AM +0200, Kaspar Brand wrote:
On 19.05.2014 10:15, Plüm, Rüdiger, Vodafone Group wrote:
Maybe stupid idea, but can't we do that once and hand it out over
and over again?
Not a stupid idea at all - I think it's actually the most sensible
solution to this
On Tue, May 06, 2014 at 07:45:42PM -0400, Eric Covener wrote:
On Tue, May 6, 2014 at 6:44 PM, Yann Ylavic ylavic@gmail.com wrote:
This patch (still) does not propose to merge splitted trailers into
headers (for those broken by the change), but when (and why) would we
do that?
For
On Sat, Apr 12, 2014 at 09:00:08AM -0400, Jeff Trawick wrote:
So... Concerns? Suggestions? Etc.? Speak up, or forever* ask me to fix
it after committing ;) (*Let's not be ridiculous though)
Interesting stuff!
I do think it is preferable to keep mod_ssl.h toolkit-agnostic. Because
the
On Mon, Apr 14, 2014 at 08:32:18AM -0400, Jeff Trawick wrote:
FWIW, I think it is reasonable to say This *is* a private mod_ssl
interface for the purposes of introducing some modularity within this
particular SSL/TLS implementation, and these interfaces aren't intended for
third-party modules.
On Mon, Apr 14, 2014 at 11:06:25AM -0500, Daniel Ruggeri wrote:
I was taking a look at a server that had a handful of zombies and came
to see they are caused by rotatelogs. It seems pretty straight forward
why - I am calling gzip post-rotate to compress the log file and child
cleanup only
For context: http://martin.swende.se/blog/HTTPChunked.html
This was discussed a little on the security@ list last year but it's a
difficult issue and there was not any consensus beyond the fact that the
current behaviour is wrong, and punt to dev@. There is a separate
thread about how to fix
On Sun, Mar 30, 2014 at 12:13:20PM +0200, Stefan Fritsch wrote:
Hi,
I have been looking at backporting the cookie issue fix, and it looks
to me that it was introduced in
http://svn.apache.org/viewvc?view=revisionrevision=r1374538
On Thu, Feb 20, 2014 at 12:24:23PM -0500, Jeff Trawick wrote:
BTW, do you know if there's a known collection of patches for 2.4 support
or for other critical fixes?
This shows what we have in Fedora, FWIW:
http://pkgs.fedoraproject.org/cgit/mod_wsgi.git/tree/
... all of which are in the
On Fri, Feb 21, 2014 at 10:24:25AM +1100, Graham Dumpleton wrote:
Crap. I thought those httpd 2.4 fixes were already in mod_wsgi 3.4.
Another reason I have to get off my backside and release an updated
version. Has been too long.
That would be very useful!
And yes mod_wsgi does lots of
On Thu, Feb 20, 2014 at 07:52:34AM -0500, Jeff Trawick wrote:
WSGI 3.4 daemon mode crashing with httpd 2.4.x...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaef17b70 (LWP 32761)]
0x08078a32 in update_child_status_internal ()
(gdb) where
#0 0x08078a32 in
[X] It is mandatory to provide best available description and any available
tracking information when committing fixes for vulnerabilities to any
branch, delaying committing of the fix if the information shouldn't be
provided yet.
On Tue, Nov 19, 2013 at 07:44:07PM +0200, Graham Leggett wrote:
On 18 Nov 2013, at 1:24 PM, Plüm, Rüdiger, Vodafone Group
ruediger.pl...@vodafone.com wrote:
+rv = send_brigade_nonblocking(net-client_socket, bb,
+ (ctx-bytes_written), c);
+
On Thu, Nov 14, 2013 at 07:02:58AM +0100, Kaspar Brand wrote:
On 13.11.2013 15:28, Dr Stephen Henson wrote:
I can vaguely recall that some of that code is designed to avoid the need to
enter the private key passphrase more than once by decrypting private keys
once
and storing the
On Thu, Oct 17, 2013 at 12:33:50PM +, Plüm, Rüdiger, Vodafone Group wrote:
Hmm. This points out another issue when using an error log provider for the
main server log:
We lose everything that the server or other programs like CGI-scripts write
to the stderr FD as it
is simply written to
On Sat, Oct 19, 2013 at 10:13:21AM -0400, Eric Covener wrote:
now:
1) add r-footers_in and use it in 2.2 and up by default
2) add a directive to copy them up to r-headers_in (for those broken
by the change)
Bikeshed... r-trailers_in? +1 to all this anyway. I'd be tempted to
(lazily) stop
On Tue, Oct 01, 2013 at 09:53:25AM +0200, Ruediger Pluem wrote:
I see the following autoconf warning when executing buildconf on trunk:
rebuilding configure
configure.in:406: warning: AC_COMPILE_IFELSE was called before
AC_USE_SYSTEM_EXTENSIONS
../../lib/autoconf/specific.m4:386:
On Fri, Aug 02, 2013 at 12:33:58PM +, Plüm, Rüdiger, Vodafone Group wrote:
The typical way to solve this today is to know the keepalive timeout
of the backend and set ttl for this worker to a value a few seconds
below.
I just looked at a case where the user is hitting this problem and
On Fri, Aug 09, 2013 at 09:14:51AM -0700, Paul Querna wrote:
In this case, I don't know if any of the proposed mitigations help;
I'd love to have an easy way to validate that, so we could bring data
to the discussion: If it increases the attack by multiple hours, and
causes a 1% performance
On Sun, Jul 21, 2013 at 02:14:35PM -0700, Paul Querna wrote:
Hiya Y'all, long time no patches :-)
Attached is a patch that would let httpd use systemd's socket
activation feature:
http://0pointer.de/blog/projects/socket-activation.html
Also online here:
On Tue, Jul 09, 2013 at 11:02:18PM +0200, Stefan Fritsch wrote:
On Tuesday 09 July 2013, Joe Orton wrote:
On Tue, Jul 09, 2013 at 10:00:19AM +0200, Jan Kaluza wrote:
I agree 20 bytes could be too much. I have changed my patch to
have only 10 bytes long root. I will check the Daniel's
On Tue, Jul 09, 2013 at 10:00:19AM +0200, Jan Kaluza wrote:
I agree 20 bytes could be too much. I have changed my patch to have
only 10 bytes long root. I will check the Daniel's ideas mentioned
in another mail in this thread and try to implement it, but if we
are going to do it my way, I
On Thu, Jun 20, 2013 at 08:41:04AM -0400, Eric Covener wrote:
I'm only concerned with someone who was getting by with LDAPReferrals
OFF because the default gave their SDK an error. Now OFF would be
fatal too.
Just revisiting this... at least it seems clear that the docs do not
match the code
On Sun, Jun 09, 2013 at 01:52:17PM -, jaillet...@apache.org wrote:
--- httpd/httpd/trunk/modules/generators/mod_autoindex.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_autoindex.c Sun Jun 9 13:52:17
2013
@@ -1840,7 +1840,7 @@ static void output_directories(struct en
On Wed, May 29, 2013 at 03:04:30PM -0400, Matthew Steele wrote:
Looks good to me. Thanks!
Thanks a lot for reviewing.
http://svn.apache.org/viewvc?view=revisionrevision=1487772
Gregg, thanks for confirming and sorry again about leaving the builds
broken.
Regards, Joe
Guenter, can you test if the attached compiles on Windows? It is
nothing special so it should be OK.
This redesigns the NPN API with a cheap and crappy callback interface
which doesn't rely on the actual hooks API; it is not pretty but it
avoids the inter-module hard linkage issue (which is
Hi Matthew - thanks for taking a look at the patch so quickly.
On Wed, May 29, 2013 at 10:52:10AM -0400, Matthew Steele wrote:
Two questions about this change:
- In modssl_register_npn, it appears that the code creates
new npn_advertfns and npn_negofns arrays on every call, even if they
On Wed, May 29, 2013 at 11:37:14AM -0400, Matthew Steele wrote:
Oops, yes, RUN_ALL semantics are desired; the misleading API description is
my fault, sorry. (I confess I never really understood why RUN_ALL hooks
accept both OK and DECLINED values, but then don't actually treat them any
On Mon, Feb 18, 2013 at 03:34:15PM -0500, Jim Jagielski wrote:
The pre-release test tarballs for Apache httpd 2.4.4 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
NOTE: The -deps tarballs are
On Sun, Feb 03, 2013 at 08:32:11PM +0100, Niklas Edmundsson wrote:
Hi all!
Something is definitely fishy with mod_socache_shmcb as shipped with
httpd 2.4.3. I'm hacking on a module that uses 16byte indexes
(IP(v6) addresses) to store 2byte counters (16bit uint), these sizes
are given as
On Sat, Jan 12, 2013 at 05:42:55PM +0100, Stefan Fritsch wrote:
On Saturday 12 January 2013, Graham Leggett wrote:
Hi all,
In theory, the -X flag is supposed to cause httpd to run a single
worker, and not detach or fork. What I'm finding in v2.4 is that
you mean a single worker
On Thu, Apr 26, 2012 at 09:44:52PM -, s...@apache.org wrote:
Author: sf
Date: Thu Apr 26 21:44:51 2012
New Revision: 1331110
URL: http://svn.apache.org/viewvc?rev=1331110view=rev
Log:
Replace use of apr_file_write() with apr_file_write_full() to prevent
incomplete writes.
Add
On Thu, Jan 03, 2013 at 07:23:27AM -, kbr...@apache.org wrote:
Author: kbrand
Date: Thu Jan 3 07:23:27 2013
New Revision: 1428184
URL: http://svn.apache.org/viewvc?rev=1428184view=rev
Log:
Improve pkg-config usage for mod_ssl/ab:
also use pkg-config for determining the -l flags
On Thu, Jan 03, 2013 at 02:00:22PM +0100, Kaspar Brand wrote:
On 03.01.2013 12:20, Joe Orton wrote:
add --static to pkg-config invocations, so that libraries for
static linking are also taken into account (PR 54252 - note that
the additional flags will only appear in modules/ssl/modules.mk
On Tue, Dec 18, 2012 at 08:29:21AM -0500, Jeff Trawick wrote:
My understanding is that we don't maintain messages numbers for TRACE
messages, so the APLOGNO() could have been simply deleted.
(I see several mod_lua messages that don't follow this pattern.)
Ah, sorry, I didn't realise that.
On Wed, Oct 03, 2012 at 11:15:57PM -0400, Eric Covener wrote:
http://people.apache.org/~gsmith/httpd/apache_pb2copy.png
http://www.humbedooh.com/apache/apache_pb.png
http://www.humbedooh.com/apache/apache_pb2.png
http://www.humbedooh.com/apache/apache_pb3.png
pb3 has my vote
On Wed, Oct 03, 2012 at 09:28:08AM +0100, Joe Orton wrote:
On Wed, Sep 26, 2012 at 11:10:07AM -0400, Jan Kaluza wrote:
attached patch adds new module called mod_systemd. Systemd [1] is
service manager for Linux. Although httpd works with systemd normally,
systemd provides sd_notify
On Wed, Sep 26, 2012 at 10:46:04AM -0400, Jan Kaluza wrote:
attached patch adds more variables (bytes_served and access_count)
into ap_sload_t struct introduced in revision 1389481.
The intention is to have standard method to get number of total
bytes_served and access_count without code
On Wed, Sep 26, 2012 at 11:10:07AM -0400, Jan Kaluza wrote:
attached patch adds new module called mod_systemd. Systemd [1] is
service manager for Linux. Although httpd works with systemd normally,
systemd provides sd_notify(...) function [2] to inform service manager
about current status of
On Sun, Sep 16, 2012 at 08:00:00AM +0200, Kaspar Brand wrote:
I have committed an improved version in r1385214 (in particular, more
tweaking was required to properly handle support/ab, which can't make
use of MOD_CFLAGS etc.). Reviews, further testing and feedback welcome.
Looks good to me,
On Sat, Sep 15, 2012 at 11:57:21AM +0200, Ruediger Pluem wrote:
I think this message is outdated and should be fixed. For 2.4.x and trunk its
even worse because it points to the no
longer existing apr-util/trunk.
Anyone opposed if I clean this up in the following way:
2.2.x: branches/1.4.x
On Mon, Aug 20, 2012 at 10:38:14AM +0200, Guenter Knauf wrote:
Hi Joe,
your commit is missing a log number ...
mod_proxy_connect.c
.\mod_proxy_connect.c(257) : warning C4003: not enough actual
parameters for macro 'APLOGNO'
Damn, sorry about that Guenter, does this break the build for you?
On Sat, Aug 18, 2012 at 09:00:00AM +0200, Kaspar Brand wrote:
On 17.8.12 13:59, jor...@apache.org wrote:
@@ -1412,6 +1421,8 @@ static void ssl_init_proxy_certs(server_
ssl_die(s);
}
+/* ### Why is all the following done? Why is it necessary or
+ * useful for
On Thu, Aug 16, 2012 at 08:36:31PM +0200, Kaspar Brand wrote:
I wonder if we should add support for module-specific CFLAGS etc.,
which would always appear before the EXTRA_XXX stuff in the compile
and link commands, i.e. in rules.mk we would have:
ALL_CFLAGS = $(MOD_CFLAGS) $(EXTRA_CFLAGS)
On Fri, Aug 17, 2012 at 04:53:54PM +0200, Micha Lenk wrote:
as you are apparently not subscribed to Bugzilla PR 51489, I am
answering to your comment on that PR via mail. Please apologize in case
you now got my answer twice.
Thanks Micha, I get the bug mail via bugs@, but no problem. I've
On Mon, Aug 13, 2012 at 10:19:47PM +0200, Rainer Jung wrote:
I went the choose right alignment way now:
http://people.apache.org/~rjung/patches/mod_socache_shmcb-alignment.patch
It actually wasn't that complicated.
Alignment problems never die with that code!
+1, that looks good, might be
On Fri, Aug 10, 2012 at 01:31:07PM -0400, Jeff Trawick wrote:
We picked up that apr_socket_opt_set() from the async-dev branch with
r327872, though the timeout calls in there were changed subsequently.
I wonder if that call is stray and it doesn't get along with the
timeout handling on Windows
On Mon, Aug 13, 2012 at 09:27:08AM -0400, Jeff Trawick wrote:
Does that explanation work for you?
Yes, perfectly, thanks for taking the time. I stupidly forgot about the
timeout calls... sorry!
Regards, Joe
On Wed, Aug 08, 2012 at 08:00:25AM +0200, Kaspar Brand wrote:
My thinking was that people should explicitly tell configure that they
want to link with the libs in a build directory (so that they don't
accidentally use a directory which might only temporarily exist -
that's also the primary
On Tue, Jul 24, 2012 at 08:37:02PM +0200, Rainer Jung wrote:
So: Your change seems good to me.
Thanks very much for checking it out! r1365479.
On Tue, Jul 24, 2012 at 07:55:27AM +, Plüm, Rüdiger, Vodafone Group wrote:
Thanks. The patch reminded me of a special situation where the patch
might not be suitable: If the forward proxy just forwards everything
to the next proxy e.g. because it cannot do DNS lookups of the target
On Tue, Jul 24, 2012 at 10:46:12AM +0200, Rainer Jung wrote:
IMHO if the admin explicitely configured an IP in the ProxyBlock
list we should nevertheless check. For this case there's already a
somewhat related warning in the docs which we could enhance for this
new case.
It looks like we
401 - 500 of 1530 matches
Mail list logo