Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

On Wed, Jun 21, 2017 at 1:08 AM, William A Rowe Jr wrote: > > But there were only two questionable values for \0, and in this case the > answer is obvious. Invert the rule to a TOKEN char from the rather dubious > TOKEN_STOP definition. Solved. ... for trunk, IMO. I don't sugg

Re: svn commit: r1799375 - /httpd/httpd/trunk/server/util.c

Sorry but I reraise my objection and veto worthless cpu cycles. The correct fix to your concern is to document all expected behavior of the null but in gen_test_char.c - and in such tests a /* !c && */ notation is fine. Due to the way we assemble the code, I'm not convinced it that any compiler c

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 1:32 PM, William A Rowe Jr wrote: > On Tue, Jun 20, 2017 at 12:12 PM, Jim Jagielski wrote: >> >>> On Jun 20, 2017, at 1:03 PM, Jacob Champion wrote: >>> >>> On 06/20/2017 10:00 AM, William A Rowe Jr wrote: >>>> You mu

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 12:12 PM, Jim Jagielski wrote: > >> On Jun 20, 2017, at 1:03 PM, Jacob Champion wrote: >> >> On 06/20/2017 10:00 AM, William A Rowe Jr wrote: >>> You must presume it is in the wild, and shortening the exposure >>> by a matter of da

Re: svn commit: r1799356 - in /httpd/httpd/branches/2.2.x: ./ server/scoreboard.c

On Jun 20, 2017 12:00, "Jacob Champion" wrote: On 06/20/2017 09:47 AM, wr...@apache.org wrote: > Log: > Make the range test legible > Hmm, out of curiosity, is the legibility you mention from the parenthesization change or the switch to greater-than-or-equal for one side? I kind of like readi

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 11:17 AM, Jacob Champion wrote: > On 06/20/2017 09:16 AM, William A Rowe Jr wrote: >> >> It's released into the wild, what is done is done. > > > Of course. But having it in the wild for three days is different than having > it in the wild

Re: [PATCH 2.2] fix ap_get_scoreboard_*

Joe, I compromised on your fix and retained parens for legibility, following the pattern of the other fix. Committed as r1799356, thanks On Mon, Jun 19, 2017 at 7:08 AM, Joe Orton wrote: > The limit checking is broken in 2.2's ap_get_scoreboard_*. This was > fixed in 2.4 in http://svn.apache.or

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 11:15 AM, Jacob Champion wrote: > On 06/20/2017 09:14 AM, William A Rowe Jr wrote: >> >> Would encourage us to wait at least a couple more days for >> other, unrelated regression reports to filter in while fixing this >> defect. But there is n

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 11:07 AM, Jacob Champion wrote: > On 02/08/2017 07:56 PM, Eric Covener wrote: >> >> Assuming there's some alternate path that actually does change >> SCRIPT_NAME by default, we a) don't have any complaint about >> SCRIPT_NAME and b) have the SetEnv thing. If we want more o

Re: ocsp stapling improvements

On Tue, Jun 20, 2017 at 6:39 AM, Stefan Eissing wrote: > >> Am 12.06.2017 um 21:35 schrieb Ruediger Pluem : >> >>> 2. Persist responses (is this just a config/default issue?) >> >> This could become tricky given the various so cache implementations we have. >> I could >> only think of persisting

Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

On Mon, Jun 19, 2017 at 5:49 PM, Jacob Champion wrote: > On 06/19/2017 03:44 PM, William A Rowe Jr wrote: >> >> None at all, I have moderation and will push it on. > > They are on their way over to you. Thanks for the suggestion. ... and moderated. Thanks!

Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

On Mon, Jun 19, 2017 at 5:41 PM, Jacob Champion wrote: > On 06/19/2017 03:35 PM, William A Rowe Jr wrote: >> >> Not to announce@httpd? users@ and dev@ aren't particularly >> broadcast channels. >> >> announce@a.o might be too wide an audience, but that

Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

Not to announce@httpd? users@ and dev@ aren't particularly broadcast channels. announce@a.o might be too wide an audience, but that's why we document the CVE's with short notes in the foundation-wide release announcement. At least, used to document them. On Mon, Jun 19, 2017 at 5:08 PM, Jacob Ch

Re: [PATCH 2.2] fix ap_get_scoreboard_*

+1 here... That gets you to 3. Good catch thanks. On Jun 19, 2017 07:09, "Joe Orton" wrote: > The limit checking is broken in 2.2's ap_get_scoreboard_*. This was > fixed in 2.4 in http://svn.apache.org/viewvc?view=revision&revision=417252 > > Patch below backports that, plus fixes the additiona

Re: [VOTE] Release Apache httpd 2.4.26 as GA

On Tue, Jun 13, 2017 at 12:33 PM, Jim Jagielski wrote: > The pre-release test tarballs for Apache httpd > version 2.4.26 can be found at the usual place: > > http://httpd.apache.org/dev/dist/ > > I'm calling a VOTE on releasing these as Apache httpd 2.4.26 GA. [X] +1: Good to go Lookin

Re: [Discuss] Rolling a 'final' 2.2.33 release

On Thu, Jun 15, 2017 at 2:47 AM, Yann Ylavic wrote: > On Wed, Jun 14, 2017 at 11:12 PM, William A Rowe Jr > wrote: >> >> Thoughts/comments? Patches to hold for before we roll? If I don't hear >> otherwise, and we stick to the simpler alternative, then I'

Re: [Discuss] Rolling a 'final' 2.2.33 release

On Wed, Jun 14, 2017 at 4:12 PM, William A Rowe Jr wrote: > >Please note that Apache Web Server Project will only provide maintenance >releases of the 2.2.x flavor through June of 2017, and will provide some >security patches beyond this date through at least Dece

[Discuss] Rolling a 'final' 2.2.33 release

Per to our discussion last year, this EOL is here. That discussion resulted in the following Announcement statement; We consider the Apache HTTP Server 2.4 release to be the best version of Apache available, and encourage users of 2.2 and all prior versions to upgrade. This 2.2 maintenanc

Re: An ask for eyes on proposal

On Fri, Jun 9, 2017 at 8:29 AM, William A Rowe Jr wrote: > > To your example, the *global* config line; > > RemoteIPProxyProtocol 127.0.0.1 [or 127.0.0.0/24] > > would configure all locally routed *client* requests, irrespective of > which by-IP vhost, to require th

Re: An ask for eyes on proposal

On Fri, Jun 9, 2017 at 4:17 AM, Sander Hoentjen wrote: > On 06/08/2017 07:30 PM, Daniel Ruggeri wrote: >> Hi, all; >> With the proposal to T&R set for Monday, I wanted to draw attention to >> the PROXY protocol proposal in STATUS. Just hoping for a quick review. >> I know it appears to be a large

Re: The drive for 2.4.26

On Thu, Jun 8, 2017 at 11:07 AM, Jim Jagielski wrote: > Perfect... I propose a T&R on Monday... comments? +1. Many will have noticed already, but apr 1.6.2 and apr-util-1.6.0 vote threads were just spawned to be tallied 13:00 UTC Monday.

Re: An ask for eyes on proposal

stand in the way, but won't participate. Cheers, Bill On Thu, Jun 8, 2017 at 4:46 PM, Jim Jagielski wrote: > Is expansion of the syntax something that could be folded in > for 2.4.27? > >> On Jun 8, 2017, at 2:51 PM, William A Rowe Jr wrote: >> >> [Again, using all

Re: An ask for eyes on proposal

[Again, using all the words] On Thu, Jun 8, 2017 at 12:30 PM, Daniel Ruggeri wrote: > Hi, all; > With the proposal to T&R set for Monday, I wanted to draw attention to the > PROXY protocol proposal in STATUS. Just hoping for a quick review. I know it > appears to be a large change, but as I worke

Re: An ask for eyes on proposal

FYI the one change I've been considering is to extend the On Thu, Jun 8, 2017 at 12:30 PM, Daniel Ruggeri wrote: > Hi, all; > With the proposal to T&R set for Monday, I wanted to draw attention to the > PROXY protocol proposal in STATUS. Just hoping for a quick review. I know it > appears to be a

Re: HTTP/2 and no-longer "experimental"

On May 31, 2017 1:32 PM, "Helmut K. C. Tessarek" wrote: On 2017-05-31 11:46, William A Rowe Jr wrote: > If my assumptions above are wrong, ignore this thought... but if > the goal is to drive adoption of our 2.6 implementation of http2, > then simply dropping "ex

Re: The drive for 2.4.26

The suggestion is to push out any 2.4 release indefinately for an experimental feature which is promoted in another thread for promotion to a GA designation? Just a sanity check of my sense of irony :) On Wed, May 31, 2017 at 6:59 AM, Jim Jagielski wrote: > I think we should wait on a T&R to res

Re: HTTP/2 and no-longer "experimental"

On Wed, May 31, 2017 at 7:07 AM, Jim Jagielski wrote: > There was discussion some time ago about dropping the "experimental" > tag from our HTTP/2 implementation. It is causing loads of people > to not use it, as well as allowing for the perpetuation of FUD that > httpd really doesn't support HTTP

Re: The drive for 2.4.26

On Tue, May 30, 2017 at 4:21 PM, Jacob Champion wrote: > On 05/29/2017 10:52 PM, Jan Ehrhardt wrote: >> >> Jan Ehrhardt in gmane.comp.apache.devel (Tue, 30 May 2017 07:13:41 >> +0200): >>> >>> Steffen in gmane.comp.apache.devel (Mon, 29 May 2017 15:42:46 +0200): >>> Cmake is now Windows only,

Re: The drive for 2.4.26

On Mon, May 29, 2017 at 8:42 AM, Steffen wrote: > > Btw. > Cmake is now Windows only, is that the goal ? No; however the autoconf works so well on such a broad assortment of Unix distributions that we haven't found a lot of motivation to fully instrument the cmake lists for unix flavors. It's an

Re: VUDDY: unpatched CVEs in apache httpd

apr-util 1.6.0 will ship without an embedded copy of the expat software. Obtaining expat and keeping it refreshed and up to date with respect to security patches will become an exercise for the user/admin/vendor. This is scheduled for "RSN" - real soon now. Bill On Wed, May 24, 2017 at 1:43 AM

Re: JSON License and Apache Projects

On Tue, May 23, 2017 at 12:26 PM, Stefan Eissing wrote: > Just to be certain: does this impact any linkage against a JSON C library? JSMN is licensed MIT - no issues. Jansson is licensed MIT - also no issue there. json-c is licensed MIT - I see a pattern here. The problematic license can be fo

Re: svn commit: r1795358 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in

Backported to 2.2 and 2.4. For additional rational of not changing any already-configured servers, but preventing new 2.2/2.4 configuration deployments from supporting 3DES, please see the OpenSSL project's own observations first, before launching into discussion; https://www.openssl.org/blog/bl

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

On May 8, 2017 18:15, "Jacob Champion" wrote: On 05/05/2017 04:42 PM, William A Rowe Jr wrote: > I've been similarly confused. It's obvious that the XML sources have no > context without the XSLT and build stack. > For XSLT, agreed. But as Andre points out there is

Re: Change from ad-hoc/historical security process to ASF process?

On May 5, 2017 13:32, "Jim Jagielski" wrote: +1... Lets do it. BTW, I would adjust #16 to include: Add the CVE to the CHANGES file. That way, it's still documented in CHANGES, just after the release is spun out, show it shows up in the next release's CHANGES. ... And if we follow through,

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

On May 5, 2017 9:28 AM, "Jacob Champion" wrote: On 05/05/2017 01:34 AM, André Malo wrote: > Well... It was a split-project back then (in CVS even... :-)). I'm also not > sure we want all those jar files and stuff in the main repo. Most people > neither use nor need it. > I don't mind having the

Re: Fixing more OpenSSL callback crashes

On May 4, 2017 10:47 AM, "Jacob Champion" wrote: On 05/03/2017 11:25 PM, Ruediger Pluem wrote: > Just as a heads up as I currently don't have time to investigate further. > I get the below on CentOS 6.9 64 bit, which > puzzles me a little bit as I would expect the errno addresses to be > differe

Re: SSL and Usability and Safety

On May 2, 2017 12:57 PM, "Jacob Champion" wrote: On 05/02/2017 10:32 AM, Ruediger Pluem wrote: > c) would be the best, but a) IMHO would be acceptable since overwriting is > for the more advanced users anyway and they > can be told to do stuff in the correct order. > +1 to both points. (Our co

Re: SSL and Usability and Safety

On Tue, May 2, 2017 at 11:14 AM, William A Rowe Jr wrote: > > Any other client is no longer interoperable with any popular site, following > final changes by issues in Dec '16. by *certificate issuers*. E.g. all MD5 and SHA1 hashed certs are now expired, there is no longer a n

Re: SSL and Usability and Safety

I like the proposal. However I see no need for the 'C' categor, y and disagree about changing defaults during any future 2.next bump. HonorCipherOrder, as an example, must be inverted. Users requiring 'C' can override things to make that happen. I see two 'quick start' one-line configs, strictly

Re: The drive for 2.4.26

On May 2, 2017 4:35 AM, "Steffen" wrote: Nothing w.r.t. OSSL 1.1.x with 1.5.x apr will work, nor would 2.5.25 > ( does w.r.t means: with respect to ? ) Again Bill, please be accurate: mod_ssl with OSSL 1.1 and 1.5 apr works ! Just build and tested it: [Tue May 02 11:23:54.334403 2017] [ssl:in

Re: The drive for 2.4.26

est that I stop reporting here. Next time I wait when RC tarballs are available. I respect you as a seasoned dev. > Op 2 mei 2017 om 08:24 heeft William A Rowe Jr het volgende geschreven: > >> On Tue, May 2, 2017 at 1:17 AM, Steffen wrote: >> Resume: With next 2.4 we have two not

Re: The drive for 2.4.26

On Tue, May 2, 2017 at 1:17 AM, Steffen wrote: > Resume: With next 2.4 we have two not working with 1.1. namely abs.exe with > apr 1.6 and mod_session_crypto with 1.5. Nothing w.r.t. OSSL 1.1.x with 1.5.x apr will work, nor would 2.5.25, so tell us something we don't know. But... What is the p

Re: The drive for 2.4.26

On Mon, May 1, 2017 at 6:37 AM, Steffen wrote: > No mod_session_crypto with apr & apr-util 1.5 and Openssl 1.1.0, error in > Apr: > > ErrorC2079'cipherCtx' uses undefined struct 'evp_cipher_ctx_st' > apr_crypto_openssl > C:\VC15\Win32\httpd-2.4.26\srclib\apr-util\crypto\apr_crypto_openssl.

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Apr 30, 2017 12:27 PM, "Jan Ehrhardt" wrote: Gregg Smith in gmane.comp.apache.devel (Sun, 30 Apr 2017 08:54:34 -0700): >On 4/30/2017 5:36 AM, Jan Ehrhardt wrote: > >> The problem with CMake is that it does not build all things, that AL and >> AH put in their distributions. CMake will build Apr

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Apr 29, 2017 9:19 PM, "Gregg Smith" wrote: On 4/29/2017 5:19 PM, Gregg Smith wrote: Bill, viewing the complete thread your reasoning here should have > precluded this discussion years ago when pcre went to cmake, so at or > before 2.4.0. After all, it's the only way to build pcre which is a

Re: The drive for 2.4.26

On Apr 29, 2017 12:16 PM, "Gregg Smith" wrote: Once APR 1.6 is released my plan is to make the change permanent next 2.4.x then making the need for that conversion unneeded. Openssl 1.0.2 is good till sometime in 2019, even 1.1.0 eol's before it does so we're stuck w/ cvtdsp.pl modifying the ds

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Apr 28, 2017 2:40 PM, "Steffen" wrote: cvtdsp.pl is not a hassle, just a easy step. Quote: you should not need cvtdsp.pl -2005 with VC14. They fixed this in the conversion. Terrific, this is verified?!? Otherwise there is no requirement for a Windows build to have an installed Perl, which

Re: The drive for 2.4.26

Now that these are independent of one another, I think we can release before 1.6.x are released. We should just call out "New: OpenSSL 1.1.0 support! (Upcoming APR 1.6.x is required for this support.) On Apr 28, 2017 2:56 PM, "Steffen" wrote: > When with apr & apr-until 1.6 fine even more cool

Re: mod_brotli in 2.4.x is missing a few Makefile changes

use cmake with pcre and brotli, rest/most is make. > No cmake *majority*. > >> Op 28 apr. 2017 om 18:45 heeft William A Rowe Jr het >> volgende geschreven: >> >>> On Fri, Apr 28, 2017 at 11:35 AM, Jan Ehrhardt wrote: >>> William A Rowe Jr in gmane.comp.a

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Fri, Apr 28, 2017 at 11:35 AM, Jan Ehrhardt wrote: > William A Rowe Jr in gmane.comp.apache.devel (Fri, 28 Apr 2017 10:30:03 > -0500): >>You might have missed my thought here... suggesting that the CMake >>not-so-experimental build become recommended for users who want

Re: svn commit: r1792912 - in /httpd/httpd/branches/2.4.x/modules/filters: mod_brotli.dsp mod_brotli.mak

Wouldn't there be a corresponding change to LIBPATH? On Thu, Apr 27, 2017 at 10:17 AM, wrote: > Author: gsmith > Date: Thu Apr 27 15:17:57 2017 > New Revision: 1792912 > > URL: http://svn.apache.org/viewvc?rev=1792912&view=rev > Log: > Per brotli-master include will move in 1.0.0 > Prepare now

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Fri, Apr 28, 2017 at 10:05 AM, Jan Ehrhardt wrote: > William A Rowe Jr in gmane.comp.apache.devel (Fri, 28 Apr 2017 09:57:53 > -0500): >>Hmmm... >> >>Building brotli libs requires CMake. >> >>Perhaps only support building mod_brotli through the CMake build,

Re: mod_brotli in 2.4.x is missing a few Makefile changes

Hmmm... Building brotli libs requires CMake. Perhaps only support building mod_brotli through the CMake build, and not the legacy build?

Re: mod_brotli in 2.4.x is missing a few Makefile changes

Jan, That is correct. The .dsp is wired to interrelated projects via the .dsw file. Exporting the projects into .mak files causes all the 'depends upon' libs to be added. See any other such as mod_status. If we were building brotli in-tree you would add the libbrotli .dsp and it would resolve tha

Re: HTTP Server Hackathon/BOFs in Miami?

On Apr 26, 2017 07:12, "Jim Jagielski" wrote: I have never been productive at Hackathons. The discussion is great and all that, but as far as the actual coding is concerned, I am too accustomed to having a certain environment when coding, including my desktop cpu, full keyboard and monitor. I jus

Re: HTTP Server Hackathon/BOFs in Miami?

tem. On Tue, Apr 18, 2017 at 1:38 PM, William A Rowe Jr wrote: > Evaluating whether I will attend ApacheCon, the most specific reason would > be hackathon time. Or productive BoF sessions. > > Who all is planning to spend some time hacking at ACNA '17? Ideas for > projects or BoF topics?

Re: svn commit: r1791807 - /httpd/httpd/trunk/docs/conf/extra/httpd-manual.conf.in

On Apr 20, 2017 15:06, "André Malo" wrote: * William A Rowe Jr wrote: > Please re-validate your assumptions before we proceed with this > discussion. I'll be interested in your findings. I did. I've decided to drop out of that "discussion". I'm sorr

Re: svn commit: r1791807 - /httpd/httpd/trunk/docs/conf/extra/httpd-manual.conf.in

On Tue, Apr 18, 2017 at 3:56 PM, André Malo wrote: > * wr...@apache.org wrote: > >> Author: wrowe >> Date: Tue Apr 18 16:25:03 2017 >> New Revision: 1791807 >> >> URL: http://svn.apache.org/viewvc?rev=1791807&view=rev >> Log: >> KISS: RemoveType is a simpler fix for .tr > > I seem to remember, tha

Re: svn commit: r1791807 - /httpd/httpd/trunk/docs/conf/extra/httpd-manual.conf.in

On Tue, Apr 18, 2017 at 3:56 PM, André Malo wrote: > * wr...@apache.org wrote: > >> Author: wrowe >> Date: Tue Apr 18 16:25:03 2017 >> New Revision: 1791807 >> >> URL: http://svn.apache.org/viewvc?rev=1791807&view=rev >> Log: >> KISS: RemoveType is a simpler fix for .tr > > I seem to remember, tha

HTTP Server Hackathon/BOFs in Miami?

Evaluating whether I will attend ApacheCon, the most specific reason would be hackathon time. Or productive BoF sessions. Who all is planning to spend some time hacking at ACNA '17? Ideas for projects or BoF topics?

Re: svn commit: r1791192 - /httpd/httpd/branches/2.4.x/support/abs.mak

On Wed, Apr 12, 2017 at 5:31 PM, wrote: > Author: gsmith > Date: Wed Apr 12 22:31:15 2017 > New Revision: 1791192 > > URL: http://svn.apache.org/viewvc?rev=1791192&view=rev > Log: > Add another include since applink.c has been moved in > the OpenSSL source. More info: > http://marc.info/?t=149192

Re: svn commit: r1790999 - in /httpd/httpd/branches/2.4.x: Makefile.win docs/manual/platform/win_compiling.xml modules/ssl/mod_ssl.mak support/ab.c support/abs.mak

On Tue, Apr 11, 2017 at 9:16 PM, Gregg Smith wrote: > > No applink.c is installed to PREFIX/include/openssl. I neglected to consider > building with cmake, my bad. > > Adding the include is the easiest way to deal with this. Yea, I was confused... https://github.com/openssl/openssl/pull/1314 made

Re: svn commit: r1790999 - in /httpd/httpd/branches/2.4.x: Makefile.win docs/manual/platform/win_compiling.xml modules/ssl/mod_ssl.mak support/ab.c support/abs.mak

On Tue, Apr 11, 2017 at 5:49 PM, Gregg Smith wrote: > > They will say fix ours. Bottom line, it's been moved from > include/openssl/applink.c to ms/applink.c > > So, ok, will have to add /ms to the includes or do you have a better > suggestion? That suggests that OpenSSL make install deploys ms/a

Re: svn commit: r1790999 - in /httpd/httpd/branches/2.4.x: Makefile.win docs/manual/platform/win_compiling.xml modules/ssl/mod_ssl.mak support/ab.c support/abs.mak

On Tue, Apr 11, 2017 at 11:36 AM, wrote: > Author: gsmith > Date: Tue Apr 11 16:36:25 2017 > New Revision: 1790999 > > URL: http://svn.apache.org/viewvc?rev=1790999&view=rev > Log: > Retro win32 command-line build > > allow building with OpenSSL 1.1.0 > > ab.c (abs) > -- > applink.c has b

Re: mpm_winnt lingering close

On Tue, Apr 11, 2017 at 9:35 AM, Stefan Eissing wrote: > well, your change just reverses the order of check and call. far be it from > me to say what is better. just wanted to point that out. You scared me :) (I thought I had flipped fetching and testing the disconnected flag for a moment there

Re: mpm_winnt lingering close

> >> Am 11.04.2017 um 15:30 schrieb William A Rowe Jr : >> >> Great news, thanks Steffen! >> >> Stefan - if you apply to trunk and 2.4.x (I'm already +1 on inspection) I >> have >> regression testing on Windows to do today and tomorrow and can give t

Re: svn commit: r1790917 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Apr 11, 2017 at 8:18 AM, Stefan Eissing wrote: > I do not understand why we are discussing brotli build issues here. We do not > plan to ship it, only to link against their now supposedly stable API if we > find it. If Linux distros are willing to build and package it and solve any > co

Re: mpm_winnt lingering close

th Patch on AL windows with v1.10.1-git, nghttp2 1.21.1 , no > warning anymore seen. > > > > On Tuesday 11/04/2017 at 10:23, Stefan Eissing wrote: > > > Am 03.04.2017 um 21:17 schrieb William A Rowe Jr : > > On Mon, Apr 3, 2017 at 8:21 AM, Eric Covener wrote: >

Re: svn commit: r1790806 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Apr 11, 2017 at 6:39 AM, Jim Jagielski wrote: > >> On Apr 10, 2017, at 11:55 PM, William A Rowe Jr wrote: >> >>> - -1: wrowe (Premature, waiting on github.com/google/brotli 0.6 release) >>> - NOTE: Awaiting next release post 0.5.2 >>

Re: svn commit: r1790917 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Apr 11, 2017 at 6:32 AM, Jim Jagielski wrote: > /me confused. Why the -1 again? Are you having problems > building brotli? Or is it that you don't like how > brotli is being built? Or what? The docs were a mess - issues I had address on dev@. Until Monday, after you had removed my vote.

Re: svn commit: r1790917 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 11:25 PM, wrote: > Author: wrowe > Date: Tue Apr 11 04:25:34 2017 > New Revision: 1790917 > > URL: http://svn.apache.org/viewvc?rev=1790917&view=rev > Log: > Veto veto of veto > > Modified: > httpd/httpd/branches/2.4.x/STATUS > > Modified: httpd/httpd/branches/2.4.x/ST

Re: svn commit: r1790806 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 10:55 PM, William A Rowe Jr wrote: > > I was happy with the state of master as of Friday. I have not reviewed > the final release package, however. EFAIL cd Brotli-0.6.0 && \ cmake -G "Unix Makefiles" \ -D CMAKE_INSTALL_LIBDIR=lib \ -D CMAKE_

Re: svn commit: r1790170 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 6:31 PM, Daniel Ruggeri wrote: > > @wrowe - I think the updated proposal addresses the concerns around the > optional processing. Would love if you can spare a few cycles before the > upcoming 2.4.26 to review and offer your +1 or at least nyx the -.5 note > in case that's

Re: svn commit: r1790806 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 6:50 AM, wrote: > Author: jim > Date: Mon Apr 10 11:50:26 2017 > New Revision: 1790806 > > URL: http://svn.apache.org/viewvc?rev=1790806&view=rev > Log: > With v0.60 of https://github.com/google/brotli released, > this is now viable again. Agreed this is no longer 'being

Re: mod_http2 v1.10.0

On Tue, Apr 4, 2017 at 9:24 AM, Stefan Eissing wrote: > >> Which one is the yellow bar over 6 connections? > > It's invisible. I extrapolated. Just ran the tests: > > h1 (6 conn): ~28,000 req/s > h2 (6 conn): ~33,000 req/s > > which is an unfair comparison. Seen from a browser's point of view, it

Re: mpm_winnt lingering close

On Mon, Apr 3, 2017 at 8:21 AM, Eric Covener wrote: > On Mon, Apr 3, 2017 at 9:07 AM, Stefan Eissing > wrote: >> Question is: do we "fix" mpm_winnt or is there a better way for mod_http2 to >> shutdown the connection before mod_ssl does. This would need to work in >> async mpms for any connecti

Re: Stand-alone negation on Require (was: Quick 2.4 question)

On Thu, Mar 30, 2017 at 3:02 PM, Philip Prindeville wrote: > I’ve not heard back so I’m going to go ahead and file a bug as a placekeeper. +1 (I'm not seeing this yet.) >> On Mar 29, 2017, at 7:04 PM, Philip Prindeville >> wrote: >> >> to allow access contingent on the presence of a flag, it s

Re: mod_remoteip and mod_http2 combined

On Wed, Mar 29, 2017 at 4:43 PM, William A Rowe Jr wrote: > > It would be nice if the mod_remoteip patch to PROXY protocol followed the > security advisories of the PROXY draft security comments, and we rip out the > 'optional' mode. The remaining objection is around the

Re: mod_remoteip and mod_http2 combined

AM, Sander Hoentjen wrote: >>>> On 02/20/2017 07:48 PM, William A Rowe Jr wrote: >>>>> On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri >>>>> wrote: >>>>>> On 2017-02-15 09:07 (-0600), William A Rowe Jr >>&

Re: The drive for 2.4.26

On Wed, Mar 29, 2017 at 2:37 PM, Jim Jagielski wrote: > Let's shoot for a 2.4.26 within the next handful of > weeks. ++1 - my only question is whether we can get an apr[-util] release in the next week or two ahead of our release, to encourage users to update their entire stack? > There are some

EBCDIC c-t-r exception? [Was: Re: svn commit: r1788039]

On Tue, Mar 21, 2017 at 6:54 PM, wrote: > Author: covener > Date: Tue Mar 21 23:54:43 2017 > New Revision: 1788039 > > URL: http://svn.apache.org/viewvc?rev=1788039&view=rev > Log: > propose a few small patches > + *) core: EBCDIC fixes for interim responses with additional headers. > + tr

Re: [request] public API to SSL_CTX from mod_ssl

On Tue, Mar 21, 2017 at 6:08 PM, zzz wrote: > I am prototyping an Apache module that performs certain security compliance > checks, one aspect of which requires access to the SSL_CTX that mod_ssl > creates for an SSL enabled server. > > Access to that object is currently through the SSLSrvConfigRe

Re: Question about Apache 2.4 and libapreq2 (Apache2::Request)

et to use the X-Forwarded-For value as > $r->useragent_ip gives 127.0.0.1. > In the next stage, PerlTransHandler, a call to $r->useragent_ip() gives the > correct remote ip, but the X-Forwarded-For header is no longer available. > > > > From: Wi

Re: [pcre-dev] Re-factored pcre2_match() needs testing

This is very interesting and coincidental to our efforts at the Apache httpd project. A number of weeks ago I migrated trunk to PCRE2 provided it is detected. Hopefully, most developers are running from trunk/bleed on most projects, at least that's where I'm at. We do have complications taking the

Re: svn commit: r1783256 - /httpd/httpd/branches/2.4.x/STATUS

On Sat, Mar 11, 2017 at 1:33 PM, Daniel Ruggeri wrote: > > On 2/20/2017 10:58 AM, William A Rowe Jr wrote: >> On Sat, Feb 18, 2017 at 4:44 PM, Daniel Ruggeri wrote: >>> Hi, Bill; >>>I've replied about the pre_connnection situation - hoping someone can >

Re: svn commit: r1783256 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Mar 13, 2017 at 7:31 PM, William A Rowe Jr wrote: > On Sat, Mar 11, 2017 at 1:33 PM, Daniel Ruggeri wrote: >> This is important for us on two fronts: >> * For mod_remoteip, we'd have to decide which to use. The current method >> is to prefer PROXY. >&

Re: Question about Apache 2.4 and libapreq2 (Apache2::Request)

13, 2017 at 6:28 PM, JW wrote: > > From: William A Rowe Jr > To: JW > Cc: "modp...@perl.apache.org" > Sent: Friday, March 10, 2017 1:44 PM > Subject: Re: Question about Apache 2.4 and libapreq2 (Apache2::Request) > > On Thu,

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Fri, Mar 10, 2017 at 1:51 PM, Sam Tregar wrote: > > I think this could be fixed by just the part of my patch that allowed for > IncludeOptional in addition to Include when finding sub-confs for inheriting > the parts that load an MPM. I'll work up a patch that switches to apachectl > and inclu

Re: [users@httpd] URG:DocumentRoot relate query on WIndows

What you are seeing is correct behavior, DocumentRoot is an absolute path, whether you have specified this or not. If httpd sees an incomplete path, it is going to work out an absolute path from the ServerRoot If it appends the default and cannot establish a full path, you will receive the indicate

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Thu, Mar 9, 2017 at 3:23 PM, Sam Tregar wrote: > I'm not totally clear on who's maintaining Apache::Test. > > If not, what changes would you need to take it? Refer back to my earlier comments. There is very little chance that any specific vendor deviations will be accommodated at the ASF. Once

Re: Status of 2.4.x-openssl-1.1.0-compat/ ?

On Wed, Mar 8, 2017 at 3:30 AM, Joe Orton wrote: > > Simply doing: > > $ svn merge > https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat > > ... into a 2.4.x wc should DTRT, no? It seems to work fine here. Indeed, it does, thanks. > (I got distracted since the test

Re: [RFC] ?

On Mar 8, 2017 4:29 AM, "Joe Orton" wrote: Sorry, taking my time here, and I appreciate all the feedback. Definitely happier to debate it and get it right than be lumbered with annoying edge cases forever. I did the refactoring in r1785943, so third iteration attached has both and . I'd have

Re: svn commit: r1785116 - in /httpd/httpd/branches/2.4.x: ./ modules/lua/config.m4

On Tue, Mar 7, 2017 at 1:37 PM, Jacob Champion wrote: > On 03/07/2017 07:49 AM, William A Rowe Jr wrote: >> >> Ok, adding /usr/lib is a bad thing any and every day (and in this case, >> completely bogus since it lives in /usr/lib64). > > > Same on Ubuntu, where t

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Tue, Mar 7, 2017 at 12:59 PM, Stefan Fritsch wrote: > On Tuesday, 7 March 2017 11:17:57 CET Eric Covener wrote: >> On Tue, Mar 7, 2017 at 10:32 AM, William A Rowe Jr > wrote: >> > It seems we should have the framework process the bin/envvars (in the >> > normal

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Tue, Mar 7, 2017 at 10:17 AM, Eric Covener wrote: > On Tue, Mar 7, 2017 at 10:32 AM, William A Rowe Jr > wrote: >> It seems we should have the framework process the bin/envvars (in the normal >> path, or /etc/apache2 in this case)... but that should be based on >> re

Status of 2.4.x-openssl-1.1.0-compat/ ?

Six months ago, rjung forked 2.4.x and began to backport our compatibility fixes for OpenSSL 1.1.0. Today, from the state of trunk, it seems the compatibility efforts look very good and are nearly ready to apply to 2.4.x. That branch-point was here; http://svn.apache.org/viewvc?view=revision&revi

Re: svn commit: r1785116 - in /httpd/httpd/branches/2.4.x: ./ modules/lua/config.m4

Some oddities, pretty sure there is no regression though. Fedora's layout is; /usr/include/ luaconf.hlua.hlualib.hluaconf-x86_64.hlua.hpp /usr/include/lua-5.1/ lauxlib.h luaconf.h lua.h lua.hpp lualib.h /usr/lib64/ /usr/lib64/liblua-5.1.so /usr/lib64/libluajit-5.1.so.2 -> lib

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Mon, Mar 6, 2017 at 3:11 PM, Sam Tregar wrote: > Are you suggesting that people who want to run tests that use Apache::Test > should know that they have to source /etc/apache2/envvars first? Or that I > should patch Apache::Test to source that file instead of guessing which vars > to set? > >

Re: svn commit: r1785116 - in /httpd/httpd/branches/2.4.x: ./ modules/lua/config.m4

The fix seems simple. Autoconf test for a usable luaL_openlib. If that fails, keep rolling on to the next candidate. Wondering why we are making all this up still, when pkgconfig will give us all the correct [c|cpp|ld]flags, per each distro's quirks. On Fri, Mar 3, 2017 at 1:03 PM, Jacob Champion

Re: [RFC] ?

On Tue, Feb 28, 2017 at 5:57 PM, Jacob Champion wrote: > On 02/27/2017 03:19 AM, Joe Orton wrote: >> >> On Wed, Feb 22, 2017 at 10:00:08PM +0100, Yann Ylavic wrote: >>> >>> On Wed, Feb 22, 2017 at 11:47 AM, Joe Orton wrote: (b) for match both "foo" and ">> >>> >>> I'd vote for this, it

<    1   2   3   4   5   6   7   8   9   10   >