Apache2::compat from mod_perl 2.0.3 -- multiple issues

It seems that compat.pm isn't 'use strict' clean even thou it is declaring this pragma. # Error: Bareword "Apache2::ServerUtil::server_root" not allowed while "strict subs" in use at /usr/lib/perl5/site_perl/5.8.8/i686-linux/Apache2/compat.pm line 347, line 9. This error is caused by

Re: Having problems installing mod_perl on Slackware

[Thu Mar 22 21:34:14 2007] [error] [client 127.0.0.1] Handler for modperl returned invalid result code 2 # Failed test 3 in /usr/src/mod_perl-2.0.3/t/response/TestAPI/server_const.pm at line 39 This was due API changes from 2.2.3 -> 2.2.4 in httpd. This is largely irrelevant for general mp use s

Re: [RELEASE CANDIDATE] mod_perl-1.30 RC1

Randal L. Schwartz wrote: >>"Philippe" == Philippe M Chiasson <[EMAIL PROTECTED]> writes: > > > Philippe> SECURITY: CVE-2007-1349 (cve.mitre.org) > > Is it disinformation at > that says it was > assigned on march *8th*. Last I lo

Re: Having problems installing mod_perl on Slackware

I notice that at the top it references Apache/2.2.4. I attenpted to use 2.2.4 first and when that did not work configured, compiled and installed 2.0.59. Is there a leftover that may be causing this problem? Log contents: END in modperl_extra.pl, pid=7593 [Thu Mar 22 21:33:01 2007] [notice] Ap

Mod_perl and win32 --more experience

Hi all, There has been quite a few reports about mod_perl causing segment faults in Win32 boxes on the list (including me). Thanks to all that responded with suggestions. Here is my latest findings: 1- I have mod_perl2.0.3 apache2.2.4 working on a Windows 2003 box.(Dual xceleron IBM server) 2- Us

Mod_Perl2 vs. Mod_Perl1, MPM_WORKER....

Hi, I¹m just wondering what the mod_perl intelligencia thinks about the choice between using mod_perl1 vs. mod_perl2 Is there a reason not to go with the newer mod_perl2 (and Apache2, of course). Is it stable and well accepted at this point? It seems like a great number of people still use

Re: [RELEASE CANDIDATE] mod_perl-1.30 RC1

> "Philippe" == Philippe M Chiasson <[EMAIL PROTECTED]> writes: Philippe> SECURITY: CVE-2007-1349 (cve.mitre.org) Is it disinformation at that says it was assigned on march *8th*. Last I looked, it was closer to the 23rd. Weird.

[RELEASE CANDIDATE] mod_perl-1.30 RC1

The mod_perl 1.30 release candidate #1 has arrived. It can be downloaded here: http://www.apache.org/~gozer/mp1/mod_perl-1.30-rc1.tar.gz MD5 : 639e045d782a66746a70b7948dfa SHA1: 942eaffe4570a9060b3a0ed7de52ac902d054cbb The summary of what has changed since 1.29 are (from Changes): SECURITY:

Problem building mod_perl2 on Mac OS X 10.4.9, Intel

-8<-- Start Bug Report 8<-- 1. Problem Description: I¹m having a problem building mod_perl2 on a Mac, OS X 10.4.9, Intel It fails during the Œmake¹ step, apparently during the final link step: env MACOSX_DEPLOYMENT_TARGET=10.3 cc -bundle -undefin

Re: MP1 Security issue

> "Randal" == Randal L Schwartz writes: Randal> However, for mp2, since the listed modules all use Randal> ModPerl::RegistryCooker, and the problem is in there, my list is still Randal> accurate. Ugh. Yes, I see it now. While ModPerl::RegistryCooker has the problem, some of the modules (li

Re: MP1 Security issue

On 3/23/07, Randal L. Schwartz wrote: You're correct. It has been fixed in Apache::Registry for MP1. I'm sorry I overlooked that last night. For mp1, it affects only users of Apache::PerlRun. However, for mp2, since the listed modules all use ModPerl::RegistryCooker, and the problem is in th

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

On 3/23/07, Geoffrey Young <[EMAIL PROTECTED]> wrote: as for mp2, nothing in the current distribution is affected - ModPerl::Registry and ModPerl::PerlRun are both filesystem based and not uri based. however, if you use RegistryCooker to roll your own non-standard Registry handler and are using

Re: MP1 Security issue

> "Geoffrey" == Geoffrey Young <[EMAIL PROTECTED]> writes: Michael> Not quite. It only affects people running PerlRun. Not insignificant, Michael> but definitely not everyone. >> >> No, it affects users of all script-like things, both mod_perl1 (users of >> Apache::Registry, Apache::PerlRun),

Re: MP1 Security issue

> Michael> Not quite. It only affects people running PerlRun. Not insignificant, > Michael> but definitely not everyone. > > No, it affects users of all script-like things, both mod_perl1 (users of > Apache::Registry, Apache::PerlRun), and mod_perl2 (users of ModPerl::PerlRun, > ModPerl::PerlRunP

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

> I was able to reproduce this in mp1. > > for the interested, a fix has been put in place in svn for mod_perl 1.0, > which you can grab from here: > > https://svn.apache.org/repos/asf/perl/modperl/branches/1.x/ > > furthermore, as michael pointed out, the problem is isolated to > Apache::Per

Re: MP1 Security issue

> "Michael" == Michael Peters <[EMAIL PROTECTED]> writes: Michael> Randal L. Schwartz wrote: >>> "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: >> Alex> The problem is due to unescaped variable interpolation in regular Alex> expression $uri =~ /$path_info$/ in sub namespace_from: >>

Re: MP1 Security issue

> "Geoffrey" == Geoffrey Young <[EMAIL PROTECTED]> writes: Geoffrey> this sensationalism was just flat-out irresponsible. I don't doubt Geoffrey> that it's true, but not giving us dev folks time to address the Geoffrey> issue with a security release is going to cause more headaches than Geoff

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Kjetil Kjernsmo wrote: > On Friday 23 March 2007 14:57, Geoffrey Young wrote: > >>fwiw, I am unable to reproduce this in either mp1 or mp2 using what I >>consider a basic setup. > > > I have also failed to reproduce the problem on 2.0.3 with my setup. > Also, we are very liberal on what kind of

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

On Friday 23 March 2007 14:57, Geoffrey Young wrote: > fwiw, I am unable to reproduce this in either mp1 or mp2 using what I > consider a basic setup. I have also failed to reproduce the problem on 2.0.3 with my setup. Also, we are very liberal on what kind of usernames, and thus what special ch

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Michael Peters wrote: > Randal L. Schwartz wrote: > >>>"Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: >> >>Alex> The problem is due to unescaped variable interpolation in regular >>Alex> expression $uri =~ /$path_info$/ in sub namespace_from: >> >>I don't want to raise too many alarms, but

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Randal L. Schwartz wrote: >> "Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: > > Alex> The problem is due to unescaped variable interpolation in regular > Alex> expression $uri =~ /$path_info$/ in sub namespace_from: > > I don't want to raise too many alarms, but this means that every MP1

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Randal L. Schwartz wrote: >>"Randal" == Randal L Schwartz writes: > > >>"Alex" == Alex Solovey <[EMAIL PROTECTED]> writes: > > Alex> The problem is due to unescaped variable interpolation in regular > Alex> expression $uri =~ /$path_info$/ in sub namespace_from: > > Randal> I don't wan

Re: Partial HTML

We are running through a load balancer with port forwarding. Why could it be at that end? What this project have coded is a "sub request" to get data from our server to include in the original call hence the HTML is only partial. When I say "sub request" I mean, they go via the outside wor

[Fwd: CPAN Upload: P/PG/PGOLLUCCI/Apache-DBI-1.06.tar.gz]

The uploaded file Apache-DBI-1.06.tar.gz has entered CPAN as file: $CPAN/authors/id/P/PG/PGOLLUCCI/Apache-DBI-1.06.tar.gz size: 33833 bytes md5: ba05c9b7a437e8d974c81d948d162825 No action is required on your part Request entered by: PGOLLUCCI (Philip M. Gollucci) Request entered

[RELEASE CANDIDATE] Apache-SizeLimit 0.91 RC2

A release candidate for Apache-SizeLimit 0.91-RC2 is now available. http://people.apache.org/~pgollucci/asl/Apache-SizeLimit-0.91-rc2.tar.gz Please download, test, and report back. I believe this will be the last Release Candidate for .91. *** Pending a successful release, This package will be