Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Tue, May 12, 2009 at 9:17 AM, wrote: > Author: covener > Date: Tue May 12 13:17:29 2009 > New Revision: 773881 > > URL: http://svn.apache.org/viewvc?rev=773881&view=rev > Log: > backport 772997, 773322, 773342 from trunk. > Reviewed By: jorton, rpluem, covener > > Security fix for CVE-2009-119

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Sun, May 17, 2009 at 11:15:00AM -0400, Jeff Trawick wrote: > On Tue, May 12, 2009 at 9:17 AM, wrote: > > > Author: covener > > Date: Tue May 12 13:17:29 2009 > > New Revision: 773881 > > > > URL: http://svn.apache.org/viewvc?rev=773881&view=rev > > Log: > > backport 772997, 773322, 773342 from

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Wed, May 20, 2009 at 8:53 AM, Joe Orton wrote: > On Sun, May 17, 2009 at 11:15:00AM -0400, Jeff Trawick wrote: > > On Tue, May 12, 2009 at 9:17 AM, wrote: > > > > > Author: covener > > > Date: Tue May 12 13:17:29 2009 > > > New Revision: 773881 > > > > > > URL: http://svn.apache.org/viewvc?re

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

Jeff Trawick wrote: > Does somebody else care to share their opinion on this? Which of these > are okay? > > - existing mod_perl releases (and potentially other third-party modules) > won't compile with 2.2.12 CORE_PRIVATE may be broken from release to release, it's a necessary concession to pre

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Thu, May 21, 2009 at 3:08 PM, William A. Rowe, Jr. wrote: > Jeff Trawick wrote: > > Does somebody else care to share their opinion on this? Which of these > > are okay? > > > > - existing mod_perl releases (and potentially other third-party modules) > > won't compile with 2.2.12 > > CORE_PRIVA

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Thu, May 21, 2009 at 02:39:57PM -0400, Jeff Trawick wrote: > On Wed, May 20, 2009 at 8:53 AM, Joe Orton wrote: > > Given that the semantics of the options has changed, I don't think it's > > worth changing httpd to maintain any pretence of compile-time or > > run-time compatibility here. Any c

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri, May 22, 2009 at 05:26:07PM +0100, Joe Orton wrote: > Attaching my original analysis for security@ which hopefully answers > that question ;) attempt 2 I've now had a deeper look into this. I can't see a way to fix the problem without changing the semantics of the OPT_ bits used, as I

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Thu, May 21, 2009 at 3:25 PM, Jeff Trawick wrote: > > > On Thu, May 21, 2009 at 3:08 PM, William A. Rowe, Jr. > wrote: > >> Jeff Trawick wrote: >> > Does somebody else care to share their opinion on this? Which of these >> > are okay? >> > >> > - existing mod_perl releases (and potentially o

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri, May 22, 2009 at 10:17 AM, Jeff Trawick wrote: > > On Thu, May 21, 2009 at 3:25 PM, Jeff Trawick wrote: >> >> On Thu, May 21, 2009 at 3:08 PM, William A. Rowe, Jr. >> wrote: >>> >>> Jeff Trawick wrote: >>> > Does somebody else care to share their opinion on this?  Which of these >>> > are

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri 22 May 2009, Jeff Trawick wrote: > Hmmm, after trying to use what seems like a cool feature, I find that > mod_perl was never taught to use the Apache 2's mod_include plug-in > interface. AFAIK, that is provided by Geoff's CPAN module Apache::IncludeHook or so. Torsten -- Need professio

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

Joe Orton wrote: > > Having thought about this longer, I do agree that it would be reasonable > to provide OPT_INCNOEXEC as a noop integer for back-compat, but, it > turns out we're out of bits - allow_options_t is an unsigned char and > we're using 2^0 through 2^7 already. :( The C langauge p

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri, May 22, 2009 at 2:46 PM, Torsten Foertsch wrote: > On Fri 22 May 2009, Jeff Trawick wrote: > > Hmmm, after trying to use what seems like a cool feature, I find that > > mod_perl was never taught to use the Apache 2's mod_include plug-in > > interface. > > AFAIK, that is provided by Geoff's

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri, May 22, 2009 at 2:59 PM, William A. Rowe, Jr. wrote: > Joe Orton wrote: > > > > Having thought about this longer, I do agree that it would be reasonable > > to provide OPT_INCNOEXEC as a noop integer for back-compat, but, it > > turns out we're out of bits - allow_options_t is an unsigned

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri, May 22, 2009 at 4:21 PM, Jeff Trawick wrote: > > > On Fri, May 22, 2009 at 2:59 PM, William A. Rowe, Jr. > wrote: > >> Joe Orton wrote: >> > >> > Having thought about this longer, I do agree that it would be reasonable >> > to provide OPT_INCNOEXEC as a noop integer for back-compat, but,

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

Jeff Trawick wrote: > > Backing up a bit... > > I originally thought we could map bit values in 2.2.x to avoid affecting > modules, but that isn't possible since includes-with-exec is two bits > instead of one. Hold on... I think this can still work; * Retain new true 'Includes' bit as old In

Re: svn commit: r773881 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS include/http_core.h modules/filters/mod_include.c server/config.c server/core.c

On Fri, May 22, 2009 at 5:10 PM, William A. Rowe, Jr. wrote: > Jeff Trawick wrote: > > > > Backing up a bit... > > > > I originally thought we could map bit values in 2.2.x to avoid affecting > > modules, but that isn't possible since includes-with-exec is two bits > > instead of one. > > Hold on.