[users@httpd] Announcing mod_websocket v0.1.2

'd. And the existing issues list didn't become any shorter, unfortunately. Questions? Comments? Let me know. Thanks for your interest! --Jacob Champion - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] WebSockets support in transparent proxy

On 07/18/2017 12:24 PM, Ray Navarette wrote: I can reproduce similar behavior using the websocket echo test (http://www.websocket.org/echo.html). When this site is accessed through the proxy server, unsecured (again, initiated as http) websocket connections fail. Interestingly, this demo also

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

On 07/11/2017 09:12 AM, Alexandru Duzsardi wrote: how does the httpd process change the permissions of that file? does that before droping root privileges? if not what would it stop it to change any file permissions? OP said htpasswd was touching the file, not httpd. --Jacob

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

On 07/11/2017 08:53 AM, Kevin Miles wrote: Sure enough, when I check /etc/stm/passwd its permissions have been changed from 644 to 600. When I change them back, everything starts working. But when I reload the system, something sets them back to 600 and it stops working! This looks like PR612

Re: [users@httpd] ownCloud / PHP-FPM problem after upgrade to 2.4.26

On 06/27/2017 01:42 PM, rockzOr wrote: Is there a plan for releasing 2.4.27 as for the broken behaviour or will it be next regular release in X months? Bill had a good answer in another thread [1]: On 06/27/2017 10:15 AM, William A Rowe Jr wrote: We don't generally try to predict our release

Re: [users@httpd] ownCloud / PHP-FPM problem after upgrade to 2.4.26

On 06/27/2017 12:48 PM, rockzOr wrote: Hi all, I've got a problem after upgrading to 2.4.26. Everything works fine except my ownCloud instance. Fair warning: I haven't looked through all of the info you provided (but thank you for being thorough!). FPM problems after upgrading to 2.4.26 are

Re: [users@httpd] if directive not being respected in Apache 2.4.6

On 06/21/2017 08:45 AM, William A Rowe Jr wrote: Frankly I'd think scope should be defined as Global only, even though it won't error out in these other cases. For trunk, it would be good to lock this down and eliminate the legacy 'support' of Define in sections. +1. Very long-term, I think it

[users@httpd] CVE-2017-3169: mod_ssl null pointer dereference

CVE-2017-3169: mod_ssl null pointer dereference Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTT

[users@httpd] CVE-2017-7679: mod_mime buffer overread

CVE-2017-7679: mod_mime buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Mitigation:

[users@httpd] CVE-2017-7668: ap_find_token buffer overread

CVE-2017-7668: ap_find_token buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.32 httpd 2.4.24 (unreleased) httpd 2.4.25 Description: The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which a

[users@httpd] CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

CVE-2017-3167: ap_get_basic_auth_pw authentication bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead

Re: [users@httpd] HTTPOxy vulnerability not posted to announce list?

On 12/21/2016 11:20 AM, Jim Allison wrote: Going through the history of the announce list, it seems that the advisory for HTTPOxy was not posted there. I can see that it was posted to the users list back in the summer, but we were only subscribed to the announce list. I can see that other vuln

Re: [users@httpd] Conditionally LoadModule?

On 11/15/2016 09:19 AM, Nick Kew wrote: So IfFile joins IfDefine and the infamous[1] IfModule. What next? We can't get rid of them in the lifetime of 2.4, but maybe thereafter they could come together? Is there a way we could provide a "startup-time" subset of ap_exprs? [1] because it gives

Re: [users@httpd] Apache 2.4.12+ on Windows x64 stops responding to requests

On 08/09/2016 07:22 AM, Paul Spangler wrote: Though in our case, we only needed to use AcceptFilter http connect AcceptFilter https connect rather than turning it off completely using "none". Setting it to connect allows the server to recycle sockets. I'll see if I can't look back into it and

Re: [users@httpd] Apache 2.4.12+ on Windows x64 stops responding to requests

On 07/25/2016 11:13 AM, Arthur Ramsey wrote: I think I will try the following settings first, but failing that I'll give the x86 build a try. AcceptFilter https none Any follow-up on this? I've been digging into the AcceptEx() implementation, since it looks like there have been intermittent

[users@httpd] Announcing mod_websocket v0.1.1

other part of the project), now is an excellent time to let me know. Follow or fork the project on GitHub, file issues, open pull requests! And as always, thanks for your interest. --Jacob Champion - To unsubscribe, e-mail:

Re: [users@httpd] Temporarily authentication errors with auth_dbd and postgres

On Dec 18, 2015 6:23 AM, "Klaus Darilion" wrote: > > For the records: Since we use Apache 2.4.17 we do not have that problem > anymore. Excellent! Glad that seems to have solved it. Thanks for reporting back. --Jacob [on mobile; sorry for any formatting annoyances]

Re: [users@httpd] explicitly including other ciphers for use with https

On 12/07/2015 09:54 PM, William A Rowe Jr wrote: On Dec 7, 2015 11:36 PM, "Marat Khalili" mailto:m...@rqc.ru>> wrote: >> >> Everything *after* that handshake, in cleartext, is open for inspection or for manipulation > > Are you sure about the manipulation part? Why do you think encryption hel

Re: [users@httpd] explicitly including other ciphers for use with https

On 12/07/2015 05:06 PM, William A Rowe Jr wrote: On Mon, Dec 7, 2015 at 2:39 PM, Ron Croonenberg mailto:r...@lanl.gov>> wrote: Hello, I a building a storage system, using HTTP/HTTPS for ingesting data. I would like to use the authentication over HTTPS, while after that I want n

Re: [users@httpd] Temporarily authentication errors with auth_dbd and postgres

On 02.12.2015 23:05, Nick Kew wrote: On Wed, 2 Dec 2015 22:11:20 +0100 Klaus Darilion wrote: [ ...] A puzzle indeed. Although the DB returns the same password-hash as always, and the browser sends the correct credentials (as in the working scenario), Apache replies with 401. Klaus, You

Re: [users@httpd] Announcing mod_websocket v0.1.0

On 11/12/2015 06:39 AM, Rich Bowen wrote: On 11/10/2015 03:33 PM, Jacob Champion wrote: I'm happy to announce version 0.1.0 of mod_websocket: https://github.com/jchampio/apache-websocket/releases/tag/0.1.0 Jacob, First, congratulations on your release. Hi Rich, thanks very much!

[users@httpd] Announcing mod_websocket v0.1.0

eventually be an ABI bump (0.2.x) to fix some known issues with the interfaces, but I'll do my best to consolidate those compatibility breaks and drive towards a 1.0 as soon as possible. Thanks for your interest! --Jacob Champion --

Re: [users@httpd] Re: make apache 2.4.17 portable under ubuntu

On 10/16/2015 06:23 PM, Good Guy wrote: I got it from the Master in this video: Just after 6 minutes in the video he is talking about binaries and all that. When Linus says "you don't make binaries for Linux", he means that maintaining and shippi