[Bug 68973] New: Content-Length header missing in 2.4.59 is a breaking change
https://bz.apache.org/bugzilla/show_bug.cgi?id=68973 Bug ID: 68973 Summary: Content-Length header missing in 2.4.59 is a breaking change Product: Apache httpd-2 Version: 2.4.59 Hardware: PC OS: All Status: NEW Severity: blocker Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: webha...@backmail.eu Target Milestone: --- I believe that you are severely underestimating the negative consequences of your decision to remove the possibility to send the Content-Length header with the latest update 2.4.59. For decades, the Content-Length header has been used to determine the file size that is delivered through PHP. Existing software is relying on this value. For example, I am using this value in an update mechanism to show the file size to be downloaded. At the same time, this value indicates if there is a valid file to be delivered. If there is no file size, there is no valid file and the download isn't even started. It was not to be expected that this header would ever be removed, so it was relied upon. You will find hundreds of scripts on StackOverflow relying on this value. Existing software is relying on this value. This breaking change is not documented. There is no warning and the loss of Content-Length isn't even mentioned in the changelog: https://downloads.apache.org/httpd/CHANGES_2.4 I have now lost three full work days discussing this issue with my server provider and trying everything to find the reason and a solution for this issue. As I now learned in another topic here, this hidden change was part of a security fix and the only working solution is to adjust the trust level with htaccess like this: SetEnvIf Request_URI "\.php$" ap_trust_cgilike_cl While at least there is this workaround, this is still a breaking change and shoul be treated as such. Since it is not, it was possibly an unintentional change. I urge you to reverse this change so as not to break any more existing software. It would also be highly recommended to include a corresponding note for the current version 2.4.59 in the changelog. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #6 from Ruediger Pluem --- I did not mean the build configuration but the httpd configuration hence the stuff you have in httpd.conf and that you include there. Please strip it down to a minimal configuration that shows this behavior. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970
--- Comment #5 from Allan Schrum ---
No. Our environment is secured in such a way that network sniffs are not
possible. For this environment we terminate at the edge and forward traffic to
port 80. Our production environments are more secure.
The server code was built with:
function mpmbuild()
{
mpm=$1; sh`'`'ift
mkdir $mpm; pushd $mpm
../configure \
--prefix=%{_sysconfdir}/httpd \
--exec-prefix=%{_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--sysconfdir=%{_sysconfdir}/httpd/conf \
--includedir=%{_includedir}/httpd \
--libexecdir=%{_libdir}/httpd/modules \
--datadir=%{contentdir} \
--with-installbuilddir=%{_libdir}/httpd/build \
--with-mpm=$mpm \
--with-apr=%{_prefix} --with-apr-util=%{_prefix} \
--enable-suexec --with-suexec \
--with-suexec-caller=%{suexec_caller} \
--with-suexec-docroot=%{contentdir} \
--with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
--with-suexec-bin=%{_sbindir}/suexec \
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
--enable-systemd \
--enable-pie \
--with-pcre \
$*
make %{?_smp_mflags} EXTRA_CFLAGS="-Werror-implicit-function-declaration"
popd
}
prefork
mpmbuild prefork \
--enable-mods-shared=all \
--enable-ssl --with-ssl \
--enable-proxy \
--enable-cache \
--enable-disk-cache \
--enable-ldap --enable-authnz-ldap \
--enable-cgid \
--enable-authn-anon --enable-authn-alias \
--disable-imagemap
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68971] eroare : mod_fcgid: error reading data from FastCGI server
https://bz.apache.org/bugzilla/show_bug.cgi?id=68971 Eric Covener changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Eric Covener --- No details -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68971] eroare : mod_fcgid: error reading data from FastCGI server
https://bz.apache.org/bugzilla/show_bug.cgi?id=68971 savin changed: What|Removed |Added URL||http://simpatie.site OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68971] New: eroare : mod_fcgid: error reading data from FastCGI server
https://bz.apache.org/bugzilla/show_bug.cgi?id=68971 Bug ID: 68971 Summary: eroare : mod_fcgid: error reading data from FastCGI server Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC Status: NEW Severity: normal Priority: P2 Component: mod_authnz_fcgi Assignee: bugs@httpd.apache.org Reporter: savintodir...@gmail.com Target Milestone: --- eroare : mod_fcgid: error reading data from FastCGI server -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 Ruediger Pluem changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #4 from Ruediger Pluem --- Please provide a minimal configuration that works with 2.4.58 and does not with 2.4.59. Please provide also the minimal configuration that works with 2.4.59 hence that it becomes more clear what changes in the configuration. The trace for the non working 2.4.59 case connects to port 80 and uses an unencrypted connection. Is it possible that you can provide network sniffs (not curl trace outputs) for all 3 cases (2.4.58, 2.4.59 not working, 2.4.59 working) using an unencrypted connection? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
