Hi
i know that this is more or less off-topic but i doubt there
are better sources to ask then the httpd-developers
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
On 09 Apr 2014, at 1:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the
Am 09.04.2014 13:53, schrieb Graham Leggett:
On 09 Apr 2014, at 1:48 PM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the memory of other workers?
The address space boundary of the process is the
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller dr...@suse.de wrote:
There have been some zero-before-free changes in mozilla-nss recently.
It may be time to have object reuse issues in mind for both core and at
least the auth* modules.
The following function was added to apr-util to do that:
Am 09.04.2014 14:19, schrieb Graham Leggett:
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller dr...@suse.de wrote:
There have been some zero-before-free changes in mozilla-nss recently.
It may be time to have object reuse issues in mind for both core and at
least the auth* modules.
The
On Wed, Apr 9, 2014 at 5:48 AM, Reindl Harald h.rei...@thelounge.net wrote:
after update openssl and re-new all certificates one question
remains: in case of httpd-prefork would a attacker only have
been able to compromise the private key and data of his
worker-process or as well access the
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes, as well as the common ssl session
ticket key and ssl cert keys. In practice the benefits of prefork are
somewhat limited to casual attacks.
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket key and ssl cert keys. In practice
the benefits of prefork are somewhat
limited to
On Fri, Apr 4, 2014 at 7:48 PM, Jeff Trawick traw...@gmail.com wrote:
On Tue, Feb 18, 2014 at 3:50 PM, Scott Deboy sde...@secondstryke.comwrote:
Hi folks,
I was wondering if someone would be willing/interested in reviewing the
patch I've attached to issue 55467.
Hi,
this is already in the proposal list, first one at the top, just waiting
for a last vote to be accepted.
CJ
Le 07/04/2014 11:24, yla...@apache.org a écrit :
Author: ylavic
Date: Mon Apr 7 09:24:05 2014
New Revision: 1585438
URL: http://svn.apache.org/r1585438
Log:
Propose
On Wed, Apr 9, 2014 at 10:24 AM, Jeff Trawick traw...@gmail.com wrote:
On Fri, Apr 4, 2014 at 7:48 PM, Jeff Trawick traw...@gmail.com wrote:
On Tue, Feb 18, 2014 at 3:50 PM, Scott Deboy sde...@secondstryke.comwrote:
Hi folks,
I was wondering if someone would be willing/interested in
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket key and ssl cert keys. In practice
the
On Wed, Apr 9, 2014 at 2:24 AM, kbr...@apache.org wrote:
Author: kbrand
Date: Wed Apr 9 08:24:25 2014
New Revision: 1585902
URL: http://svn.apache.org/r1585902
Log:
Update SSLPassPhraseDialog directive docs to correctly describe the
current behavior for exec-type programs in 2.4.x, at
Thanks, promoted in r1586125.
On Wed, Apr 9, 2014 at 7:15 PM, Christophe JAILLET
christophe.jail...@wanadoo.fr wrote:
Hi,
this is already in the proposal list, first one at the top, just waiting for
a last vote to be accepted.
CJ
Le 07/04/2014 11:24, yla...@apache.org a écrit :
Author:
Am 09.04.2014 21:42, schrieb Rainer Jung:
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket
r1023398 for 2.2:
http://people.apache.org/~covener/patches/httpd-2.2.x-thunder.diff
The remove_url() prevents other threads from serving a stale cached
file during refresh of a slow response, but it's unnecessary to have a
separate path because the refresh has to deal with 200s already. When
On 09.04.2014 21:42, Rainer Jung wrote:
On 09.04.2014 18:05, Reindl Harald wrote:
Am 09.04.2014 17:41, schrieb William A. Rowe Jr.:
Combined with typical ssl session shmcb ... That single process still has
session keys of other prefork processes,
as well as the common ssl session ticket
On 9 Apr 2014, at 14:46, Eric Covener cove...@gmail.com wrote:
r1023398 for 2.2:
http://people.apache.org/~covener/patches/httpd-2.2.x-thunder.diff
The remove_url() prevents other threads from serving a stale cached
file during refresh of a slow response, but it's unnecessary to have a
19 matches
Mail list logo
