t; With regards,
> Daniel on behalf of ASF Infra.
>
--
Eric Covener
cove...@gmail.com
-24,7 +24,7 @@ or features.
> > libraries are
> >
> >
> > - APR 1.7.3, released February 1, 2023
> > + APR 1.7.4, released April 16, 2023
> > APR-util 1.6.3, released February 1, 2023
> > APR-iconv 1.2.2, released October 22, 2017
> >
> > @@ -32,7 +32,7 @@ libraries are
> >
> >
> >
> > -Apache Portable Runtime 1.7.3 Released
> > +Apache Portable Runtime 1.7.4 Released
> >
> >
> > The Apache Software Foundation and the Apache Portable Runtime
> >
> >
> >
>
> Hi,
>
> I don't know if something went wrong or if more time is needed, but
> theses changes are not yet visible on:
> https://apr.apache.org/
>
> CJ
>
--
Eric Covener
cove...@gmail.com
vote passes with following binding +1 and no other votes:
steffenal, ylavic, kotkov, covener, jailletc36
On Wed, Apr 12, 2023 at 10:25 PM Eric Covener wrote:
>
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/d
On Wed, Apr 12, 2023 at 10:25 PM Eric Covener wrote:
>
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/apr/
>
> I would like to call a VOTE over the next few days to release
> this candidate tar
On Thu, Apr 13, 2023 at 1:08 PM Evgeny Kotkov
wrote:
>
> Eric Covener writes:
>
> > Hi all,
> >
> > Please find below the proposed release tarball and signatures:
> >
> > https://dist.apache.org/repos/dist/dev/apr/
>
> First time voting for an APR r
New for this release we are only toggling it on the release tag (sic),
similar to httpd release process.
On Thu, Apr 13, 2023, 6:42 AM Yann Ylavic wrote:
> On Thu, Apr 13, 2023 at 12:16 PM SteffenAL wrote:
> >
> > it's me. I build from svn, and there is :
> >
> > #define APR_IS_DEV_VERSION
>
.
[ ] -1: There's trouble in paradise. Here's what's wrong.
The computed digests of the tarball up for vote are:
The SVN candidate source is found at tags/1.7.4-rc1-candidate.
--
Eric Covener
cove...@gmail.com
On Wed, Apr 12, 2023 at 11:12 AM Evgeny Kotkov via dev
wrote:
>
> Hi everyone,
>
> Unfortunately, one of the fixes in APR 1.7.3 that was authored by me has
> caused a significant regression, where writing to files opened with both
> APR_FOPEN_APPEND and APR_FOPEN_BUFFERED now may not properly
On Mon, Mar 27, 2023 at 4:18 AM Ruediger Pluem wrote:
>
> 1.7.3-rc1 is here:
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-1.7.3
> [x] +1 looks great!
> [ ] -1 something is broken
>
> I will let the vote run through end-of-week.
+1 AIX/xlc/ppc64 no regression
> This is true, but I see only a low risk of making backports difficult for
> structures that seem to be set and haven't been touched
> for a long time. And even if we need to touch them we can still backport. It
> is just more work then.
+1
On Fri, Feb 10, 2023 at 11:49 AM Ruediger Pluem wrote:
>
>
>
> On 2/10/23 2:42 AM, Eric Covener wrote:
> >> I think this should be revisited and changed to 600.
> >
> > It seems like all the methods use 0644. After the change, it's just
> > accessible in
> I think this should be revisited and changed to 600.
It seems like all the methods use 0644. After the change, it's just
accessible in the filesystem rather than in the sysv shm ether.
It seems like an API gap, APR can't know what the caller expects to do
with it (other than it's not
Vote passes with 4 binding votes (thanks to all who voted/reviewed)
+1: covener, rpluem, jorton, ylavic
On Wed, Feb 1, 2023 at 8:22 AM Eric Covener wrote:
>
> Thanks for the quick votes everyone, I will just give it a couple more
> hours then proceed.
>
> On Wed, Feb 1,
Thanks for the quick votes everyone, I will just give it a couple more
hours then proceed.
On Wed, Feb 1, 2023 at 4:43 AM SteffenAL wrote:
>
> +1 All fine on Windows
>
> Thanks! Eric
>
>
> --- Original message ---
> Subject: [VOTE] apr 1.7.2 and apr-util 1.6.3
> Fr
> For the release of apr-1.7.2 AND apr-util-1.6.3
> [x] +1 looks great
> [ ] -1 something is broken
+1 for both
I hosed 1.7.1/1.6.2 and the archives have -rcX in them at the top
level. I would like to call for an expedited vote to replace them
with version bumps. I will proceed once we get 3 binding +1.
I have re-tagged because I think the consensus will be that updating
the tarballs and signatures is
It was reported to me that the recent APR/APU uploads have the -rcX
prefix in the source archive.
I think it's too confusing to replace the source zips.
Should I just roll a replacement with a new version bump and call a short vote?
--
Eric Covener
cove...@gmail.com
-- Forwarded message -
From: Eric Covener
Date: Tue, Jan 31, 2023 at 10:13 AM
Subject: CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds
writes in the apr_base64 family of functions
To: ,
Severity: moderate
Description:
Integer Overflow or Wraparound vulnerability
Severity: moderate
Description:
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end
of a stack based buffer in apr_socket_sendv(). This is a result of integer
overflow.
Credit:
Ronald Crane (Zippenhop LLC) (finder)
References:
https://apr.apache.org/
Severity: moderate
Description:
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache
Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime (APR) version 1.7.0.
Credit:
Ronald Crane (Zippenhop LLC)
On Mon, Jan 30, 2023 at 9:23 AM Eric Covener wrote:
>
> On Fri, Jan 27, 2023 at 8:42 AM Eric Covener wrote:
> >
> > 1.6.2-rc3 is here:
> >
> > https://apr.apache.org/dev/dist/
> >
> > For the release of apr-util-1.6.2
> > [ ] +1 looks great
&
RC2 is abandoned in favor of RC3
On Fri, Jan 27, 2023 at 8:45 AM Eric Covener wrote:
>
> > I would be in favor of hearing further opinions on whether backporting this
> > to APR-UTIL 1.6 complies with our versioning rules.
> > If it does we should do so and r
On Fri, Jan 27, 2023 at 8:42 AM Eric Covener wrote:
>
> 1.6.2-rc3 is here:
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-util-1.6.2
> [ ] +1 looks great
> [ ] -1 something is broken
>
+1 AIX/xlc/ppc64 no regression.
Given the Friday re-roll
On Fri, Jan 27, 2023 at 10:12 AM Ruediger Pluem wrote:
>
>
>
> On 1/27/23 2:42 PM, Eric Covener wrote:
> > 1.6.2-rc3 is here:
> >
> > https://apr.apache.org/dev/dist/
> >
> > For the release of apr-util-1.6.2
> > [ ] +1 looks great
> >
> I would be in favor of hearing further opinions on whether backporting this
> to APR-UTIL 1.6 complies with our versioning rules.
> If it does we should do so and release apr-util 1.6.2 with it.
In the spirit of minimizing further delays, I have backported and
rolled RC3 so we can bank a vote
) in ~72H
I will proceed with rc2 and abandon rc3. Otherwise I will release rc3.
I will assume +1'es are orthogonal to the versioning issue and will
just gauge the consensus in the two threads.
--
Eric Covener
cove...@gmail.com
On Wed, Jan 25, 2023 at 4:51 PM William Kimball Jr.
wrote:
>
> On 1/25/2023 3:16 PM, Eric Covener wrote:
>
>
> I can't state this enough: this is a serious security threat. MySQL
> connections need TLS support from APR. This isn't a "feature"; it is a
> "
I only count two binding (PMC) votes, in case anyone can be enticed.
On Tue, Jan 24, 2023 at 9:37 AM Jim Jagielski wrote:
>
>
>
> > On Jan 23, 2023, at 1:57 PM, Eric Covener wrote:
> >
> > 1.6.2-rc2 is here:
> >
> > https://apr.apache.org/dev/dist/
&g
On Wed, Jan 25, 2023 at 1:53 PM William Kimball Jr.
wrote:
>
> Eric Covener has instructed me to spin this discussion off to another thread,
> so here it is.
>
> Way back in 2018, I submitted
> https://bz.apache.org/bugzilla/show_bug.cgi?id=62342 (apr_dbd_mysql Lacks TLS
On Tue, Jan 24, 2023 at 2:49 PM William Kimball Jr.
wrote:
>
> I'm sorry to pester, but I've been supporting this patch by hand for several
> years; I'd really like to get this fix into APR so I no longer need to. This
> is an important security fix; it adds long-missing TLS to MySQL DB
>
On Tue, Jan 24, 2023 at 7:09 AM Graham Leggett via dev
wrote:
>
> On 24 Jan 2023, at 02:02, Noel Butler wrote:
>
> This is a result of apr-util 1.6 STILL NOT patched for mariadb or mysql 10
> plus
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61517#c5
>
> If you prepare a patch for 1.6 I
On Mon, Jan 23, 2023 at 1:57 PM Eric Covener wrote:
>
> 1.6.2-rc2 is here:
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-util-1.6.2
> [x] +1 looks great!
> [ ] -1 something is broken
>
+1 aix/xlc/ppc64 no regression (testxlate has never worked)
1.6.2-rc2 is here:
https://apr.apache.org/dev/dist/
For the release of apr-util-1.6.2
[ ] +1 looks great!
[ ] -1 something is broken
I will let the vote run through mid-week and then try to finalize APR
and APU on Thursday if I can, else early the week after.
--
Eric Covener
cove
FYI holding finalization so APU vote can wrap up and be announced together.
On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote:
>
> 1.7.1-rc1 is here:
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-1.7.1
> [ ] +1 looks great!
> [ ] -1 something
On Sat, Jan 21, 2023 at 4:21 PM William Kimball Jr.
wrote:
>
> I'm sorry if this is not an appropriate thread to ask, but will this release
> include https://bz.apache.org/bugzilla/show_bug.cgi?id=62342 (apr_dbd_mysql
> Lacks TLS Support )? I submitted that fix way back in 2018 and I don't
On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote:
>
> On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote:
> >
> > 1.7.1-rc1 is here:
>
> rc2 of course
>
> >
> > https://apr.apache.org/dev/dist/
> >
> > For the release of apr-1.7.1
> >
On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote:
>
> 1.7.1-rc1 is here:
rc2 of course
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-1.7.1
> [ ] +1 looks great!
> [ ] -1 something is broken
>
> I will let the vote run through mid-week
1.7.1-rc1 is here:
https://apr.apache.org/dev/dist/
For the release of apr-1.7.1
[ ] +1 looks great!
[ ] -1 something is broken
I will let the vote run through mid-week.
--
Eric Covener
cove...@gmail.com
On Thu, Jan 19, 2023 at 12:20 PM Eric Covener wrote:
>
> 1.7.1-rc1 is here:
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-1.7.1
> [ ] +1 looks great!
> [ ] -1 something is broken
-1 for AIX result. I have opted-out for AIX in the change in 19068
e-r1308910
> + APR_POLLSET_AIO_MSGQ. Restore APR_POLLSET_POLL to its pre-r1308910
> (April 2012) value, and move APR_POLLSET_AIO_MSGQ ahead. This restores
> ABI compat with released branches. [Eric Covener]
>
> @@ -226,7 +229,7 @@ Changes for APR 2.0.0
>
On Thu, Jan 19, 2023 at 3:29 PM Eric Covener wrote:
>
> On Thu, Jan 19, 2023 at 12:20 PM Eric Covener wrote:
> >
> > 1.7.1-rc1 is here:
> >
> > https://apr.apache.org/dev/dist/
> >
> > For the release of apr-1.7.1
> > [ ] +1 looks great!
>
On Thu, Jan 19, 2023 at 12:20 PM Eric Covener wrote:
>
> 1.7.1-rc1 is here:
>
> https://apr.apache.org/dev/dist/
>
> For the release of apr-1.7.1
> [ ] +1 looks great!
> [ ] -1 something is broken
>
> I will let the vote run through mid-week.
>
> I've
version numbers would
be burned otherwise.
I am working from
https://svn.apache.org/repos/asf/apr/site/trunk/tools/release.sh
plus what I can sort out from
https://svn.apache.org/repos/asf/httpd/dev-tools/release
--
Eric Covener
cove...@gmail.com
://svn.apache.org/repos/asf/httpd/dev-tools/release
--
Eric Covener
cove...@gmail.com
On Thu, Jul 28, 2022 at 12:59 PM William A Rowe Jr wrote:
>
> Hello friends and collaborators,
>
> I'm still rather certain this change is ABI and API contract-breaking
> on the apr-1.7.x branch, which holds the project hostage for providing
> a well-understood security fix on the legacy branch.
On Tue, Jun 28, 2022 at 3:54 PM Yann Ylavic wrote:
>
> On Tue, Jun 28, 2022 at 9:24 PM Eric Covener wrote:
> >
> > Ran out of time but I added a crude check to the branch in 1902326.
>
> Argh, I missed your message (which showed up after I sent mine..).
> Well, two sol
name_len = strlen(name);
> > > +if (name_len >= TASK_COMM_LEN) {
> > > +name = name + name_len - TASK_COMM_LEN + 1;
> > > +}
> > > +
> > > +return pthread_setname_np(td, name);
> >
> > We probably need to check for HAVE_PTHREAD_SETNAME_NP since it's _np
> > (non-portable).
> Thanks for the suggestion!
>
> I'm not so familiar with autoconf stuff (that's why I created branch):
> can I just check for HAVE_PTHREAD_SETNAME_NP or do I need some
> autoconf magic to set it?
>
>
>
> --
> Ivan Zhakov
--
Eric Covener
cove...@gmail.com
On Tue, Jun 28, 2022 at 7:45 AM Yann Ylavic wrote:
>
> On Tue, Jun 28, 2022 at 1:13 AM wrote:
> >
> > Author: ivan
> > Date: Mon Jun 27 23:13:52 2022
> > New Revision: 1902297
> >
> > URL: http://svn.apache.org/viewvc?rev=1902297=rev
> > Log:
> > On 'thread-name' branch: Add
On Fri, Jun 24, 2022 at 10:34 AM Yann Ylavic wrote:
>
> Daniel proposed in [1] that we introduce apr_atomic_casptr2() to
> resolve the defect in the apr_atomic_casptr() API.
> Namely the correct:
> 1. APR_DECLARE(void*) apr_atomic_casptr(void *volatile *mem, ...);
> Versus the broken:
> 2.
On Thu, Jun 23, 2022 at 3:03 AM Ruediger Pluem wrote:
>
>
>
> On 6/23/22 1:46 AM, cove...@apache.org wrote:
> > Author: covener
> > Date: Wed Jun 22 23:46:43 2022
> > New Revision: 1902176
> >
> > URL: http://svn.apache.org/viewvc?rev=1902176=rev
> > Log:
> > set -lxml2 in non xml2-config case
>
On Wed, Jun 22, 2022 at 7:53 PM Yann Ylavic wrote:
>
> On Thu, Jun 23, 2022 at 1:14 AM Eric Covener wrote:
> >
> > On Wed, Jun 22, 2022 at 10:30 AM Yann Ylavic wrote:
> > >
> > > On Wed, Jun 22, 2022 at 2:26 PM Ivan Zhakov via dev
> > > wrote:
>
arser.h, AC_CHECK_LIB(xml2,
xmlCreatePushParserCtxt, [apu_has_libxml2=1]))
fi
], [
+xml2_LIBS="-lxml2"
AC_CHECK_HEADERS(libxml/parser.h, AC_CHECK_LIB(xml2,
xmlCreatePushParserCtxt, [apu_has_libxml2=1]))
])
AC_SUBST(apu_has_libxml2)
Maybe an autoconf guru can take a look?
--
Eric Covener
cove...@gmail.com
on each boot, due to SIP.
>
> Shouldn't we prefer posix over sysv in any case?
--
Eric Covener
cove...@gmail.com
> Code that will compile on 1.7.1 release
> still won't compile on 1.7.0, unless I misunderstand something.
Is it a requirement in this direction?
https://apr.apache.org/versioning.html says "later versions"
On Mon, Jan 17, 2022 at 8:15 PM Yann Ylavic wrote:
>
> On Tue, Jan 18, 2022 at 2:08 AM Yann Ylavic wrote:
> >
> > On Tue, Nov 30, 2021 at 11:46 PM Mladen Turk wrote:
> > >
> > > According to Wikipedia NetWare was discontinued in 2009
> > > and OS/2 in 2001, so if anyone can explain why we have
> I also have a high-level objection against backporting this change to
> APR 1.7.x: IMHO APR 1.7.x is a stable branch and I think that only
> regression fixes should be backported to the stable branch. r1896510
> is a significant change and as far as I understand it's not a
> regression fix. So I
On Wed, Dec 1, 2021 at 3:55 PM Mladen Turk wrote:
>
> My proposal is to use 0x0603 (aka windows 8.1, windows server 2012r2)
> Those are still supported until 2023
A little conservative for trunk but still reasonable to me
(NETWARE)
apr_snprintf(modname, sizeof(modname), "crypto%s.nlm", name);
On Sun, Sep 12, 2021 at 12:56 PM Yann Ylavic wrote:
>
> On Fri, Aug 23, 2019 at 2:35 PM Eric Covener wrote:
> >
> > I have a question in this area, not necessarily a result of this commit.
On Wed, Aug 11, 2021 at 7:45 AM Michael Osipov wrote:
>
> Hi folks,
>
> today I have unfortunately noticed that the GH mirror for apr-util is
> defunct while working on 1.6.x. Opened an issue with INFRA: INFRA-22189
> It really turned out that the mirror is not active anymore.
> Given that large
gt; help in case there is a future architecture (eg arm).
>
> (I realise this will be made on /trunk and not affect the tags that
> TortoiseSVN is pulling in until there is a new release, but it will be better
> in the future).
>
> Kind regards,
> Daniel Sahlberg
>
--
Eric Covener
cove...@gmail.com
11 @@ apr_status_t apu_dso_init(apr_pool_t *po
> return ret;
> }
>
> +struct dso_entry {
> + apr_dso_handle_t *handle;
> +apr_dso_handle_sym_t *sym;
> +};
> +
> apr_status_t apu_dso_load(apr_dso_handle_t **dlhandleptr,
>apr_dso_handle_sym_t *dsoptr,
>const char *module,
> @@ -118,11 +123,14 @@ apr_status_t apu_dso_load(apr_dso_handle
> apr_array_header_t *paths;
> apr_pool_t *global;
> apr_status_t rv = APR_EDSOOPEN;
> +struct dso_entry *entry;
> char *eos = NULL;
> int i;
>
> -*dsoptr = apr_hash_get(dsos, module, APR_HASH_KEY_STRING);
> -if (*dsoptr) {
> +entry = apr_hash_get(dsos, module, APR_HASH_KEY_STRING);
> +if (entry) {
> +*dlhandleptr = entry->handle;
> +*dsoptr = entry->sym;
> return APR_EINIT;
> }
>
> @@ -199,7 +207,10 @@ apr_status_t apu_dso_load(apr_dso_handle
> }
> else {
> module = apr_pstrdup(global, module);
> -apr_hash_set(dsos, module, APR_HASH_KEY_STRING, *dsoptr);
> +entry = apr_palloc(global, sizeof(*entry));
> +entry->handle = dlhandle;
> +entry->sym = *dsoptr;
> +apr_hash_set(dsos, module, APR_HASH_KEY_STRING, entry);
> }
> return rv;
> }
>
>
--
Eric Covener
cove...@gmail.com
On Fri, Nov 30, 2018 at 11:00 AM William A Rowe Jr wrote:
>
> The comment here makes no sense (unix, not windows). But the patch itself
> seems reasonable. There is a performance hit, but nothing compared to the
> call into stat/lstat. Other's opinions?
Seems risky from regression POV. Safer
On Fri, Sep 14, 2018 at 6:07 PM Dennis Clarke wrote:
>
>
> So I have gone in circles a number of times here and the results across
> a few servers look like so :
>
> .
> .
> .
> testatomic : SUCCESS
> testdir : SUCCESS
> testdso : SUCCESS
> testdup
On Fri, Aug 31, 2018 at 12:20 PM Rainer Jung wrote:
>
> To clarify: the CI build failures only send a summary email to the dev
> list. If you want to see the output, you need to visit the CI build page
> (link included in the failure mail) and there clock on the appropriate
> "stdio" link. That's
On Fri, Aug 31, 2018 at 10:04 AM Yann Ylavic wrote:
>
> On Fri, Aug 31, 2018 at 3:29 PM William A Rowe Jr wrote:
> >
> > I presume you are subscribed to the commits list, which broadcasts our CI
> > results?
>
> Hmm, I'm supposed to be subscribed to commits@ list but somehow I
> didn't receive
Yes, I'm looking for that Solaris patch.
On Wed, 29 Aug 2018 at 17:53, Nick Kew wrote:
>
> > On 29 Aug 2018, at 09:25, Eric . wrote:
> >
> > Hi all,
> >
> > May I have an idea approximately when APR-1.6.4 will be released?
> > Thank you very much.
>
Hi all,
May I have an idea approximately when APR-1.6.4 will be released?
Thank you very much.
On Fri, Aug 24, 2018 at 12:37 PM Dennis Clarke wrote:
>
> On 08/24/2018 09:16 AM, Eric Covener wrote:
> > Starting a new thread as potential RM's may be filtering bugzilla emails.
> >
> > There are a lot of reports of PR62644 from solaris users of httpd, can
> > a
Starting a new thread as potential RM's may be filtering bugzilla emails.
There are a lot of reports of PR62644 from solaris users of httpd, can
anyone RM?
--
Eric Covener
cove...@gmail.com
Eric Covener changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #2 from Eric
On Thu, Jun 7, 2018 at 11:59 AM, Yann Ylavic wrote:
> I'd like to propose a new RNG for APR, based on a design from D.J.
> Bernstein ([1]).
>
> Called "Fast-key-erasure random-number generators" by the author, it
> requires 256bits (32 bytes) of initial entropy only, is fast, and
> ensures
like it could cause some subtle/sneaky system behavior changes.
IIUC consider mod_dbd which may even have functional issues.
How many times should a caller call ap_dbd_open()? 1, 3, or until it
hopefully stops returning NULL?
OTOH I do agree that FIFO looks a lot more sensible as a default, but
I think that ship has sailed.
--
Eric Covener
cove...@gmail.com
I think that's right, the thing it's correcting is trunk-only (I
checked 1.7 had no grep -ri arc4random_buf)
On Tue, Apr 3, 2018 at 3:19 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote:
> Eric,
>
> Confirming; this is a trunk-only change? I don't see 1.7/1.6 commits.
>
>
t) apr_generate_random_bytes(unsigned char *buf,
> apr_size_t length)
> {
> -#ifdef DEV_RANDOM
> +#ifdef HAVE_ARC4RANDOM
>
> + arc4random_buf(buf, length);
> +
> +#elif defined(DEV_RANDOM)
> +
> int fd = -1;
>
> /* On BSD/OS 4.1, /dev/random gives out 8 bytes at a time, then
Don't we need to check for HAVE_ARC4RANDOM_BUF rather than HAVE_ARC4RANDOM?
--
Eric Covener
cove...@gmail.com
On Tue, Jan 2, 2018 at 12:51 PM, Eric Covener <cove...@gmail.com> wrote:
> On Tue, Jan 2, 2018 at 12:37 PM, Yann Ylavic <ylavic@gmail.com> wrote:
>> On Tue, Jan 2, 2018 at 6:28 PM, <yla...@apache.org> wrote:
>>> Author: ylavic
>>> Date: Tue J
, and work
> as usual at r1819858...
>
> Thanks!
I am testing this now on Solaris/x64 and will report back. Thanks for
the great work on event!
--
Eric Covener
cove...@gmail.com
clib/ --with-expat can be specified at the top and it will be passed
down.
--
Eric Covener
cove...@gmail.com
tecture-specific issues are fixed,
>> and we are ready to bless a 1.6 initial release. Usual
>> http://apr.apache.org/dev/dist/ path contains the candidate.
>>
>> +/- votes please
>> [ ] Release apr 1.6.2
>
--
Eric Covener
cove...@gmail.com
this is a distinct thread for any
>> final votes and to tally vote count of apr-util 1.6.0 release.
>> Usual http://apr.apache.org/dev/dist/ path for candidates.
>>
>> +/- votes please
>> [ ] Release apr-util 1.6.0
>
--
Eric Covener
cove...@gmail.com
On Mon, Jun 5, 2017 at 4:32 PM, William A Rowe Jr wrote:
> What happens if two different threads attempt this poll in parallel? I
> presumed pollsets are copied to prevent two threads from clashing.
>> pollfds = apr_pcalloc(temp_pool, apr_hash_count(server_queries) *
>>
On Fri, Jan 20, 2017 at 10:52 AM, Yann Ylavic wrote:
> On Fri, Jan 20, 2017 at 4:19 PM, Dirk-Willem van Gulik
> wrote:
>>
>> Ok so if we had a special #ifdef for 'TRUE_MD5 and would manually tweak/mark
>> up the 2 or 3 places
>> that we know we need a
On Fri, Aug 19, 2016 at 7:14 AM, Michael Felt <mamf...@gmail.com> wrote:
> root@x064:[/data/prj/apache/httpd-2.4.23]nm /opt/modules/mod_authn_file.so |
> grep apr_password_validate
Are you sure that the libapr you're scrutinizing is being loaded at runtime?
--
Eric Covener
cove...@gmail.com
and we
have the same number of calls and changes as they do.
On Fri, May 27, 2016 at 10:12 AM, Eric Covener <cove...@gmail.com> wrote:
> On Fri, May 27, 2016 at 9:48 AM, David Dillard <davidedill...@gmail.com>
> wrote:
>> Did anyone see
>> https://web.nvd.nist.gov/vi
), we either need to spend a lot of time on a bundled
expat or rip it out from releases. I think one more release with an
updated expat might be prudent, given the severity of the issue shared
above.
--
Eric Covener
cove...@gmail.com
On Thu, Jan 28, 2016 at 11:06 AM, Jeff Trawick wrote:
> [X] Change to reply-to-list default reply semantics
>
me too
Maybe another topic for 1.6. Is it wise to keep this code around?
On Sun, Nov 1, 2015 at 10:20 AM, Eric Covener <cove...@gmail.com> wrote:
> On Tue, Oct 27, 2015 at 8:00 PM, Yann Ylavic <ylavic@gmail.com> wrote:
>> On Tue, Oct 27, 2015 at 6:57 PM, Eric Covener <
0, 0, 0, 1, 4, 0};
> ... if (setting[0] != '$' ||
>setting[1] != '2' ||
>setting[2] < 'a' || setting[2] > 'z' ||
>!flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] ||
--
Eric Covener
cove...@gmail.com
On Tue, Oct 27, 2015 at 8:00 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Tue, Oct 27, 2015 at 6:57 PM, Eric Covener <cove...@gmail.com> wrote:
>> IIUC, it takes something like 32k of /dev/random to initialize apr_random.
>>
>> APR_RANDOM_DEFAULT_POO
On Tue, Oct 27, 2015 at 8:00 PM, Yann Ylavic <ylavic@gmail.com> wrote:
> On Tue, Oct 27, 2015 at 6:57 PM, Eric Covener <cove...@gmail.com> wrote:
>> IIUC, it takes something like 32k of /dev/random to initialize apr_random.
>>
>> APR_RANDOM_DEFAULT_POO
(CoyoteWriter.java:94)
~[catalina.jar:8.0.21]
at se.highex.core.gw.GWSession.sendMsgs(GWSession.java:1568)
~[GWSession.class:?]
at se.highex.core.gw.GWSession.takeNotifyQueue(GWSession.java:1668)
~[GWSession.class:?]
BR,
Maxim
--
Eric Covener
cove...@gmail.com
On Tue, Apr 28, 2015 at 10:34 AM, Jeff Trawick traw...@gmail.com wrote:
Does anyone else plan on testing/voting in the next 10 hours? I'd like to
see the CVE fix for Windows on its way to the mirrors, or at least find out
that we have more serious problems to deal with. Tentative plan: Hold
move to dev@apr
On Tue, Apr 28, 2015 at 12:18 PM, Eric Covener cove...@gmail.com wrote:
On Sat, Apr 25, 2015 at 8:13 AM, Jeff Trawick traw...@gmail.com wrote:
+/-1
[ ] Release APR 1.5.2 as GA
+1 for release. Tested on AIX/PPC32, HPUX/IA64 and Solaris/x64.
HPUX and AIX had non-regression
On Fri, Apr 24, 2015 at 9:53 AM, Joshua Marantz jmara...@google.com wrote:
I was curious what the plans for HTTP2 support in Apache look like. I know
Apache now owns mod_spdy. Also it appears someone is looking at building a
mod_http2: http://marc.info/?l=apache-httpd-devm=142660802332383w=2 .
.)
// * on a Mac Pro, 10.7.5
- Eric
On Tue, Sep 16, 2014 at 7:47 PM, Jeff Trawick traw...@gmail.com wrote:
Tarballs/zipfiles are at http://apr.apache.org/dev/dist/
Shortcut to CHANGES files:
http://apr.apache.org/dev/dist/CHANGES-APR-UTIL-1.5
http://apr.apache.org/dev/dist/CHANGES-APR-1.5
all synched up to 1.5 and 1.6
On Tue, Jun 24, 2014 at 11:38 AM, Eric Covener cove...@gmail.com wrote:
On Tue, Jun 24, 2014 at 10:57 AM, Jim Jagielski j...@jagunet.com wrote:
Is this suitable for 1.5 and 1.6 as well?
Yes, thanks for reminder, I paused to give Takashi time to verify
On Tue, Jun 24, 2014 at 10:57 AM, Jim Jagielski j...@jagunet.com wrote:
Is this suitable for 1.5 and 1.6 as well?
Yes, thanks for reminder, I paused to give Takashi time to verify it
is sufficient and he has already confirmed in bugzilla.
I did see a weird conflict backporting the skiplist
I haven't seen a notice of problems from infrastructure, but I have seen
terrible mailing list delays over the last week. For example, just now I
saw a commit message from 8 days ago. Normally I might see a delay of up to
a few hours.
I don't know whether or not this addresses your exact
On Fri, May 9, 2014 at 3:53 PM, Helmut Tessarek tessa...@evermeet.cx wrote:
The sha*crypt functions are basically a standard, are
they not? Thus it would make sense to include them in APR.
I think there's some disconnect about the role of APR.
But setting that aside, what's missing is someone
to
be recognized?
See include/apr_ldap.h created... attachment
Thank you for your consideration.
--
Eric Covener
cove...@gmail.com
1 - 100 of 227 matches
Mail list logo