Re: [QUERY] Regarding project websites containing release candidates

t; With regards, > Daniel on behalf of ASF Infra. > -- Eric Covener cove...@gmail.com

Re: svn commit: r1909176 - in /apr/site/trunk/xdocs: download.xml index.xml

-24,7 +24,7 @@ or features. > > libraries are > > > > > > - APR 1.7.3, released February 1, 2023 > > + APR 1.7.4, released April 16, 2023 > > APR-util 1.6.3, released February 1, 2023 > > APR-iconv 1.2.2, released October 22, 2017 > > > > @@ -32,7 +32,7 @@ libraries are > > > > > > > > -Apache Portable Runtime 1.7.3 Released > > +Apache Portable Runtime 1.7.4 Released > > > > > > The Apache Software Foundation and the Apache Portable Runtime > > > > > > > > Hi, > > I don't know if something went wrong or if more time is needed, but > theses changes are not yet visible on: > https://apr.apache.org/ > > CJ > -- Eric Covener cove...@gmail.com

Re: [VOTE] Release apr-1.7.4-rc1 as apr-1.7.4

vote passes with following binding +1 and no other votes: steffenal, ylavic, kotkov, covener, jailletc36 On Wed, Apr 12, 2023 at 10:25 PM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/d

Re: [VOTE] Release apr-1.7.4-rc1 as apr-1.7.4

On Wed, Apr 12, 2023 at 10:25 PM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/apr/ > > I would like to call a VOTE over the next few days to release > this candidate tar

Re: [VOTE] Release apr-1.7.4-rc1 as apr-1.7.4

On Thu, Apr 13, 2023 at 1:08 PM Evgeny Kotkov wrote: > > Eric Covener writes: > > > Hi all, > > > > Please find below the proposed release tarball and signatures: > > > > https://dist.apache.org/repos/dist/dev/apr/ > > First time voting for an APR r

Re: [VOTE] Release apr-1.7.4-rc1 as apr-1.7.4

New for this release we are only toggling it on the release tag (sic), similar to httpd release process. On Thu, Apr 13, 2023, 6:42 AM Yann Ylavic wrote: > On Thu, Apr 13, 2023 at 12:16 PM SteffenAL wrote: > > > > it's me. I build from svn, and there is : > > > > #define APR_IS_DEV_VERSION >

[VOTE] Release apr-1.7.4-rc1 as apr-1.7.4

. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: The SVN candidate source is found at tags/1.7.4-rc1-candidate. -- Eric Covener cove...@gmail.com

Re: Release APR 1.7.4?

On Wed, Apr 12, 2023 at 11:12 AM Evgeny Kotkov via dev wrote: > > Hi everyone, > > Unfortunately, one of the fixes in APR 1.7.3 that was authored by me has > caused a significant regression, where writing to files opened with both > APR_FOPEN_APPEND and APR_FOPEN_BUFFERED now may not properly

Re: [VOTE] Release apr-1.7.3

On Mon, Mar 27, 2023 at 4:18 AM Ruediger Pluem wrote: > > 1.7.3-rc1 is here: > > https://apr.apache.org/dev/dist/ > > For the release of apr-1.7.3 > [x] +1 looks great! > [ ] -1 something is broken > > I will let the vote run through end-of-week. +1 AIX/xlc/ppc64 no regression

Re: svn commit: r1907634 - /apr/apr/trunk/include/apr_buckets.h

> This is true, but I see only a low risk of making backports difficult for > structures that seem to be set and haven't been touched > for a long time. And even if we need to touch them we can still backport. It > is just more work then. +1

Re: apr-1.7.2/Apache shared memory now world readable?

On Fri, Feb 10, 2023 at 11:49 AM Ruediger Pluem wrote: > > > > On 2/10/23 2:42 AM, Eric Covener wrote: > >> I think this should be revisited and changed to 600. > > > > It seems like all the methods use 0644. After the change, it's just > > accessible in

Re: apr-1.7.2/Apache shared memory now world readable?

> I think this should be revisited and changed to 600. It seems like all the methods use 0644. After the change, it's just accessible in the filesystem rather than in the sysv shm ether. It seems like an API gap, APR can't know what the caller expects to do with it (other than it's not

Re: [VOTE] apr 1.7.2 and apr-util 1.6.3

Vote passes with 4 binding votes (thanks to all who voted/reviewed) +1: covener, rpluem, jorton, ylavic On Wed, Feb 1, 2023 at 8:22 AM Eric Covener wrote: > > Thanks for the quick votes everyone, I will just give it a couple more > hours then proceed. > > On Wed, Feb 1,

Re: [VOTE] apr 1.7.2 and apr-util 1.6.3

Thanks for the quick votes everyone, I will just give it a couple more hours then proceed. On Wed, Feb 1, 2023 at 4:43 AM SteffenAL wrote: > > +1 All fine on Windows > > Thanks! Eric > > > --- Original message --- > Subject: [VOTE] apr 1.7.2 and apr-util 1.6.3 > Fr

Re: [VOTE] apr 1.7.2 and apr-util 1.6.3

> For the release of apr-1.7.2 AND apr-util-1.6.3 > [x] +1 looks great > [ ] -1 something is broken +1 for both

[VOTE] apr 1.7.2 and apr-util 1.6.3

I hosed 1.7.1/1.6.2 and the archives have -rcX in them at the top level. I would like to call for an expedited vote to replace them with version bumps. I will proceed once we get 3 binding +1. I have re-tagged because I think the consensus will be that updating the tarballs and signatures is

bad dir structure in recent releases

It was reported to me that the recent APR/APU uploads have the -rcX prefix in the source archive. I think it's too confusing to replace the source zips. Should I just roll a replacement with a new version bump and call a short vote? -- Eric Covener cove...@gmail.com

Fwd: CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions

-- Forwarded message - From: Eric Covener Date: Tue, Jan 31, 2023 at 10:13 AM Subject: CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions To: , Severity: moderate Description: Integer Overflow or Wraparound vulnerability

CVE-2022-28331: Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function

Severity: moderate Description: On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. Credit: Ronald Crane (Zippenhop LLC) (finder) References: https://apr.apache.org/

CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions

Severity: moderate Description: Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. Credit: Ronald Crane (Zippenhop LLC)

Re: [VOTE] release apr-1.6.2-rc3 as APR 1.6.2

On Mon, Jan 30, 2023 at 9:23 AM Eric Covener wrote: > > On Fri, Jan 27, 2023 at 8:42 AM Eric Covener wrote: > > > > 1.6.2-rc3 is here: > > > > https://apr.apache.org/dev/dist/ > > > > For the release of apr-util-1.6.2 > > [ ] +1 looks great &

Re: [VOTE] release apr-util-1.6.2-rc2 as apr-util 1.6.2

RC2 is abandoned in favor of RC3 On Fri, Jan 27, 2023 at 8:45 AM Eric Covener wrote: > > > I would be in favor of hearing further opinions on whether backporting this > > to APR-UTIL 1.6 complies with our versioning rules. > > If it does we should do so and r

Re: [VOTE] release apr-1.6.2-rc3 as APR 1.6.2

On Fri, Jan 27, 2023 at 8:42 AM Eric Covener wrote: > > 1.6.2-rc3 is here: > > https://apr.apache.org/dev/dist/ > > For the release of apr-util-1.6.2 > [ ] +1 looks great > [ ] -1 something is broken > +1 AIX/xlc/ppc64 no regression. Given the Friday re-roll

Re: [VOTE] release apr-1.6.2-rc3 as APR 1.6.2

On Fri, Jan 27, 2023 at 10:12 AM Ruediger Pluem wrote: > > > > On 1/27/23 2:42 PM, Eric Covener wrote: > > 1.6.2-rc3 is here: > > > > https://apr.apache.org/dev/dist/ > > > > For the release of apr-util-1.6.2 > > [ ] +1 looks great > >

Re: [VOTE] release apr-util-1.6.2-rc2 as apr-util 1.6.2

> I would be in favor of hearing further opinions on whether backporting this > to APR-UTIL 1.6 complies with our versioning rules. > If it does we should do so and release apr-util 1.6.2 with it. In the spirit of minimizing further delays, I have backported and rolled RC3 so we can bank a vote

[VOTE] release apr-1.6.2-rc3 as APR 1.6.2

) in ~72H I will proceed with rc2 and abandon rc3. Otherwise I will release rc3. I will assume +1'es are orthogonal to the versioning issue and will just gauge the consensus in the two threads. -- Eric Covener cove...@gmail.com

Re: HOLD apr-1.7.1-rc2

On Wed, Jan 25, 2023 at 4:51 PM William Kimball Jr. wrote: > > On 1/25/2023 3:16 PM, Eric Covener wrote: > > > I can't state this enough: this is a serious security threat. MySQL > connections need TLS support from APR. This isn't a "feature"; it is a > "

Re: [VOTE] release apr-util-1.6.2-rc2 as apr-util 1.6.2

I only count two binding (PMC) votes, in case anyone can be enticed. On Tue, Jan 24, 2023 at 9:37 AM Jim Jagielski wrote: > > > > > On Jan 23, 2023, at 1:57 PM, Eric Covener wrote: > > > > 1.6.2-rc2 is here: > > > > https://apr.apache.org/dev/dist/ &g

Re: HOLD apr-1.7.1-rc2

On Wed, Jan 25, 2023 at 1:53 PM William Kimball Jr. wrote: > > Eric Covener has instructed me to spin this discussion off to another thread, > so here it is. > > Way back in 2018, I submitted > https://bz.apache.org/bugzilla/show_bug.cgi?id=62342 (apr_dbd_mysql Lacks TLS

Re: VOTE: Release apr-1.7.1-rc2 as 1.7.1

On Tue, Jan 24, 2023 at 2:49 PM William Kimball Jr. wrote: > > I'm sorry to pester, but I've been supporting this patch by hand for several > years; I'd really like to get this fix into APR so I no longer need to. This > is an important security fix; it adds long-missing TLS to MySQL DB >

Re: [VOTE] release apr-util-1.6.2-rc2 as apr-util 1.6.2

On Tue, Jan 24, 2023 at 7:09 AM Graham Leggett via dev wrote: > > On 24 Jan 2023, at 02:02, Noel Butler wrote: > > This is a result of apr-util 1.6 STILL NOT patched for mariadb or mysql 10 > plus > > https://bz.apache.org/bugzilla/show_bug.cgi?id=61517#c5 > > If you prepare a patch for 1.6 I

Re: [VOTE] release apr-util-1.6.2-rc2 as apr-util 1.6.2

On Mon, Jan 23, 2023 at 1:57 PM Eric Covener wrote: > > 1.6.2-rc2 is here: > > https://apr.apache.org/dev/dist/ > > For the release of apr-util-1.6.2 > [x] +1 looks great! > [ ] -1 something is broken > +1 aix/xlc/ppc64 no regression (testxlate has never worked)

[VOTE] release apr-util-1.6.2-rc2 as apr-util 1.6.2

1.6.2-rc2 is here: https://apr.apache.org/dev/dist/ For the release of apr-util-1.6.2 [ ] +1 looks great! [ ] -1 something is broken I will let the vote run through mid-week and then try to finalize APR and APU on Thursday if I can, else early the week after. -- Eric Covener cove

Re: VOTE: Release apr-1.7.1-rc2 as 1.7.1

FYI holding finalization so APU vote can wrap up and be announced together. On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote: > > 1.7.1-rc1 is here: > > https://apr.apache.org/dev/dist/ > > For the release of apr-1.7.1 > [ ] +1 looks great! > [ ] -1 something

Re: VOTE: Release apr-1.7.1-rc2 as 1.7.1

On Sat, Jan 21, 2023 at 4:21 PM William Kimball Jr. wrote: > > I'm sorry if this is not an appropriate thread to ask, but will this release > include https://bz.apache.org/bugzilla/show_bug.cgi?id=62342 (apr_dbd_mysql > Lacks TLS Support )? I submitted that fix way back in 2018 and I don't

Re: VOTE: Release apr-1.7.1-rc2 as 1.7.1

On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote: > > On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote: > > > > 1.7.1-rc1 is here: > > rc2 of course > > > > > https://apr.apache.org/dev/dist/ > > > > For the release of apr-1.7.1 > >

Re: VOTE: Release apr-1.7.1-rc2 as 1.7.1

On Thu, Jan 19, 2023 at 7:44 PM Eric Covener wrote: > > 1.7.1-rc1 is here: rc2 of course > > https://apr.apache.org/dev/dist/ > > For the release of apr-1.7.1 > [ ] +1 looks great! > [ ] -1 something is broken > > I will let the vote run through mid-week

VOTE: Release apr-1.7.1-rc2 as 1.7.1

1.7.1-rc1 is here: https://apr.apache.org/dev/dist/ For the release of apr-1.7.1 [ ] +1 looks great! [ ] -1 something is broken I will let the vote run through mid-week. -- Eric Covener cove...@gmail.com

Re: [VOTE] Release apr-1.7.1

On Thu, Jan 19, 2023 at 12:20 PM Eric Covener wrote: > > 1.7.1-rc1 is here: > > https://apr.apache.org/dev/dist/ > > For the release of apr-1.7.1 > [ ] +1 looks great! > [ ] -1 something is broken -1 for AIX result. I have opted-out for AIX in the change in 19068

Re: svn commit: r1901037 - in /apr/apr/trunk: CHANGES configure.in

e-r1308910 > + APR_POLLSET_AIO_MSGQ. Restore APR_POLLSET_POLL to its pre-r1308910 > (April 2012) value, and move APR_POLLSET_AIO_MSGQ ahead. This restores > ABI compat with released branches. [Eric Covener] > > @@ -226,7 +229,7 @@ Changes for APR 2.0.0 >

Re: [VOTE] Release apr-1.7.1

On Thu, Jan 19, 2023 at 3:29 PM Eric Covener wrote: > > On Thu, Jan 19, 2023 at 12:20 PM Eric Covener wrote: > > > > 1.7.1-rc1 is here: > > > > https://apr.apache.org/dev/dist/ > > > > For the release of apr-1.7.1 > > [ ] +1 looks great! >

Re: [VOTE] Release apr-1.7.1

On Thu, Jan 19, 2023 at 12:20 PM Eric Covener wrote: > > 1.7.1-rc1 is here: > > https://apr.apache.org/dev/dist/ > > For the release of apr-1.7.1 > [ ] +1 looks great! > [ ] -1 something is broken > > I will let the vote run through mid-week. > > I've

[VOTE] Release apr-1.7.1

version numbers would be burned otherwise. I am working from https://svn.apache.org/repos/asf/apr/site/trunk/tools/release.sh plus what I can sort out from https://svn.apache.org/repos/asf/httpd/dev-tools/release -- Eric Covener cove...@gmail.com

Intent to RM 1.7.1/1.6.2 next week

://svn.apache.org/repos/asf/httpd/dev-tools/release -- Eric Covener cove...@gmail.com

Re: Remaining breakage on apr-1.7.x branch

On Thu, Jul 28, 2022 at 12:59 PM William A Rowe Jr wrote: > > Hello friends and collaborators, > > I'm still rather certain this change is ABI and API contract-breaking > on the apr-1.7.x branch, which holds the project hostage for providing > a well-understood security fix on the legacy branch.

Re: svn commit: r1902297 - in /apr/apr/branches/thread-name: include/ include/arch/win32/ test/ threadproc/beos/ threadproc/netware/ threadproc/os2/ threadproc/unix/ threadproc/win32/

On Tue, Jun 28, 2022 at 3:54 PM Yann Ylavic wrote: > > On Tue, Jun 28, 2022 at 9:24 PM Eric Covener wrote: > > > > Ran out of time but I added a crude check to the branch in 1902326. > > Argh, I missed your message (which showed up after I sent mine..). > Well, two sol

Re: svn commit: r1902297 - in /apr/apr/branches/thread-name: include/ include/arch/win32/ test/ threadproc/beos/ threadproc/netware/ threadproc/os2/ threadproc/unix/ threadproc/win32/

name_len = strlen(name); > > > +if (name_len >= TASK_COMM_LEN) { > > > +name = name + name_len - TASK_COMM_LEN + 1; > > > +} > > > + > > > +return pthread_setname_np(td, name); > > > > We probably need to check for HAVE_PTHREAD_SETNAME_NP since it's _np > > (non-portable). > Thanks for the suggestion! > > I'm not so familiar with autoconf stuff (that's why I created branch): > can I just check for HAVE_PTHREAD_SETNAME_NP or do I need some > autoconf magic to set it? > > > > -- > Ivan Zhakov -- Eric Covener cove...@gmail.com

Re: svn commit: r1902297 - in /apr/apr/branches/thread-name: include/ include/arch/win32/ test/ threadproc/beos/ threadproc/netware/ threadproc/os2/ threadproc/unix/ threadproc/win32/

On Tue, Jun 28, 2022 at 7:45 AM Yann Ylavic wrote: > > On Tue, Jun 28, 2022 at 1:13 AM wrote: > > > > Author: ivan > > Date: Mon Jun 27 23:13:52 2022 > > New Revision: 1902297 > > > > URL: http://svn.apache.org/viewvc?rev=1902297=rev > > Log: > > On 'thread-name' branch: Add

Re: apr_atomic_casptr2() in apr-1.8.x ?

On Fri, Jun 24, 2022 at 10:34 AM Yann Ylavic wrote: > > Daniel proposed in [1] that we introduce apr_atomic_casptr2() to > resolve the defect in the apr_atomic_casptr() API. > Namely the correct: > 1. APR_DECLARE(void*) apr_atomic_casptr(void *volatile *mem, ...); > Versus the broken: > 2.

Re: svn commit: r1902176 - /apr/apr/trunk/build/xml.m4

On Thu, Jun 23, 2022 at 3:03 AM Ruediger Pluem wrote: > > > > On 6/23/22 1:46 AM, cove...@apache.org wrote: > > Author: covener > > Date: Wed Jun 22 23:46:43 2022 > > New Revision: 1902176 > > > > URL: http://svn.apache.org/viewvc?rev=1902176=rev > > Log: > > set -lxml2 in non xml2-config case >

Re: GitHub Actions CI

On Wed, Jun 22, 2022 at 7:53 PM Yann Ylavic wrote: > > On Thu, Jun 23, 2022 at 1:14 AM Eric Covener wrote: > > > > On Wed, Jun 22, 2022 at 10:30 AM Yann Ylavic wrote: > > > > > > On Wed, Jun 22, 2022 at 2:26 PM Ivan Zhakov via dev > > > wrote: >

Re: GitHub Actions CI

arser.h, AC_CHECK_LIB(xml2, xmlCreatePushParserCtxt, [apu_has_libxml2=1])) fi ], [ +xml2_LIBS="-lxml2" AC_CHECK_HEADERS(libxml/parser.h, AC_CHECK_LIB(xml2, xmlCreatePushParserCtxt, [apu_has_libxml2=1])) ]) AC_SUBST(apu_has_libxml2) Maybe an autoconf guru can take a look? -- Eric Covener cove...@gmail.com

Re: Named shared memory on macOS Monterey

on each boot, due to SIP. > > Shouldn't we prefer posix over sysv in any case? -- Eric Covener cove...@gmail.com

Re: svn commit: r1897209 - in /apr/apr/branches/1.7.x: ./ include/apr_pools.h memory/unix/apr_pools.c

> Code that will compile on 1.7.1 release > still won't compile on 1.7.0, unless I misunderstand something. Is it a requirement in this direction? https://apr.apache.org/versioning.html says "later versions"

Re: apr/trunk netware and os2

On Mon, Jan 17, 2022 at 8:15 PM Yann Ylavic wrote: > > On Tue, Jan 18, 2022 at 2:08 AM Yann Ylavic wrote: > > > > On Tue, Nov 30, 2021 at 11:46 PM Mladen Turk wrote: > > > > > > According to Wikipedia NetWare was discontinued in 2009 > > > and OS/2 in 2001, so if anyone can explain why we have

Re: svn commit: r1896510 - in /apr/apr/branches/1.7.x: ./ file_io/win32/ include/arch/unix/ include/arch/win32/ network_io/os2/ poll/os2/ poll/unix/

> I also have a high-level objection against backporting this change to > APR 1.7.x: IMHO APR 1.7.x is a stable branch and I think that only > regression fixes should be backported to the stable branch. r1896510 > is a significant change and as far as I understand it's not a > regression fix. So I

Re: apr/trunk Minimum version is Windows 10!?

On Wed, Dec 1, 2021 at 3:55 PM Mladen Turk wrote: > > My proposal is to use 0x0603 (aka windows 8.1, windows server 2012r2) > Those are still supported until 2023 A little conservative for trunk but still reasonable to me

Re: svn commit: r1833525 - in /apr/apr/trunk: crypto/apr_crypto.c crypto/apr_crypto_internal.c test/testcrypto.c util-misc/apu_dso.c

(NETWARE) apr_snprintf(modname, sizeof(modname), "crypto%s.nlm", name); On Sun, Sep 12, 2021 at 12:56 PM Yann Ylavic wrote: > > On Fri, Aug 23, 2019 at 2:35 PM Eric Covener wrote: > > > > I have a question in this area, not necessarily a result of this commit.

Re: Setting up GitHub mirror for apr-util

On Wed, Aug 11, 2021 at 7:45 AM Michael Osipov wrote: > > Hi folks, > > today I have unfortunately noticed that the GH mirror for apr-util is > defunct while working on 1.6.x. Opened an issue with INFRA: INFRA-22189 > It really turned out that the mirror is not active anymore. > Given that large

Re: svn:ignore a few more paths to help TortoiseSVN's build system

gt; help in case there is a future architecture (eg arm). > > (I realise this will be made on /trunk and not affect the tags that > TortoiseSVN is pulling in until there is a new release, but it will be better > in the future). > > Kind regards, > Daniel Sahlberg > -- Eric Covener cove...@gmail.com

Re: svn commit: r1833525 - in /apr/apr/trunk: crypto/apr_crypto.c crypto/apr_crypto_internal.c test/testcrypto.c util-misc/apu_dso.c

11 @@ apr_status_t apu_dso_init(apr_pool_t *po > return ret; > } > > +struct dso_entry { > + apr_dso_handle_t *handle; > +apr_dso_handle_sym_t *sym; > +}; > + > apr_status_t apu_dso_load(apr_dso_handle_t **dlhandleptr, >apr_dso_handle_sym_t *dsoptr, >const char *module, > @@ -118,11 +123,14 @@ apr_status_t apu_dso_load(apr_dso_handle > apr_array_header_t *paths; > apr_pool_t *global; > apr_status_t rv = APR_EDSOOPEN; > +struct dso_entry *entry; > char *eos = NULL; > int i; > > -*dsoptr = apr_hash_get(dsos, module, APR_HASH_KEY_STRING); > -if (*dsoptr) { > +entry = apr_hash_get(dsos, module, APR_HASH_KEY_STRING); > +if (entry) { > +*dlhandleptr = entry->handle; > +*dsoptr = entry->sym; > return APR_EINIT; > } > > @@ -199,7 +207,10 @@ apr_status_t apu_dso_load(apr_dso_handle > } > else { > module = apr_pstrdup(global, module); > -apr_hash_set(dsos, module, APR_HASH_KEY_STRING, *dsoptr); > +entry = apr_palloc(global, sizeof(*entry)); > +entry->handle = dlhandle; > +entry->sym = *dsoptr; > +apr_hash_set(dsos, module, APR_HASH_KEY_STRING, entry); > } > return rv; > } > > -- Eric Covener cove...@gmail.com

Re: Was this a bug in APR from 2008?

On Fri, Nov 30, 2018 at 11:00 AM William A Rowe Jr wrote: > > The comment here makes no sense (unix, not windows). But the patch itself > seems reasonable. There is a performance hit, but nothing compared to the > call into stat/lstat. Other's opinions? Seems risky from regression POV. Safer

Re: APR 1.6.5 on Solaris 10 SPARC won't pass or even complete tests

On Fri, Sep 14, 2018 at 6:07 PM Dennis Clarke wrote: > > > So I have gone in circles a number of times here and the results across > a few servers look like so : > > . > . > . > testatomic : SUCCESS > testdir : SUCCESS > testdso : SUCCESS > testdup

Re: svn commit: r1839755 - in /apr/apr/trunk: include/apr_json.h json/apr_json.c json/apr_json_decode.c

On Fri, Aug 31, 2018 at 12:20 PM Rainer Jung wrote: > > To clarify: the CI build failures only send a summary email to the dev > list. If you want to see the output, you need to visit the CI build page > (link included in the failure mail) and there clock on the appropriate > "stdio" link. That's

Re: svn commit: r1839755 - in /apr/apr/trunk: include/apr_json.h json/apr_json.c json/apr_json_decode.c

On Fri, Aug 31, 2018 at 10:04 AM Yann Ylavic wrote: > > On Fri, Aug 31, 2018 at 3:29 PM William A Rowe Jr wrote: > > > > I presume you are subscribed to the commits list, which broadcasts our CI > > results? > > Hmm, I'm supposed to be subscribed to commits@ list but somehow I > didn't receive

Re: Release schedule of APR-1.6.4?

Yes, I'm looking for that Solaris patch. On Wed, 29 Aug 2018 at 17:53, Nick Kew wrote: > > > On 29 Aug 2018, at 09:25, Eric . wrote: > > > > Hi all, > > > > May I have an idea approximately when APR-1.6.4 will be released? > > Thank you very much. >

Release schedule of APR-1.6.4?

Hi all, May I have an idea approximately when APR-1.6.4 will be released? Thank you very much.

Re: 1.6 release?

On Fri, Aug 24, 2018 at 12:37 PM Dennis Clarke wrote: > > On 08/24/2018 09:16 AM, Eric Covener wrote: > > Starting a new thread as potential RM's may be filtering bugzilla emails. > > > > There are a lot of reports of PR62644 from solaris users of httpd, can > > a

1.6 release?

Starting a new thread as potential RM's may be filtering bugzilla emails. There are a lot of reports of PR62644 from solaris users of httpd, can anyone RM? -- Eric Covener cove...@gmail.com

Fwd: [Bug 62644] Apache httpd hangs after a few days on Solaris i386

Eric Covener changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #2 from Eric

Re: New Random Number Generator (RNG)?

On Thu, Jun 7, 2018 at 11:59 AM, Yann Ylavic wrote: > I'd like to propose a new RNG for APR, based on a design from D.J. > Bernstein ([1]). > > Called "Fast-key-erasure random-number generators" by the author, it > requires 256bits (32 bytes) of initial entropy only, is fast, and > ensures

Re: svn commit: r1828369 - in /apr/apr/trunk: include/apr_reslist.h util-misc/apr_reslist.c

like it could cause some subtle/sneaky system behavior changes. IIUC consider mod_dbd which may even have functional issues. How many times should a caller call ap_dbd_open()? 1, 3, or until it hopefully stops returning NULL? OTOH I do agree that FIFO looks a lot more sensible as a default, but I think that ship has sailed. -- Eric Covener cove...@gmail.com

Re: svn commit: r1820755 - /apr/apr/trunk/misc/unix/rand.c

I think that's right, the thing it's correcting is trunk-only (I checked 1.7 had no grep -ri arc4random_buf) On Tue, Apr 3, 2018 at 3:19 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > Eric, > > Confirming; this is a trunk-only change? I don't see 1.7/1.6 commits. > >

Re: [PATCH] arc4random support

t) apr_generate_random_bytes(unsigned char *buf, > apr_size_t length) > { > -#ifdef DEV_RANDOM > +#ifdef HAVE_ARC4RANDOM > > + arc4random_buf(buf, length); > + > +#elif defined(DEV_RANDOM) > + > int fd = -1; > > /* On BSD/OS 4.1, /dev/random gives out 8 bytes at a time, then Don't we need to check for HAVE_ARC4RANDOM_BUF rather than HAVE_ARC4RANDOM? -- Eric Covener cove...@gmail.com

Re: svn commit: r1819858 - /apr/apr/trunk/poll/unix/port.c

On Tue, Jan 2, 2018 at 12:51 PM, Eric Covener <cove...@gmail.com> wrote: > On Tue, Jan 2, 2018 at 12:37 PM, Yann Ylavic <ylavic@gmail.com> wrote: >> On Tue, Jan 2, 2018 at 6:28 PM, <yla...@apache.org> wrote: >>> Author: ylavic >>> Date: Tue J

Re: svn commit: r1819858 - /apr/apr/trunk/poll/unix/port.c

, and work > as usual at r1819858... > > Thanks! I am testing this now on Solaris/x64 and will report back. Thanks for the great work on event! -- Eric Covener cove...@gmail.com

Re: [users@httpd] Problems building httpd-2.4.26 with apr-1.6.2 and apr-util-1.6.0

clib/ --with-expat can be specified at the top and it will be passed down. -- Eric Covener cove...@gmail.com

Re: [VOTE] Release APR 1.6.2

tecture-specific issues are fixed, >> and we are ready to bless a 1.6 initial release. Usual >> http://apr.apache.org/dev/dist/ path contains the candidate. >> >> +/- votes please >> [ ] Release apr 1.6.2 > -- Eric Covener cove...@gmail.com

Re: [VOTE] Release APR-UTIL 1.6.0

this is a distinct thread for any >> final votes and to tally vote count of apr-util 1.6.0 release. >> Usual http://apr.apache.org/dev/dist/ path for candidates. >> >> +/- votes please >> [ ] Release apr-util 1.6.0 > -- Eric Covener cove...@gmail.com

Re: svn commit: r1797422 - /apr/apr/trunk/memcache/apr_memcache.c

On Mon, Jun 5, 2017 at 4:32 PM, William A Rowe Jr wrote: > What happens if two different threads attempt this poll in parallel? I > presumed pollsets are copied to prevent two threads from clashing. >> pollfds = apr_pcalloc(temp_pool, apr_hash_count(server_queries) * >>

Re: SHA256 and friends.

On Fri, Jan 20, 2017 at 10:52 AM, Yann Ylavic wrote: > On Fri, Jan 20, 2017 at 4:19 PM, Dirk-Willem van Gulik > wrote: >> >> Ok so if we had a special #ifdef for 'TRUE_MD5 and would manually tweak/mark >> up the 2 or 3 places >> that we know we need a

Re: Question re: build of (64-bit) httpd and issue with apr_password_validate

On Fri, Aug 19, 2016 at 7:14 AM, Michael Felt <mamf...@gmail.com> wrote: > root@x064:[/data/prj/apache/httpd-2.4.23]nm /opt/modules/mod_authn_file.so | > grep apr_password_validate Are you sure that the libapr you're scrutinizing is being loaded at runtime? -- Eric Covener cove...@gmail.com

Re: CVE-2016-0718

and we have the same number of calls and changes as they do. On Fri, May 27, 2016 at 10:12 AM, Eric Covener <cove...@gmail.com> wrote: > On Fri, May 27, 2016 at 9:48 AM, David Dillard <davidedill...@gmail.com> > wrote: >> Did anyone see >> https://web.nvd.nist.gov/vi

Re: CVE-2016-0718

), we either need to spend a lot of time on a bundled expat or rip it out from releases. I think one more release with an updated expat might be prudent, given the severity of the issue shared above. -- Eric Covener cove...@gmail.com

Re: Mailing list semantics

On Thu, Jan 28, 2016 at 11:06 AM, Jeff Trawick wrote: > [X] Change to reply-to-list default reply semantics > me too

Re: ap_init_rng / apr_random question

Maybe another topic for 1.6. Is it wise to keep this code around? On Sun, Nov 1, 2015 at 10:20 AM, Eric Covener <cove...@gmail.com> wrote: > On Tue, Oct 27, 2015 at 8:00 PM, Yann Ylavic <ylavic@gmail.com> wrote: >> On Tue, Oct 27, 2015 at 6:57 PM, Eric Covener <

Re: EBCDIC bug(s?) in our apr-util//crypto/crypt_blowfish.c implementation

0, 0, 0, 1, 4, 0}; > ... if (setting[0] != '$' || >setting[1] != '2' || >setting[2] < 'a' || setting[2] > 'z' || >!flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] || -- Eric Covener cove...@gmail.com

Re: ap_init_rng / apr_random question

On Tue, Oct 27, 2015 at 8:00 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Tue, Oct 27, 2015 at 6:57 PM, Eric Covener <cove...@gmail.com> wrote: >> IIUC, it takes something like 32k of /dev/random to initialize apr_random. >> >> APR_RANDOM_DEFAULT_POO

Re: ap_init_rng / apr_random question

On Tue, Oct 27, 2015 at 8:00 PM, Yann Ylavic <ylavic@gmail.com> wrote: > On Tue, Oct 27, 2015 at 6:57 PM, Eric Covener <cove...@gmail.com> wrote: >> IIUC, it takes something like 32k of /dev/random to initialize apr_random. >> >> APR_RANDOM_DEFAULT_POO

Re: APR Buffer NullPointer Error

(CoyoteWriter.java:94) ~[catalina.jar:8.0.21] at se.highex.core.gw.GWSession.sendMsgs(GWSession.java:1568) ~[GWSession.class:?] at se.highex.core.gw.GWSession.takeNotifyQueue(GWSession.java:1668) ~[GWSession.class:?] BR, Maxim -- Eric Covener cove...@gmail.com

Re: [VOTE] Release APR 1.5.2

On Tue, Apr 28, 2015 at 10:34 AM, Jeff Trawick traw...@gmail.com wrote: Does anyone else plan on testing/voting in the next 10 hours? I'd like to see the CVE fix for Windows on its way to the mirrors, or at least find out that we have more serious problems to deal with. Tentative plan: Hold

Re: [VOTE] Release APR 1.5.2

move to dev@apr On Tue, Apr 28, 2015 at 12:18 PM, Eric Covener cove...@gmail.com wrote: On Sat, Apr 25, 2015 at 8:13 AM, Jeff Trawick traw...@gmail.com wrote: +/-1 [ ] Release APR 1.5.2 as GA +1 for release. Tested on AIX/PPC32, HPUX/IA64 and Solaris/x64. HPUX and AIX had non-regression

Re: http2 support

On Fri, Apr 24, 2015 at 9:53 AM, Joshua Marantz jmara...@google.com wrote: I was curious what the plans for HTTP2 support in Apache look like. I know Apache now owns mod_spdy. Also it appears someone is looking at building a mod_http2: http://marc.info/?l=apache-httpd-devm=142660802332383w=2 .

Odd install behaviour

.) // * on a Mac Pro, 10.7.5 - Eric

Re: [VOTE] Release APR-util 1.5.4

On Tue, Sep 16, 2014 at 7:47 PM, Jeff Trawick traw...@gmail.com wrote: Tarballs/zipfiles are at http://apr.apache.org/dev/dist/ Shortcut to CHANGES files: http://apr.apache.org/dev/dist/CHANGES-APR-UTIL-1.5 http://apr.apache.org/dev/dist/CHANGES-APR-1.5

Re: svn commit: r1604598 - in /apr/apr/trunk: CHANGES tables/apr_skiplist.c

all synched up to 1.5 and 1.6 On Tue, Jun 24, 2014 at 11:38 AM, Eric Covener cove...@gmail.com wrote: On Tue, Jun 24, 2014 at 10:57 AM, Jim Jagielski j...@jagunet.com wrote: Is this suitable for 1.5 and 1.6 as well? Yes, thanks for reminder, I paused to give Takashi time to verify

Re: svn commit: r1604598 - in /apr/apr/trunk: CHANGES tables/apr_skiplist.c

On Tue, Jun 24, 2014 at 10:57 AM, Jim Jagielski j...@jagunet.com wrote: Is this suitable for 1.5 and 1.6 as well? Yes, thanks for reminder, I paused to give Takashi time to verify it is sufficient and he has already confirmed in bugzilla. I did see a weird conflict backporting the skiplist

Re: my messages get queued

I haven't seen a notice of problems from infrastructure, but I have seen terrible mailing list delays over the last week. For example, just now I saw a commit message from 8 days ago. Normally I might see a delay of up to a few hours. I don't know whether or not this addresses your exact

Re: digest functions and validation - part 2

On Fri, May 9, 2014 at 3:53 PM, Helmut Tessarek tessa...@evermeet.cx wrote: The sha*crypt functions are basically a standard, are they not? Thus it would make sense to include them in APR. I think there's some disconnect about the role of APR. But setting that aside, what's missing is someone

Re: configuring apr-util --with-ldap against idsldap (aka tivoli)

to be recognized? See include/apr_ldap.h created... attachment Thank you for your consideration. -- Eric Covener cove...@gmail.com

  1   2   3   >