Bug report for Apache httpd-2 [2021/11/28]

2021-11-27 Thread bugzilla 
+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i|
|11580|Opn|Enh|2002-08-09|generate Content-Location headers |
|12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long|
|13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation  |
|14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR|
|16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.|
|17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi|
|17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header|
|20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment |
|21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced !   |
|21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut|
|22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down|
|22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7|
|22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header  |
|23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54|
|24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32|
|24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact|
|24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g|
|25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files  |
|25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP |
|26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability   |
|27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid |
|27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins|
|29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp|
|29510|Ass|Enh|2004-06-10|ab does not support multiple cookies  |
|29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client |
|30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do|
|30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ|
|31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in |
|31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use|
|31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules|
|32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern|
|32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak|
|33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)|
|34519|New|Enh|2005-04-19|Directory index should emit valid XHTML   |
|35098|Ver|Maj|2005-05-27|Install fails using --prefix  |
|35154|Opn|Nor|2005-06-01|Support for NID_serialNumber, etc. in SSLUserName |
|35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c|
|35768|Opn|Nor|2005-07-17|Missing file logs at far too high of log level|
|36636|Opn|Maj|2005-09-13|database write lock taken for PROPFIND operations |
|36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for|
|36710|Opn|Blk|2005-09-19|CGI output not captured   |
|37006|Ver|Reg|2005-10-11|"pthread" error when compiling under AIX 5.3 using|
|37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo|
|37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i|
|38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r|
|38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes|
|38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve|
|39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning |
|39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn|
|39727|Ass|Nor|2006-06-05|Incorrect ETag on gzip:ed content |
|39748|

Re: mod_tls as experimental module?

2021-11-27 Thread ste...@eissing.org 



> Am 27.11.2021 um 14:21 schrieb Greg Stein :
> 
> On Fri, Nov 26, 2021 at 3:49 AM ste...@eissing.org  wrote:
> >...
> Additionally, we need to clarify with ASF and ISRG if this needs some sort of
> paperwork. Since the ISRG repository uses the Apache license, in my naive 
> world
> view, this should be quite an informal process. But I do not really know.
> 
> We have numerous copies of permissive-licensed code within our repositories, 
> and that is fine as long as no such code is "more restrictive than the ALv2". 
> Since the existing mod_tls is provided under ALv2, then no additional 
> paperwork should be required. We are merely using that code under the license 
> provided.
> 
> The real question is whether the files to be imported into our repository 
> have headers that specify copyright held by others. For that, we need to get 
> the copyright owners' approval to replace that with our standard header.
> https://www.apache.org/legal/src-headers.html
> (if we want to change them; we could simply copy from upstream, or change if 
> the locus of development is our repository)

Thanks Greg. I will talk to the ISRG about the header change.

Cheers, Stefan

> 
> There is likely some other page talking about permission to switch out the 
> copyright header, but I don't have that link handy.
> 
> Cheers,
> -g
>

Re: mod_tls as experimental module?

2021-11-27 Thread Greg Stein 
On Fri, Nov 26, 2021 at 3:49 AM ste...@eissing.org 
wrote:
>...

> Additionally, we need to clarify with ASF and ISRG if this needs some sort
> of
> paperwork. Since the ISRG repository uses the Apache license, in my naive
> world
> view, this should be quite an informal process. But I do not really know.
>

We have numerous copies of permissive-licensed code within our
repositories, and that is fine as long as no such code is "more restrictive
than the ALv2". Since the existing mod_tls is provided under ALv2, then no
additional paperwork should be required. We are merely using that code
under the license provided.

The real question is whether the files to be imported into our repository
have headers that specify copyright held by others. For that, we need to
get the copyright owners' approval to replace that with our standard header.
https://www.apache.org/legal/src-headers.html
(if we want to change them; we could simply copy from upstream, or change
if the locus of development is our repository)

There is likely some other page talking about permission to switch out the
copyright header, but I don't have that link handy.

Cheers,
-g