I've created an input filter that does some string parsing on the POST
data and works great. Unfortunately, it doesn't work over HTTPS and I
can't figure out why. It looks like now I'm getting one TRANSIENT bucket
with one byte of data in my brigade. Does anyone know what's happening?
I could
On Mon, 2012-01-16 at 12:50 -0500, Jim Jagielski wrote:
The 2.4.0 (prerelease) tarballs are available for download and test:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.0 GA.
Vote will last the normal 72 hours... Can I get a w00t
On Tue, 2012-01-17 at 18:31 +1000, Noel Butler wrote:
On Mon, 2012-01-16 at 12:50 -0500, Jim Jagielski wrote:
The 2.4.0 (prerelease) tarballs are available for download and test:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.0 GA.
On 17 Jan 2012, at 10:31 AM, Noel Butler wrote:
Build fails when using static built modules and disabling dav, but builds
fine if option to disable dav is removed.
ie: --enable-mods-static=all --disable-dav
in /tmp/httpd-2.4.0/modules/dav/lock/locks.c
undefined references to
Win32 binary available at www.apachelounge.com
Please expand the time for the vote.
So we can have the time for testing at last, like the nix flavors (red hat etc.)
Steffen
Op 16 jan. 2012 om 17:50 heeft Jim Jagielski j...@jagunet.com het volgende
geschreven:
The 2.4.0 (prerelease)
On 17 Jan 2012, at 7:01 AM, William A. Rowe Jr. wrote:
To further elaborate...
https://dist.apache.org/repos/dist/release/httpd/patches/
* contains nothing to protect adopters of our beta since 2.3.5
* contains few of the patches necessary to close issues since 2.2.21
I don't see how
On Jan 17, 2012, at 12:01 AM, William A. Rowe Jr. wrote:
On 1/16/2012 10:55 PM, William A. Rowe Jr. wrote:
On 1/16/2012 11:50 AM, Jim Jagielski wrote:
The 2.4.0 (prerelease) tarballs are available for download and test:
http://httpd.apache.org/dev/dist/
[...]
then I have no reason to
Jim, better you use some energ to respond on win requests and comments. You
never respond, correct me if I am wrong.
Looks like you are wearing a wrong colored hat.
Op 17 jan. 2012 om 12:36 heeft Jim Jagielski j...@jagunet.com het volgende
geschreven:
On Jan 17, 2012, at 12:01 AM,
All;
I have submitted PR 52476 to track and document this bug. I've
uploaded the logs from my tests where I was able to duplicate the problem.
http://people.apache.org/~druggeri/logs/WinSSL/
Initially I was just setting up my testbed and hitting 127.0.0.1 to
make sure the small LWP script
On 17 Jan 2012, at 5:14 PM, Steffen wrote:
Jim, better you use some energ to respond on win requests and comments. You
never respond, correct me if I am wrong.
Unfortunately, many of us are not in the position to respond to Windows
comments, because we're aren't in a position to make them.
I meant primarily the latest request to extend the time for testing.
Op 17 jan. 2012 om 15:40 heeft Graham Leggett minf...@sharp.fm het volgende
geschreven:
On 17 Jan 2012, at 5:14 PM, Steffen wrote:
Jim, better you use some energ to respond on win requests and comments. You
never
On Tue, Jan 17, 2012 at 8:37 AM, Daniel Ruggeri drugg...@primary.net wrote:
All;
I have submitted PR 52476 to track and document this bug. I've
uploaded the logs from my tests where I was able to duplicate the problem.
http://people.apache.org/~druggeri/logs/WinSSL/
Looks like permissions
If I had access to Windows I would. I don't.
As far as using 'energ'... I've been using it to help get
Apache 2.4.0... maybe you may have noticed that.
As far as wrong colored hat... I'll let that slide...
On Jan 17, 2012, at 10:14 AM, Steffen wrote:
Jim, better you use some energ to respond
On 1/17/2012 6:36 AM, Jim Jagielski wrote:
Bill, I am taking your advice and learning some tact, so I
respectfully ask: What is your major malfunction? I am
growing tired of you constantly complaining while doing *nothing*
to address those self-same issues which you seem to find so
Oh... you mean the one you *just made* maybe 3-4 hours ago *TODAY*.
yep... shoulda responded immediately on that.*
Of course I'm flexible on time... but if after 72 hours I hear
nothing at all from any Windows people, except for sorry,
got busy and couldn't be bothered to do any testing I'm
On Tue, Jan 17, 2012 at 4:40 PM, Graham Leggett minf...@sharp.fm wrote:
On 17 Jan 2012, at 5:14 PM, Steffen wrote:
Unfortunately, many of us are not in the position to respond to Windows
comments, because we're aren't in a position to make them. I personally
don't have access to a Windows
On 17 Jan 2012, at 5:55 PM, William A. Rowe Jr. wrote:
Whomever is committing the security patches for disclosed issues
aught to publish their patch on the same day. I've participated
over 10 years, and for 10 years published relevant patches that I
had written to patches/apply_to_rev/
The idea behind patches is entirely sound, and I strongly disagree that the
practice should stop.
Instead, the practice should be properly formalised, with comments added to
the appropriate places so that it is made obvious to committers what to do,
+1 to formalising and documenting all of
On Jan 17, 2012, at 11:26 AM, Graham Leggett wrote:
The idea behind patches is entirely sound, and I strongly disagree that the
practice should stop. Instead, the practice should be properly formalised,
with comments added to the appropriate places so that it is made obvious to
On Tue, Jan 17, 2012 at 01:39:09AM +0200, Graham Leggett wrote:
- All three of mod_bucketeer, mod_ case_filter and mod_ case_filter_in
are present during this test run, but for some reason we still have
skipped tests complaining about them.
Are those modules loaded in the httpd.conf? Unless
On Mon, Jan 16, 2012 at 12:50:05PM -0500, Jim Jagielski wrote:
The 2.4.0 (prerelease) tarballs are available for download and test:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.0 GA.
Vote will last the normal 72 hours... Can I get a
On 1/17/2012 10:26 AM, Graham Leggett wrote:
Take our opening site page at http://httpd.apache.org/, no mention of patches
at all. Zoom in a little to the download page at
http://httpd.apache.org/download.cgi#apache23, and still no mention of the
patches directory. If our end users aren't
On 1/17/2012 11:25 AM, Joe Orton wrote:
On Tue, Jan 17, 2012 at 01:39:09AM +0200, Graham Leggett wrote:
- All three of mod_bucketeer, mod_ case_filter and mod_ case_filter_in
are present during this test run, but for some reason we still have
skipped tests complaining about them.
Are
On Tue, Jan 17, 2012 at 16:53, Jim Jagielski j...@jagunet.com wrote:
If I had access to Windows I would. I don't.
I can give you accces to a win2k8 32 bit box, if you need to have access.
Mario
It is line with our reports. Thanks, and this confirms again there is some
broken serious.
For me a showstopper 2.4, tons of win users going to deal with this.
Work around is to use 2.2.21 SSL-only and minimal config in front of 2.4.
Op 17 jan. 2012 om 15:37 heeft Daniel Ruggeri
Win boxes is not so the issue. More the lack of win dev's. We are leaning very
much on Bill only, without him it should be dramatic.
At Aachelounge quite some users testing it by using it in real live. Special
companies and individual users.
Op 17 jan. 2012 om 16:15 heeft Guillaume
On 16 Jan 2012, at 22:31, Stefan Fritsch wrote:
On Monday 16 January 2012, Tim Bannister wrote:
$ ./configure --with-included-apr
…
Configuring Apache Portable Runtime library ...
configuring package in srclib/apr now
/bin/sh: /home/isoma/src/httpd-2.4.0/srclib/apr/configure: No such file
On 1/16/2012 11:50 AM, Jim Jagielski wrote:
The 2.4.0 (prerelease) tarballs are available for download and test:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.0 GA.
-1 to GA for the regressions in balancer as mentioned previously, esp
in
This suggestion precludes publishing 'other' patches. Is there still a
role for 3rd party contrib or other unreleased patches that individuals
homes on people.a.o doesn't fulfill?
I think beyond userdirs on people.a.o, they can get all the visibility
they need in bugzilla as open
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems
more efficient to set these up as patches/CVE--/ with individual
files for actively (or semi-actively) maintained versions. If there is
one patch which applies to 2.2.n 2.2.17, and a second patch for 2.2.17
and
On 1/17/2012 9:49 AM, Ken Dreyer wrote:
On Tue, Jan 17, 2012 at 8:37 AM, Daniel Ruggeri drugg...@primary.net wrote:
All;
I have submitted PR 52476 to track and document this bug. I've
uploaded the logs from my tests where I was able to duplicate the problem.
On 1/17/2012 1:56 PM, Eric Covener wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems
more efficient to set these up as patches/CVE--/ with individual
files for actively (or semi-actively) maintained versions. If there is
one patch which applies to 2.2.n
On Tue, Jan 17, 2012 at 2:58 PM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
On 1/17/2012 1:56 PM, Eric Covener wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems
more efficient to set these up as patches/CVE--/ with individual
files for actively (or
On 1/17/2012 2:01 PM, Eric Covener wrote:
On Tue, Jan 17, 2012 at 2:58 PM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
On 1/17/2012 1:56 PM, Eric Covener wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems
more efficient to set these up as patches/CVE--/
On 1/17/2012 11:25 AM, Steffen wrote:
It is line with our reports. Thanks, and this confirms again there is some
broken serious.
For me a showstopper 2.4, tons of win users going to deal with this.
Work around is to use 2.2.21 SSL-only and minimal config in front of 2.4.
Another possible
* Are we committed to providing the -deps for 2.4's lifetime, or would
we doc it with some weasel language?
* Does anyone care if we're not committed to it and just change the
doc when we change our mind and stop providing a deps tarball?
On 1/17/2012 2:07 PM, Eric Covener wrote:
* Are we committed to providing the -deps for 2.4's lifetime, or would
we doc it with some weasel language?
I'm +1 for dropping -deps, but you knew that ;-)
* Does anyone care if we're not committed to it and just change the
doc when we change our
On 1/17/2012 11:56 AM, Eric Covener wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It seems
more efficient to set these up as patches/CVE--/ with individual
files for actively (or semi-actively) maintained versions. If there is
one patch which applies to 2.2.n
On 17 Jan 2012, at 10:07 PM, Eric Covener wrote:
* Are we committed to providing the -deps for 2.4's lifetime, or would
we doc it with some weasel language?
* Does anyone care if we're not committed to it and just change the
doc when we change our mind and stop providing a deps tarball?
On 1/17/2012 12:15 PM, William A. Rowe Jr. wrote:
On 1/17/2012 2:07 PM, Eric Covener wrote:
* Are we committed to providing the -deps for 2.4's lifetime, or would
we doc it with some weasel language?
I'm +1 for dropping -deps, but you knew that ;-)
* Does anyone care if we're not committed
On 17 Jan 2012, at 10:32 PM, Gregg L. Smith wrote:
Why not just do it how it has always been done, that is to include the latest
release of APR/APU(/APR-I on Win) for the httpd release? It seems to me if I
recall this correctly, that the reason there was a separate -deps package was
On 17 Jan 2012, at 20:31, Graham Leggett wrote:
The simplest fix for this issue is to modify the file not found error
message to say something sensible about requiring the -deps package.
At the end of the day, the most likely reason someone is trying to add
--with-included-apr is because
On 1/17/2012 2:32 PM, Gregg L. Smith wrote:
The preferred needed APR APU are all in a released state, what's the
problem bundling
again?
Because they don't stay released.
APR and APU have updates and security patches which are out of step
with httpd. As anyone who's been involved in a
On 1/17/2012 2:31 PM, Graham Leggett wrote:
On 17 Jan 2012, at 10:07 PM, Eric Covener wrote:
* Are we committed to providing the -deps for 2.4's lifetime, or would
we doc it with some weasel language?
* Does anyone care if we're not committed to it and just change the
doc when we change
On Tuesday 17 January 2012, Graham Leggett wrote:
# verifying that logged content is 256 characters
ok 51
# posted content (length 1024) to bogus-perl.pl
# got return code of: 500, expecting: 500
ok 52
# verifying log did not increase in size...
ok 53
# verifying log is greater than 8192
On 17 Jan 2012, at 10:56 PM, William A. Rowe Jr. wrote:
The simplest fix for this issue is to modify the file not found error
message to say something sensible about requiring the -deps package.
make -F makefile.win emits this very sort of message, pointing the user
to obtain the right
On Tuesday 17 January 2012, William A. Rowe Jr. wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It
seems more efficient to set these up as patches/CVE--/
with individual files for actively (or semi-actively) maintained
versions. If there is one patch which
On 17 Jan 2012, at 11:07 PM, Stefan Fritsch wrote:
The diff to a PASS run starts with:
# posted content (length 1024) to bogus-perl.pl
# got return code of: 500, expecting: 500
ok 52
-# checking that log size (5115) is greater than 4516
+# verifying log did not increase in size...
ok 53
On Thu, Jan 12, 2012 at 4:54 AM, Tomas Hoger tho...@redhat.com wrote:
Jeff Trawick trawick at gmail.com writes:
Tomas Hoger tracked this down to a change to apr_uri_parse(), see here:
https://bugzilla.redhat.com/show_bug.cgi?id=756483#c8
The referenced change is in APR-util version
On Tue, Jan 17, 2012 at 4:19 PM, Stefan Fritsch s...@sfritsch.de wrote:
On Tuesday 17 January 2012, William A. Rowe Jr. wrote:
I'd suggest that patches/apply_to_x.y.z/ is a clumsy notation. It
seems more efficient to set these up as patches/CVE--/
with individual files for actively
On Tuesday 17 January 2012, Graham Leggett wrote:
%response
perl cgi r.uri = /modules/lua/hello.lua
return apache2.DECLINED
end
return apache2.DECLINED
end
function translate_name2(r)
r:debug(translate_name2: .. r.uri)
local query = r:parseargs()
if
On Tuesday 17 January 2012, Steffen wrote:
Please expand the time for the vote.
So we can have the time for testing at last, like the nix flavors
(red hat etc.)
FWIW, I agree with Steffen that a vote for the initial 2.4 GA release
should be longer. Maybe until next Monday?
On Tuesday 17 January 2012, Mario Brandt wrote:
On Tue, Jan 17, 2012 at 16:53, Jim Jagielski j...@jagunet.com
wrote:
If I had access to Windows I would. I don't.
I can give you accces to a win2k8 32 bit box, if you need to have
access.
Thanks for the offer, but the problem is also that
Hi Steffen,
On Tuesday 17 January 2012, Steffen wrote:
Win boxes is not so the issue. More the lack of win dev's. We are
leaning very much on Bill only, without him it should be
dramatic.
I agree.
At Aachelounge quite some users testing it by using it in real
live. Special companies and
On 17 Jan 2012, at 11:52 PM, Stefan Fritsch wrote:
This doesn't look right. It should look like this:
%response
perl cgiType
'
Do you have some lua magic configured in your httpd.conf? If yes, try
removing it.
I am currently using the default out of the box config, which just loads
On Tuesday 17 January 2012, Graham Leggett wrote:
On 17 Jan 2012, at 11:52 PM, Stefan Fritsch wrote:
This doesn't look right. It should look like this:
%response
perl cgiType
'
Do you have some lua magic configured in your httpd.conf? If yes,
try removing it.
I am currently
On Tue, Jan 17, 2012 at 5:05 PM, Graham Leggett minf...@sharp.fm wrote:
On 17 Jan 2012, at 11:52 PM, Stefan Fritsch wrote:
This doesn't look right. It should look like this:
%response
perl cgiType
'
Do you have some lua magic configured in your httpd.conf? If yes, try
removing it.
I am
On 18 Jan 2012, at 12:11 AM, Stefan Fritsch wrote:
No idea here, either. It works for me with mod_lua loaded.
You could try a make clean in the test framework dir if you haven't
done so already.
That I've been doing each time.
It seems that moving the t/modules/lua.t test out of the way
On Tue, 2012-01-17 at 13:02 +0200, Graham Leggett wrote:
On 17 Jan 2012, at 10:31 AM, Noel Butler wrote:
Build fails when using static built modules and disabling dav, but builds
fine if option to disable dav is removed.
ie: --enable-mods-static=all --disable-dav
in
59 matches
Mail list logo