Re: svn commit: r1799356 - in /httpd/httpd/branches/2.2.x: ./ server/scoreboard.c

On Jun 20, 2017 12:00, "Jacob Champion" wrote: On 06/20/2017 09:47 AM, wr...@apache.org wrote: > Log: > Make the range test legible > Hmm, out of curiosity, is the legibility you mention from the parenthesization change or the switch to greater-than-or-equal for one side?

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 11:17 AM, Jacob Champion <champio...@gmail.com> wrote: > On 06/20/2017 09:16 AM, William A Rowe Jr wrote: >> >> It's released into the wild, what is done is done. > > > Of course. But having it in the wild for three days is different than h

Re: [PATCH 2.2] fix ap_get_scoreboard_*

Joe, I compromised on your fix and retained parens for legibility, following the pattern of the other fix. Committed as r1799356, thanks On Mon, Jun 19, 2017 at 7:08 AM, Joe Orton wrote: > The limit checking is broken in 2.2's ap_get_scoreboard_*. This was > fixed in 2.4 in

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 11:15 AM, Jacob Champion <champio...@gmail.com> wrote: > On 06/20/2017 09:14 AM, William A Rowe Jr wrote: >> >> Would encourage us to wait at least a couple more days for >> other, unrelated regression reports to filter in while fixing this >

Re: svn commit: r1782209 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Jun 20, 2017 at 11:07 AM, Jacob Champion wrote: > On 02/08/2017 07:56 PM, Eric Covener wrote: >> >> Assuming there's some alternate path that actually does change >> SCRIPT_NAME by default, we a) don't have any complaint about >> SCRIPT_NAME and b) have the SetEnv

Re: ocsp stapling improvements

On Tue, Jun 20, 2017 at 6:39 AM, Stefan Eissing wrote: > >> Am 12.06.2017 um 21:35 schrieb Ruediger Pluem : >> >>> 2. Persist responses (is this just a config/default issue?) >> >> This could become tricky given the various so cache implementations

Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

On Mon, Jun 19, 2017 at 5:49 PM, Jacob Champion <champio...@gmail.com> wrote: > On 06/19/2017 03:44 PM, William A Rowe Jr wrote: >> >> None at all, I have moderation and will push it on. > > They are on their way over to you. Thanks for the suggestion. ... and moderated. Thanks!

Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

On Mon, Jun 19, 2017 at 5:41 PM, Jacob Champion <champio...@gmail.com> wrote: > On 06/19/2017 03:35 PM, William A Rowe Jr wrote: >> >> Not to announce@httpd? users@ and dev@ aren't particularly >> broadcast channels. >> >> announce@a.o might be too wide an

Re: CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

Not to announce@httpd? users@ and dev@ aren't particularly broadcast channels. announce@a.o might be too wide an audience, but that's why we document the CVE's with short notes in the foundation-wide release announcement. At least, used to document them. On Mon, Jun 19, 2017 at 5:08 PM, Jacob

Re: [PATCH 2.2] fix ap_get_scoreboard_*

+1 here... That gets you to 3. Good catch thanks. On Jun 19, 2017 07:09, "Joe Orton" wrote: > The limit checking is broken in 2.2's ap_get_scoreboard_*. This was > fixed in 2.4 in http://svn.apache.org/viewvc?view=revision=417252 > > Patch below backports that, plus fixes

Re: [VOTE] Release Apache httpd 2.4.26 as GA

On Tue, Jun 13, 2017 at 12:33 PM, Jim Jagielski wrote: > The pre-release test tarballs for Apache httpd > version 2.4.26 can be found at the usual place: > > http://httpd.apache.org/dev/dist/ > > I'm calling a VOTE on releasing these as Apache httpd 2.4.26 GA. [X] +1:

Re: [Discuss] Rolling a 'final' 2.2.33 release

On Thu, Jun 15, 2017 at 2:47 AM, Yann Ylavic <ylavic@gmail.com> wrote: > On Wed, Jun 14, 2017 at 11:12 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> >> Thoughts/comments? Patches to hold for before we roll? If I don't hear >> otherwise, and

Re: [Discuss] Rolling a 'final' 2.2.33 release

On Wed, Jun 14, 2017 at 4:12 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > >Please note that Apache Web Server Project will only provide maintenance >releases of the 2.2.x flavor through June of 2017, and will provide some >security patches beyond this dat

[Discuss] Rolling a 'final' 2.2.33 release

Per to our discussion last year, this EOL is here. That discussion resulted in the following Announcement statement; We consider the Apache HTTP Server 2.4 release to be the best version of Apache available, and encourage users of 2.2 and all prior versions to upgrade. This 2.2

Re: An ask for eyes on proposal

On Fri, Jun 9, 2017 at 8:29 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > To your example, the *global* config line; > > RemoteIPProxyProtocol 127.0.0.1 [or 127.0.0.0/24] > > would configure all locally routed *client* requests, irrespective of > which by-IP

Re: An ask for eyes on proposal

On Fri, Jun 9, 2017 at 4:17 AM, Sander Hoentjen wrote: > On 06/08/2017 07:30 PM, Daniel Ruggeri wrote: >> Hi, all; >> With the proposal to T set for Monday, I wanted to draw attention to >> the PROXY protocol proposal in STATUS. Just hoping for a quick review. >> I know it

Re: The drive for 2.4.26

On Thu, Jun 8, 2017 at 11:07 AM, Jim Jagielski wrote: > Perfect... I propose a T on Monday... comments? +1. Many will have noticed already, but apr 1.6.2 and apr-util-1.6.0 vote threads were just spawned to be tallied 13:00 UTC Monday.

Re: An ask for eyes on proposal

. Cheers, Bill On Thu, Jun 8, 2017 at 4:46 PM, Jim Jagielski <j...@jagunet.com> wrote: > Is expansion of the syntax something that could be folded in > for 2.4.27? > >> On Jun 8, 2017, at 2:51 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: >> >> [Again, u

Re: An ask for eyes on proposal

[Again, using all the words] On Thu, Jun 8, 2017 at 12:30 PM, Daniel Ruggeri wrote: > Hi, all; > With the proposal to T set for Monday, I wanted to draw attention to the > PROXY protocol proposal in STATUS. Just hoping for a quick review. I know it > appears to be a large

Re: An ask for eyes on proposal

FYI the one change I've been considering is to extend the On Thu, Jun 8, 2017 at 12:30 PM, Daniel Ruggeri wrote: > Hi, all; > With the proposal to T set for Monday, I wanted to draw attention to the > PROXY protocol proposal in STATUS. Just hoping for a quick review. I know

Re: HTTP/2 and no-longer "experimental"

On May 31, 2017 1:32 PM, "Helmut K. C. Tessarek" <tessa...@evermeet.cx> wrote: On 2017-05-31 11:46, William A Rowe Jr wrote: > If my assumptions above are wrong, ignore this thought... but if > the goal is to drive adoption of our 2.6 implementation of http2, > then simp

Re: The drive for 2.4.26

The suggestion is to push out any 2.4 release indefinately for an experimental feature which is promoted in another thread for promotion to a GA designation? Just a sanity check of my sense of irony :) On Wed, May 31, 2017 at 6:59 AM, Jim Jagielski wrote: > I think we should

Re: HTTP/2 and no-longer "experimental"

On Wed, May 31, 2017 at 7:07 AM, Jim Jagielski wrote: > There was discussion some time ago about dropping the "experimental" > tag from our HTTP/2 implementation. It is causing loads of people > to not use it, as well as allowing for the perpetuation of FUD that > httpd really

Re: The drive for 2.4.26

On Tue, May 30, 2017 at 4:21 PM, Jacob Champion wrote: > On 05/29/2017 10:52 PM, Jan Ehrhardt wrote: >> >> Jan Ehrhardt in gmane.comp.apache.devel (Tue, 30 May 2017 07:13:41 >> +0200): >>> >>> Steffen in gmane.comp.apache.devel (Mon, 29 May 2017 15:42:46 +0200): >>>

Re: The drive for 2.4.26

On Mon, May 29, 2017 at 8:42 AM, Steffen wrote: > > Btw. > Cmake is now Windows only, is that the goal ? No; however the autoconf works so well on such a broad assortment of Unix distributions that we haven't found a lot of motivation to fully instrument the cmake lists

Re: VUDDY: unpatched CVEs in apache httpd

apr-util 1.6.0 will ship without an embedded copy of the expat software. Obtaining expat and keeping it refreshed and up to date with respect to security patches will become an exercise for the user/admin/vendor. This is scheduled for "RSN" - real soon now. Bill On Wed, May 24, 2017 at 1:43

Re: JSON License and Apache Projects

On Tue, May 23, 2017 at 12:26 PM, Stefan Eissing wrote: > Just to be certain: does this impact any linkage against a JSON C library? JSMN is licensed MIT - no issues. Jansson is licensed MIT - also no issue there. json-c is licensed MIT - I see a pattern here.

Re: svn commit: r1795358 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in

Backported to 2.2 and 2.4. For additional rational of not changing any already-configured servers, but preventing new 2.2/2.4 configuration deployments from supporting 3DES, please see the OpenSSL project's own observations first, before launching into discussion;

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

On May 8, 2017 18:15, "Jacob Champion" <champio...@gmail.com> wrote: On 05/05/2017 04:42 PM, William A Rowe Jr wrote: > I've been similarly confused. It's obvious that the XML sources have no > context without the XSLT and build stack. > For XSLT, agreed. But as Andre

Re: Change from ad-hoc/historical security process to ASF process?

On May 5, 2017 13:32, "Jim Jagielski" wrote: +1... Lets do it. BTW, I would adjust #16 to include: Add the CVE to the CHANGES file. That way, it's still documented in CHANGES, just after the release is spun out, show it shows up in the next release's CHANGES. ... And if

Re: svn commit: r1793940 - in /httpd/docs-build/trunk: deps.xml lib/allmodules.pl

On May 5, 2017 9:28 AM, "Jacob Champion" wrote: On 05/05/2017 01:34 AM, André Malo wrote: > Well... It was a split-project back then (in CVS even... :-)). I'm also not > sure we want all those jar files and stuff in the main repo. Most people > neither use nor need it. >

Re: Fixing more OpenSSL callback crashes

On May 4, 2017 10:47 AM, "Jacob Champion" wrote: On 05/03/2017 11:25 PM, Ruediger Pluem wrote: > Just as a heads up as I currently don't have time to investigate further. > I get the below on CentOS 6.9 64 bit, which > puzzles me a little bit as I would expect the errno

Re: SSL and Usability and Safety

On May 2, 2017 12:57 PM, "Jacob Champion" wrote: On 05/02/2017 10:32 AM, Ruediger Pluem wrote: > c) would be the best, but a) IMHO would be acceptable since overwriting is > for the more advanced users anyway and they > can be told to do stuff in the correct order. > +1

Re: SSL and Usability and Safety

On Tue, May 2, 2017 at 11:14 AM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > Any other client is no longer interoperable with any popular site, following > final changes by issues in Dec '16. by *certificate issuers*. E.g. all MD5 and SHA1 hashed certs are now expired, the

Re: SSL and Usability and Safety

I like the proposal. However I see no need for the 'C' categor, y and disagree about changing defaults during any future 2.next bump. HonorCipherOrder, as an example, must be inverted. Users requiring 'C' can override things to make that happen. I see two 'quick start' one-line configs,

Re: The drive for 2.4.26

On May 2, 2017 4:35 AM, "Steffen" wrote: Nothing w.r.t. OSSL 1.1.x with 1.5.x apr will work, nor would 2.5.25 > ( does w.r.t means: with respect to ? ) Again Bill, please be accurate: mod_ssl with OSSL 1.1 and 1.5 apr works ! Just build and tested it: [Tue May 02

Re: The drive for 2.4.26

t like them. You suggest that I stop reporting here. Next time I wait when RC tarballs are available. I respect you as a seasoned dev. > Op 2 mei 2017 om 08:24 heeft William A Rowe Jr <wr...@rowe-clan.net> het volgende geschreven: > >> On Tue, May 2, 2017 at 1:17 AM, Ste

Re: The drive for 2.4.26

On Tue, May 2, 2017 at 1:17 AM, Steffen wrote: > Resume: With next 2.4 we have two not working with 1.1. namely abs.exe with > apr 1.6 and mod_session_crypto with 1.5. Nothing w.r.t. OSSL 1.1.x with 1.5.x apr will work, nor would 2.5.25, so tell us something we don't

Re: The drive for 2.4.26

On Mon, May 1, 2017 at 6:37 AM, Steffen wrote: > No mod_session_crypto with apr & apr-util 1.5 and Openssl 1.1.0, error in > Apr: > > ErrorC2079'cipherCtx' uses undefined struct 'evp_cipher_ctx_st' > apr_crypto_openssl >

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Apr 30, 2017 12:27 PM, "Jan Ehrhardt" wrote: Gregg Smith in gmane.comp.apache.devel (Sun, 30 Apr 2017 08:54:34 -0700): >On 4/30/2017 5:36 AM, Jan Ehrhardt wrote: > >> The problem with CMake is that it does not build all things, that AL and >> AH put in their distributions.

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Apr 29, 2017 9:19 PM, "Gregg Smith" wrote: On 4/29/2017 5:19 PM, Gregg Smith wrote: Bill, viewing the complete thread your reasoning here should have > precluded this discussion years ago when pcre went to cmake, so at or > before 2.4.0. After all, it's the only way to build

Re: The drive for 2.4.26

On Apr 29, 2017 12:16 PM, "Gregg Smith" wrote: Once APR 1.6 is released my plan is to make the change permanent next 2.4.x then making the need for that conversion unneeded. Openssl 1.0.2 is good till sometime in 2019, even 1.1.0 eol's before it does so we're stuck w/ cvtdsp.pl

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Apr 28, 2017 2:40 PM, "Steffen" wrote: cvtdsp.pl is not a hassle, just a easy step. Quote: you should not need cvtdsp.pl -2005 with VC14. They fixed this in the conversion. Terrific, this is verified?!? Otherwise there is no requirement for a Windows build to have

Re: The drive for 2.4.26

Now that these are independent of one another, I think we can release before 1.6.x are released. We should just call out "New: OpenSSL 1.1.0 support! (Upcoming APR 1.6.x is required for this support.) On Apr 28, 2017 2:56 PM, "Steffen" wrote: > When with apr & apr-until

Re: mod_brotli in 2.4.x is missing a few Makefile changes

/must use cmake with pcre and brotli, rest/most is make. > No cmake *majority*. > >> Op 28 apr. 2017 om 18:45 heeft William A Rowe Jr <wr...@rowe-clan.net> het >> volgende geschreven: >> >>> On Fri, Apr 28, 2017 at 11:35 AM, Jan Ehrhardt &

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Fri, Apr 28, 2017 at 11:35 AM, Jan Ehrhardt <php...@ehrhardt.nl> wrote: > William A Rowe Jr in gmane.comp.apache.devel (Fri, 28 Apr 2017 10:30:03 > -0500): >>You might have missed my thought here... suggesting that the CMake >>not-so-experimental build become recomm

Re: svn commit: r1792912 - in /httpd/httpd/branches/2.4.x/modules/filters: mod_brotli.dsp mod_brotli.mak

Wouldn't there be a corresponding change to LIBPATH? On Thu, Apr 27, 2017 at 10:17 AM, wrote: > Author: gsmith > Date: Thu Apr 27 15:17:57 2017 > New Revision: 1792912 > > URL: http://svn.apache.org/viewvc?rev=1792912=rev > Log: > Per brotli-master include will move in

Re: mod_brotli in 2.4.x is missing a few Makefile changes

On Fri, Apr 28, 2017 at 10:05 AM, Jan Ehrhardt <php...@ehrhardt.nl> wrote: > William A Rowe Jr in gmane.comp.apache.devel (Fri, 28 Apr 2017 09:57:53 > -0500): >>Hmmm... >> >>Building brotli libs requires CMake. >> >>Perhaps only support b

Re: mod_brotli in 2.4.x is missing a few Makefile changes

Hmmm... Building brotli libs requires CMake. Perhaps only support building mod_brotli through the CMake build, and not the legacy build?

Re: mod_brotli in 2.4.x is missing a few Makefile changes

Jan, That is correct. The .dsp is wired to interrelated projects via the .dsw file. Exporting the projects into .mak files causes all the 'depends upon' libs to be added. See any other such as mod_status. If we were building brotli in-tree you would add the libbrotli .dsp and it would resolve

Re: HTTP Server Hackathon/BOFs in Miami?

PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > Evaluating whether I will attend ApacheCon, the most specific reason would > be hackathon time. Or productive BoF sessions. > > Who all is planning to spend some time hacking at ACNA '17? Ideas for > projects or BoF topics?

Re: svn commit: r1791807 - /httpd/httpd/trunk/docs/conf/extra/httpd-manual.conf.in

On Apr 20, 2017 15:06, "André Malo" <n...@perlig.de> wrote: * William A Rowe Jr wrote: > Please re-validate your assumptions before we proceed with this > discussion. I'll be interested in your findings. I did. I've decided to drop out of that "discussion"

Re: svn commit: r1791807 - /httpd/httpd/trunk/docs/conf/extra/httpd-manual.conf.in

On Tue, Apr 18, 2017 at 3:56 PM, André Malo wrote: > * wr...@apache.org wrote: > >> Author: wrowe >> Date: Tue Apr 18 16:25:03 2017 >> New Revision: 1791807 >> >> URL: http://svn.apache.org/viewvc?rev=1791807=rev >> Log: >> KISS: RemoveType is a simpler fix for .tr > > I seem to

Re: svn commit: r1791807 - /httpd/httpd/trunk/docs/conf/extra/httpd-manual.conf.in

On Tue, Apr 18, 2017 at 3:56 PM, André Malo wrote: > * wr...@apache.org wrote: > >> Author: wrowe >> Date: Tue Apr 18 16:25:03 2017 >> New Revision: 1791807 >> >> URL: http://svn.apache.org/viewvc?rev=1791807=rev >> Log: >> KISS: RemoveType is a simpler fix for .tr > > I seem to

HTTP Server Hackathon/BOFs in Miami?

Evaluating whether I will attend ApacheCon, the most specific reason would be hackathon time. Or productive BoF sessions. Who all is planning to spend some time hacking at ACNA '17? Ideas for projects or BoF topics?

Re: svn commit: r1791192 - /httpd/httpd/branches/2.4.x/support/abs.mak

On Wed, Apr 12, 2017 at 5:31 PM, wrote: > Author: gsmith > Date: Wed Apr 12 22:31:15 2017 > New Revision: 1791192 > > URL: http://svn.apache.org/viewvc?rev=1791192=rev > Log: > Add another include since applink.c has been moved in > the OpenSSL source. More info: >

Re: svn commit: r1790999 - in /httpd/httpd/branches/2.4.x: Makefile.win docs/manual/platform/win_compiling.xml modules/ssl/mod_ssl.mak support/ab.c support/abs.mak

On Tue, Apr 11, 2017 at 9:16 PM, Gregg Smith wrote: > > No applink.c is installed to PREFIX/include/openssl. I neglected to consider > building with cmake, my bad. > > Adding the include is the easiest way to deal with this. Yea, I was confused...

Re: svn commit: r1790999 - in /httpd/httpd/branches/2.4.x: Makefile.win docs/manual/platform/win_compiling.xml modules/ssl/mod_ssl.mak support/ab.c support/abs.mak

On Tue, Apr 11, 2017 at 5:49 PM, Gregg Smith wrote: > > They will say fix ours. Bottom line, it's been moved from > include/openssl/applink.c to ms/applink.c > > So, ok, will have to add /ms to the includes or do you have a better > suggestion? That suggests that OpenSSL make

Re: svn commit: r1790999 - in /httpd/httpd/branches/2.4.x: Makefile.win docs/manual/platform/win_compiling.xml modules/ssl/mod_ssl.mak support/ab.c support/abs.mak

On Tue, Apr 11, 2017 at 11:36 AM, wrote: > Author: gsmith > Date: Tue Apr 11 16:36:25 2017 > New Revision: 1790999 > > URL: http://svn.apache.org/viewvc?rev=1790999=rev > Log: > Retro win32 command-line build > > allow building with OpenSSL 1.1.0 > > ab.c (abs) > -- >

Re: mpm_winnt lingering close

On Tue, Apr 11, 2017 at 9:35 AM, Stefan Eissing wrote: > well, your change just reverses the order of check and call. far be it from > me to say what is better. just wanted to point that out. You scared me :) (I thought I had flipped fetching and testing the

Re: mpm_winnt lingering close

-Stefan > >> Am 11.04.2017 um 15:30 schrieb William A Rowe Jr <wr...@rowe-clan.net>: >> >> Great news, thanks Steffen! >> >> Stefan - if you apply to trunk and 2.4.x (I'm already +1 on inspection) I >> have >> regression testing on Windows to

Re: svn commit: r1790917 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Apr 11, 2017 at 8:18 AM, Stefan Eissing wrote: > I do not understand why we are discussing brotli build issues here. We do not > plan to ship it, only to link against their now supposedly stable API if we > find it. If Linux distros are willing to build and

Re: mpm_winnt lingering close

wrote: > Running now with Patch on AL windows with v1.10.1-git, nghttp2 1.21.1 , no > warning anymore seen. > > > > On Tuesday 11/04/2017 at 10:23, Stefan Eissing wrote: > > > Am 03.04.2017 um 21:17 schrieb William A Rowe Jr <wr...@rowe-clan.net>: > > On Mo

Re: svn commit: r1790806 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Apr 11, 2017 at 6:39 AM, Jim Jagielski <j...@jagunet.com> wrote: > >> On Apr 10, 2017, at 11:55 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: >> >>> - -1: wrowe (Premature, waiting on github.com/google/brotli 0.6 release) >>> - NOT

Re: svn commit: r1790917 - /httpd/httpd/branches/2.4.x/STATUS

On Tue, Apr 11, 2017 at 6:32 AM, Jim Jagielski wrote: > /me confused. Why the -1 again? Are you having problems > building brotli? Or is it that you don't like how > brotli is being built? Or what? The docs were a mess - issues I had address on dev@. Until Monday, after you

Re: svn commit: r1790917 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 11:25 PM, wrote: > Author: wrowe > Date: Tue Apr 11 04:25:34 2017 > New Revision: 1790917 > > URL: http://svn.apache.org/viewvc?rev=1790917=rev > Log: > Veto veto of veto > > Modified: > httpd/httpd/branches/2.4.x/STATUS > > Modified:

Re: svn commit: r1790806 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 10:55 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > I was happy with the state of master as of Friday. I have not reviewed > the final release package, however. EFAIL cd Brotli-0.6.0 && \ cmake -G "Unix Makefiles" \

Re: svn commit: r1790170 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 6:31 PM, Daniel Ruggeri wrote: > > @wrowe - I think the updated proposal addresses the concerns around the > optional processing. Would love if you can spare a few cycles before the > upcoming 2.4.26 to review and offer your +1 or at least nyx the -.5

Re: svn commit: r1790806 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Apr 10, 2017 at 6:50 AM, wrote: > Author: jim > Date: Mon Apr 10 11:50:26 2017 > New Revision: 1790806 > > URL: http://svn.apache.org/viewvc?rev=1790806=rev > Log: > With v0.60 of https://github.com/google/brotli released, > this is now viable again. Agreed this is no

Re: mod_http2 v1.10.0

On Tue, Apr 4, 2017 at 9:24 AM, Stefan Eissing wrote: > >> Which one is the yellow bar over 6 connections? > > It's invisible. I extrapolated. Just ran the tests: > > h1 (6 conn): ~28,000 req/s > h2 (6 conn): ~33,000 req/s > > which is an unfair comparison. Seen from

Re: mpm_winnt lingering close

On Mon, Apr 3, 2017 at 8:21 AM, Eric Covener wrote: > On Mon, Apr 3, 2017 at 9:07 AM, Stefan Eissing > wrote: >> Question is: do we "fix" mpm_winnt or is there a better way for mod_http2 to >> shutdown the connection before mod_ssl does. This

Re: Stand-alone negation on Require (was: Quick 2.4 question)

On Thu, Mar 30, 2017 at 3:02 PM, Philip Prindeville wrote: > I’ve not heard back so I’m going to go ahead and file a bug as a placekeeper. +1 (I'm not seeing this yet.) >> On Mar 29, 2017, at 7:04 PM, Philip Prindeville >>

Re: mod_remoteip and mod_http2 combined

On Wed, Mar 29, 2017 at 4:43 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > It would be nice if the mod_remoteip patch to PROXY protocol followed the > security advisories of the PROXY draft security comments, and we rip out the > 'optional' mode. The remaining o

Re: mod_remoteip and mod_http2 combined

t;> On 2/24/2017 11:05 AM, Sander Hoentjen wrote: >>>> On 02/20/2017 07:48 PM, William A Rowe Jr wrote: >>>>> On Sat, Feb 18, 2017 at 4:25 PM, Daniel Ruggeri <drugg...@apache.org> >>>>> wrote: >>>>>> On 2017-02-15 09:07 (-0600),

Re: The drive for 2.4.26

On Wed, Mar 29, 2017 at 2:37 PM, Jim Jagielski wrote: > Let's shoot for a 2.4.26 within the next handful of > weeks. ++1 - my only question is whether we can get an apr[-util] release in the next week or two ahead of our release, to encourage users to update their entire stack?

Re: [request] public API to SSL_CTX from mod_ssl

On Tue, Mar 21, 2017 at 6:08 PM, zzz wrote: > I am prototyping an Apache module that performs certain security compliance > checks, one aspect of which requires access to the SSL_CTX that mod_ssl > creates for an SSL enabled server. > > Access to that object is currently

Re: Question about Apache 2.4 and libapreq2 (Apache2::Request)

has yet to use the X-Forwarded-For value as > $r->useragent_ip gives 127.0.0.1. > In the next stage, PerlTransHandler, a call to $r->useragent_ip() gives the > correct remote ip, but the X-Forwarded-For header is no longer available. > > >

Re: [pcre-dev] Re-factored pcre2_match() needs testing

This is very interesting and coincidental to our efforts at the Apache httpd project. A number of weeks ago I migrated trunk to PCRE2 provided it is detected. Hopefully, most developers are running from trunk/bleed on most projects, at least that's where I'm at. We do have complications taking

Re: svn commit: r1783256 - /httpd/httpd/branches/2.4.x/STATUS

On Sat, Mar 11, 2017 at 1:33 PM, Daniel Ruggeri <drugg...@primary.net> wrote: > > On 2/20/2017 10:58 AM, William A Rowe Jr wrote: >> On Sat, Feb 18, 2017 at 4:44 PM, Daniel Ruggeri <drugg...@primary.net> wrote: >>> Hi, Bill; >>>I've replied about the

Re: svn commit: r1783256 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Mar 13, 2017 at 7:31 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > On Sat, Mar 11, 2017 at 1:33 PM, Daniel Ruggeri <drugg...@primary.net> wrote: >> This is important for us on two fronts: >> * For mod_remoteip, we'd have to decide which to use. The cur

Re: Question about Apache 2.4 and libapreq2 (Apache2::Request)

13, 2017 at 6:28 PM, JW <gav...@yahoo.com> wrote: > > From: William A Rowe Jr <wr...@rowe-clan.net> > To: JW <gav...@yahoo.com> > Cc: "modp...@perl.apache.org" <modp...@perl.apache.org> > Sent: Friday, March 10, 2017

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Fri, Mar 10, 2017 at 1:51 PM, Sam Tregar wrote: > > I think this could be fixed by just the part of my patch that allowed for > IncludeOptional in addition to Include when finding sub-confs for inheriting > the parts that load an MPM. I'll work up a patch that switches to

Re: [users@httpd] URG:DocumentRoot relate query on WIndows

What you are seeing is correct behavior, DocumentRoot is an absolute path, whether you have specified this or not. If httpd sees an incomplete path, it is going to work out an absolute path from the ServerRoot If it appends the default and cannot establish a full path, you will receive the

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Thu, Mar 9, 2017 at 3:23 PM, Sam Tregar wrote: > I'm not totally clear on who's maintaining Apache::Test. > > If not, what changes would you need to take it? Refer back to my earlier comments. There is very little chance that any specific vendor deviations will be

Re: Status of 2.4.x-openssl-1.1.0-compat/ ?

On Wed, Mar 8, 2017 at 3:30 AM, Joe Orton wrote: > > Simply doing: > > $ svn merge > https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat > > ... into a 2.4.x wc should DTRT, no? It seems to work fine here. Indeed, it does, thanks. > (I got

Re: [RFC] ?

On Mar 8, 2017 4:29 AM, "Joe Orton" wrote: Sorry, taking my time here, and I appreciate all the feedback. Definitely happier to debate it and get it right than be lumbered with annoying edge cases forever. I did the refactoring in r1785943, so third iteration attached has

Re: svn commit: r1785116 - in /httpd/httpd/branches/2.4.x: ./ modules/lua/config.m4

On Tue, Mar 7, 2017 at 1:37 PM, Jacob Champion <champio...@gmail.com> wrote: > On 03/07/2017 07:49 AM, William A Rowe Jr wrote: >> >> Ok, adding /usr/lib is a bad thing any and every day (and in this case, >> completely bogus since it lives in /usr/lib64). > > &

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Tue, Mar 7, 2017 at 12:59 PM, Stefan Fritsch <s...@sfritsch.de> wrote: > On Tuesday, 7 March 2017 11:17:57 CET Eric Covener wrote: >> On Tue, Mar 7, 2017 at 10:32 AM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> > It seems we should have the

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Tue, Mar 7, 2017 at 10:17 AM, Eric Covener <cove...@gmail.com> wrote: > On Tue, Mar 7, 2017 at 10:32 AM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> It seems we should have the framework process the bin/envvars (in the normal >> path, or /etc/apache2 in

Status of 2.4.x-openssl-1.1.0-compat/ ?

Six months ago, rjung forked 2.4.x and began to backport our compatibility fixes for OpenSSL 1.1.0. Today, from the state of trunk, it seems the compatibility efforts look very good and are nearly ready to apply to 2.4.x. That branch-point was here;

Re: svn commit: r1785116 - in /httpd/httpd/branches/2.4.x: ./ modules/lua/config.m4

Some oddities, pretty sure there is no regression though. Fedora's layout is; /usr/include/ luaconf.hlua.hlualib.hluaconf-x86_64.hlua.hpp /usr/include/lua-5.1/ lauxlib.h luaconf.h lua.h lua.hpp lualib.h /usr/lib64/ /usr/lib64/liblua-5.1.so /usr/lib64/libluajit-5.1.so.2 ->

Re: Problems using Apache::Test on Debian (and Ubuntu)

On Mon, Mar 6, 2017 at 3:11 PM, Sam Tregar wrote: > Are you suggesting that people who want to run tests that use Apache::Test > should know that they have to source /etc/apache2/envvars first? Or that I > should patch Apache::Test to source that file instead of guessing which

Re: svn commit: r1785116 - in /httpd/httpd/branches/2.4.x: ./ modules/lua/config.m4

The fix seems simple. Autoconf test for a usable luaL_openlib. If that fails, keep rolling on to the next candidate. Wondering why we are making all this up still, when pkgconfig will give us all the correct [c|cpp|ld]flags, per each distro's quirks. On Fri, Mar 3, 2017 at 1:03 PM, Jacob

Re: [RFC] ?

On Tue, Feb 28, 2017 at 5:57 PM, Jacob Champion wrote: > On 02/27/2017 03:19 AM, Joe Orton wrote: >> >> On Wed, Feb 22, 2017 at 10:00:08PM +0100, Yann Ylavic wrote: >>> >>> On Wed, Feb 22, 2017 at 11:47 AM, Joe Orton wrote: (b) for match both

Re: HttpProtocolOptions Directive

On Tue, Feb 28, 2017 at 2:50 AM, Pavel Reichl wrote: > Hello, > > I have a question regarding this new directive - HttpProtocolOptions and in > particular its parameter Unsafe. > > From https://httpd.apache.org/docs/2.4/mod/core.html: > ...Due to legacy modules,

Re: httpd 2.4.25, mpm_event, ssl: segfaults

On Mon, Feb 27, 2017 at 12:16 PM, Jacob Champion wrote: > > On 02/23/2017 04:48 PM, Yann Ylavic wrote: >> On Wed, Feb 22, 2017 at 8:55 PM, Daniel Lescohier wrote: >>> >>> >>> IOW: read():Three copies: copy from filesystem cache to httpd >>> read() buffer to encrypted-data

Re: SHA-256

On Fri, Feb 24, 2017 at 11:59 PM, Helmut K. C. Tessarek <tessa...@evermeet.cx> wrote: > > On 2017-02-24 23:45, William A Rowe Jr wrote: > >> We provide .asc pgp signatures exclusively for that purpose. > > I agree, gpg is the only way to check the authenticity of a fi

Re: SHA-256

On Fri, Feb 24, 2017 at 12:02 PM, Yann Ylavic wrote: > On Fri, Feb 24, 2017 at 6:52 PM, Jim Jagielski wrote: >> I think we should start, in addition to "signing" w/ md5 and sha-1, >> using sha-256 as well. >> >> Sound OK? > > Our "true" signing has and

Re: SHA-256

On Fri, Feb 24, 2017 at 2:30 PM, Helmut K. C. Tessarek wrote: > On 2017-02-24 12:52, Jim Jagielski wrote: >> I think we should start, in addition to "signing" w/ md5 and sha-1, >> using sha-256 as well. > > I have a question: why are you still using md5/sha1 for generating

Re: [RFC] ?

On Wed, Feb 22, 2017 at 1:04 AM, Nick Kew wrote: > On Tue, 2017-02-21 at 21:58 +, Joe Orton wrote: > >> Any reason is a bad idea, so we can do that more cleanly >> (... in a couple of decades time)? > > One reason it might be a very bad idea: user confusion! > > I'm thinking

<    1   2   3   4   5   6   7   8   9   10   >