Re: [VOTE] Release httpd-2.4.57-rc1 as httpd-2.4.57

2023-04-05 Thread Eric Covener 
On Sun, Apr 2, 2023 at 12:10 PM Eric Covener  wrote:
>
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.57-rc1 as 2.4.57:
> [ ] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256: bc3e7e540b83ec24f9b847c6b4d7148c55b79b27d102e21227eb65f7183d6b45
> *httpd-2.4.57-rc1.tar.gz
> sha512: 
> 730560d4aab3699aa59716bb75858f8432a902aeab3c380b4d3e0f6813e9ae4e278d3b7fdf63a4e94c07b5100933d8684d76f6095f3d60d48ea0f1458c9ed0b4
> *httpd-2.4.57-rc1.tar.gz
>
> The SVN candidate source is found at tags/2.4.57-rc1-candidate.

Vote passes with many binding +1 and no negative votes:
+1: covener, rpluem, steffenal, gbechis, jorton, jailletc36, ylavic

I will finalize some time over the next day or two.

-- 
Eric Covener
cove...@gmail.com

Re: svn commit: r1908972 - /httpd/httpd/trunk/modules/generators/mod_cgid.c

2023-04-05 Thread giovanni 

On 4/5/23 08:49, Ruediger Pluem wrote:



On 4/4/23 11:43 PM, gbec...@apache.org wrote:

Author: gbechis
Date: Tue Apr  4 21:43:46 2023
New Revision: 1908972

URL: http://svn.apache.org/viewvc?rev=1908972&view=rev
Log:
Fix a possible NULL pointer dereference of ap_runtime_dir_relative()

ap_runtime_dir_relative() will return NULL on failure. However cgid_init()
does not check the return value of ap_runtime_dir_relative() and use it
directly.

Fix this bug by adding a NULL check.

Submitted by: Zhou Qingyang 

Github: closes #304

Modified:
 httpd/httpd/trunk/modules/generators/mod_cgid.c

Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1908972&r1=1908971&r2=1908972&view=diff
==
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Tue Apr  4 21:43:46 2023
@@ -1059,6 +1059,8 @@ static int cgid_init(apr_pool_t *p, apr_
  
  parent_pid = getpid();

  tmp_sockname = ap_runtime_dir_relative(p, sockname);
+if (!tmp_sockname)
+return DECLINED;


I think we should log an error before we return as in this case the cgi daemon 
will not start.


correct, just added a ap_log_error line, thanks.

 Thanks
  Giovanni


  if (strlen(tmp_sockname) > sizeof(server_addr->sun_path) - 1) {
  tmp_sockname[sizeof(server_addr->sun_path)] = '\0';
  ap_log_error(APLOG_MARK, APLOG_ERR, 0, main_server, APLOGNO(01254)





Regards

Rüdiger





OpenPGP_signature
Description: OpenPGP digital signature