On Nov 13, 2003, at 2:43 PM, Jeff Trawick wrote:
ap_mpm_query(), implemented by each MPM, would need some help from
core to determine which pass of the pre/post-config hook it is, since
that is out of the MPM's domain.
It seems to me that the proposed patch (for modules) elegantly solves
a
On Nov 16, 2003, at 4:12 AM, Glenn wrote:
- lack of clear leadership and even basic direction
scratch-an-itch development is fine and good, but not in total chaos
Umm... this *is* the ASF. It's *developer* driven. The direction
is defined by the developers.
- cathedral development
it appears
On Nov 16, 2003, at 2:23 PM, Glenn wrote:
I don't expect any of the current Apache developers would be
interested in
this. But plenty of people join the development community over time
(see
previous comments) and theoretically the opinions could change.
Well, I am interested. And some others
On Nov 16, 2003, at 3:57 PM, Glenn wrote:
Oh, how about my (effectively) 2-line patch which adds vhost
to the error log, which I have posted to this list NO LESS THAN 6 TIMES
and spaced out over the past 6 MONTHS in three different formats, using
a global, expanding server_rec, and with #defines.
Glenn wrote:
On Sun, Nov 16, 2003 at 03:46:26PM -0500, Jim Jagielski wrote:
Why 1.4? What will 1.4 have that 1.3 does not? Or do you mean
reopening 1.3 implies that it becomes 1.4?
Only semantics. .4 is even, so stable; .5 is development and less stable
Personally, I've never liked
Peter J. Cranstone wrote:
What would 1.4 have or be for that to happen?
You have 12 million users - shouldn't be hard to simply ask them what they
would like to see.
Postal fees will be hell...
--
===
Jim
...
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
??
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
On Nov 17, 2003, at 1:31 PM, Bill Stoddard wrote:
Colm MacCarthaigh wrote:
On Mon, Nov 17, 2003 at 11:01:46AM -0700, Peter J. Cranstone wrote:
Oh yes - forgot about v6... that's a must have for Apache. Is it
available
for 1.x? If not that would be the first feature to add.
The KAME project has
On Nov 17, 2003, at 2:22 PM, Bill Stoddard wrote:
In this economic environment (and perhaps this will turn out to be
generally true from now on), companies are not making investments in
IT unless they can get a proven and almost immediate return on that
investment. Making the jump to Apache 2.0
On Nov 17, 2003, at 3:17 PM, Rasmus Lerdorf wrote:
As someone working in a company like that, I can tell you definitively
that this is not true. At least not here at the biggest web company in
the world.
-Rasmus
Well, I can certainly say that with respect to many, many of
the clients I've
,__text)
/usr/lib/libSystem.dylib(regfree.So) definition of _regfree
These are (should be) non-fatal...
What gcc are you using ('gcc_select')?
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com
Henri Gomez wrote:
These are (should be) non-fatal...
What gcc are you using ('gcc_select')?
stock gcc 3.3 which came with devtools
Did you confirm that 'httpd' isn't, in fact, created?
--
===
Jim
', log_connection_status, 0
+'v', log_virtual_host, 0
+},
+{
+'V', log_server_name, 0
+},
+{
+'X', log_connection_status, 0
},
{
'\0'
--
===
Jim Jagielski
there ;)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
... It was my intent to keep existing configs still valid.
Adding %X enabled that.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little
1.3.29-dev actually changes the determination of the port value
with UCN off in effect.
The big question is if the client does NOT send a Host
header, and UCN is Off, should the port be the port
number used in the connection socket OR should we use
whatever Port is set to... The current
On Dec 19, 2003, at 1:35 PM, William A. Rowe, Jr. wrote:
Let me be clear (on the 1.3 side)...
one expects that given;
UseCanonicalName Off
Listen 8080
Port 80
an inbound request with a Host header of foo:80 would respond with
the redirection http://foo:80/
It does not. The Listen port again
??
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
Patch to close out Bugz 24483 for 1.3.29... basically
a backport of the 2.0 patch in the PR.
Index: src/modules/standard/mod_usertrack.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_usertrack.c,v
retrieving revision
reason and/or
there is a chance of picking up some +1s provided that the patch is
reasonable
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty
+1
On Jan 12, 2004, at 11:42 AM, Jeff Trawick wrote:
2.x already does this
Index: src/modules/standard/mod_mime_magic.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.51
diff -u
I'd like to get some sort of feedback concerning the idea
of having ServerTokens not only adjust what Apache
sends in the Server header, but also allow the directive
to fully set that info.
For example: ServerTokens Set Aporche/3.5
would cause Apache to send Aporche/3.5 as the
Server header. Some
already
don't really honor it all that much (what other rationale is
there for ServerTokens other than obfuscation? :) ).
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society
. :)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
Lars Eilebrecht wrote:
According to Jim Jagielski:
I didn't propose this to create (yet another) heated discussion,
too late ;)
simply to suggest that we take ServerTokens to its logical
conclusion based on some requests I've seen. :)
Sorry, but I don't see this as the logical
Mads Toftum wrote:
On Tue, Jan 13, 2004 at 09:35:15AM -0500, Jim Jagielski wrote:
Without a doubt. Look at how many exploits grep on not only
the name of the server but also the version.
So it is ok to be vulnerable - as long as it isn't obvious?
Of course
+1
On Jan 13, 2004, at 9:54 AM, Jeff Trawick wrote:
Rather than using multiple symbols (HAVE_SYS_PRCTL_H, HAVE_PRCTL),
which would add to the CFLAGS, there is a single symbol
HAVE_SET_DUMPABLE which is defined via CFLAGS if all prerequisites are
met.
Offlist, please contact me regarding suggestions on
various (incoming) FAX-to-Email solutions. Not the
normal send a FAX by sending an Email but
receive an incoming FAX, image-ize it (TIFF, JPG,
whatever) and send via Email to someone.
tia.
Anyway +1 (untested) for the core patch.
+1 (tested) on the core-patch... I'm mulling over whether
it should be included by default or, at least, runtime configurable :)
--
===
Jim Jagielski [|] [EMAIL PROTECTED
.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
I'd like to float the idea of releasing 1.3.30 soonish.
Not only are there enough changes to warrant a release, but
also to coincide with the changeover to AL 2.0.
--
===
Jim Jagielski [|] [EMAIL PROTECTED
We have a showstopper, don't we?
On Feb 18, 2004, at 12:34 PM, Sander Striker wrote:
On Wed, 2004-02-18 at 15:28, Jim Jagielski wrote:
I'd like to float the idea of releasing 1.3.30 soonish.
Not only are there enough changes to warrant a release, but
also to coincide with the changeover to AL
On Feb 18, 2004, at 1:19 PM, Jeff Trawick wrote:
Jim Jagielski wrote:
I'd like to float the idea of releasing 1.3.30 soonish.
Not only are there enough changes to warrant a release, but
also to coincide with the changeover to AL 2.0.
one question: who would support putting the 1.3 versions
That the solution used was done with no
thought of impact to developers.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
+1
On Mar 2, 2004, at 10:41 AM, Thom May wrote:
* Thom May ([EMAIL PROTECTED]) wrote :
Hey guys,
just wondering why we use system(copy...)/system(cp...) in htdigest
in 1.3,
when the netware option seems to be more secure?
The patch attached just rips out the ifdef and uses the netware code
?
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
I would +1 moving over after release of 2.0.49 and 1.3.30... :)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
good.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
Ugg... fix_hostname() in 1.3.30-dev (and previous) are
broken such that it does *not* update parsed_uri with
the port and port_str value from the Host header.
This means that with a request like:
% telnet localhost
GET / HTTP/1.1
Host: foo:
that the '' port value from the
when UseCanonicalName is Off that this is
an issue, and the SysAdmin no doubt has reasons for it :)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little
Whatever uses ap_get_server_port() would use the Port number
included in the Host: header. This includes mod_vhost_alias,
mod_proxy, mod_rewrite and Apache itself when it creates self-
referential URLs (hence UseCanonicalName).
Note that it's ONLY when UseCanonicalName is Off that this is
an
The core issue with this bug is that we trample on any
pre-existing Set-Cookie headers by willy-nilly overwriting
our response header with that generated by the origin server.
Should we honor existing Set-Cookie headers, or is that
non-compliant?
I want to resolve the below item before we release... I've
talked it over with Roy, and we both agree some sort
of more intelligent overlaying is required, although
treating Set-Cookie as a special case for now is fine...
Note that 2.x also seems affected by this and should
be resolved.
I'm hoping to carve out some time tomorrow... but
if someone else has some free time :)
On Mar 29, 2004, at 3:50 PM, Jeff Trawick wrote:
Jim Jagielski wrote:
I want to resolve the below item before we release... I've
talked it over with Roy, and we both agree some sort
of more intelligent
I've removed the last SHOWSTOPPER for the 1.3.30 release.
I think we're ready for 1.3.30... anyone disagree?
be
minimal and limited to Win people.
On Apr 12, 2004, at 3:06 PM, William A. Rowe, Jr. wrote:
At 12:33 PM 4/12/2004, Jim Jagielski wrote:
Any comments on the 1.3.30 release candidate tarball?
The mod_rewrite.dsw was patched to find the ws2_32.lib required
when we modified rewrite. Unfortunately
There is a known bug/issue in the current implementation
of mod_digest regarding the nonce. I am looking to
have this plugged for our next 1.3 release.
There are 2 suggested patches, which I will post under
separate Emails. I will also adjust STATUS to reflect
these 2 potential patches.
PLEASE
On Apr 13, 2004, at 11:13 AM, Jim Jagielski wrote:
There is a known bug/issue in the current implementation
of mod_digest regarding the nonce. I am looking to
have this plugged for our next 1.3 release.
There are 2 suggested patches, which I will post under
separate Emails. I will also adjust
On Apr 13, 2004, at 11:13 AM, Jim Jagielski wrote:
There is a known bug/issue in the current implementation
of mod_digest regarding the nonce. I am looking to
have this plugged for our next 1.3 release.
There are 2 suggested patches, which I will post under
separate Emails. I will also adjust
get my tax returns finished and in
the mail).
It looks like the other suggested patch incorporates some of your
comments, but not all.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com
...
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
!)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
On Apr 13, 2004, at 11:13 AM, Jim Jagielski wrote:
There is a known bug/issue in the current implementation
of mod_digest regarding the nonce. I am looking to
have this plugged for our next 1.3 release.
There are 2 suggested patches, which I will post under
separate Emails. I will also adjust
On Apr 14, 2004, at 1:57 PM, Ben Laurie wrote:
Correct - it is a nonce-seed.
AuthDigestNonce -- AuthDigestSeed or AuthDigestNonceSeed ?
It should be identical across an XS realm - but different from realm
to realm. If one realm is used on multiple
servers (e.g. non sticky loadbalancing)
I'd like to propose that I simply commit the revised
patch to CVS for us to poke around with/test/review, etc...
My guess is that we'll ship with something similar
and this will provide, at least, a nice framework.
On Apr 15, 2004, at 3:53 PM, Geoffrey Young wrote:
+(December 2003), most major browsers support digest
+authentication. However, the only major browsers which support
+the old digest authentication format are a
href=http://www.opera.com/;Opera 4.0/a,
+a
I'm suggesting changing the static string WHAT_THE_HECK_GOES_HERE?
in ap_auth_nonce() to ap_get_server_name()...
comments?
.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
On Apr 16, 2004, at 9:39 AM, Jim Jagielski wrote:
Jeff Trawick wrote:
Anybody want to think about what happens if we're so unlucky that the
ap_user_name or ap_pid_fname string with '\0' is smaller than
sizeof(unsigned
long) and just happens to be allocated at the end of a page?
Unlikely
on it.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
On May 11, 2004, at 6:18 PM, Brad Nicholes wrote:
+1 to Bill's comment. I don't quite understand what is confusing and
why we would need UseCanonicalPort. IMO, all that really needs to be
done is to fix UseCanonicalName so that it works according to the
documentation. As was explained
Do you mean that 2.0 now works correctly? In that case
maybe the short-term is to use the 2.0 method for both
1.3 and 2.1, until we can figure out a better
method... I think the 2.0 method is likely more
correct than the 1.3/2.1 one, at least as a default
implementation.
On May 12, 2004, at 1:13
What I've done, for the 1.3 case, is make honoring the
physical port number (ala 2.1) a compile-time flag...
This should hold us off until we figure out a better
way to do this, so it may get backed out when
that happens. In the meantime, 1.3.32-dev will
operate as does 2.0, which is, I think, the
Well, at least with 2.0, that's the way ServerName is
documented...
nd is right... the actual physical port can never be, afaik, 0,
so wherever that is in the logic path, that's the final end :)
But on thinking it even more deeply, having Apache return
the physical port can always be done via
be 'on', 'off', 'off20x' or 'dns';
}
return NULL;
}
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
On May 11, 2004, at 12:28 PM, Jim Jagielski wrote:
One way of handling the diffs between how 1.3 and 2.0 handles
UCN Off.
*) SECURITY: CAN-2003-0987 (cve.mitre.org)
Index: src/include/ap_mmn.h
===
RCS file: /home/cvs/apache-1.3
IMO, we need more control over the port number that Apache
determines to be canonical beyond that which is provided
by UseCanonicalName, simply because there are so
many options and permutations which are possible
and applicable for different environments.
To that end, instead of overloading
Looking for negative (do-not-release) feedback for the
1.3.31 RC tarballs...
I plan to TR 1.3.31 most likely tomorrow... speak now
or forever hold your peace.
On Apr 26, 2004, at 1:42 PM, Geoffrey Young wrote:
I don't think the mod_digest.html stuff I sent was integrated, even
though
it seemed people were happy with the wording. but I didn't want to
just
commit it until the RM officially said so :) not that these docs are
all
that critical of an
The TR of 1.3.31 will be done within the next day or 2 with a
formal release likely early next week.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little
Via:
http://httpd.apache.org/dev/dist/
I'd like to announce and release the 11th.
, at 8:15 AM, Jim Jagielski wrote:
Via:
http://httpd.apache.org/dev/dist/
I'd like to announce and release the 11th.
Except Slashdot beat you to the punch: http://apache.slashdot.org/.
S.
--
[EMAIL PROTECTED] http://www.temme.net/sander/
PGP FP: 51B4 8727 466A
In the 2.1 STATUS file we see:
* When UseCanonicalName is set to OFF, allow ap_get_server_port to
check r-connection-local_addr-port before defaulting to
server-port or ap_default_port()
This is, in fact, the behavior in 1.3.31... The idea being
that with UseCanonicalName Off, we
turning down would-be beta-testers!
Please put the tarballs back up, and please ignore the press.
-aaron
On May 7, 2004, at 12:28 PM, Jim Jagielski wrote:
I have made the tarballs unavailable from the below URL. People
should contact me directly to obtain the correct URL...
Sander
the viability of the tarball,
not the code).
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve
I'd like to propose that the apache-1.3 tree be migrated over
to subversion.
quality code we can and that the Apache name is trusted
and associated with quality. So sometimes we need to act
in ways to hopefully ensure that :)
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com
I believe that we've rec'd quite a few +1s on the
issue of moving apache-1.3 to subversion and no -1s.
Let's give it a few more days, but unless we hear
otherwise, we should consider making it official
Monday or so (the 24th). At that point, we can
ask the infrastructure team to perform the
On May 21, 2004, at 9:43 PM, Graham Leggett wrote:
Hi all,
The outstanding bugs for mod_ldap* in Bugzilla have gone from 38 down
to 9 - single figures at last.
There are 4 open segfault bugs - can y'all give the code a bit of a
hammering to see if there are any gotchas left un-stomped-on.
On May 23, 2004, at 4:01 PM, Manoj Kasichainula wrote:
On Mon, May 17, 2004 at 12:35:13AM +0200, Sander Striker wrote:
There's only one thing for us to decide; how to define the layout
under httpd/ in the SVN repository.
e.g.
.../
httpd/
trunk/
branches/
1.3.x/
2.0.x/
Sander Striker wrote:
On Mon, 2004-05-24 at 14:13, Jim Jagielski wrote:
On May 23, 2004, at 4:01 PM, Manoj Kasichainula wrote:
On Mon, May 17, 2004 at 12:35:13AM +0200, Sander Striker wrote:
There's only one thing for us to decide; how to define the layout
under httpd/ in the SVN
/bugzilla/show_bug.cgi?id=29237
See also
http://issues.apache.org/bugzilla/show_bug.cgi?id=29257
http://www.rtr.com/fp2002disc/_disc2/0a71.htm
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http
=1.173r2=1.174
See also
http://issues.apache.org/bugzilla/show_bug.cgi?id=29257
http://www.rtr.com/fp2002disc/_disc2/0a71.htm
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com
William A. Rowe, Jr. wrote:
At 07:09 AM 5/28/2004, Jim Jagielski wrote:
I've backed out that patch and asked Rasmus to send a replacemnet
which addresses his specific problem but does not cause
the below behavior.
I'm tempted to release 1.3.32...
Collect another week or few of data
g g wrote:
I am trying to install Apache 2.0.49 on AIX 5.2 with proxy module enabled. I am
build the source code using following options:
1)configure --prefix=Location --enable-so --enable-proxy
2)make
3)make install
After the installation is complete, if we try to look for
1.3.32
without this fix would be a nasty backwards step. The original problem
this fixes is serious.
-Rasmus
On Fri, 28 May 2004, Jim Jagielski wrote:
I've backed out that patch and asked Rasmus to send a replacemnet
which addresses his specific problem but does not cause
the below behavior
On Jun 9, 2004, at 3:24 PM, Rasmus Lerdorf wrote:
I guess what we are agreeing on here is that the logic that sets
keepalive
to 0 is faulty and that is probably where the real fix lies.
yeah... it's pretty inconsistent. Looking at ap_set_keepalive
even after we know the connection will be
.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
, in
ap_http_header_filter)?
It overlays the 2, so yes.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both
, save_table, r-err_headers_out,
Set-Cookie, NULL);
line should be removed.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty
Anyone have any problem if we enhance apachectl a bit to allow
for -v/-V printout? Like ./apachectl version | ./apachectl fullversion ?
Joshua Slive wrote:
On Mon, 28 Jun 2004, Jim Jagielski wrote:
Anyone have any problem if we enhance apachectl a bit to allow
for -v/-V printout? Like ./apachectl version | ./apachectl fullversion ?
I don't understand. apachectl -v and apachectl -V work fine.
(apachectl passess
I'm floating the idea of releasing 1.3.32 shortly...
Comments or thoughts?
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
will lose both and deserve neither - T.Jefferson
can't discard the
request body in situations where we really need to. See my previous
long
explanation of that problem.
-Rasmus
On Sat, 3 Jul 2004, Jim Jagielski wrote:
Let's use STATUS :)
=?ISO-8859-15?Q?Andr=E9?= Malo wrote:
* Jeff Trawick [EMAIL PROTECTED] wrote:
well, if you're going
need to get the
votes to backport for each
patch.
Bill
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society that will trade a little liberty for a little order
to 2.2?
just so I (and others) know what to expect... :)
I would foresee only 1.3 and 2.2 being around and 2.0 being EOLed.
--
===
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
A society
1 - 100 of 4498 matches
Mail list logo