On 6/8/15 10:17 AM, William A Rowe Jr wrote:
In this example, the patch was enhanced and the original reviewers' efforts
were thrown away. It's a shame to waste the limited review cycles.
Moving forwards, can we please do two things. 1) retain the original patch
and
vote in the STATUS,
On 5/4/15 7:40 AM, Brian J. France wrote:
While you are in mod_dav, could you review these patches and see if it makes
sense to add them?
httpd-2.2.x :
http://www.brianfrance.com/software/apache/dav/mod_dav_fs.diff.22
httpd-2.4.x :
On 5/3/15 8:05 AM, Jim Jagielski wrote:
Thx!
On May 1, 2015, at 3:29 PM, Ben Reser b...@reser.org wrote:
On 4/30/15 2:52 PM, William A Rowe Jr wrote:
It seems that we have 2 groups of good things to come out of ApacheCon,
some immediate fixes for things like BSD project efforts, some
On 4/30/15 2:52 PM, William A Rowe Jr wrote:
It seems that we have 2 groups of good things to come out of ApacheCon,
some immediate fixes for things like BSD project efforts, some pretty
straightforward defects that have been resolved... and then there's a bunch
of energy about enhancements
On 8/21/14 6:26 PM, William A. Rowe Jr. wrote:
That about sums it up. Sorry, I am still drowning in my late father's
affairs for another 3-4 weeks, but will make time to do this in 2 hours
from now, sum up votes and move files Sun a.m. for a Mon a.m. release.
That saves anyone else from
On 8/5/14 2:21 PM, Mark Blackman wrote:
This might be more of user than dev question, but as the discussions about
timing were here, I’ll go with here.
On 7/15/14 10:45 AM, Jim Jagielski wrote:
If so, I can RM.
Yes please, need the mod_dav fix that's already approved for 2.2.x.
On 7/15/14 10:20 AM, Jim Jagielski wrote:
The pre-release test tarballs for Apache httpd 2.4.10 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.10 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will
On 7/9/14 7:57 AM, Yann Ylavic wrote:
Maybe one more vote for the latest mod_deflate fix (PR 56196) so it
has no know issue in 2.4.10?
I see several more mod_deflate fixes. I'll try to take a look at these
tomorrow because I've run into some issues with 2.2.x and mod_deflate and I'm
hoping
On 6/24/14 12:35 PM, Bert Huijben wrote:
I would really like to see the mod_dav escaping fixes (where breser is
looking at) to be backported for this next release.
Without those patches Subversion doesn't properly support some special
characters inside repository paths. (Regression against
On 6/14/14 2:34 AM, Takashi Sato wrote:
+1
How about automated test?
http://svn.apache.org/repos/asf/httpd/test/
Yes there should be automated testing that runs. But sadly that test suite is
pretty limited. It needs a lot of work and a commitment to adding regression
tests for bugs as we
On 6/17/14 3:24 PM, Rich Bowen wrote:
There is no requirement that a project site look like the main foundation
site.
Pick any project. Say, http://flume.apache.org/ or
http://cloudstack.apache.org/ or http://etch.apache.org/ - each has their own
unique feel.
And, frankly, at this point
On 1/16/14, 9:57 AM, Jeff Trawick wrote:
The conference announcement has a very vague reference to hackathons and
barcamp; we'll need to find out when space is set aside for these activities.
AFAIK this has not yet been communicated internally. (Hackathons usually
take
place on the same
On 1/16/14, 10:07 AM, Eric Covener wrote:
Me. I modified this existing topic in the wiki if anyone wants to
track there or propose anything.
https://wiki.apache.org/httpd/Face2Face
If someone can give me (BenReser) edit rights I'll add myself.
On 1/14/14, 7:35 AM, Jeff Trawick wrote:
The simple answer to all of this is look how httpd releases with security
fixes have been handled in the past. The RM commits the fixes just before
Tag
Roll and, depending on the impact of the vulnerabilities, may call for an
abbreviated testing
On 1/14/14, 12:10 AM, vancaho wrote:
How to write these DAV providers?
I'm not sure how much more info I could give short of writing it myself. The
closest we have to documentation is what's in mod_dav.h.
There's a nice HTMLized version of what's in mod_dav.h here:
On 1/13/14, 12:29 AM, vancaho wrote:
Hi everyone,
I'm learning WebDAV protocol with apache httpd server and subversion.
Atfer reading the source code of Mod_Dav.so(which is responsible for
interpreting the WebDAV protocol), I find that there are methods
to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
ben reser.org]
vs this change (which was not):
*) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no dead property in the same
namespace httpd
On 1/10/14, 5:38 AM, Jeff Trawick wrote:
[ ] It is an accepted practice (but not required) to obscure or omit the
vulnerability impact in CHANGES or commit log information when committing
fixes
for vulnerabilities to any branch.
[ ] It is mandatory to provide best available description and
So I've received at least two people asking me for more details about
CVE-2013-1896. I thinking it might be better to provide more than a couple
sentences on the issues. It can be hard to understand the impact of an issue
from what we're providing now.
We've recently made a change to mod_dav_svn to start implementing
translate_name and map_to_storage hooks in order to prevent r-filename from
being set to a bogus path since Subversion is servering content that isn't
actually accessible via the standard file I/O APIs...
You can see the reasoning
On 12/11/13 4:00 PM, Kean Johnston wrote:
Am I being too obsessive? If not, would you like patches to correct these as I
find them, and if so, should I open a bug about this or just post patches here
(they are all likely to be a simple move of 1 or 2 lines)?
There are two ways this sort of
On 11/19/13 9:45 AM, Jim Jagielski wrote:
I'm calling a VOTE on releasing these as Apache httpd 2.4.7 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.
+1: OS X 10.7.5 and Ubuntu 12.04: Subversion test suite passes with trunk, 1.8
and 1.7 using Subversion's HTTPv1
On 11/13/13 9:03 AM, Jim Jagielski wrote:
The pre-release test tarballs for Apache httpd 2.2.26 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.2.26 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will
On Tue Nov 12 11:25:57 2013, Jim Jagielski wrote:
Oh yeah... I recall you had an issue with me building
because of potential issues with using a later, but
still 100% valid autoconf/libtool setup. I am not
going to downgrade just to build 2.2 so if that is
*really* a concern, backed-up by the
Does anyone have a timetable for a 2.2.26 release?
Subversion users have been running into the issues introduced in 2.2.25 and
we've been pointing them at patches. Some but not all of the binaries floating
around have been patched. It would be really nice to be able to have a httpd
release to
On 10/20/13 5:31 AM, Ruediger Pluem wrote:
Can't we use apr_psprintf with %pm instead of the constant length buffer
char [120]?
Done in r1534895, r1534896 and r1534914.
On 10/20/13 5:31 AM, Ruediger Pluem wrote:
apr_pool_create(newlog.pool, status-pool);
+if (config-create_path) {
+char *ptr = strrchr(newlog.name, '/');
+if (ptr ptr newlog.name) {
+char *path = apr_pstrmemdup(newlog.pool, newlog.name, ptr -
On 10/20/13 5:37 AM, André Malo wrote:
* bre...@apache.org wrote:
Author: breser
Date: Sat Oct 19 19:10:33 2013
New Revision: 1533810
* docs/man/rotatelogs.8,
docs/manual/programs/rotatelogs.html.en: Update for -d option.
Huh. These files are both generated (or should be). Please
On 10/20/13 11:23 AM, Jeff Trawick wrote:
trunk and 2.4.x branch:
checking for APR... configure: WARNING: APR version 1.4.0 or later is
required,
found 1.3.13
configure: WARNING: Found APR in /home/trawick/inst/apr13-64/bin/apr-1-config,
but we think it is considered unacceptable
On 10/13/13 4:51 AM, minf...@apache.org wrote:
Author: minfrin
Date: Sun Oct 13 11:51:03 2013
New Revision: 1531670
URL: http://svn.apache.org/r1531670
Log:
Vote, comment.
Modified:
httpd/httpd/branches/2.2.x/STATUS
Modified: httpd/httpd/branches/2.2.x/STATUS
URL:
On 10/12/13 2:19 PM, Graham Leggett wrote:
A quick reminder, these fixes had been back ported to v2.2 as well, would it
be possible to propose them there too?
Yes, there are some minor conflicts. I'm finishing up testing them with 2.2.x,
though I'm about to catch a plane to London, so I might
On 8/30/13 5:25 AM, Jeff Trawick wrote:
I will be throwing a bit more time at the cmake effort in the short term,
starting with comparing the installed artifacts with those of existing Windows
builds and adding missing pieces to the todo lists. I might not do much else
proactively until my
On Mon, Aug 5, 2013 at 5:51 AM, Tim Bannister is...@jellybaby.net wrote:
How about implementing XHTML → JSON as a filter? Either with existing modules
or with something dedicated to autoindex.
That sounds really ugly if you ask me. For one thing he's trying to
avoid parsing XHMTL so now
On Fri, Aug 2, 2013 at 8:24 PM, Mikhail T. mi+t...@aldan.algebra.com wrote:
The modules in your examples deliberately use the authz mechanism to
generate different output based on the results. But what is doing it in the
case I describe -- where the generated content is exactly the same?
On Sat, Aug 3, 2013 at 11:34 AM, Mikhail T. mi+t...@aldan.algebra.com wrote:
Point is, it is erring. I asked Ben for possible use-cases and his two
examples were modules, which use the authorization rules to generate
different content depending on the result. Rather than to decide, whether to
On Thu, Aug 1, 2013 at 7:54 PM, Mikhail T. mi+t...@aldan.algebra.com wrote:
01.08.2013 22:47, Ben Reser написав(ла):
That's not a bug at all. In some cases it may be necessary for
authorization to run for sub-requests.
Could you give an example or two? Thanks,
Sure.
mod_autoindex
On Wed, Jul 31, 2013 at 8:02 AM, Mikhail T. mi+t...@aldan.algebra.com wrote:
As a minimum, testing the subsequent children of RequireAll after one of
them already responded with denied seems like a bug...
I'm not sure about the AuthMerging but I can say that trying the tiv
expiration is not a
configuration directives, then use AP_AUTH_INTERNAL_PER_URI.
]]]
01.08.2013 21:05, Ben Reser wrote:
If the resulting response is AUTHZ_DENIED_NO_USER then processing continues.
Is that so that if any of the subsequent children of the same RequireAll say
AUTHZ_DENIED, the server will not even
This patch fixes a regression created by the PR54610. COPY does not
modify the parent of the source, so it should not be validating the
parent. This issue actually disallows the ability to COPY the root of
a DAV repository since a properly implemented DAV provider will return
NULL and
On Wed, Jul 10, 2013 at 8:25 AM, peter_bateman jrweisb...@gmail.com wrote:
I just haven't seen the apache processes listing with the -k start option on
any of my other servers, and wasn't sure why it was being displayed here...
If you've been using a platform where the ps command doesn't list
On Wed, Jul 10, 2013 at 3:30 PM, Guenter Knauf fua...@apache.org wrote:
I was also thinking about learning how to release - but the lack of proper
documentation for the whole process holds me back; I remember how Graham
fell from one trap into another when he did his 1st APR release, and I dont
On Mon, May 27, 2013 at 8:42 PM, kalyan sita kalyansit...@gmail.com wrote:
I see that the below functions have specific assembly implementations for
os32,ia32 architectures:
apr_atomic_add32
apr_atomic_sub32
apr_atomic_inc32
apr_atomic_dec32
apr_atomic_set32
apr_atomic_cas32
On Fri, May 24, 2013 at 8:13 AM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
That fortunately is documented, with some pretty good notes in
the wiki as well that aught to percolate into the docs. That
said, documenting every Microsoft-version-quirk seems out of
scope for a general purpose
On Fri, May 24, 2013 at 8:23 AM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
Another question is where exactly do we stand with OS/X right now?
Apple HFS+ is still not supported, there exists a forced lower-case
canonicalization hack authored by Apple, but AFAICT still no progress
on
On Wed, May 1, 2013 at 7:16 AM, André Warnier a...@ice-sa.com wrote:
If it tries just one URL per server, and walks off if the response takes
longer than some pre-determined value, then it all depends on what this
value is.
If the value is very small, then it will miss a larger proportion of
On Tue, Apr 30, 2013 at 5:23 PM, André Warnier a...@ice-sa.com wrote:
Alternatives :
1) if you were running such a site (which I would still suppose is a
minority of the 600 Million websites which exist), you could easily disable
the feature.
2) you could instead return a redirect response,
On Thu, May 2, 2013 at 4:53 PM, Guenter Knauf fua...@apache.org wrote:
isnt that one of the core issues - that folks who dont know what they do run
a webserver? And then, shouldnt these get punished with being hacked so that
they try to learn and finally *know* what they do, and do it right
On Tue, Apr 30, 2013 at 3:03 AM, André Warnier a...@ice-sa.com wrote:
Let us imagine for a moment that this suggestion is implemented in the
Apache webservers,
and is enabled in the default configuration. And let's imagine that after a
while, 20% of
the Apache webservers deployed on the
On Tue, Apr 30, 2013 at 4:09 PM, André Warnier a...@ice-sa.com wrote:
But I have been trying to figure out a real use case, where expecting 404
responses in the course of legitimate applications or website access would
be a normal thing to do, and I admit that I haven't been able to think of
I submitted this patch quite a while ago. Another situation has come
up where better error logging would have been nice in this case.
Which reminded me that I hadn't see any action on this patch. I know
that everyone is busy, but was hoping someone could take some time to
look at it.
Thanks.
Thanks.
On Wed, Apr 3, 2013 at 5:23 PM, Jeff Trawick traw...@gmail.com wrote:
On Wed, Apr 3, 2013 at 7:56 PM, Ben Reser b...@reser.org wrote:
I submitted this patch quite a while ago. Another situation has come
up where better error logging would have been nice in this case.
Which reminded
52 matches
Mail list logo
