Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Daniel Gruno
On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote: Hi, in twitter and other social media channels they're talking about a current apache 0 day: https://twitter.com/i/web/status/1087593706444730369 which wasn't handled / isn't currently fixed. Some details are here:

Re: svn commit: r1851794 [1/37] - in /httpd/httpd/trunk/docs/manual: ./ developer/ howto/ misc/ mod/ platform/ programs/ rewrite/ ssl/ vhosts/

2019-01-22 Thread Eric Covener
> Modified: httpd/httpd/trunk/docs/manual/bind.html.de > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/bind.html.de?rev=1851794=1851793=1851794=diff > == > ---

Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Rainer Jung
Am 22.01.2019 um 10:33 schrieb Daniel Gruno: On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote: Hi, in twitter and other social media channels they're talking about a current apache 0 day: https://twitter.com/i/web/status/1087593706444730369 which wasn't handled / isn't currently fixed.

Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Stefan Sperling
On Tue, Jan 22, 2019 at 01:31:43PM +0100, Rainer Jung wrote: > Here's the response we have compiled from Daniel, Stefan and others: > > https://bz.apache.org/bugzilla/show_bug.cgi?id=63098 FYI, I have disabled pool debugging in OpenBSD's port of APR. We are now using Yann's patch to force the

Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Stefan Eissing
Thanks! I also wrote about the h2 related parts at https://icing.github.io/mod_h2/pool-debugging.html > Am 22.01.2019 um 13:31 schrieb Rainer Jung : > > Am 22.01.2019 um 10:33 schrieb Daniel Gruno: >> On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote: >>> Hi, >>> >>> in twitter and other

Re: Apache 0-day / apache-uaf / use after free bugs

2019-01-22 Thread Stefan Eissing
Thanks for the update, Stefan! > Am 22.01.2019 um 13:42 schrieb Stefan Sperling : > > On Tue, Jan 22, 2019 at 01:31:43PM +0100, Rainer Jung wrote: >> Here's the response we have compiled from Daniel, Stefan and others: >> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=63098 > > FYI, I have

Re: [PATCH] mod_proxy: fix build without APR threads

2019-01-22 Thread Stefan Sperling
On Tue, Jan 08, 2019 at 03:46:48PM +0100, Stefan Sperling wrote: > mod_proxy fails to compile when APR doesn't have thread support. > I don't know if this is supposed to be a supported configuration, > but this problem did not exist with HTTPD 2.2; it showed up in 2.4. > > The patch below adds

Re: [PATCH] mod_proxy: fix build without APR threads

2019-01-22 Thread Stefan Sperling
On Tue, Jan 22, 2019 at 10:49:27AM -0600, William A Rowe Jr wrote: > On Tue, Jan 22, 2019 at 10:30 AM Stefan Sperling wrote: > > > On Tue, Jan 08, 2019 at 03:46:48PM +0100, Stefan Sperling wrote: > > > mod_proxy fails to compile when APR doesn't have thread support. > > > I don't know if this is

Re: svn commit: r1851794 [1/37] - in /httpd/httpd/trunk/docs/manual: ./ developer/ howto/ misc/ mod/ platform/ programs/ rewrite/ ssl/ vhosts/

2019-01-22 Thread Rainer Jung
Am 22.01.2019 um 15:27 schrieb Eric Covener: Modified: httpd/httpd/trunk/docs/manual/bind.html.de URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/bind.html.de?rev=1851794=1851793=1851794=diff == ---

Re: svn commit: r32075 - /dev/httpd/ /release/httpd/

2019-01-22 Thread Daniel Ruggeri
Hi, Cristophe; Thanks for the extra eye. Fortunately, this is expected behavior. Since the announcement goes out on some future date, the date is fixed up later in the announce.sh script. -- Daniel Ruggeri On 2019-01-21 13:22, Marion & Christophe JAILLET wrote: Fixed in r32079. I hope I

Re: [PATCH] mod_proxy: fix build without APR threads

2019-01-22 Thread William A Rowe Jr
On Tue, Jan 22, 2019 at 10:30 AM Stefan Sperling wrote: > On Tue, Jan 08, 2019 at 03:46:48PM +0100, Stefan Sperling wrote: > > mod_proxy fails to compile when APR doesn't have thread support. > > I don't know if this is supposed to be a supported configuration, > > but this problem did not exist

Re: svn commit: r1851794 [1/37] - in /httpd/httpd/trunk/docs/manual: ./ developer/ howto/ misc/ mod/ platform/ programs/ rewrite/ ssl/ vhosts/

2019-01-22 Thread Marion et Christophe JAILLET
My fault (if this is a fault :) ).   It is part of r1851168 ("Give a little breath before the permalink") in order to tweak the permalink I've added (on trunk only for now). I've added a space because it looked nicer (IMHO)   Another less intrusive change was done on css in r1851167.   So,

Re: svn commit: r32075 - /dev/httpd/ /release/httpd/

2019-01-22 Thread Daniel Ruggeri
On 2019-01-22 11:39, Daniel Gruno wrote: On 1/22/19 6:08 PM, Daniel Ruggeri wrote: Hi, Cristophe;    Thanks for the extra eye. Fortunately, this is expected behavior. Since the announcement goes out on some future date, the date is fixed up later in the announce.sh script. Daniel, could

Re: svn commit: r32075 - /dev/httpd/ /release/httpd/

2019-01-22 Thread Daniel Gruno
On 1/22/19 6:08 PM, Daniel Ruggeri wrote: Hi, Cristophe;    Thanks for the extra eye. Fortunately, this is expected behavior. Since the announcement goes out on some future date, the date is fixed up later in the announce.sh script. Daniel, could you please make sure to add a Date: header

Re: svn commit: r32075 - /dev/httpd/ /release/httpd/

2019-01-22 Thread Daniel Gruno
On 1/22/19 8:13 PM, Daniel Ruggeri wrote: On 2019-01-22 11:39, Daniel Gruno wrote: On 1/22/19 6:08 PM, Daniel Ruggeri wrote: Hi, Cristophe;     Thanks for the extra eye. Fortunately, this is expected behavior. Since the announcement goes out on some future date, the date is fixed up later in