distcache support in mod_ssl for 2.1

2003-11-26 Thread Joe Orton
Hiya, I'd like to integrate distcache support into mod_ssl on HEAD: are the copyright holders willing to contribute copyright ownership to the ASF for ssl_scache_dc.c and the other changes? I've rediffed the published patch for 2.0.48 against HEAD, attached for review. Changes relative to the

Re: distcache support in mod_ssl for 2.1

2003-11-26 Thread Joe Orton
On Wed, Nov 26, 2003 at 10:52:51AM -0500, Geoff Thorpe wrote: On November 26, 2003 07:05 am, Joe Orton wrote: Hiya, I'd like to integrate distcache support into mod_ssl on HEAD: are the copyright holders willing to contribute copyright ownership to the ASF for ssl_scache_dc.c and the other

Re: Problem with mod_ssl.la

2003-11-26 Thread Joe Orton
On Wed, Nov 26, 2003 at 02:27:48PM -0500, Christopher Jastram wrote: Just checked out the latest Apache CVS because I need the dav_lock module... make[4]: *** No rule to make target `ssl_scache_shmht.slo', needed by `mod_ssl.la'. Stop. What's up with this? You need to re-run buildconf

Re: Apache 1.3.28 SEGFAULTS and doesn't produce a core file

2003-12-02 Thread Joe Orton
On Mon, Dec 01, 2003 at 07:52:03AM -0500, Jeff Trawick wrote: FWIW, it segfaults on a jsp request... I suppose that this is handled by a third party module such as mod_jk? See the final snippet: [pid 32119] read(11, GET /messaging/businessObject.js..., 4096) = 775 [pid 32119]

[PATCH] exports.c Makefile unfix

2003-12-02 Thread Joe Orton
So (Ben), what is it that breaks with BSD make when reverting the cruft that has been added to server/Makefile.in to use an absolute path to exports.c? This works for me with srcdir=builddir and srcdir!=builddir with the FreeBSD 4.2 make, and GNU make -j2 still works too. The 2.0 branch still

Re: cvs commit: httpd-2.0/server main.c

2003-12-10 Thread Joe Orton
On Wed, Dec 10, 2003 at 09:24:38AM -0500, Jeff Trawick wrote: [EMAIL PROTECTED] wrote: jorton 2003/12/10 05:43:14 Modified:server main.c Log: * server/main.c (suck_in_expat): Remove function, USE_EXPAT is never defined. Does anyone have clues about the other hacks

Re: [PATCH 25137] atomics in worker mpm

2003-12-11 Thread Joe Orton
On Thu, Dec 11, 2003 at 12:47:37PM -0800, Aaron Bannert wrote: On Thu, Dec 11, 2003 at 08:39:27AM -0500, Brian Akins wrote: I wonder if this binary would run on an older processor (running a modern version of linux). AFAIK, yes. It's standard x86 assembly. All: Please correct

Re: cvs commit: httpd-2.0/modules/experimental mod_charset_lite.c

2003-12-15 Thread Joe Orton
On Mon, Dec 15, 2003 at 02:24:31PM -, [EMAIL PROTECTED] wrote: ... diff -u -u -r1.66 -r1.67 --- mod_charset_lite.c 7 Nov 2003 01:01:27 - 1.66 +++ mod_charset_lite.c 15 Dec 2003 14:24:31 - 1.67 @@ -307,7 +307,16 @@ mime type

Re: cvs commit: httpd-2.0/server gen_test_char.c

2004-01-03 Thread Joe Orton
On Sat, Jan 03, 2004 at 04:31:32PM -, [EMAIL PROTECTED] wrote: ben 2004/01/03 08:31:32 Modified:server gen_test_char.c Log: Make forensic logging safe for POST data. The issue with strchr and NUL is a red herring. I don't think this is a safe change: 0 is now

Re: [dav-dev] [PATCH] PR#21779 Fix

2004-01-08 Thread Joe Orton
On Thu, Jan 01, 2004 at 09:43:03AM +, amit athavale wrote: Hi, Attached is the patch for fix of PR#21779. I am not sure whether I have added that code at best/ideal place, so please review it and let me know if there is another place where I can put that check. Thanks Amit, I

Re: log_error_core escaping change broke things

2004-01-09 Thread Joe Orton
On Fri, Jan 09, 2004 at 03:32:29PM +0100, André Malo wrote: * Geoffrey Young [EMAIL PROTECTED] wrote: However, is it wise to add a configure option for it? how do you mean? I was trying to make it just a compile time option, similar to -DBIG_SECURITY_HOLE (which seems to me a bigger

Re: 2.0.48 worker mpm on RH3 NPTL results

2004-01-09 Thread Joe Orton
On Wed, Jan 07, 2004 at 02:49:15PM -0700, Jean-Jacques Clar wrote: Attached are 2.0.48 numbers on RH AS 2.1 and 3.0. Apache is build with worker MPM and default options on both versions. C: Apache is servicing more requests per sec on 2.1 on 1 and 2 CPUs, 3.0 is picking up the slack

Re: [Bug 26076] make install DESTDIR

2004-01-13 Thread Joe Orton
On Mon, Jan 12, 2004 at 11:43:10PM -0800, Stas Bekman wrote: [EMAIL PROTECTED] wrote: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26076 [...] --- Additional Comments From [EMAIL PROTECTED] 2004-01-13 07:18 --- That's not a bug: a $DESTDIR installation is an intermediate

Re: [1.3 PATCH] issue prctl(PR_SET_DUMPABLE) where available

2004-01-13 Thread Joe Orton
On Tue, Jan 13, 2004 at 09:54:45AM -0500, Jeff Trawick wrote: Rather than using multiple symbols (HAVE_SYS_PRCTL_H, HAVE_PRCTL), which would add to the CFLAGS, there is a single symbol HAVE_SET_DUMPABLE which is defined via CFLAGS if all prerequisites are met. testing: Fedora Core 1:

Re: SSL renegotiation bug

2004-01-13 Thread Joe Orton
On Tue, Jan 13, 2004 at 04:43:07PM -0600, Ben Collins-Sussman wrote: Hello, Apache folk. After showing this bug to gstein, iholsman, and others in IRC, I fear I may have found a real bug. It has something to do with SSL, but it's not clear whether this is a bug in the Neon library,

Re: httpd-2.1 segfaults at startup

2004-01-14 Thread Joe Orton
On Tue, Jan 13, 2004 at 06:31:18PM -0600, Art Haas wrote: I've been building and using what will be httpd-2.1 for months. Just within the last week or two, my builds have all failed when I try to run them. As others are certainly running the CVS head builds without problems, I'm hoping for a

Re: apr buildconf libtool

2004-01-14 Thread Joe Orton
On Wed, Jan 14, 2004 at 07:21:08PM +, Patrick Welche wrote: % sh buildconf rebuilding srclib/apr/configure buildconf: checking installation... buildconf: autoconf version 2.59 (ok) buildconf: libtool version 1.5a (ok) Copying libtool helper files ... cat: aclocal.m4: No such file or

Re: SSL renegotiation bug

2004-01-14 Thread Joe Orton
On Wed, Jan 14, 2004 at 03:27:23PM -0600, Ben Collins-Sussman wrote: On Tue, 2004-01-13 at 17:26, Joe Orton wrote: Is there still a TCP connection between the client and server at this point? If so, you can identify the server child in question via the server-status output or netstat -pt

Re: apr buildconf libtool

2004-01-15 Thread Joe Orton
On Thu, Jan 15, 2004 at 12:46:31PM +, Patrick Welche wrote: Yes. The above was from my November libtool HEAD. I just upgraded now to today's libtool HEAD, and % sh buildconf | tee buildconf.out rebuilding srclib/apr/configure buildconf: checking installation... buildconf: autoconf

Re: missing symbols for modules.o

2004-01-15 Thread Joe Orton
On Thu, Jan 15, 2004 at 03:04:37PM +, Patrick Welche wrote: Essentially a build of httpd-cvs on NetBSD-1.6ZG/i386, autoconf 2.59, cvs libtool, gcc 3.3.2, goes fine until the final link to -o httpd: /usr/lib/crt0.o(.text+0x86): In function `___start': : undefined reference to `main'

Re: missing symbols for modules.o

2004-01-15 Thread Joe Orton
On Thu, Jan 15, 2004 at 05:16:35PM +, Patrick Welche wrote: On Thu, Jan 15, 2004 at 03:24:37PM +, Joe Orton wrote: On Thu, Jan 15, 2004 at 03:04:37PM +, Patrick Welche wrote: modules.o(.data+0x4): undefined reference to `authn_file_module' ... Have any of you seen

Re: missing symbols for modules.o

2004-01-15 Thread Joe Orton
On Thu, Jan 15, 2004 at 06:13:36PM +, Patrick Welche wrote: On Thu, Jan 15, 2004 at 05:19:34PM +, Joe Orton wrote: On Thu, Jan 15, 2004 at 05:16:35PM +, Patrick Welche wrote: libtool: link: libtool library `mod_authn_file.la' must begin with `lib' Yeah, you have to switch

Re: Re-assigning bugs, was Re: DO NOT REPLY [Bug 26149]...

2004-01-16 Thread Joe Orton
On Fri, Jan 16, 2004 at 12:45:01AM +0100, Erik Abele wrote: On 15.01.2004, at 09:54, [EMAIL PROTECTED] wrote: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26149 Apache 2.0.48 won't load Tomcat 4.1.29 in-process via JK2 --- Additional Comments From [EMAIL PROTECTED] 2004-01-15

Re: httpd-2.1 segfaults at startup

2004-01-19 Thread Joe Orton
On Tue, Jan 13, 2004 at 06:31:18PM -0600, Art Haas wrote: Hi. I've been building and using what will be httpd-2.1 for months. Just within the last week or two, my builds have all failed when I try to run them. As others are certainly running the CVS head builds without problems, I'm hoping

Re: SSL renegotiation bug

2004-01-21 Thread Joe Orton
On Tue, Jan 20, 2004 at 04:35:34PM -0600, Ben Collins-Sussman wrote: Sorry to be so slow in getting back to you, Joe. I'm still desperately looking for a clue on this SSL hang that happens when I run 'apachectl graceful'. On Wed, 2004-01-14 at 15:51, Joe Orton wrote: The client

Re: SSL renegotiation bug

2004-01-21 Thread Joe Orton
On Wed, Jan 21, 2004 at 11:12:20AM -0600, Ben Collins-Sussman wrote: On Wed, 2004-01-21 at 04:29, Joe Orton wrote: I have now managed to reproduce hangs a couple of times here, What exactly was your reproduction recipe? Same as mine? Start an import over SSL and then 'graceful' the server

Re: nph cgi [2]

2004-01-23 Thread Joe Orton
On Thu, Jan 22, 2004 at 11:22:14AM -0500, Jeff Trawick wrote: pud wrote: okay, please forgive me, s/mod_cgi/mod_ssl/g, sorry... hey, sorry to disturb you, but,,, i read in the apache2 changelog that you fixed an streaming bug in the mod_cgi - but i think it still exists... (at least in

Re: mystery solved... perhaps.

2004-01-23 Thread Joe Orton
On Thu, Jan 22, 2004 at 05:02:50PM -0600, Ben Collins-Sussman wrote: ... * for some reason, the 'rotatelogs' process dies. It's not clear whether it's responding to a signal, or if the httpd parent is killing it, or what. A new 'rotatelogs' takes its place, with new httpd

Re: cvs commit: httpd-2.0 STATUS

2004-01-23 Thread Joe Orton
On Mon, Jan 12, 2004 at 12:04:38AM -, [EMAIL PROTECTED] wrote: * mod_dav: Reject requests including fragment part in the Request-URI. http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/main/mod_dav.c?r1=1.102r2=1.103 PR: 21779 +1: jorton +

Re: cvs commit: httpd-2.0 STATUS

2004-01-23 Thread Joe Orton
On Sat, Jan 24, 2004 at 12:48:33AM +0100, André Malo wrote: * Greg Stein [EMAIL PROTECTED] wrote: On Fri, Jan 23, 2004 at 11:28:28PM +0100, André Malo wrote: Hmm, and then? I'd see it as a workaround for buggy clients like the redirect-carefully variable. It's a matter of degree.

Re: mystery solved... perhaps.

2004-01-27 Thread Joe Orton
On Mon, Jan 26, 2004 at 04:55:34PM -0600, Ben Collins-Sussman wrote: On Fri, 2004-01-23 at 08:07, Joe Orton wrote: Nice, this is easy enough to reproduce. It only fills up because the httpd children all have the read end of the pipe open, which is a bug in itself. Applying below ensures

Re: cvs commit: httpd-2.0/modules/metadata mod_expires.c

2004-02-04 Thread Joe Orton
On Tue, Feb 03, 2004 at 09:51:39PM -, [EMAIL PROTECTED] wrote: rederpj 2004/02/03 13:51:39 Modified:.Tag: APACHE_2_0_BRANCH CHANGES STATUS modules/metadata Tag: APACHE_2_0_BRANCH mod_expires.c Log: *) Add support for IMT minor-type wildcards (e.g.,

Re: mod_ssl not sending Alert upon close ?

2004-02-05 Thread Joe Orton
I've seen some unclean shutdown errors a few times but never managed to get a repro case. What client are you using, how do you reproduce this? I presume you have the same SetEnvIf ssl-unclean-shutdown settings for broken clients when comparing 1.3 and 2.0 behaviour? On Thu, Feb 05, 2004 at

Re: mod_ssl not sending Alert upon close ?

2004-02-06 Thread Joe Orton
On Thu, Feb 05, 2004 at 02:03:29PM -0800, Mathihalli, Madhusudan wrote: Okay. here's what I think is happening : (Client = C Server - S) You're right, the alert is never getting sent! C - S : initiates connection C - S : handshake S - C : server sends application data S - C : server

Re: [PATCH] RE: mod_ssl not sending Alert upon close ?

2004-02-06 Thread Joe Orton
On Fri, Feb 06, 2004 at 01:30:00PM -0800, Mathihalli, Madhusudan wrote: IOW, the following patch works. Question: Is there any other hook / pool-cleanup thing that I can hook the ssl_filter_io_shutdown() logic into ? No, that can't be right either, it would close the connection after each

Re: [PATCH] new finish_connection hook SSL closure fix

2004-02-08 Thread Joe Orton
On Sun, Feb 08, 2004 at 11:08:37AM -0800, Justin Erenkrantz wrote: --On Sunday, February 8, 2004 5:27 PM + Joe Orton [EMAIL PROTECTED] wrote: This adds a finish_connection hook as discussed with Madhu, and uses it in mod_ssl to ensure that the SSL close_notify alert is sent before

Re: apache 2.0.48 mod_userdir over nfs mount

2004-02-11 Thread Joe Orton
On Wed, Feb 11, 2004 at 10:39:08AM +, UHISWdev UHISWdev wrote: Apache 2.0.48 - mod_userdir won't serve from an nfs mount on Linux kernel 2.4.21-166-smp4G Apache 1.3.x works fine but nothing comes out of Apache 2. On the previous kernel it would serve files 255 bytes but now it doesn't

Re: apache 2.0.48 mod_userdir over nfs mount

2004-02-11 Thread Joe Orton
On Wed, Feb 11, 2004 at 02:35:07PM +, UHISWdev UHISWdev wrote: hmm.. interesting. Thanks Brian but what do you class as local? We mounted another linux machine directly into the apache tree with no probs. The problems only appear when you use ncpmount to mount a netware machine. Unix to

Re: SSL shared memory cache and restarting

2004-02-16 Thread Joe Orton
On Mon, Feb 16, 2004 at 11:12:17AM +0200, Graham Leggett wrote: I am having a hassle with a server running httpd v2.0.47 in that it refuses to restart cleanly after an unclean shutdown. Before Apache will start again, the SSL session cache file needs to be manually deleted. Is this problem

Re: apr/apr-util python dependence

2004-02-18 Thread Joe Orton
On Wed, Feb 18, 2004 at 08:22:56AM +0100, Sascha Schumann wrote: requiring automake is not something I personally would be excited about... I'd like to see how bad a conversion to ordinary sh would turn out.. also, I'd guess that a conversion to the less cool but more widely

Re: [PATCH] SSLCryptoDevCtl support

2004-02-19 Thread Joe Orton
On Thu, Feb 19, 2004 at 09:41:55AM -0600, Serge Hallyn wrote: ... + +/* Our static variables get reset between first and second pass ... so this + * variable is mixed in key-value strings and incremented. On the second pass, + * the key-values will match so will replace, rather than

Re: apr/apr-util python dependence

2004-02-20 Thread Joe Orton
On Thu, Feb 19, 2004 at 05:55:13PM -0800, Roy T. Fielding wrote: However I completely disagree that Python (or Perl or PHP) is a good choice for use in build systems. As part of the configure process, I would agree with you, but as part of buildconf, I disagree--not everyone needs

Re: apr/apr-util python dependence

2004-02-20 Thread Joe Orton
On Fri, Feb 20, 2004 at 11:27:29AM +0100, Sascha Schumann wrote: Please get your facts straight. httpd is still just as buildable on such platforms regardless of gen-build.py: from the release tarballs. Building from a CVS checkout cannot be done without extra tools, but that has

Re: (97)Address family not supported by protocol causes disk ticking?

2004-02-23 Thread Joe Orton
Hi, On Sat, Feb 21, 2004 at 11:00:25AM +, Alexis Huxley wrote: ... About once every three weeks it happens that the hard disk of the machine where I run apache2 starts audibly ticking - i.e. it starts making some sort of non-cached access (maybe the log writing below?) at a rate of once

Re: [PATCH] SSL not sending close alert message

2004-02-23 Thread Joe Orton
On Mon, Feb 23, 2004 at 01:22:05PM -0800, Mathihalli, Madhusudan wrote: Hi, I started working on Justin's idea of creating a EOC bucket - to do a SSL shutdown before the socket close(). But since the ap_flush_conn is called just before closing the socket - I thought of

Re: [PATCH] SSL not sending close alert message

2004-02-24 Thread Joe Orton
On Tue, Feb 24, 2004 at 09:59:00AM -0800, Mathihalli, Madhusudan wrote: -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] [SNIP] This is just back to what we had patches for already: doing an SSL shutdown on any EOF bucket, right? Which is not right since you get an EOS

Re: [PATCH-Modified-2] SSL not sending close alert message

2004-02-26 Thread Joe Orton
On Wed, Feb 25, 2004 at 05:12:33PM -0800, Mathihalli, Madhusudan wrote: More feedback incorporated ! ap_flush_conn can just use a single brigade with two buckets, no extra variables needed there, also needs s/APU_DECLARE/AP_DECLARE in eoc_bucket.c, and perhaps the prototypes are more appropriate

Re: why modules/ssl keep on creating collisions on 'cvs up'

2004-03-02 Thread Joe Orton
On Mon, Mar 01, 2004 at 11:53:00PM -0800, Stas Bekman wrote: There must be some simple explanation, but this is very annoying as 'cvs up' in httpd-2.0 keeps on colliding at these files: M modules/ssl/ssl_expr_parse.c M modules/ssl/ssl_expr_parse.h M modules/ssl/ssl_expr_scan.c This should

Re: RewriteCond and SSL environment variables

2004-03-02 Thread Joe Orton
On Mon, Mar 01, 2004 at 10:37:46AM -0800, Mathihalli, Madhusudan wrote: Hi, Question: Can we use the environment variables setup by mod_ssl in the RewriteCond directive ? Not like in 1.3; in 2.0 you can use %{LA-U:ENV:...} to fetch the SSL variables via a subrequest; a better

Re: un-macho serviceability aid for Unix MPMs

2004-03-03 Thread Joe Orton
On Wed, Mar 03, 2004 at 06:34:06AM -0500, Jeff Trawick wrote: This checks for a couple of common conditions which prevent core dumps from being taken and writes a NOTICE message to the error log at startup if the condition is detected. BTW, the same code works with 1.3 with very minor

Re: RewriteCond and SSL environment variables

2004-03-03 Thread Joe Orton
On Tue, Mar 02, 2004 at 08:42:36PM +0100, André Malo wrote: * Joe Orton [EMAIL PROTECTED] wrote: On Mon, Mar 01, 2004 at 10:37:46AM -0800, Mathihalli, Madhusudan wrote: Hi, Question: Can we use the environment variables setup by mod_ssl in the RewriteCond directive

Re: RewriteCond and SSL environment variables

2004-03-03 Thread Joe Orton
On Wed, Mar 03, 2004 at 07:47:21PM +0100, André Malo wrote: * Joe Orton [EMAIL PROTECTED] wrote: Sounds good. But we'd need to hook the variable creation earlier anyway, since ssl_var_lookup finally just uses r-subprocess_env. I don't see how that follows; if you're just trying

Re: [PATCH] RewriteCond and SSL environment variables

2004-03-04 Thread Joe Orton
On Thu, Mar 04, 2004 at 07:41:54AM +0100, André Malo wrote: * Mathihalli, Madhusudan [EMAIL PROTECTED] wrote: Here's a slightly modified version of Joe's patch to - not segfault if rewrite_ssl_var_lookup is not available (mod_ssl not loaded)- use SSL environment variables as

Re: [PATCH] RewriteCond and SSL environment variables

2004-03-04 Thread Joe Orton
On Thu, Mar 04, 2004 at 11:08:25AM +0100, André Malo wrote: * Joe Orton [EMAIL PROTECTED] wrote: I'm not really convinced about using ssl_var_lookup_ssl: that function does not handle the HTTPS variable, and it would be potentially confusing to users and hard to document since only some

Re: cvs commit: httpd-2.0 libhttpd.dsp

2004-03-04 Thread Joe Orton
On Mon, Mar 01, 2004 at 05:49:52PM -, [EMAIL PROTECTED] wrote: ake 2004/03/01 09:49:52 Modified:.libhttpd.dsp Log: add eoc_bucket.c to project I'm not qualified to review Win32 changes but did you mean to remove /incremental:no from the linker flags here as

Re: (97)Address family not supported by protocol causes disk ticking?

2004-03-04 Thread Joe Orton
On Sat, Feb 21, 2004 at 11:00:25AM +, Alexis Huxley wrote: I'm running apache 2.1dev, and I've posted to the -user list with no response, so now I'm a bit stuck as to where next to try, so I'm posting here. Apologies if this is the wrong place. The bug is that the POD code is doing a name

Re: patch bug # 19271

2004-03-04 Thread Joe Orton
On Thu, Mar 04, 2004 at 01:48:15PM -0500, Aryeh Katz wrote: I'm not quite sure how to submit a patch to bugzilla, so can someone please take care of the following for me. In addition, and corrections/better ways would be greatly appreciated. That one is actually fixed on HEAD though ab's SSL

Re: mod_ssl TLS/SSL upgrade...

2004-03-05 Thread Joe Orton
On Thu, Mar 04, 2004 at 09:08:28PM -0700, Brad Nicholes wrote: I would like to resurrect an old discussion. About a year and half ago rbb and wrowe committed a patch for mod_ssl to provide the SSLEngine upgrade capability. It seems that one of the reasons for not back porting it to the

Re: cvs commit: httpd-2.0/modules/arch/netware mod_nw_ssl.c

2004-03-07 Thread Joe Orton
On Sun, Mar 07, 2004 at 03:08:21AM -, [EMAIL PROTECTED] wrote: bnicholes2004/03/06 19:08:21 Modified:modules/arch/netware mod_nw_ssl.c Log: Add the ssl_is_https() and ssl_var_lookup() optional functions to the mod_nw_ssl module for Netware If you intend mod_nw_ssl to be

Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c core.c

2004-03-08 Thread Joe Orton
On Mon, Mar 08, 2004 at 08:32:30PM +0100, André Malo wrote: * [EMAIL PROTECTED] wrote: * include/http_connection.h: Declare eoc bucket interface. Shouldn't this be a minor MMN bump? I dunno, I don't really see the point in bumping the minor MMN more than once between releases and it's

Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c core.c

2004-03-09 Thread Joe Orton
On Tue, Mar 09, 2004 at 07:38:48AM +0100, André Malo wrote: * Joe Orton [EMAIL PROTECTED] wrote: On Mon, Mar 08, 2004 at 08:32:30PM +0100, André Malo wrote: * [EMAIL PROTECTED] wrote: * include/http_connection.h: Declare eoc bucket interface. Shouldn't this be a minor MMN

Re: mod_ssl fix for PR# 27106

2004-03-09 Thread Joe Orton
On Mon, Mar 08, 2004 at 02:47:10PM -0800, Andy Cutright wrote: apacheweek has announced a vulnerability: http://www.apacheweek.com/features/security-20 the bugzilla problem report indicates this diff fixes the problem:

Re: Broken SSL connections on load ?

2004-03-09 Thread Joe Orton
On Mon, Mar 08, 2004 at 11:59:44AM -0800, Mathihalli, Madhusudan wrote: I've been using the sslswamp tool (which btw is great) to stress apache - and once in a while, I keep getting a 'abortive close' with the following message in the error_log. Any ideas why this is

Re: cvs commit: httpd-2.0 STATUS

2004-03-09 Thread Joe Orton
On Tue, Mar 09, 2004 at 06:14:00PM -, [EMAIL PROTECTED] wrote: madhum 2004/03/09 10:14:00 Modified:.Tag: APACHE_2_0_BRANCH STATUS Log: Propose a backport (for mod_rewrite to recognize SSL variables) Thanks for committing that Madhu. The mod_ssl.h-ssl_private.h

Re: 2.0.49 (rc1) tarballs available for testing

2004-03-09 Thread Joe Orton
On Tue, Mar 09, 2004 at 05:07:52PM -0800, Aaron Bannert wrote: On Tue, Mar 09, 2004 at 06:02:03PM +0100, Sander Striker wrote: There are 2.0.49-rc1 tarballs available for testing... +1 Looks good over here (though I had trouble running the testsuite on x86_64). There was an httpd-test

[PATCH] catch a bad vhost config

2004-03-11 Thread Joe Orton
By uncommenting just one line from the default config you can get to this misconfiguration: NameVirtualHost *:80 VirtualHost _default_:443 /VirtualHost which is not handled properly by the vhost code - httpd serves requests with c-base_server == NULL, httpd -tS segfaults, etc. The check below

Re: 2.0.49 (rc2) tarballs available

2004-03-14 Thread Joe Orton
On Sun, Mar 14, 2004 at 07:22:24AM -0700, The Doctor wrote: Failure again on BSD/OS 5.1 It seems libtool does not know how to build shared libraries on BSD/OS 5.x; try editing srclib/apr/configure and search'n'replace the places where it says bsdi4 to read bsdi5. (this is clearly not a

Re: 2.0.49 (rc2) tarballs available

2004-03-15 Thread Joe Orton
On Sun, Mar 14, 2004 at 07:32:01PM -0700, The Doctor wrote: On Sun, Mar 14, 2004 at 05:18:19PM -0700, The Doctor wrote: On Sun, Mar 14, 2004 at 04:04:31PM +, Joe Orton wrote: On Sun, Mar 14, 2004 at 07:22:24AM -0700, The Doctor wrote: Failure again on BSD/OS 5.1 It seems

Re: cvs commit: httpd-2.0/server Makefile.in

2004-03-15 Thread Joe Orton
On Mon, Mar 15, 2004 at 08:19:00PM -, [EMAIL PROTECTED] wrote: martin 2004/03/15 12:19:00 Modified:server Makefile.in Log: Add missing source It was already there, I've reverted this. Did you run buildconf after updating? util_script.c util_md5.c

Re: [PROPOSAL] Move httpd to the subversion repository

2004-03-16 Thread Joe Orton
On Mon, Mar 15, 2004 at 09:15:26PM +0100, Sander Striker wrote: On Mon, 2004-03-15 at 20:39, Ben Collins-Sussman wrote: On Mon, 2004-03-15 at 12:02, Joshua Slive wrote: Disadvantages of moving to subversion: - Not as portable (?) (Subversion clients/servers run anywhere APR does.

Re: [PROPOSAL] Move httpd to the subversion repository

2004-03-16 Thread Joe Orton
On Tue, Mar 16, 2004 at 10:41:12PM +0100, Dirk-Willem van Gulik wrote: On Mar 16, 2004, at 10:03 PM, Joe Orton wrote: neon has been the most limiting dependency for a client, I am told. Mmm, such juicy tempting FUD. Your anonymous informant should report portability bugs to [EMAIL

Re: 2.0.49 (rc3) tarballs available, WAS: Re: 2.0.49 (rc2) tarballsavailable

2004-03-17 Thread Joe Orton
On Wed, Mar 17, 2004 at 04:59:45PM -0700, The Doctor wrote: Flops on BSD/OS 5.X PLEASE accommodate for BSD/OS 5.X Looks like you may have missed previous message(s) on this topic. To make any progress on this issue, please attach the complete output of configure to the bug report:

Re: [PATCH ?] RE: SEGV in allocator_free

2004-03-24 Thread Joe Orton
On Fri, Mar 19, 2004 at 06:51:41PM -0800, Mathihalli, Madhusudan wrote: Do we need to do the following ? I tried it - the test continued to a certain extent, only to fail again after some time (with the same stack trace) What's the repro case for this? You're running swamp against an SSL-HTTP

Re: [PATCH ?] RE: SEGV in allocator_free

2004-03-25 Thread Joe Orton
On Wed, Mar 24, 2004 at 02:04:05PM -0800, Mathihalli, Madhusudan wrote: -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] [SNIP] I think the correct fix is to stop trying to send the shutdown from the cleanup, which didn't actually work anyway. Can you test something like

Re: [PATCH ?] RE: SEGV in allocator_free

2004-03-25 Thread Joe Orton
Are those who can reproduce this segfault using a reverse proxy to an SSL backend (i.e. SSLProxyEngine on)? That case is certainly one trigger for the problem: mod_proxy does not call ap_flush_conn so the EOC bucket is never sent. (there may still be other triggers) joe

Re: [STATUS] (httpd-2.0) Wed Mar 24 23:45:11 EST 2004

2004-03-25 Thread Joe Orton
On Thu, Mar 25, 2004 at 10:41:23AM -0500, Geoff Thorpe wrote: On March 24, 2004 11:45 pm, Rodent of Unusual Size wrote: APACHE 2.0 STATUS: [snip] TODO ISSUES REMAINING IN MOD_SSL: [snip] * the shmcb code should just align its memory segment rather than jumping through

Re: [PATCH ?] RE: SEGV in allocator_free

2004-03-25 Thread Joe Orton
On Thu, Mar 25, 2004 at 09:20:37AM -0800, Mathihalli, Madhusudan wrote: -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] [SNIP] Are those who can reproduce this segfault using a reverse proxy to an SSL backend (i.e. SSLProxyEngine on)? [SNIP] Yes and No :) Yes - I

Re: [PATCH] Flag OpenSSL to NOT store sessions

2004-03-25 Thread Joe Orton
On Thu, Mar 25, 2004 at 03:28:38PM -0800, Mathihalli, Madhusudan wrote: Hello, Apart from flagging OpenSSL to NOT lookup the internal cache for session-id's, we should ALSO tell OpenSSL to NOT store the sessions ! This fixes my problem where the httpd process size

Re: [PATCH] Flag OpenSSL to NOT store sessions

2004-03-26 Thread Joe Orton
On Fri, Mar 26, 2004 at 11:47:34AM -0800, Mathihalli, Madhusudan wrote: -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] [SNIP] Nice! So this is the fix for #26562? Don't forget to update the comment before you commit, and it looks like this is a new flag since OpenSSL

Re: [PATCH] followup with EOC bucket type

2004-03-29 Thread Joe Orton
On Fri, Mar 26, 2004 at 12:01:30PM -0800, Mathihalli, Madhusudan wrote: Hello, Should we just ignore the rest of the processing in core_output_filter after deleting the EOC bucket ? Yes, I think so, but by not leaving last_e pointing at a deleted bucket it can be done without the

Re: [PATCH] followup with EOC bucket type

2004-03-29 Thread Joe Orton
On Mon, Mar 29, 2004 at 11:58:46AM -0800, Mathihalli, Madhusudan wrote: Sounds good - but you still need to delete the last_e. This is what I asked before - why? The apr_brigade_destroy(b) call deletes the EOC bucket along with all the others a few lines further on AFAICT.

Re: cvs commit: httpd-2.0 STATUS

2004-04-15 Thread Joe Orton
On Sat, Apr 10, 2004 at 06:51:50PM -, [EMAIL PROTECTED] wrote: @@ -200,10 +202,11 @@ *) mod_dav: Send an EOS at the end of the multistatus brigade. http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/main/mod_dav.c?r1=1.105r2=1.106 +1: jorton +

Re: expires in redirects

2004-05-12 Thread Joe Orton
On Mon, May 10, 2004 at 11:02:21AM -0400, Brian Akins wrote: Any reason why expires set by mod_expires are not added to redirected requests? Should I hack up my own expires that does? Are you using 2.0.49? There's a fix for setting Expires on error responses in that version, it seems to work

Re: SSL_CLIENT_S_DN and proxy

2004-05-12 Thread Joe Orton
On Wed, May 12, 2004 at 01:09:03PM +0200, Marc Stern wrote: When using Apache as a proxy: ( brower --https-- Apache + mod_proxy --https-- Web server ) the Web server never receives the user's certificate info, because only the proxy is seen by the Web server. That means that all headers

Re: Regarding parse_byterange()

2004-04-29 Thread Joe Orton
On Wed, Apr 28, 2004 at 05:03:14PM -0700, Mathihalli, Madhusudan wrote: Hello, On my HP-UX 11i box (64-bit os), if I build a 32-bit app (default), the apr_off_t is a 4-byte entity and apr_int64_t is a 8-byte entity. I'm sure more than one person has experienced

Re: Regarding parse_byterange()

2004-04-29 Thread Joe Orton
On Thu, Apr 29, 2004 at 09:00:24AM -0700, Mathihalli, Madhusudan wrote: -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] [SNIP] apr_off_t is the right type to use since these are file offsets. parse_byterange should probably check for integer overflow when sizeof

Re: [PATCH] RE: Regarding parse_byterange()

2004-04-30 Thread Joe Orton
On Thu, Apr 29, 2004 at 09:43:34AM -0700, Mathihalli, Madhusudan wrote: -Original Message- From: Joe Orton [mailto:[EMAIL PROTECTED] [SNIP] What if the user really sent a large value for a small file ? Instead of erroring out - thanks to the overflow mechanism, we'll probably

Re: ssl_gcache_data preventing httpd startup

2004-05-05 Thread Joe Orton
On Tue, May 04, 2004 at 09:36:14PM +0200, Graham Leggett wrote: I have just installed the latest published version of httpd (v2.0.49), and the problem where httpd refuses to start unless the file ssl_gcache_data is manually deleted beforehand is still there. I recall some recent discussion

Re: cvs commit: httpd-2.0 STATUS

2004-05-05 Thread Joe Orton
On Wed, May 05, 2004 at 03:05:45PM -0400, Jeff Trawick wrote: [EMAIL PROTECTED] wrote: jorton 2004/05/05 09:29:59 Index: STATUS *) Readd suexec setuid and user check (now APR supports it) os/unix/unixd.c: r1.69 +1: nd, trawick + +1: jorton, if

Re: cvs commit: httpd-2.0/server core.c

2004-05-17 Thread Joe Orton
On Mon, May 17, 2004 at 01:06:04PM -0400, Bill Stoddard wrote: [EMAIL PROTECTED] wrote: jorton 2004/05/17 08:24:31 Modified:server core.c Log: * server/core.c (core_output_filter): Don't explicitly delete the EOC bucket, and don't buffer the brigade if it ends in an EOC.

Re: [Patch] swap ldap.h headers - PR 27379

2004-05-23 Thread Joe Orton
On Sun, May 23, 2004 at 11:48:52PM +0200, Graham Leggett wrote: The above bug was posted about LDAP support not building on Solaris due to ldap.h and lber.h being declared in the wrong order. This patch has been committed to apr-util v1.0, what needs to be done to get it committed to

Re: Compile failure 2.0.49 on RHEL3

2004-05-24 Thread Joe Orton
On Fri, May 21, 2004 at 08:23:51PM +0200, Graham Leggett wrote: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18989 ... Ok, my autoconf is really rusty. What would need to be done to test for krb5.h under /usr/kerberos/include using the right way of doing things... Really, the right

Re: 1.3.31 regression affecting Front Page?

2004-05-28 Thread Joe Orton
On Fri, May 28, 2004 at 06:14:30AM -0400, Jeff Trawick wrote: Jeff Trawick wrote: This patch did it: http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/main/http_request.c?r1=1.173r2=1.174 Backing out the patch also fixes a DAV regression. See

mod_ssl/input filter review needed

2004-06-02 Thread Joe Orton
I'm working on a fix for #12355, the (infamous?) per-directory SSL renegotiation vs request with bodies bug. The issue is explained at length in ssl_engine_kernel.c; simply put: if an SSLRequire is specified in a directory/location context, it's necessary to perform an SSL handshake *after* the

Re: x86_64 atomics and linux

2004-06-03 Thread Joe Orton
On Wed, Jun 02, 2004 at 03:40:52PM -0400, Brian Akins wrote: AFAIK, the linux x86 atomic stuff can be used unchanged on Linux x86_64. This is based on my digging in the kernel source. All the functions apr uses are identical. This is already done for APR HEAD: a backport would probably

Re: Dechunking code in Apache 2.0.49

2004-06-04 Thread Joe Orton
On Fri, Jun 04, 2004 at 01:48:31AM +0200, Graham Leggett wrote: Mathias Herberts wrote: What is the position of the Apache community on the passing of 'hop by hop' headers to origin servers by mod_proxy? The code in proxy_http.c says 'RFC2616 13.5.1 says we should strip these headers', but

Re: 1.3.31 regression affecting Front Page?

2004-06-09 Thread Joe Orton
On Wed, Jun 09, 2004 at 09:21:07AM -0700, Rasmus Lerdorf wrote: Don't see that anywhere. Either eaten by spam filters or a gerbil. Anyway, I don't understand why this would have broken mod_dav. If mod_dav wants a keepalive connection it should determine this prior to the ap_die and set

Re: 1.3.31 regression affecting Front Page?

2004-06-09 Thread Joe Orton
On Wed, Jun 09, 2004 at 11:04:23AM -0700, Rasmus Lerdorf wrote: On Wed, 9 Jun 2004, Joe Orton wrote: On Wed, Jun 09, 2004 at 09:21:07AM -0700, Rasmus Lerdorf wrote: Don't see that anywhere. Either eaten by spam filters or a gerbil. Anyway, I don't understand why this would have

Re: Does anyone know how to statically link libssl.a vs libssl.so.x

2004-06-09 Thread Joe Orton
On Wed, Jun 09, 2004 at 04:04:45PM -0500, Avery, Ken wrote: Hello, I am trying to statically link libssl.a instead of libssl.so.x. After doing a buildconf, configure and make; then ldd httpd on the final executable to look at the shared library dependencies and libssl.so.x id there. I

Re: [PATCH] mod_deflate + mod_proxy bug

2004-06-10 Thread Joe Orton
On Wed, Jun 09, 2004 at 05:23:38PM -0400, Allan Edwards wrote: Running ProxyPass with mod_deflate results in an extraneous 20 bytes being tacked onto 304 responses from the backend. The problem is that mod_deflate doesn't handle the zero byte body, adds the gzip header and tries to

  1   2   3   4   5   6   7   8   9   10   >