Fwd: FYI: change to travis-ci emailer could cause moderation headaches

n that could be leveraged in the same way. If not, I suspect every email from travis.com will need to be moderated. Unless someone has a better idea of how to allow such emails without opening the floodgates. Sebb -- Eric Covener cove...@gmail.com

Re: svn commit: r1896976 - /httpd/httpd/branches/2.4.x/STATUS

> makes sense as well (Add compiled and loaded PCRE version numbers to "httpd > -V" output and to mod_info page). > > Question is if this should be a separate backport or merged with this > backport. If it is a separate backport, we > have an order dependency between these backports. Based on yo

Re: release vibes?

On Tue, Feb 8, 2022 at 4:43 AM Stefan Eissing wrote: > > Is there any consensus in doing a release this month? +1

Re: svn commit: r1898181 - /httpd/httpd/branches/2.4.x/STATUS

@Steffen Land any chance you can test the pcre8 update on Windows prior to integration in 2.4.x? > + https://github.com/apache/httpd/pull/289.diff > + (PR: https://github.com/apache/httpd/pull/289) > + +1: ylavic, rpluem, covener > + ylavic: This backport proposal inludes t

Re: c99

On Thu, Mar 3, 2022 at 8:54 AM Jim Jagielski wrote: > > I'm guessing we all heard the news that Linux is switching > to c99 from c89. > > Time for us to consider it as well? I thought they were skipping over c99 and going to c11. I think httpd has an extra wrinkle with legacy OS and compiler comb

Re: backports

On Fri, Mar 4, 2022 at 9:05 AM Jim Jagielski wrote: > > A question: Would it be easier for all this if we moved to being Github canon? I think it is much more straightforward. The original work, reviews and travis results are all in the same place and nothing is copied around. I have had the sam

Re: backports

> > To sum up: > > +1 on the option to use Github PRs for backports. > -1 to mandating the use of Github PRs for backports. > For backports specifically: Is a middle ground to not have GH block merging based on CI checks? This way PRs could be required, so revieers (the same reviewers we have tod

Re: backports

> I have the feeling that the work that has went into making our > tests run on travis is not sufficiently honoured in this discussion. > > Looking back on the last 6 years I participated here, the situation > now is *vastly* improved to what we had before. For me, the Travis CI > status is now *th

Re: [VOTE] Release httpd-2.4.53-rc2 as httpd-2.4.53

On Wed, Mar 9, 2022 at 11:19 AM Stefan Eissing wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.53-rc2 as 2.4.

mod_dumpio and per-dir loglevel

odies are read/written. Can anyone anticipate any issue/concern here with using ap_log_rerror? -- Eric Covener cove...@gmail.com

Re: Named shared memory on macOS Monterey

rams on each boot, due to SIP. > > Shouldn't we prefer posix over sysv in any case? -- Eric Covener cove...@gmail.com

Re: CVE-2022-1388

> Given the above, I believe the interpretation of X-F5-Auth-Token should > be that it is an end-to-end header, and should therefore NOT be removed > from the proxied request. > > The text does say "All other headers *defined by HTTP/1.1* are > end-to-end headers" (emphasis mine, of course), and th

Re: release anyone?

+1 ty! On Wed, May 25, 2022, 8:15 AM Stefan Eissing wrote: > Anyone feeling release vibes in the air? > > it's been a good 2.5 months and some things have accumulated. > Maybe the start of June would be a good target? > > Kind Regards, > Stefan >

tcp send buffering and keepalive races

People might recall an event bug where keepalive connections might be closed up to 200ms early (r1874350). I was recently looking at something with $bigco hat on where (IIUC) a slow TTFB for a proxied request causes TCP congestion to kick in and makes even a relatively short response sit in the wr

Re: svn commit: r1901554 - /httpd/test/framework/trunk/t/modules/sed.t

On Thu, Jun 2, 2022 at 4:17 PM Ruediger Pluem wrote: > > > > On 6/2/22 10:15 PM, Ruediger Pluem wrote: > > > > > > On 6/2/22 6:54 PM, Yann Ylavic wrote: > >> On Thu, Jun 2, 2022 at 1:04 PM wrote: > >>> > >>> Author: rpluem > >>> Date: Thu Jun 2 11:04:13 2022 > >>> New Revision: 1901554 > >>> > >

Re: [VOTE] Release httpd-2.4.54-rc1 as httpd-2.4.54

USH_FLAG I think whatever APR is missing 892162 from apr-trunk which defines this to 0. We should put some kind of hack into httpd I guess. I will do some trial and error in my sandbox. -- Eric Covener cove...@gmail.com

Re: [VOTE] Release httpd-2.4.54-rc1 as httpd-2.4.54

2.4.x ready to reroll On Sat, Jun 4, 2022 at 7:36 AM Eric Covener wrote: > > On Sat, Jun 4, 2022 at 7:11 AM Stefan Eissing wrote: > > > > How is the definition in your include/apr.h for APR_TCP_NOPUSH_FLAG? On my > > macOS it is: > > > > #define APR_TCP_NOP

Re: [VOTE] Release httpd-2.4.54-rc2 as httpd-2.4.54

On Sat, Jun 4, 2022 at 8:59 AM Stefan Eissing wrote: > > Hi all, > > next attempt at 2.5.54. Thanks everyone for participating! > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few day

Re: [VOTE] Release httpd-2.4.54-rc2 as httpd-2.4.54

On Sat, Jun 4, 2022 at 4:17 PM John Doe wrote: > > Hi, > Eric's fix did not fix because I'm building with APR 1.7.0. > > In apr.hw 1.7.0 there is > /* If we have a TCP implementation that can be "corked", what flag > * do we use? > */ > #define APR_TCP_NOPUSH_FLAG @apr_tcp_nopush_flag@ > >

Re: [VOTE] Release httpd-2.4.54-rc2 as httpd-2.4.54

On Mon, Jun 6, 2022 at 7:09 AM Stefan Eissing wrote: > > Guys, shall I make an rc3 with the recent apr version check changes? It seems > the correct way to handle this... Especially given limited votes, I think so.

Re: [VOTE] Release httpd-2.4.54-rc3 as httpd-2.4.54

On Tue, Jun 7, 2022 at 6:04 AM Stefan Eissing wrote: > > Seems a lot of people are either on vacation or busy - and that is fine. > > Since the rc* candidates merely differed on the TCP_FLUSH defines, I tend > to count all positive votes as still applicable! +1 aix/xlc/ppc64

Re: svn commit: r1901500 - in /httpd/httpd/trunk: include/http_protocol.h server/protocol.c

On Wed, Jun 8, 2022 at 11:10 AM Ivan Zhakov wrote: > > On Wed, 1 Jun 2022 at 15:34, wrote: > > > > Author: covener > > Date: Wed Jun 1 12:33:53 2022 > > New Revision: 1901500 > > > > URL: http://svn.apache.org/viewvc?rev=1901500&view=rev > > Log: > > handle large writes in ap_rputs > > > > Modif

Re: svn commit: r1901514 - in /httpd/test/framework/trunk: README t/conf/extra.conf.in t/modules/sed.t

On Thu, Jun 9, 2022 at 11:11 AM Rainer Jung wrote: > > I wonder, what the following test is expected to test? I can't really > make it work reliably here. Sometimes I get an ENOMEM on the server, > sometimes it takes a long time and much CPU, sometimes the client gets a > 596 AnyEvent::HTTP error

Re: [httpd-site] branch main updated: add inline details

.apache.org/repos/asf/httpd-site.git > > > > > > The following commit(s) were added to refs/heads/main by this push: > > new de34c89 add inline details > > de34c89 is described below > > > > commit de34c893c06b0a65a23bc4684a5eaf2f85c29881 > >

Re: CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()

On Wed, Jun 8, 2022 at 5:43 AM Stefan Eissing wrote: > > Severity: low > > Description: > > The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read > unintended memory if an attacker can cause the server to reflect very large > input using ap_rwrite() or ap_rputs(), such as wi

Re: svn commit: r1902318 - in /httpd/httpd/trunk: docs/log-message-tags/next-number server/listen.c

(or DNS lookup failure... from the other commit) On Tue, Jun 28, 2022 at 9:22 AM Eric Covener wrote: > > On Tue, Jun 28, 2022 at 9:06 AM wrote: > > > > Author: gbechis > > Date: Tue Jun 28 13:06:55 2022 > > New Revision: 1902318 > > > > URL: http://

Re: svn commit: r1902318 - in /httpd/httpd/trunk: docs/log-message-tags/next-number server/listen.c

On Tue, Jun 28, 2022 at 9:06 AM wrote: > > Author: gbechis > Date: Tue Jun 28 13:06:55 2022 > New Revision: 1902318 > > URL: http://svn.apache.org/viewvc?rev=1902318&view=rev > Log: > check apr_sockaddr_info_get return value > bz #66136 > > Modified: > httpd/httpd/trunk/docs/log-message-tags/n

Re: tcp send buffering and keepalive races

> >>From the behavior, it appears the browser is: > > > > 1) willing to use nearly every millisecond of the advertised KeepAlive > > time for reusing a connection from its pool Just so this doesn't incept anyone with this misinfo, I recently learned that chrome does not parse the Keep-Alive timeou

Re: apreq documentation

> If we reach an agreement on the new look, it can be uploaded on a.o.org > to refresh the look and be more consistent with the rest of the website. +1 for the updated version, thanks!

Re: svn commit: r1904269 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/http2/ test/modules/http2/

On Wed, Oct 5, 2022 at 12:44 PM Roy T. Fielding wrote: > > > On Sep 26, 2022, at 5:29 AM, ic...@apache.org wrote: > > > > Author: icing > > Date: Mon Sep 26 12:29:47 2022 > > New Revision: 1904269 > > > > URL: http://svn.apache.org/viewvc?rev=1904269&view=rev > > Log: > > *) mod_http2: new direct

Re: friends of mod_proxy

On Thu, Oct 6, 2022 at 10:21 AM Stefan Eissing via dev wrote: > > Friends of mod_proxy, I have a question: > > In someone reported wrong > connection reuse for a config like: > > ProxyPassMatch ^/(prod|dev)/([-a-z0-9]+)/(.*)$ h2://$2.internal/$1/$2/$3

Re: friends of mod_proxy

On Mon, Oct 10, 2022 at 11:55 AM Yann Ylavic wrote: > > On Fri, Oct 7, 2022 at 9:14 PM Ruediger Pluem wrote: > > > > On 10/7/22 7:11 PM, Stefan Eissing via dev wrote: > > > > > > > > >> Am 07.10.2022 um 18:45 schrieb Yann Ylavic : > > >> > > > > > > Thanks, Yann, for the detailed explanation on h

Re: Define variable in modules

On Thu, Oct 20, 2022 at 9:56 AM Nick Gearls wrote: > > Hello, > > It would sometimes be very handy to be able to define a variable (like -D on > command-line or "Define xxx" in the config) inside a module. > This would, for instance, allow to have a config file based on a define from > the modul

Re: FasterXML jackson-databind version 2.13.3 vulnerabilities

On Thu, Oct 27, 2022 at 3:43 AM Payyavula, Manjula Vani via dev wrote: > > Hi Team, > > Please reply to my below query. > We are using FasterXML jackson-databind version 2.13.3 but facing > vulnerabilities like CVE-2022-42003 > So we have used FasterXML jackson-databind version 2.14.0-rc1but >

Re: [libapreq2] nits to pick about the patches to util.c over the past few years

is not the answer, it’s not thread safe either). >>> >>> >>> >>> >>> >>> Joe Schaefer, Ph.D. >>> >>> >>> >>> 954.253.3732 >>> >>> SunStar Systems CMS <https://sunstarsys.com/CMS/> *- The Original >>> Markdown JAM Stack**™* >>> >>> >>> >> >> >> -- >> Joe Schaefer, Ph.D. >> We only build what you need built. >> >> 954.253.3732 >> >> >> > > -- > Joe Schaefer, Ph.D. > We only build what you need built. > > 954.253.3732 > > > -- Eric Covener cove...@gmail.com

Re: [libapreq2] nits to pick about the patches to util.c over the past few years

2022 at 4:51 PM Joe Schaefer wrote: >> >>> Hell no. But there are consequences to treating the project as a guinea >>> pig for httpd. >>> >>> On Fri, Oct 28, 2022 at 4:50 PM Eric Covener wrote: >>> >>>> Would you like to main

security_tips.xml CGI review

Hi, I someone inexplicably cross-posted this snippet to several subreddits as helpful advice. I'd like to gut it the scriptalias/nonscriptalias sections and just add a note about limiting the scope that CGI is enabled http://people.apache.org/~covener/scritpalias.diff Does anyone see anything wor

Re: FW: Support for OpenSSL 3.0 in HTTPD

On Tue, Nov 22, 2022 at 3:46 AM Sandeep 1. Maurya (EXT-NSB) wrote: > As per OpenSSL release strategy "Version 1.1.1 will be supported until > 2023-09-11 (LTS)". Will HTTPD extend the support for OpenSSL 1.1.1 on EL8 > beyond this timeline or there any plan to update to OpenSSL 3.0 Sounds like a

Re: svn commit: r1904518 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.h modules/proxy/mod_proxy_hcheck.c

(int)hc->s->method); > } > /* what state are we in ? */ > -else if (PROXY_WORKER_IS_HCFAILED(worker)) { > +else if (PROXY_WORKER_IS_HCFAILED(worker) || > PROXY_WORKER_IS_ERROR(worker)) { > if (rv == APR_SUCCESS) { > worker->s->pcount += 1; > if (worker->s->pcount >= worker->s->passes) { > > -- Eric Covener cove...@gmail.com

rotatelogs tweak?

ou restart, you don't want to truncate. This would also replace some of the "misuse" of the confusing -n I added that is very prickly to make intuitive without -t. -- Eric Covener cove...@gmail.com

Intent to T&R early next week

Hi all, I will be making my first attempt to RM early next week (Jan 10). Reminder to get any backports in order before then. -- Eric Covener cove...@gmail.com

Re: stable branch

On Mon, Jan 9, 2023 at 3:48 AM Emmanuel Dreyfus wrote: > > Hello > > I see in httpd/branches/2.4.x/STATUS that my DAVlockDiscovery > contribution now has three +1 including mine. May I commit > the change to the branch? > > *) mod_dav: DAVlockDiscovery option to disable WebDAV lock discovery >

Re: stable branch

On Mon, Jan 9, 2023 at 9:23 AM Emmanuel Dreyfus wrote: > > On Mon, Jan 09, 2023 at 08:05:30AM -0500, Eric Covener wrote: > > Yes. Most times, the person who proposed it does the final backport. > > Sometimes, the last person to vote or someone preparing a release will > >

Re: svn commit: r1906494 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/expr.xml docs/manual/mod/mod_authn_core.xml modules/aaa/mod_authn_core.c

On Mon, Jan 9, 2023 at 10:11 AM Ruediger Pluem wrote: > > > > On 1/9/23 2:16 PM, cove...@apache.org wrote: > > Author: covener > > Date: Mon Jan 9 13:16:50 2023 > > New Revision: 1906494 > > > > URL: http://svn.apache.org/viewvc?rev=1906494&view=rev > > Log: > > Merge r1663123, r1670431 from trun

Re: stable branch

On Mon, Jan 9, 2023 at 10:35 AM Ruediger Pluem wrote: > > > > On 1/9/23 3:54 PM, Emmanuel Dreyfus wrote: > > On Mon, Jan 09, 2023 at 09:37:37AM -0500, Eric Covener wrote: > >> svn relocate http://svn.apache.org https://svn.apache.org > > > > That

[VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55

httpd-2.4.55-rc1.tar.gz sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6 *httpd-2.4.55-rc1.tar.gz The SVN candidate source is found at tags/2.4.55-rc1-candidate. -- Eric Covener cove...@gmail.com

Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55

On Tue, Jan 10, 2023 at 8:40 AM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate

Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55

On Tue, Jan 10, 2023 at 10:17 AM Giovanni Bechis wrote: > > On Tue, Jan 10, 2023 at 08:40:52AM -0500, Eric Covener wrote: > > Hi all, > > > > Please find below the proposed release tarball and signatures: > > > > https://dist.apache.org/repos/dist/dev/httpd/

Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55

> different child processes due to TCP queuing/scheduling (and the > backend connection would not be reused obviously). Looks like no as they are two one-shot curl executable calls, but from grepping around the framework does have the easy ability to append to the config and restart for a test. -- Eric Covener cove...@gmail.com

Re: svn commit: r1906618 - /httpd/httpd/branches/2.2.x/docs/manual/rewrite/intro.xml

with > /home/rbowen/devel/presentations/puzzles [OK] > > But the actual response returned to the cli is: > > $ curl -v http://localhost/games > * Trying 127.0.0.1:80... > * Connected to localhost (127.0.0.1) port 80 (#0) > > GET /games HTTP/1.1 > > Host:

Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55

Vote, passes w/ 6 binding +1 and no -1: +1 covener, jorton, icing, ylavic, jim, gbechis I will continue the release process tomorrow. On Tue, Jan 10, 2023 at 8:40 AM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https

Re: [httpd-site] branch main updated: publishing release httpd-2.4.55

t; The following commit(s) were added to refs/heads/main by this push: > > new 83e7062 publishing release httpd-2.4.55 > > 83e7062 is described below > > > > commit 83e7062476d4a912f20ab275137b9587d441fdf0 > > Author: Eric Covener > > AuthorDate:

Re: [httpd-site] branch main updated: publishing release httpd-2.4.55

Humbedooh is helping. Note that the SVN repo is dead content, real content is in g...@github.com:/apache/httpd-site On Tue, Jan 17, 2023 at 11:39 AM Eric Covener wrote: > > I think it's > https://svn.apache.org/repos/asf/httpd/site/trunk/content/security/cvejsontohtml.py &g

Re: [httpd-site] branch main updated: publishing release httpd-2.4.55

at. There seems to be a mix of "timeline" > entries that are not consistent throughout the dir (even when accounting > for v4.0 vs v5.0 CVE data), and those were throwing spanners into the > build process. > > The CVE page should be back now, however. > > On 2023-01-17

Re: mod_wasm: Contributing Upstream to Apache

> We are still very interested in contributing this module upstream and helping > to maintain it. Please, let us know what improvements or changes would be > needed for it to be considered ready for inclusion. As a pessimistic PMC member not caring about WASM or these languages, I worry that mar

Re: svn commit: r1907031 - /httpd/httpd/trunk/docs/manual/mod/mod_proxy.xml

+ > + > +For Apache HTTP Server 2.4.46 and earlier (or if > + module="mod_proxy_wstunnel">ProxyWebsocketFallbackToProxyHttp > +from 2.4.48 and later disables mod_proxy_http > handling), see the > +documentation of mod_proxy_wstunnel for how to > proxy the WebSocket > +protocol. > + > > > > > -- Eric Covener cove...@gmail.com

Re: MS-WDV and other MS extensions

On Fri, Feb 10, 2023 at 9:17 AM Emmanuel Dreyfus wrote: > > Hello > > I am ready to commit MS-WDV support for mod_dav. There are many other > MS extensions, and I just wonder if we should prepare to configure MS > extensions one by one or as a whole > > I mean, what directive makes more sense in

Re: [VOTE] broader RTC exception for 2.4.x CI changes

On Wed, Feb 15, 2023 at 8:49 AM Joe Orton wrote: > > Per my previous Travis is dead, long live GitHub actions. > > I propose to broaden the RTC exception in 2.4.x/STATUS to allow CI > config changes and scripts to be merged from trunk: > > Index: STATUS > ==

Re: Why is my merge_dir_config not called

Does your config have directives from dav_fs in two overlapping sections? On Wed, Mar 1, 2023, 4:36 AM Emmanuel Dreyfus wrote: > Hello > > I am trying to add a per-directory confioguration directive to mod_dav_fs, > but the merge_dir_config() calback is never called, and I always get the > value

Re: [apache/httpd] Event wip (PR #294)

> FWICT, AsyncRequestWorkerFactor started with r1137755 as a tunable > overcommit for the per-child queuing capacity, that is (IIUC) to favor > queuing connections over spawning new children (preferably when > requests can be handled without or with limited blocking). I had internalized this compl

intent to T&R this weekend

so get all of your destabilizing fixes in while you can!

Re: svn commit: r1907972 - in /httpd/httpd/trunk/modules: http2/mod_proxy_http2.c proxy/mod_proxy.c proxy/mod_proxy_ajp.c proxy/mod_proxy_balancer.c proxy/mod_proxy_fcgi.c proxy/mod_proxy_http.c proxy

> Modified: httpd/httpd/trunk/modules/http2/mod_proxy_http2.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/mod_proxy_http2.c?rev=1907972&r1=1907971&r2=1907972&view=diff > == > --- httpd/httpd/trunk

[VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

httpd-2.4.56-rc1.tar.gz sha512: 68b1e8c3e3436e6947c0ccfeee6fea83254560e4d43bddbc79a4206d804a6dda6662cf5734e0b2f4019ab5c1fff40141a16dd7698e8fe72b7fd343fbebd42724 *httpd-2.4.56-rc1.tar.gz The SVN candidate source is found at tags/2.4.56-rc1-candidate. -- Eric Covener cove...@gmail.com

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

On Sun, Mar 5, 2023 at 4:31 PM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

I am going to call this one early and proceed with the release. 9 binding +1 and no other votes. fielding, covener, icing, gbechis, ylavic, jblond, jorton, steffenAL, rpluem On Tue, Mar 7, 2023 at 3:18 AM Ruediger Pluem wrote: > > > > On 3/5/23 10:31 PM, Eric Covener wrote

Re: svn commit: r1908179 - /httpd/dev-tools/release/README

> - If CHANGES is really bad, cosnider replacing the various CHANGES files > on dist/httpd. > + If CHANGES is really bad, consider replacing the various CHANGES files > on dist/httpd. > > On vote failure or when aborting for other reasons: > > $DEV_TOOLS/release/reset-candidate.sh version > > -- Eric Covener cove...@gmail.com

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

On Wed, Mar 8, 2023 at 4:57 PM BUSH Steve wrote: > Please remember to send the release announcement to annou...@httpd.apache.org Maybe a moderation issue? Can anyone with the proper hat help check it out please?

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

On Wed, Mar 8, 2023 at 11:02 PM BUSH Steve wrote: > Correction! > > I used our test template for the rule when I e-mailed just now, but once > it is converted to the apache httpd.conf format, the actual rule appears in > the httpd.conf as: > > RewriteRule ^/zoology/animals/reset/(\d+)$ "/auth/lau

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

On Thu, Mar 9, 2023 at 12:14 PM wrote: > > On 3/9/23 05:30, Eric Covener wrote: > > > > > > On Wed, Mar 8, 2023 at 11:02 PM BUSH Steve > <mailto:steven.b...@3ds.com>> wrote: > > > > Correction! > > > > I used our test temp

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

g the spaces either as \%20 (path or query string) or + (query > string) does eliminate the problem for our mappings. > > > > From: Eric Covener > Sent: Wednesday, March 8, 2023 8:31 PM > To: dev@httpd.apache.org > Subject: Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

On Fri, Mar 10, 2023 at 11:57 AM Yann Ylavic wrote: > > On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote: > > > > Saw another report on users@ > > > > Any thoughts on something like this to just allow spaces? > > http://people.apache.org/~covener/pat

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

> Allowing a space to be sent within the proxied request target is not an > option, > regardless of how the user has configured the server. The CVE fix was just to > prevent an invalid target sent from us. This context in mod_rewrite is not specific to proxying. The CVE is addressed in a similar

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

Pulling up some of the checks so we can consider the flag: http://people.apache.org/~covener/patches/rewrite-escaping.diff (needs to be duplicated in fixups hook) On Fri, Mar 10, 2023 at 11:57 AM Yann Ylavic wrote: > > On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote: > > >

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

committed two related things to trunk this afternoon: - allow anything if redirecting and no [NE] flag - add another [B] like flag that escapes only controls and spaces. On Sat, Mar 11, 2023 at 2:30 PM Eric Covener wrote: > > Pulling up some of the checks so we can consider the flag:

Re: svn commit: r1908301 - in /httpd/httpd/trunk: changes-entries/rewrite-bctls docs/manual/rewrite/flags.xml modules/mappers/mod_rewrite.c

On Mon, Mar 13, 2023 at 8:31 AM Yann Ylavic wrote: > > On Sat, Mar 11, 2023 at 11:10 PM wrote: > > > > Author: covener > > Date: Sat Mar 11 22:10:09 2023 > > New Revision: 1908301 > > > > URL: http://svn.apache.org/viewvc?rev=1908301&view=rev > > Log: > > add [BCTLS] alternative to [B] for 2.4.56

Re: svn commit: r1908300 - in /httpd/test/framework/trunk/t: conf/extra.conf.in modules/rewrite.t

On Mon, Mar 13, 2023 at 3:26 AM Ruediger Pluem wrote: > > > > On 3/11/23 10:31 PM, cove...@apache.org wrote: > > Author: covener > > Date: Sat Mar 11 21:31:14 2023 > > New Revision: 1908300 > > > > URL: http://svn.apache.org/viewvc?rev=1908300&view=rev > > Log: > > test [P] flag > > > > Modified:

Re: svn commit: r1908349 - in /httpd/test/framework/trunk/t: conf/extra.conf.in modules/rewrite.t

; > -my $escape_tests = have_min_apache_version("2.4.57") ? scalar(@escapes) : 0; > +my $escape_tests = have_min_apache_version("2.4.57") ? scalar(@escapes) + > scalar(@bflags) : 0; > > plan tests => @map * @num + 16 + $vary_header_tests + $cookie_tests + &g

Re: svn commit: r1908349 - in /httpd/test/framework/trunk/t: conf/extra.conf.in modules/rewrite.t

On Mon, Mar 13, 2023 at 10:59 AM Ruediger Pluem wrote: > > > > On 3/13/23 3:23 PM, Eric Covener wrote: > > Yann, can you check out the failure I committed and see if it's me or > > unintended? Everything else went pretty smooth and looks useful in a > > bin

Re: svn commit: r1908349 - in /httpd/test/framework/trunk/t: conf/extra.conf.in modules/rewrite.t

On Mon, Mar 13, 2023 at 12:05 PM Yann Ylavic wrote: > > On Mon, Mar 13, 2023 at 4:13 PM Ruediger Pluem wrote: > > > > On 3/13/23 4:04 PM, Eric Covener wrote: > > > On Mon, Mar 13, 2023 at 10:59 AM Ruediger Pluem wrote: > > >> > > >> &

Re: svn commit: r1908349 - in /httpd/test/framework/trunk/t: conf/extra.conf.in modules/rewrite.t

On Mon, Mar 13, 2023 at 12:31 PM Yann Ylavic wrote: > > On Mon, Mar 13, 2023 at 5:25 PM Eric Covener wrote: > > > > On Mon, Mar 13, 2023 at 12:05 PM Yann Ylavic wrote: > > > > > > I could get where you want to with the attached patch (before you > >

Re: svn commit: r1908349 - in /httpd/test/framework/trunk/t: conf/extra.conf.in modules/rewrite.t

On Mon, Mar 13, 2023 at 2:01 PM Yann Ylavic wrote: > > On Mon, Mar 13, 2023 at 5:48 PM Yann Ylavic wrote: > > > > On Mon, Mar 13, 2023 at 5:42 PM Eric Covener wrote: > > > > > > On Mon, Mar 13, 2023 at 12:31 PM Yann Ylavic wrote: > > > > >

Re: svn commit: r1908359 - /httpd/httpd/trunk/modules/mappers/mod_rewrite.c

d_p > err, a1, a2, a3); > } > > -/* arg3: optional flags field */ > newrule->forced_mimetype = NULL; > newrule->forced_handler = NULL; > newrule->forced_responsecode = HTTP_MOVED_TEMPORARILY; > @@ -3863,6 +3872,9 @@ static const char *cmd_rewriterule(cmd_p > newrule->cookie = NULL; > newrule->skip = 0; > newrule->maxrounds = REWRITE_MAX_ROUNDS; > +newrule->escapes = newrule->noescapes = NULL; > + > +/* arg3: optional flags field */ > if (a3 != NULL) { > if ((err = cmd_parseflagfield(cmd->pool, newrule, a3, >cmd_rewriterule_setflag)) != NULL) { > > -- Eric Covener cove...@gmail.com

I plan to RM some time this weekend

Primarily to pick up PR66547 and the rewrite improvements, but I also seen an h2 crash addressed. -- Eric Covener cove...@gmail.com

[VOTE] Release httpd-2.4.57-rc1 as httpd-2.4.57

httpd-2.4.57-rc1.tar.gz sha512: 730560d4aab3699aa59716bb75858f8432a902aeab3c380b4d3e0f6813e9ae4e278d3b7fdf63a4e94c07b5100933d8684d76f6095f3d60d48ea0f1458c9ed0b4 *httpd-2.4.57-rc1.tar.gz The SVN candidate source is found at tags/2.4.57-rc1-candidate. -- Eric Covener cove...@gmail.com

Re: [VOTE] Release httpd-2.4.57-rc1 as httpd-2.4.57

On Sun, Apr 2, 2023 at 12:10 PM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate

Re: [VOTE] Release httpd-2.4.57-rc1 as httpd-2.4.57

On Sun, Apr 2, 2023 at 12:10 PM Eric Covener wrote: > > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate

Re: ci vs PR approvals? (was: [apache/httpd] Fix a possible NULL pointer dereference in hook_uri2file (PR #355))

ly. > > > > > Any more ideas? Help from infra needed? > > > > Regards; > > Yann. > > > > [1] > > https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks We are chatting with Daniel about it on ASF slack. -- Eric Covener cove...@gmail.com

Re: svn commit: r1909073 - in /httpd/httpd/trunk/docs/manual: mod/mod_rewrite.xml rewrite/flags.xml

On Wed, Apr 12, 2023 at 2:52 AM Ruediger Pluem wrote: > > > > On 4/11/23 11:36 PM, cove...@apache.org wrote: > > Author: covener > > Date: Tue Apr 11 21:36:55 2023 > > New Revision: 1909073 > > > > URL: http://svn.apache.org/viewvc?rev=1909073&view=rev > > Log: > > PR66563: escaping of url releate

Re: graceful stop of child process in a module

On Fri, Apr 14, 2023 at 11:49 AM jean-frederic clere wrote: > > Hi, > > I am try to gracefully stop a child process instead using ap_assert(0), > is there a "clean way" to do that? I added something like this to our distribution in IBM to address a hairy problem with our security library. Each M

Re: graceful stop of child process in a module

On Mon, Apr 17, 2023 at 10:16 AM jean-frederic clere wrote: > > On 4/17/23 01:00, Eric Covener wrote: > > On Fri, Apr 14, 2023 at 11:49 AM jean-frederic clere > > wrote: > >> > >> Hi, > >> > >> I am try to gracefully stop a child process

Re: ci vs PR approvals? (was: [apache/httpd] Fix a possible NULL pointer dereference in hook_uri2file (PR #355))

On Tue, Apr 25, 2023 at 2:45 AM Ruediger Pluem wrote: > > > > On 4/12/23 2:02 PM, Yann Ylavic wrote: > > On Wed, Apr 12, 2023 at 1:31 PM Eric Covener wrote: > >> > >> On Wed, Apr 12, 2023 at 6:36 AM Yann Ylavic wrote: > >>> > >

Re: ci vs PR approvals? (was: [apache/httpd] Fix a possible NULL pointer dereference in hook_uri2file (PR #355))

On Tue, Apr 25, 2023 at 2:45 PM Graham Leggett via dev wrote: > > On 25 Apr 2023, at 07:45, Ruediger Pluem wrote: > > 2. Switching from Subversion to Git is mostly an emotional problem for me. We > have some closer ties to Subversion by some > overlaps in the community and via mod_dav_svn we k

Re: [VOTE] Switch read/write repository from Subversion to Git

[x]: Move the read/write repository from Subversion to Git and leverage the features of Github (for now Actions and PR).

Fwd: [apache/httpd] don't forward invalid query strings (d78a166)

8a166) To: apache/httpd Cc: Eric Covener , Mention Hi @covener <https://github.com/covener>. This is impacting lots of existing websites already. What is the downside if BCTLS can be enabled by default with an Apache config option, and there is a new flag to disable it in each Rewrite

Re: Fwd: [apache/httpd] don't forward invalid query strings (d78a166)

On Tue, May 9, 2023 at 11:51 AM Ruediger Pluem wrote: > > > > On 5/9/23 4:33 PM, Yann Ylavic wrote: > > On Tue, May 9, 2023 at 2:10 PM Yann Ylavic wrote: > >> > >> On Tue, May 9, 2023 at 12:55 PM Ruediger Pluem wrote: > >>> > >>>

Re: Fwd: [apache/httpd] don't forward invalid query strings (d78a166)

On Tue, May 9, 2023 at 3:14 PM Ruediger Pluem wrote: > > > > On 5/9/23 8:01 PM, Eric Covener wrote: > > On Tue, May 9, 2023 at 11:51 AM Ruediger Pluem wrote: > >> > >> > >> > >> On 5/9/23 4:33 PM, Yann Ylavic wrote: > >>> On Tu

Re: Fwd: [apache/httpd] don't forward invalid query strings (d78a166)

at 6:18 PM Eric Covener wrote: > > On Tue, May 9, 2023 at 3:14 PM Ruediger Pluem wrote: > > > > > > > > On 5/9/23 8:01 PM, Eric Covener wrote: > > > On Tue, May 9, 2023 at 11:51 AM Ruediger Pluem wrote: > > >> > > >> > > >&g

Re: Fwd: [apache/httpd] don't forward invalid query strings (d78a166)

On Thu, May 18, 2023 at 6:40 AM Ruediger Pluem wrote: > > > > On 5/18/23 3:17 AM, Eric Covener wrote: > > bump? Just was reminded by a thread on reddit (config unclear but > > probably not non-cfgi proxy as it's a PHP app) > > > > If the proxy modules w

Re: Fwd: [apache/httpd] don't forward invalid query strings (d78a166)

> But r->args is encoded. Hence they need to decode anyway as there could be > other > encoded stuff in it or spaces that have not been taken decoded from the path. These are applications/configurations that were functional prior to the change though. I don't think the risk of differing spaces in

Re: Apache2 chroot problem: towards a solution

> I am writing to you today to ask for your help in resolving this issue. I don't think this issue required another thread. Have you tried https://httpd.apache.org/docs/2.4/mod/mod_unixd.html#chrootdir ?

  1   2   3   4   5   6   7   8   9   10   >