bugzilla | 1 Jul 09:15 2012
Picon

Bug report for Apache httpd-2 [2012/07/01]

+---------------------------------------------------------------------------+
| Bugzilla Bug ID                                                           |
|     +---------------------------------------------------------------------+
|     | Status: UNC=Unconfirmed NEW=New         ASS=Assigned                |
|     |         OPN=Reopened    VER=Verified    (Skipped Closed/Resolved)   |
|     |   +-----------------------------------------------------------------+
|     |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
|     |   |           MIN=Minor   NOR=Normal    ENH=Enhancement TRV=Trivial |
|     |   |   +-------------------------------------------------------------+
|     |   |   | Date Posted                                                 |
|     |   |   |          +--------------------------------------------------+
|     |   |   |          | Description                                      |
|     |   |   |          |                                                  |
| 7483|Ass|Enh|2002-03-26|Add FileAction directive to assign a cgi interpret|
| 8713|Inf|Min|2002-05-01|No Errorlog on PROPFIND/Depth:Infinity            |
| 9945|New|Enh|2002-06-18|[PATCH] new funtionality for apache bench         |
|10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i|
|11294|New|Enh|2002-07-30|desired vhost_alias option                        |
|11580|Opn|Enh|2002-08-09|generate Content-Location headers                 |
|12033|Opn|Nor|2002-08-26|Graceful restart immidiately result in [warn] long|
|12680|New|Enh|2002-09-16|Digest authentication with integrity protection   |
|13599|Inf|Nor|2002-10-14|autoindex formating broken for multibyte sequences|
|13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation  |
|14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR|
|14496|New|Enh|2002-11-13|Cannot upgrade any version on Windows. Must uninst|
|14922|Inf|Enh|2002-11-28|<target> is currently hardcoded to 'apache2'      |
|15719|Inf|Nor|2002-12-30|WebDAV MOVE to destination URI which is content-ne|
|16057|Ass|Maj|2003-01-14|module fails to init client_rmm and applies too ma|
|16126|Opn|Nor|2003-01-15|cache mishandles If-None-Match                    |
|16142|Opn|Maj|2003-01-15|MUST use strong comparison for Range requests     |
(Continue reading)

William A. Rowe Jr. | 2 Jul 18:20 2012
Picon

Re: mod_fcgid support for ap_meets_conditions()

On 6/29/2012 6:25 PM, Chris Darroch wrote:
> 
>   If this looks OK, I'd love to commit and move on to the next
> patch ... assuming I can keep paddling near the shore and avoid those
> dangerous undertows!  Thanks and cheers,

Looks sensible to me.

Rai, Pravesh R (STSD | 5 Jul 07:03 2012
Picon

RE: Need feedback for Apache 2.4.2

Hi All,

Can anybody please look into my request, below?

Thanks & Regards,
Pravesh

-----Original Message-----
From: Rai, Pravesh R (STSD) 
Sent: Wednesday, July 04, 2012 11:19 AM
To: 'William A. Rowe Jr.'
Cc: Lamons, Scott (Open Source Program Office); Sutula, Bryan (Open Source Program Office); Menkhus,
Mark (HAS GSE SSRT); Jones, Jason (Hou); Chow, William; Mahmood, Tariq (Tariq Mahmood Dar (IESL));
Mohammed, Arshad (STSD); M, Rakesh
Subject: Need feedback for Apache 2.4.2

Hi William,

Have realized that Apache 2.4.2 don't have Win32 source available on download page
(http://httpd.apache.org/download.cgi#apache24). Can you please let us know, whether the same will
be available in near future?

Thanks & Regards,
Pravesh
Jim Meyering | 5 Jul 13:49 2012
Picon

[PATCH] don't corrupt heap upon empty response from OCSP server

Hi,

This is my first httpd patch/report.
If you'd prefer that it go to a BZ or a different list, just let me know.

I found this by inspection: it appears that line[-1] (the heap) can be
corrupted.  Is it possible for len to be 0 at that point?  It looks like
it, since the preceding block guards against the len == 0 case.
However, I have not tried to trigger the flaw.

A minor note:  From the documentation of APLOGNO, it was not clear
whether I should change 01979, given that this patch changes its guard
condition in such a small way, so I left it.  You may want to burn the
01979 and simply use a new number.

Also, I didn't know of a recommended method for finding a number
for the new diagnostic, so I did a quick and dirty:

  git grep -w APLOGNO|sed 's/.*APLOGNO.//'|sort -nr|head

From 71485156919f20d2e0bf57370f5d520d0bff1da0 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering <at> redhat.com>
Date: Thu, 7 Jun 2012 22:48:15 +0200
Subject: [PATCH] don't corrupt heap upon empty response from OCSP server

* modules/ssl/ssl_util_ocsp.c (get_line): Don't set line[-1] to 0
when len == 0.
---
 modules/ssl/ssl_util_ocsp.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
(Continue reading)

Julian Reschke | 5 Jul 14:13 2012
Picon
Picon

build problems

Hi there,

I was trying to build trunk, and encountered the following problem 
(after running autoconf; assuming that was right):

> $ ./configure --prefix=/srv
> ./configure: line 2909: syntax error near unexpected token `Apache,'
> ./configure: line 2909: `APR_ENABLE_LAYOUT(Apache, errordir iconsdir htdocsdir cgidir)'

This was under Cygwin/Win7, but a colleague tried under OSX and Linux 
and got similar results.

Help appreciated,

Julian

RE: build problems

You don't need to run  autoconf. If you want to rebuild configure please run buildconf in the same directory
as configure.

Regards

Rüdiger 

> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke <at> gmx.de]
> Sent: Donnerstag, 5. Juli 2012 14:14
> To: dev <at> httpd.apache.org
> Subject: build problems
> 
> Hi there,
> 
> I was trying to build trunk, and encountered the following problem
> (after running autoconf; assuming that was right):
> 
> > $ ./configure --prefix=/srv
> > ./configure: line 2909: syntax error near unexpected token `Apache,'
> > ./configure: line 2909: `APR_ENABLE_LAYOUT(Apache, errordir iconsdir
> htdocsdir cgidir)'
> 
> This was under Cygwin/Win7, but a colleague tried under OSX and Linux
> and got similar results.
> 
> Help appreciated,
> 
> Julian

(Continue reading)

Julian Reschke | 5 Jul 14:52 2012
Picon
Picon

Re: build problems

On 2012-07-05 14:17, Plüm, Rüdiger, Vodafone Group wrote:
> You don't need to run  autoconf. If you want to rebuild configure please run buildconf in the same directory
as configure.
> ...

I don't want to *re*build configure, I just want to *build* it. It's not 
in SVN, after all.

So what are the correct steps, starting with a fresh checkout?

Best regards, Julian

RE: build problems

Then you need to execute buildconf. It is mandatory in this case.

Regards

Rüdiger

> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke <at> gmx.de]
> Sent: Donnerstag, 5. Juli 2012 14:53
> To: dev <at> httpd.apache.org
> Cc: Plüm, Rüdiger, Vodafone Group
> Subject: Re: build problems
> 
> On 2012-07-05 14:17, Plüm, Rüdiger, Vodafone Group wrote:
> > You don't need to run  autoconf. If you want to rebuild configure
> please run buildconf in the same directory as configure.
> > ...
> 
> I don't want to *re*build configure, I just want to *build* it. It's not
> in SVN, after all.
> 
> So what are the correct steps, starting with a fresh checkout?
> 
> Best regards, Julian

Julian Reschke | 5 Jul 15:06 2012
Picon
Picon

Re: build problems

On 2012-07-05 14:57, Plüm, Rüdiger, Vodafone Group wrote:
> Then you need to execute buildconf. It is mandatory in this case.
>
> Regards
>
> Rüdiger
> ...

I see; thanks for the help!

Jim Meyering | 5 Jul 19:33 2012
Picon

[PATCH] don't access(r/w) uri[-1] when validating resource w/empty uri string

At first I thought there must be code to guarantee
that a URI (resource->uri) has length > 0, but since I found
similar guards against precisely that case, e.g.,

    modules/dav/fs/repos.c-822
        char *uri = ap_make_dirstr_parent(ctx->pool, resource->uri);
        if (strlen(uri) > 1 && uri[strlen(uri) - 1] == '/')
            uri[strlen(uri) - 1] = '\0';

    modules/mappers/mod_dir.c-231
        /* Redirect requests that are not '/' terminated */
        if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/')

    modules/metadata/mod_cern_meta.c:293
        if (r->finfo.filetype == APR_DIR || r->uri[strlen(r->uri) - 1] == '/') {
        [ As I was looking through these other examples, I see that
          a zero-length r->uri could cause trouble here, too, since
          the above is *not* guarded. ]

it seems best to guard the use below, too:

From 5609908643d8456c6f56197102161e56d87e56c4 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering <at> redhat.com>
Date: Thu, 7 Jun 2012 20:36:16 +0200
Subject: [PATCH] don't access(r/w) uri[-1] when validating resource w/empty
 uri string

* modules/dav/main/util.c (dav_validate_resource_state):
Handle a zero-length URI string.
---
(Continue reading)


Gmane