Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/apache/dev/ en-us (c) Gossamer Threads Inc. All rights reserved. 08 Nov 2009 20:22:52 -0800 120 75 23 http://www.gossamer-threads.com/lists/apache/dev/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg +---------------------------------------------------------------------------+ | Bugzilla Bug ID 08 Nov 2009 15:08:17 -0800 http://www.gossamer-threads.com/lists/apache/dev/376442 +---------------------------------------------------------------------------+ | Bugzilla Bug ID 08 Nov 2009 15:08:16 -0800 http://www.gossamer-threads.com/lists/apache/dev/376441 On 11/07/2009 08:19 PM, sf@apache.org wrote: > Author: sf > Date: Sat Nov 7 19:19:10 2009 > New Revision: 833738 > > URL: http://svn.apache.org/view 07 Nov 2009 17:45:22 -0800 http://www.gossamer-threads.com/lists/apache/dev/376432 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Subject: CVE-2009-3555 - apache/mod_ssl vulnerability and mitigation Apache httpd is affected by CVE-2 06 Nov 2009 17:21:08 -0800 http://www.gossamer-threads.com/lists/apache/dev/376409 Folks, This is Vipul Gupta's patch (Bugzilla 40132) against today's trunk. This compiles and works under some manual testing. Looks like OpenSSL 06 Nov 2009 16:41:02 -0800 http://www.gossamer-threads.com/lists/apache/dev/376408 On 11/06/2009 11:33 PM, jorton@apache.org wrote: > Author: jorton > Date: Fri Nov 6 22:33:19 2009 > New Revision: 833582 > > URL: http://svn.apache. 06 Nov 2009 15:37:56 -0800 http://www.gossamer-threads.com/lists/apache/dev/376399 Hi, attached is a slightly different patch, it includes "!EXP" and I've moved the directive out of the vhost into the main server config (there's not 06 Nov 2009 15:19:12 -0800 http://www.gossamer-threads.com/lists/apache/dev/376396 With some feedback from various folks. Thanks, Dw. Apache httpd is affected by CVE-2009-3555[1] (The SSL Injectin or MiM attack[2]). We strongly 06 Nov 2009 14:13:14 -0800 http://www.gossamer-threads.com/lists/apache/dev/376385 Hi, I would like to propose the attached patch for inclusion in 2.2 (I'll commit to trunk soon unless I'm getting any -1s in response to this email). 06 Nov 2009 13:04:01 -0800 http://www.gossamer-threads.com/lists/apache/dev/376378 Folks, Maybe my understanding is limited and my fu is weak, but I have personally never had a use for mod_unique_id. The only thing it does for 05 Nov 2009 21:30:00 -0800 http://www.gossamer-threads.com/lists/apache/dev/376339 So with Joe his patch doing the right thing it seems (would be nice if we could get Ben or the OpenSSL guys to confirm that) - that we propably only 05 Nov 2009 17:38:28 -0800 http://www.gossamer-threads.com/lists/apache/dev/376328 With reference to the issue described here: http://www.ietf.org/mail-archive/web/tls/current/msg03948.html Considering the impact on mod_ssl, I'm ma 05 Nov 2009 06:01:26 -0800 http://www.gossamer-threads.com/lists/apache/dev/376279 using the newer clang/llvm static analysis on httpd trunk: <http://zeus.kimaker.com/~chip/httpd-scan/> 04 Nov 2009 13:44:49 -0800 http://www.gossamer-threads.com/lists/apache/dev/376239 So, after several conversations at Apachecon and on the list, we still have no real "vision" of how we want to move ahead with httpd "3.0." Or, if we 04 Nov 2009 10:26:53 -0800 http://www.gossamer-threads.com/lists/apache/dev/376229 Kamesh Jayachandran wrote: > Reasonable fix for this on the server side is to apply SSL_OP_NO_TICKET > patch and enable SSLSessionCache. There is ac 04 Nov 2009 01:35:40 -0800 http://www.gossamer-threads.com/lists/apache/dev/376200 ... viewvc is gone now :( hope we can restore that soon .... also I would like to remind that some snapshot branches need changed, or otherwise they 03 Nov 2009 14:38:06 -0800 http://www.gossamer-threads.com/lists/apache/dev/376192 On 11/03/2009 07:19 PM, sctemme@apache.org wrote: > Author: sctemme > Date: Tue Nov 3 18:19:33 2009 > New Revision: 832496 > > URL: http://svn.apach 03 Nov 2009 11:45:24 -0800 http://www.gossamer-threads.com/lists/apache/dev/376177 Hello, I am currently dealing with a situation where the Apache httpd process becomes unresponsive for some time. At the end of this time, the Ap 03 Nov 2009 08:52:49 -0800 http://www.gossamer-threads.com/lists/apache/dev/376169 Hi, I have been searching for a guide on how to use the FcgidAccessChecker command with a PHP script. In my tests I have tried calling a PHP-script 03 Nov 2009 06:53:32 -0800 http://www.gossamer-threads.com/lists/apache/dev/376163 On 10/28/2009 10:17 PM, fuankg@apache.org wrote: > Author: fuankg > Date: Wed Oct 28 21:17:50 2009 > New Revision: 830765 > > URL: http://svn.apache. 02 Nov 2009 12:34:24 -0800 http://www.gossamer-threads.com/lists/apache/dev/376104 +---------------------------------------------------------------------------+ | Bugzilla Bug ID 01 Nov 2009 15:08:18 -0800 http://www.gossamer-threads.com/lists/apache/dev/376012 +---------------------------------------------------------------------------+ | Bugzilla Bug ID 01 Nov 2009 15:08:17 -0800 http://www.gossamer-threads.com/lists/apache/dev/376011 Paul (or anyone else interested), Any interested in visiting mod_authn_cache over the hackathon? I won't be there physically but have been working 01 Nov 2009 01:20:04 -0800 http://www.gossamer-threads.com/lists/apache/dev/375988 Hi, consider this config: =================== <Location /sec> Order deny,allow Deny from all Allow from 1.2.3.4 </Location> <Location /> <LimitExcep 31 Oct 2009 16:14:33 -0800 http://www.gossamer-threads.com/lists/apache/dev/375975 On Thu, Oct 29, 2009 at 1:06 PM, <poirier@apache.org> wrote: > Author: poirier > Date: Thu Oct 29 17:06:15 2009 > New Revision: 831031 > > URL: http: 30 Oct 2009 04:58:46 -0800 http://www.gossamer-threads.com/lists/apache/dev/375940