httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: apr 0.9.2 release?
Date Fri, 14 Mar 2003 16:28:34 GMT

  we are waiting on only one issue; addressing the inherited apr
handles vulnerability discussed for httpd 2.0 cgi scripting on vuln-dev.

  Bjoern Zeeb has spearheaded the effort for the Apache and APR
projects to adopt appropriate patches... and as soon as those are
evaluated and committed you can expect APR 0.9.2 and very soon
after, Apache 2.0.45 built on that tag.  It's unclear to me (but I'm
starting to get a handle on it) if it's entirely Apache's issue (unlikely)
or if we have things to change in apr_file_inherit_set (likely).

  My confusion comes from the fact that I'm still wrapping my brain
around when FD_CLOEXEC actually is triggered, and how to safely
assure we close what we intend, and leave open the handles that
the author desires.

  Doesn't give you a definitive date, but I hope this helps explain
where we sit right now.  More eyeballs on Bjoern's patches will
definitely speed this along ;-)


At 09:38 AM 3/14/2003, you wrote:
>When will apr 0.9.2 be released?
>I am the FreeBSD maintainer of the apr port, and several users
>are asking me about this.
>Craig Rodrigues        

View raw message