httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@opensslfoundation.com>
Subject Re: [VOTE] Release Apache httpd 2.4.8 as GA
Date Wed, 12 Mar 2014 13:55:29 GMT
On 12/03/2014 12:29, Rainer Jung wrote:
> On 12.03.2014 11:37, Jim Jagielski wrote:
>> At the very least, upgrading from 2.4.7 to 2.4.8 should not
>> cause this much pain. I will let the vote run a bit more to
>> gauge additional feedback, but my sense says that 2.4.8
>> will likely be revoked/dropped and 2.4.9 will be proposed
>> which either (1) removes r1573360 or (2) fixes this bug.
> 
> Agreed, if it were only about 1.0.1e vs. 1.0.1f it would be not that big
> an issue but since all Major versions seem to show the behavior and
> there's no easy workaround for 0.9.8 except upgrading to 1.x, I'd say we
> should implement the workaround suggested by Steve.
> 

Applied to trunk as r1576741. I've tried to keep the changes to the absolute
minimum.

I've tested OpenSSL 0.9.8y without this change and can reproduce the crash. It
doesn't crash with this fix.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com

Mime
View raw message