Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5CE7518F7E for ; Wed, 18 Nov 2015 17:21:50 +0000 (UTC) Received: (qmail 57337 invoked by uid 500); 18 Nov 2015 17:21:49 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 57264 invoked by uid 500); 18 Nov 2015 17:21:49 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 57254 invoked by uid 99); 18 Nov 2015 17:21:49 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2015 17:21:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 6DD48C07D8 for ; Wed, 18 Nov 2015 17:21:49 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.102 X-Spam-Level: X-Spam-Status: No, score=-0.102 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id B_4Wo1AlR4qq for ; Wed, 18 Nov 2015 17:21:48 +0000 (UTC) Received: from mail-qg0-f50.google.com (mail-qg0-f50.google.com [209.85.192.50]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 1D6C021195 for ; Wed, 18 Nov 2015 17:21:48 +0000 (UTC) Received: by qgec40 with SMTP id c40so32568363qge.2 for ; Wed, 18 Nov 2015 09:21:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=8bTDUY1oGTWy5j8bNblv06zHpWBflEGrj68KTggCeCs=; b=kfZWPr2nDdn2WHlsQekngFU5GI4tEc3c+6WQwojmqp8cbz6nb/ugnGwZpXmMp3/tO2 bW2ZMp1GRh9C+wZWET3i+mXXc2SXPb142UAoUyhF5okhnnMSanGj5kUprN1Cf3tqHhT0 A0nb8ZcRkCWcTD/P8gMOqmckTtqiK/x7hChq8JpyiXMPm8vw51BgAEnhRz/0pfsDMQzC qxKyc5KOLAkHGTggcdQivqXot/pxzG88rWqvrii9spwUHnbFL06LvRZV7uxWc1x4Odlp 9YPCnGHE7iyXGjKZLbNlccNRgI9LUurgKsqHO3e/8dzt/3tewfkAFGTBuYbLK/FLmDP+ lB7A== MIME-Version: 1.0 X-Received: by 10.140.179.213 with SMTP id z204mr2927043qhz.70.1447867301596; Wed, 18 Nov 2015 09:21:41 -0800 (PST) Received: by 10.55.101.84 with HTTP; Wed, 18 Nov 2015 09:21:41 -0800 (PST) In-Reply-To: References: <20151117094854.AE44E3A024F@svn01-us-west.apache.org> Date: Wed, 18 Nov 2015 18:21:41 +0100 Message-ID: Subject: Re: svn commit: r1714742 - /httpd/httpd/branches/2.4.x/STATUS From: Yann Ylavic To: httpd-dev Content-Type: text/plain; charset=UTF-8 On Tue, Nov 17, 2015 at 3:50 PM, Yann Ylavic wrote: > On Tue, Nov 17, 2015 at 10:48 AM, wrote: >> >> Modified: httpd/httpd/branches/2.4.x/STATUS >> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1714742&r1=1714741&r2=1714742&view=diff >> ============================================================================== >> --- httpd/httpd/branches/2.4.x/STATUS (original) >> +++ httpd/httpd/branches/2.4.x/STATUS Tue Nov 17 09:48:54 2015 >> @@ -161,6 +161,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: >> 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-check_pipeline_blank_lines.patch >> (trunk works, meant to ease review) >> +1: ylavic, minfrin >> + icing: test 3 fails for me in t/security/CVE-2005-3357.t > > I can't reproduce this (with 2.4.x and this patch only)... Finally got it. The problem was about "HTTP spoken on HTTPS port" handling in ssl_io_filter_input() not prepared to AP_MODE_INIT from process_connection() and AP_MODE_SPECULATIVE read for H2Direct. I fixed it in r1715023 by extending the NON_SSL_* state machine, please review...