On 25.01.2012 23:59, William A. Rowe Jr. wrote:
Candidate binaries are available from http://httpd.apache.org/dev/dist/ -
these do not yet constitute ASF releases. Win32 specific artifacts
(x86 binary distribution and -win32-src.zip) will follow shortly, once
I fix the release.sh breakage.
There are two considerations, as Jim pointed out. First a choice;
[X] Include apr-util 1.4.1 in any httpd 2.2.x
[ ] Remain at apr-util 1.3.12 in any httpd 2.2.x
IMHO 1.4.1 is an acceptable risk.
And the vote (I'll have to resubmit if the preference is 1.3.12, but here goes);
+/-1
[ +1] Release httpd 2.2.22 [with apr-util 1.4.1] as GA
+1 for release using APU 1.4.1.
Overview:
Minor problem (not a regression): config.guess and config.sub are a bit
old (2008) due to
buildconf in the released apr overwriting the config.* in our svn by the
system config.*. This is fixed for future apr releases.
One new finding (but not a regression): when building with gcc 4.6.2
configure fails during the version check for an external apr-util. gcc
4.6.2 aborts when parsing apu_version.h because the file includes
apr_version.h and the configure check has only includes set for apu, so
the external apr_version.h is not found. Older gcc 4.1.2 also outputs an
error but does not abort so for the older gcc the check succeeds. I will
propose a fix.
One non-reproducible test failure for test 150 in t/ssl/proxy.t on
Solaris 10 using external libs:
# Failed test 150 in .../Apache-Test/lib/Apache/TestCommonPost.pm at
line 131 fail #131
#lwp request:
#POST https://localhost:8549/eat_post HTTP/1.0
#User-Agent: libwww-perl/5.836
#Content-Length: 29696
#
#server response:
#HTTP/1.1 502 Proxy Error
#Connection: close
#Date: Sun, 29 Jan 2012 10:43:26 GMT
#Content-Length: 396
#Content-Type: text/html; charset=iso-8859-1
#Client-Date: Sun, 29 Jan 2012 10:43:26 GMT
#Client-Peer: 127.0.0.1:8549
#Client-SSL-Cert-Issuer: /C=US/ST=California/L=San
Francisco/O=ASF/OU=httpd-test/CN=ca/emailAddress=test-...@httpd.apache.org
#Client-SSL-Cert-Subject: /C=US/ST=California/L=San
Francisco/O=ASF/OU=httpd-test/rsa-test/CN=localhost/emailAddress=test-...@httpd.apache.org
#Client-SSL-Cipher: DHE-RSA-AES256-SHA
#Client-SSL-Warning: Peer certificate not verified
#Title: 502 Proxy Error
#
# testing : length posted
# expected: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
# <html><head>
# <title>502 Proxy Error</title>
# </head><body>
# <h1>Proxy Error</h1>
# <p>The proxy server received an invalid^M
[Sun Jan 29 11:43:26 2012] [debug] ssl_engine_io.c(1908): OpenSSL: I/O
error, 5 bytes expected to read on BIO#50841f8 [mem: 50ec3c8]
[Sun Jan 29 11:43:26 2012] [debug] ssl_engine_io.c(1869): | 1260: 07 40
91 02 c8 ab a0 5e-5b 2a c0 57 1b 65 c6 39 .@.....^[*.W.e.9 |
[Sun Jan 29 11:43:26 2012] [info] [client 127.0.0.1] (70007)The timeout
specified has expired: SSL input filter read failed.
[Sun Jan 29 11:43:26 2012] [debug] ssl_engine_io.c(1869): | 1270: 2f 96
b7 bd c7 5e 28 2f-ee 9f 07 8c b2 3c 57 4e /....^(/.....<WN |
[Sun Jan 29 11:43:26 2012] [debug] ssl_engine_io.c(1869): | 1280: 86 9a
6e da e6 61 4d 2b-ec 94 70 cb a0 35 f7 74 ..n..aM+..p..5.t |
...
[Sun Jan 29 11:43:26 2012] [debug] ssl_engine_kernel.c(1879): OpenSSL:
Read: SSL negotiation finished successfully
[Sun Jan 29 11:43:26 2012] [error] [client 127.0.0.1] (70014)End of file
found: proxy: error reading status line from remote server localhost:8532
[Sun Jan 29 11:43:26 2012] [debug] mod_proxy_http.c(1466): [client
127.0.0.1] proxy: NOT Closing connection to client although reading from
backend server localhost:8532 failed.
[Sun Jan 29 11:43:26 2012] [error] [client 127.0.0.1] proxy: Error
reading from remote server returned by /eat_post
[Sun Jan 29 11:43:26 2012] [debug] proxy_util.c(2029): proxy: HTTPS: has
released connection for (localhost)
[Sun Jan 29 11:43:26 2012] [error] Optional function test said: POST
/eat_post HTTP/1.0
[Sun Jan 29 11:43:26 2012] [error] Optional hook test said: POST
/eat_post HTTP/1.0
[Sun Jan 29 11:43:26 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
Write: SSL negotiation finished successfully
[Sun Jan 29 11:43:26 2012] [info] [client 127.0.0.1] Connection closed
to child 65 with standard shutdown (server localhost:8549)
Two additional failures only happen when I use a very recent Perl plus
modules: tests 2+3 in t/security/CVE-2008-2364.t fail, because the Perl
client reads status 100 instead of 200 resp. 502. Checking our logs
indicates we did send the right status codes. So this seems to be a test
framework problem.
Details:
- Signature and Hashes OK
- key in KEYS file
- gz and bz2 contents identical
- no unexpected diff to svn tag
- built and tested on
- Solaris 8+10 Sparc
- SuSE Linux Enterprise 10 (32Bit and 64Bit)
- SLES 11 (64 Bit)
- RedHat Enterprise Linux 5/6 64Bit
- builds fine using gcc
- out of tree
- with "all", "most" and default module sets
- with either default (static) or shared linked modules
- MPMs prefork, worker, event (where applicable)
- dependencies apr/apu/expat/pcre/openssl:
a) all bundled
b) 1.4.5/(1.3.12|1.4.1)/2.0.1/8.21/0.9.8t
- config.(guess|sub) outdated (see above)
- configure fails for gcc 4.6.2 with external apr/apu
(see above)
- test suite ran for all those builds with log levels
info and debug
- no test regressions w.r.t. at least 2.2.16-2.2.21:
- Failed test 2 in t/ssl/extlookup.t at line 27
- Failed test 9 in t/ssl/require.t at line 44
For details about both see my 2.2.19 voting mail.
- two additional failures only happen when I use a very recent
Perl plus modules: tests 2+3 in t/security/CVE-2008-2364.t
fail, because the Perl client reads status 100 instead of 200
resp. 502. Checking our logs indicates we did send the right
status codes. So this seems to be a test framework problem.
- one non-reproducible test failure in t/ssl/proxy for test 150
Note that on the platforms RHEL 5/6, SLES 11 and Solaris 8 tests are
still running, but for the other platforms I have complete results and
for the remaining platforms until now all results are consistent.
Regards,
Rainer
