Hi Evgeny, Thanks so much for picking this up! I will aim to do a sweep of STATUS this weekend and provide votes/reviews for any backports.
And, I will try to carve out some time to help test releases on a few platforms once we have tarballs ready to go. Cheers. -- justin On Wed, May 3, 2023, 11:42 AM Evgeny Kotkov <[email protected]> wrote: > Hi everyone, > > I'd like to propose that we release serf 1.3.10 with OpenSSL 3 support. > > All currently released versions of serf don't build or work with OpenSSL 3. > OpenSSL 1.1.1 series will reach EOL starting from 11th September 2023 [1], > leaving OpenSSL 3 as the only supported version, so this seems to be an > urgent issue. > > The current state is as follows: > > - I prepared a set of nominated fixes in ^/serf/branches/1.3.x/STATUS. > - Most of them are required for OpenSSL 3 support, but there are some > general improvements as well. > - Below you'll find a detailed list of these nominations, which I think > should be included in the new release. > - All of these nominations are currently in a pending state, requiring > *one more vote* to be backported. > > I can RM if needed, but before that, it would be nice if someone could > provide the remaining votes for these nominations. > > The shortlog of currently pending nominations: > --------------------------------------------------------- > > * r1712131, r1807594, r1811088, r1861036, r1909315, r1909316 > Add support for building with VS2017-VS2022, assuming a new enough scons. > > * r1901040 > Fix test_ssl_handshake() failure with OpenSSL 1.1.1i+. > Justification: > Serf should test cleanly against upstreams. > > * r1901937 > Remove the use of ERR_GET_FUNC() to allow building against OpenSSL 3. > Justification: > Serf should work with OpenSSL 3. > > * r1902208, r1902304 > Rework BIO control handlers to support BIO_CTRL_EOF and to properly > respond > to unknown control values. > Justification: > - Fixes "unexpected eof while reading" errors with OpenSSL 3, also > observed in the test suite. > - Fixes a user-reported issue with OpenSSL 3 where serf BIOs are > incorrectly assumed to support KTLS: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 > > * r1909252, r1909385, r1909406, r1909413, r1909433 > Do not use OpenSSL functions that operate with FILE to avoid potential > CRT > versions mismatch. Use BIO based functions instead. > Justification: > Avoids a potential source of CRT versions mismatch. Removes a > dependency > on openssl/applink.c. > > --------------------------------------------------------- > > Also, below is a list of changes that have already been backported to the > 1.3.x branch and will be included in the new release. Some of those, such > as r1805301, seem to be important enough to justify the new release as > well: > > * Fix error handling that can cause invalid or undefined behavior when > reading the outgoing request's body (r1804534, r1804543, r1804553) > > * Properly handle invalid chunk lengths in the dechunk bucket (r1804005, > r1804008, r1804016) > > * Fix an endless loop in the deflate bucket with truncated input (r1805301) > > * Build changes to support Python 3.x (r1875933) > > > [1] https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/ > > > Thanks, > Evgeny Kotkov >
