Re: Apache test suite problems
On Mon, Jan 25, 2010 at 9:52 PM, leon llw...@novell.com wrote: Hi Jeff, Sorry, I didn't get this reply mail. I found your reply during googling a solution... http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/% 3ccc67648e1001250459t423605fekcd3b57dcf99e7...@mail.gmail.com%3e Amazing power of google :) On Sun, Jan 24, 2010 at 10:31 PM, leon llw...@novell.com wrote: Hi there, Please don't cc me. I am using SuSE Linux Enterprise Server 11 I checked out the latest code # svn checkout http://svn.apache.org/repos/asf/httpd/test/framework/trunk/ httpd-framework Then I followed the quick start in README # perl Makefile.PL -apxs /usr/sbin/apxs2 # t/TEST But I got following error: [warning] setting ulimit to allow core files ulimit -c unlimited; /usr/bin/perl /home/leon/project/httpd-framework/t/TEST /usr/sbin/httpd2-prefork -d /home/leon/project/httpd-framework/t -f /home/leon/project/httpd-framework/t/conf/httpd.conf -D APACHE2 -D PERL_USEITHREADS using Apache/2.2.13 (prefork MPM) no error there waiting 60 seconds for server to start: .Syntax error on line 170 of /home/leon/project/httpd-framework/t/conf/httpd.conf: Invalid command 'IfVersion', perhaps misspelled or defined by a module not included in the server configuration [error] server has died with status 255 (t/logs/error_log wasn't created, start the server in the debug mode) After I added following 3 lines into /home/leon/project/httpd-framework/t/conf/httpd.conf, the test can work. IfModule !mod_version.c LoadModule version_module /usr/lib/apache2-prefork/mod_version.so /IfModule Right, the test suite requires mod_version for testing httpd 2.0 or above. But there still a lot of mod missed. So lots of test skipped or failed. Can you show us the output? Generally a missing Perl CPAN module or httpd module will result in skipped tests but not failures; perhaps some very basic modules are missing. l...@linux-92el:~/work/apache_testsuite t/TEST [warning] setting ulimit to allow core files ulimit -c unlimited; /usr/bin/perl /home/leon/work/apache_testsuite/t/TEST /usr/sbin/httpd2-prefork -d /home/leon/work/apache_testsuite/t -f /home/leon/work/apache_testsuite/t/conf/httpd.conf -D APACHE2 -D PERL_USEITHREADS using Apache/2.2.13 (prefork MPM) waiting 60 seconds for server to start: .. waiting 60 seconds for server to start: ok (waited 0 secs) server localhost:8529 started server localhost:8530 listening (mod_nntp_like) server localhost:8531 listening (mod_nntp_like_ssl) server localhost:8532 listening (mod_ssl) server localhost:8533 listening (ssl_optional_cc) server localhost:8534 listening (ssl_pr33791) server localhost:8535 listening (proxy_http_bal1) server localhost:8536 listening (proxy_http_bal2) server localhost:8537 listening (proxy_http_balancer) server localhost:8538 listening (proxy_http_reverse) server localhost:8539 listening (error_document) server localhost:8540 listening (mod_include) server localhost:8541 listening (proxy_http_https) server localhost:8542 listening (proxy_https_https) server localhost:8543 listening (proxy_https_http) [ info] adding source lib /home/leon/work/apache_testsuite/Apache-Test/lib to @INC [ info] adding source lib /home/leon/work/apache_testsuite/Apache-Test/lib to @INC [ info] adding source lib /home/leon/work/apache_testsuite/Apache-Test/lib to @INC t/apache/404ok t/apache/acceptpathinfo.ok t/apache/byterange..ok t/apache/byterange2.ok t/apache/chunkinput.ok t/apache/contentlength..ok t/apache/errordoc...ok t/apache/etags..ok t/apache/getfileok t/apache/headersok t/apache/limits.ok t/apache/optionsok t/apache/passbrigadeok t/apache/post...ok t/apache/pr18757skipped all skipped: cannot find module 'proxy' t/apache/pr35292ok t/apache/pr35330ok t/apache/pr37166ok t/apache/rwrite.ok t/apr/uri...ok t/filter/case...skipped all skipped: cannot find module 'case_filter' t/filter/case_inskipped all skipped: cannot find module 'case_filter_in' t/filter/input_body.ok t/http11/basicauth..ok t/http11/chunkedok t/http11/chunked2...skipped all skipped: cannot find module 'bucketeer' t/http11/post...ok t/modules/accessok t/modules/alias.ok t/modules/asis..skipped all skipped: cannot find module 'asis' t/modules/autoindex.ok t/modules/autoindex2ok t/modules/cache.skipped all skipped: cannot find module 'cache', cannot find module 'disk_cache' t/modules/cgi...ok t/modules/dav...skipped all skipped: cannot find module 'dav',
Re: LDAP authentication: non-anonymous bind
On 26 Jan 2010, at 4:44 AM, Eric Covener wrote: This new behaviour covers the two use cases described above (even though I did not check it in an Active Directory setup). Patch is nice and simple, but it would be great if someone with AD leanings could confirm that this combination of HTTP username, attribute, and basedn is likely to result in something that can bind in a typical AD install. There are three possible scenarios for login: - User provides username, auth_ldap server does a search within the directory to find the DN corresponding to the username, and then attempts to bind as that DN. If it succeeds, you're in. This usually requires a DN of some kind to use to do the initial login to do the original search. (AD works fine in this scenario, on condition you have an account to bind and do the initial search with). - User provides username, auth_ldap applies the username to an admin- provided recipe of some kind to create the DN. This recipe needs to be flexible enough to support various scenarios, such as the base URL for the recipe being something other than the base URL for searches (think group searches, a group might not have the same base DN as the person). - User provides username, auth_ldap tries to bind directly with that username without first converting it to a DN. This is how AD would work. Ideally auth_ldap should support the above three methods, am I correct in understanding that the patch implements the second option above? (I don't have time to review it fully at the moment). Regards, Graham --
unsubscribe
Re: LDAP authentication: non-anonymous bind
In addition, the modifications to the binddn are in the 'sec' variable which is an authn_ldap_config_t structure created for the module and not for the _request_. good catch, this is also a defect on one of the handful of patches in bugzilla! -- Eric Covener cove...@gmail.com
Re: svn commit: r903052 - /httpd/httpd/trunk/modules/generators/mod_autoindex.c
On Jan 26, 2010, at 02:05 , Ruediger Pluem wrote: Please do not use C++ style comments as they fail on ANSI compilers. Thank you. Fixed. -- Rich Bowen rbo...@rcbowen.com
Re: TLS renegotiation attack, mod_ssl and OpenSSL
Hi, Joe Orton wrote: On Tue, Nov 10, 2009 at 03:19:39PM +0100, Jean-Marc Desperrier wrote: Joe Orton wrote: On Fri, Nov 06, 2009 at 12:00:06AM +, Joe Orton wrote: On Thu, Nov 05, 2009 at 09:31:00PM +, Joe Orton wrote: * we can detect in mod_ssl when the client is renegotiating by using the callback installed using SSL_CTX_set_info_callback(), in conjunction with suitable flags in the SSLConnRec to detect the cases where this is either a server-initiated renegotiation or the initial handshake on the connection. Here is a very rough first hack (for discussion/testing purposes only!): A second hack, slightly less rough hack: Joe, instead of hard coding this, a very nice solution would be to have a new directive SSLServerRenegociation Allow or even more flexible SSLRenegociation disabled/serveronly/enabled with disabled as default value. Yes, sure. What is possible in mod_ssl will depend on what interfaces OpenSSL will expose for this, which is not yet clear. Regards, Joe Now that 0.9.8m-beta1 is available, what is likely to happen with Apache 2.2.15? I looked at the svn tree, but I could not see if anyone was working on adding this excellent idea for a new directive SSLRenegociation disabled/serveronly/enabled. If the server does not require renegotiation it seems perfect if the apache closed the connection upon receipt of the R instead of the current 5 min (default) timeout wait. Thank you - Fred -- View this message in context: http://old.nabble.com/TLS-renegotiation-attack%2C-mod_ssl-and-OpenSSL-tp26215127p27328884.html Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.
Re: [VOTE] Release httpd 2.3.5-alpha
On Tue, Jan 26, 2010 at 11:13 AM, Sander Temme scte...@apache.org wrote: On Jan 21, 2010, at 2:34 PM, Paul Querna wrote: Test tarballs for Apache httpd 2.3.5-alpha are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/- 1 [ ] Release httpd-2.3.5 as Alpha Vote closes at 18:00 UTC on Monday January 25 2010. This includes a bundle of APR 1.4.2, and APR-Util 1.3.9. I see 4x +1 (Paul, Jeff, Gregg and myself) and no -1s... shall we toss this over the wall? What do we need to do to achieve our goals with this Alpha? Pushed to the dist network, will do release announcement in 24 hours.
Re: [VOTE] Release httpd 2.3.5-alpha
On 1/21/2010 2:34 PM, Paul Querna wrote: Test tarballs for Apache httpd 2.3.5-alpha are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/- 1 [ ] Release httpd-2.3.5 as Alpha Vote closes at 18:00 UTC on Monday January 25 2010. This includes a bundle of APR 1.4.2, and APR-Util 1.3.9. Sorry I didn't get caught up with mail yesterday; +1 to release as alpha; -1 for beta due to missing pcre library [if we will be shipping -deps].
Re: [VOTE] 1.3.42 release candidate
On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; What happened to this, besides making Slashdot? BTW: No regressions. +1 S. Darwin Legadema.local 10.2.0 Darwin Kernel Version 10.2.0: Tue Nov 3 10:37:10 PST 2009; root:xnu-1486.2.11~1/RELEASE_I386 i386 1.3.41: Test Summary Report --- t/apache/contentlength.t (Wstat: 0 Tests: 20 Failed: 6) Failed tests: 6, 10, 14, 16, 18, 20 t/apache/headers.t(Wstat: 0 Tests: 24 Failed: 3) Failed tests: 3, 6, 9 t/apache/pr37166.t(Wstat: 0 Tests: 4 Failed: 1) Failed test: 4 t/modules/include.t (Wstat: 0 Tests: 81 Failed: 2) Failed tests: 29, 44 TODO passed: 20 t/modules/proxy.t (Wstat: 0 Tests: 15 Failed: 2) Failed tests: 12-13 t/modules/rewrite.t (Wstat: 0 Tests: 29 Failed: 1) Failed test: 24 t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 Files=72, Tests=1902, 42 wallclock secs ( 1.27 usr 0.40 sys + 20.64 cusr 4.70 csys = 27.01 CPU) Result: FAIL Failed 7/72 test programs. 17/1902 subtests failed. [warning] server localhost:8529 shutdown [ error] error running tests (please examine t/logs/error_log) 1.3.42: Test Summary Report --- t/apache/contentlength.t (Wstat: 0 Tests: 20 Failed: 6) Failed tests: 6, 10, 14, 16, 18, 20 t/apache/headers.t(Wstat: 0 Tests: 24 Failed: 3) Failed tests: 3, 6, 9 t/apache/pr37166.t(Wstat: 0 Tests: 4 Failed: 1) Failed test: 4 t/modules/include.t (Wstat: 0 Tests: 81 Failed: 2) Failed tests: 29, 44 TODO passed: 20 t/modules/proxy.t (Wstat: 0 Tests: 15 Failed: 2) Failed tests: 12-13 t/modules/rewrite.t (Wstat: 0 Tests: 29 Failed: 1) Failed test: 24 t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 Files=72, Tests=1902, 38 wallclock secs ( 1.25 usr 0.38 sys + 20.53 cusr 4.68 csys = 26.84 CPU) Result: FAIL Failed 7/72 test programs. 17/1902 subtests failed. [warning] server localhost:8529 shutdown [ error] error running tests (please examine t/logs/error_log) -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Vote +1 to release mod_fcgid 2.3.5
Sorry I don't have the thread handy, but +1, looks great.
Re: [VOTE] 1.3.42 release candidate
On Wed, Jan 27, 2010 at 12:43 AM, Sander Temme scte...@apache.org wrote: On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; What happened to this, besides making Slashdot? I transited the atlantic twice. I actually wasted about 2 days and 7 EC2 instances trying to document how many build problems there were on modern linux distros due to the glibc/dash problems ... to try and come up with a coherent here's how to build, run, and test ... but it's a complete mess. There are technically enough binding votes for release now, though there is still the outstanding with the bundled docs tree (which ironically turned out to be due to my using dash for testing!). Unless there are any vetoes in the next 2 days, I'd be inclined to release as-is, with the docs tree rerolled to fix includes. It is *definitely* worth never making another release again imo, patches are far less burden than this show! -- Colm
Re: svn commit: r903514 - /httpd/httpd/branches/2.2.x/STATUS
On 1/26/2010 4:42 PM, n...@apache.org wrote: @@ -171,6 +168,8 @@ Ported to 2.2; http://people.apache.org/~wrowe/protocol_headers_copy.patch +1: wrowe +-1: niq: this risks breaking existing apps, as discussed in + comments on PR 48359. Just to be 100% clear, you are vetoing a change which promotes one of the two preexisting, alternate behaviors [varied based on the presence or absence of a request body], preferring the one which applied to all requests with request bodies [this case does not change], and eliminating the one which applied to requests without bodies [which further caused a segfault when headers_in is modified.] We have no agreement with developers not to fix undocumented misbehavior.
Re: [VOTE] 1.3.42 release candidate
On Jan 26, 2010, at 5:03 PM, Colm MacCárthaigh wrote: On Wed, Jan 27, 2010 at 12:43 AM, Sander Temme scte...@apache.org wrote: On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; What happened to this, besides making Slashdot? I transited the atlantic twice. I actually wasted about 2 days and 7 EC2 instances trying to document how many build problems there were on modern linux distros due to the glibc/dash problems ... to try and come up with a coherent here's how to build, run, and test ... but it's a complete mess. A valiant effort! And an illustration of one of the reasons why we're calling it a day: this code is stale and by now impossible to maintain. We have since grown cleaner, more versatile and more maintainable ways to copy data from one file descriptor to another. We move forward on those, and stop clinging to the past. There are technically enough binding votes for release now, though there is still the outstanding with the bundled docs tree (which ironically turned out to be due to my using dash for testing!). Unless there are any vetoes in the next 2 days, I'd be inclined to release as-is, with the docs tree rerolled to fix includes. It is *definitely* worth never making another release again imo, patches are far less burden than this show! Why don't we do this: roll the same tag with the docs fixes as you indicate immediately above; sign, hash and put them up on dev/dist. Then call 72 hours. We have a quick look to see if smoke emerges and, if not, we can release early next week. That would also give us the opportunity to align PRC. Thoughts? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: unsubscribe
please send this request to dev-unsubscr...@httpd.apache.org On Tue, 26 Jan 2010, dimitryous r. wrote: -- Res What does Windows have that Linux doesn't? - One hell of a lot of bugs!