Re: [VOTE] Release Apache httpd 2.4.19 as GA

[Jan Ehrhardt]

Jim Jagielski in gmane.comp.apache.devel (Mon, 21 Mar 2016 13:37:40
-0400):
>[x] +0: meh

mod_http2.so will not build 'out of the box' on Windows, because
mod_http2.dsp is missing

# Begin Source File

SOURCE=./h2_ngn_shed.c
# End Source File

This leads to build errors like:

1>h2_mplx.obj : error LNK2019: unresolved external symbol
_h2_ngn_shed_done_task referenced in function _h2_mplx_req_engine_done
1>.\Release\mod_http2.so : fatal error LNK1120: 12 unresolved externals

Moreover, it is confusing that this mod_http2 has version 1.2.8, but is
different from the v1.2.8 release at
https://github.com/icing/mod_h2/releases

Jan

Re: httpd-trunk proxy_http2 NetWare build wants extra sym.

[NormW]

Thx.
Trunk and 2.4.x now both build without issue.
Norm

On 21/03/2016 8:00 PM, Stefan Eissing wrote:

Applied in 1735928.


Am 17.03.2016 um 22:45 schrieb NormW :

G/M,
A recent addition to trunk mod_proxy_http2 needs an additional export from 
hghttp2 lib, thus:


Index: modules/http2/NWGNUmod_http2
===
--- modules/http2/NWGNUmod_http2(revision 1735506)
+++ modules/http2/NWGNUmod_http2(working copy)
@@ -391,6 +391,7 @@
@echo $(DL) nghttp2_session_callbacks_set_send_callback,$(DL) >> $@
@echo $(DL) nghttp2_session_client_new2,$(DL) >> $@
@echo $(DL) nghttp2_session_consume,$(DL) >> $@
+   @echo $(DL) nghttp2_session_consume_connection,$(DL) >> $@
@echo $(DL) nghttp2_session_del,$(DL) >> $@
@echo $(DL) nghttp2_session_get_remote_settings,$(DL) >> $@
@echo $(DL) nghttp2_session_get_stream_user_data,$(DL) >> $@


Excuse the noise.
Norm

Re: svn commit: r1736070 - /httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h

[Jim Jagielski]

Yeah... it disappeared and then returned but svn had it as deleted
and all kinds of weird stuff.
> On Mar 21, 2016, at 1:22 PM, Jeff Trawick  wrote:
> 
> On Mon, Mar 21, 2016 at 1:19 PM,  wrote:
> Author: jim
> Date: Mon Mar 21 17:19:53 2016
> New Revision: 1736070
> 
> URL: http://svn.apache.org/viewvc?rev=1736070=rev
> Log:
> ??
> 
> Removed:
> httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h
> 
> 
> Something weird is happening in your tree ;)  This file is required.
> 
> -- 
> Born in Roswell... married an alien...
> http://emptyhammock.com/
> 

Re: svn commit: r1736070 - /httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h

[Jeff Trawick]

On Mon, Mar 21, 2016 at 1:19 PM,  wrote:

> Author: jim
> Date: Mon Mar 21 17:19:53 2016
> New Revision: 1736070
>
> URL: http://svn.apache.org/viewvc?rev=1736070=rev
> Log:
> ??
>
> Removed:
> httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h
>
>
Something weird is happening in your tree ;)  This file is required.

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: Plan for T of 2.4.19

[Jeff Trawick]

On Mon, Mar 21, 2016 at 11:40 AM, Jan Ehrhardt  wrote:

> Jim Jagielski in gmane.comp.apache.devel (Mon, 21 Mar 2016 10:55:52
> -0400):
> >UPDATE: I plan to T at ~1pm Eastern.
>
> Will mod_fcgid be part of 2.4.19?
>
> Jan
>
>
mod_fcgid continues to be a separately-released component.

I just noticed that now there are two unreleased fixes in CHANGES-FCGID.
I'd be excited about doing another mod_fcgid release (first in a long
while) if anyone has time/energy to see if there's any low-hanging fruit to
be addressed first.

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: Plan for T of 2.4.19

[Jan Ehrhardt]

Jim Jagielski in gmane.comp.apache.devel (Mon, 21 Mar 2016 10:55:52
-0400):
>UPDATE: I plan to T at ~1pm Eastern.

Will mod_fcgid be part of 2.4.19?

Jan

Re: Plan for T of 2.4.19

[Jim Jagielski]

UPDATE: I plan to T at ~1pm Eastern.

> On Mar 21, 2016, at 7:31 AM, Jim Jagielski  wrote:
> 
> NOTE: I will be tagging and rolling today...
> 
> I expect no significant changes from r1735948.
> 
> Hopefully, we can get 2.4.20 out soonish and include mod_proxy_http2
> and mod_proxy_hcheck.

Re: [PATCH] Add "FreeListen" to support IP_FREEBIND

[Jim Jagielski]

Thx. I'll take a deeper look post 2.4.19 (this week)
> On Mar 18, 2016, at 4:36 AM, Jan Kaluža  wrote:
> 
> On 03/08/2016 11:43 AM, Jan Kaluža wrote:
>> On 03/08/2016 10:25 AM, Yann Ylavic wrote:
>>> On Tue, Mar 8, 2016 at 9:46 AM, Yann Ylavic  wrote:
 On Tue, Mar 8, 2016 at 9:28 AM, Jan Kaluža  wrote:
> 
> I have chosen FreeListen over the flags
 
 FWIW, should be take the YAD path, I'd prefer ListenFree (over
 FreeListen) to emphasize on the "Listen directive family" with a
 prefix...
>>> 
>>> Thinking more about this, I think I second Jim on the wish to have a
>>> single Listen directive with some parameter like
>>> "options=freebind,backlog:4095,reuseport,...".
>> 
>> Thinking about right syntax for options...
>> 
>> I would personally like something like "Listen [IP-address:]portnumber
>> [protocol] [option1] [option2] ...". Do we have list of supported
>> protocols by Listen directive, or we support whatever protocol is there?
>> 
>> If we have explicit list of protocols, then the protocols itself could
>> become an options.
>> 
>> If not, can it be acceptable, that you always have to define protocol
>> when you wan to use options?
> 
> I've implemented the way described in that question above ^. Please see the 
> attached patch and share your opinions.
> 
> The syntax to enable IP_FREEBIND currently is:
> 
> Listen 192.168.0.1:80 http freebind
> 
> Regards,
> Jan Kaluza
> 
>> 
>> Otherwise I can always implement Yann's idea with "Listen
>> [IP-address:]portnumber [protocol] [options=[option1,option2,...]]".
>> 
>> Regards,
>> Jan Kaluza
>> 
>> 
>>> We could then whatever (new) IP option more easily (less docs work...)
>>> and maybe deprecate ListenBacklog.
>>> 
>>> For example, the "reuseport" (SO_REUSEPORT) option seem to be usable
>>> w/o the current buckets mechanism in latest linux kernels, so indeed
>>> we may add more and more options there...
>>> 
>> 
> 
> 

Re: "D modules/ssl/mod_ssl_openssl.h"

[Jeff Trawick]

On Mon, Mar 21, 2016 at 8:32 AM, Yann Ylavic  wrote:

> On Mon, Mar 21, 2016 at 1:25 PM, Jeff Trawick  wrote:
> > On Mon, Mar 21, 2016 at 8:12 AM, Jeff Trawick  wrote:
> >>
> >> I just saw this disappear from 2.4.x; if you know what the cause is, let
> >> me know.  Otherwise I'll figure it out "soon".
> >
> >
> > My svn knowledge fails me...
> >
> > This listing of when I added the file says (Current path doesn't exist
> after
> > revision 1735946)
> >
> >
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h?view=log=1735910
> >
> > This doesn't mention the file, although that's supposedly the last
> revision
> > with the file:
> >
> > http://svn.apache.org/viewvc?view=revision=1735946
> >
> > I'll add it again.  I don't know what to do differently :(
>
> Maybe:
> $ cd modules/ssl
> $ svn merge -c -1735947
> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/modules/ssl/
> ?
>
> It seemed to have been unintentional in r1735947...
>

Oh, that even shows it deleted mod_ssl_openssl.h:
http://svn.apache.org/viewvc?view=revision=1735947

When I saw the message "Current path doesn't exist after revision 1735946"
I should have looked at 1735947, not 1735946 (

Thanks!!!

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: "D modules/ssl/mod_ssl_openssl.h"

[Yann Ylavic]

On Mon, Mar 21, 2016 at 1:25 PM, Jeff Trawick  wrote:
> On Mon, Mar 21, 2016 at 8:12 AM, Jeff Trawick  wrote:
>>
>> I just saw this disappear from 2.4.x; if you know what the cause is, let
>> me know.  Otherwise I'll figure it out "soon".
>
>
> My svn knowledge fails me...
>
> This listing of when I added the file says (Current path doesn't exist after
> revision 1735946)
>
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h?view=log=1735910
>
> This doesn't mention the file, although that's supposedly the last revision
> with the file:
>
> http://svn.apache.org/viewvc?view=revision=1735946
>
> I'll add it again.  I don't know what to do differently :(

Maybe:
$ cd modules/ssl
$ svn merge -c -1735947
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/modules/ssl/
?

It seemed to have been unintentional in r1735947...

Re: svn commit: r1735960 - /httpd/httpd/branches/2.4.x/STATUS

[Jeff Trawick]

On Mon, Mar 21, 2016 at 8:25 AM,  wrote:

> Author: ylavic
> Date: Mon Mar 21 12:25:48 2016
> New Revision: 1735960
>
> URL: http://svn.apache.org/viewvc?rev=1735960=rev
> Log:
> Vote, promote.
>
> Modified:
> httpd/httpd/branches/2.4.x/STATUS
>
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1735960=1735959=1735960=diff
>
> ==
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Mon Mar 21 12:25:48 2016
> @@ -112,6 +112,14 @@ RELEASE SHOWSTOPPERS:
>  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>[ start all new proposals below, under PATCHES PROPOSED. ]
>
> +  *) DOCUMENT_ARGS, set by mod_include to represent args to SSI document;
> + unlike UNESCAPED_QUERY_STRING, not shell-escaped
> + trunk patch: r1734817, r1734955, r1734989 (but version compat and
> CHANGES
> +  need to be manipulated)
> + 2.4.x patch:
> https://emptyhammock.com/media/downloads/DOCUMENT_ARGS-to-2.4.x.txt
> + +1: trawick, jim, ylavic
> + ylavic: The second CHANGES entry added in the patch should not be
> merged...
>

Whoops, I'll merge this now and watch out for that.

Thanks!


> +
>
>  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>[ New proposals should be added at the end of the list ]
> @@ -161,12 +169,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>   updated patch with APLOGNOs by merging 1735931,1735935 from trunk
>   updated patch with APLOGNOs by merging 1735942 from trunk
>
> -  *) DOCUMENT_ARGS, set by mod_include to represent args to SSI document;
> - unlike UNESCAPED_QUERY_STRING, not shell-escaped
> - trunk patch: r1734817, r1734955, r1734989 (but version compat and
> CHANGES
> -  need to be manipulated)
> - 2.4.x patch:
> https://emptyhammock.com/media/downloads/DOCUMENT_ARGS-to-2.4.x.txt
> - +1: trawick, jim
>
>  PATCHES/ISSUES THAT ARE BEING WORKED
>
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: "D modules/ssl/mod_ssl_openssl.h"

[Jeff Trawick]

On Mon, Mar 21, 2016 at 8:12 AM, Jeff Trawick  wrote:

> I just saw this disappear from 2.4.x; if you know what the cause is, let
> me know.  Otherwise I'll figure it out "soon".
>

My svn knowledge fails me...

This listing of when I added the file says (*Current path doesn't exist
after revision 1735946*)

http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl_openssl.h?view=log=1735910

This doesn't mention the file, although that's supposedly the last revision
with the file:

http://svn.apache.org/viewvc?view=revision=1735946

I'll add it again.  I don't know what to do differently :(


>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

"D modules/ssl/mod_ssl_openssl.h"

[Jeff Trawick]

I just saw this disappear from 2.4.x; if you know what the cause is, let me
know.  Otherwise I'll figure it out "soon".

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Re: svn commit: r1735937 - /httpd/httpd/branches/2.4.x/STATUS

[Yann Ylavic]

On Mon, Mar 21, 2016 at 12:23 PM, Stefan Eissing
 wrote:
>
> I thought I had run the perl script against all files there...
> ...never trust a perl script from someone else.

"make update-log-tags" works like a charm :)

Re: Plan for T of 2.4.19

[Jim Jagielski]

NOTE: I will be tagging and rolling today...

I expect no significant changes from r1735948.

Hopefully, we can get 2.4.20 out soonish and include mod_proxy_http2
and mod_proxy_hcheck.

Re: svn commit: r1735937 - /httpd/httpd/branches/2.4.x/STATUS

[Stefan Eissing]

Thanks, Yann. Updated.

I thought I had run the perl script against all files there...
...never trust a perl script from someone else.

> Am 21.03.2016 um 11:24 schrieb Yann Ylavic :
> 
> Hi Stefan,
> 
> On Mon, Mar 21, 2016 at 11:06 AM,   wrote:
>> 
>> + Backport version for 2.4.x of patch: 
>> https://www.eissing.org/proxy_http2_2.4v3.patch
>> +1: icing, ylavic
>> updated patch after review by cjaillet, merged 1735668,1735748 from trunk
>> + updated patch with APLOGNOs by merging 1735931,1735935 from trunk
> 
> We may also need r1735942.

Re: Test framework vs IPv6

[Yann Ylavic]

On Mon, Mar 21, 2016 at 10:00 AM, Plüm, Rüdiger, Vodafone Group
 wrote:
>
>> From: Stefan Eissing
>> Sent: Montag, 21. März 2016 09:48
>>
>> I encountered this once on a new image where /etc/hosts listed first
>> localhost ::1

Mine is listing 127.0.0.1 first, so it may depend on the network stack
too (I run some pretty young Linux 4.4 kernel..).
I'll try the other way around though, but it can't be a solution anyway.
It worked with sysctl -w net.ipv6.conf.lo.disable_ipv6=0 for me.

>>
>> Like you, I found that there seems to be no quick fix for this and
>> edited /etc/hosts...
>>
>> I think your listen patch should be applied.
>
> +1

OK, I'll (try to) fix the other tests which don't pass with "Listen "...
Namely:
- t/apache/expr.t
- t/modules/access.t
- t/modules/setenvif.t
- t/ssl/varlookup.t

It may be related to REMOTE_ADDR being IPv6 now, will check.

>
> Just one comment on the patch. If you want to keep the old code in as 
> commented
> you should probably put in a comment above that explains the issue with IPv6.
> Otherwise I guess it is somewhat pointless to keep old code commented out.
> We are under version control :-)

Yes, a quick patch, not meant to be committed as is, more to keep the
original code in mind while trying several things :)

Regards,
Yann.

Re: svn commit: r1735937 - /httpd/httpd/branches/2.4.x/STATUS

[Yann Ylavic]

Hi Stefan,

On Mon, Mar 21, 2016 at 11:06 AM,   wrote:
>
> + Backport version for 2.4.x of patch: 
> https://www.eissing.org/proxy_http2_2.4v3.patch
>   +1: icing, ylavic
>   updated patch after review by cjaillet, merged 1735668,1735748 from 
> trunk
> + updated patch with APLOGNOs by merging 1735931,1735935 from trunk

We may also need r1735942.

RE: Test framework vs IPv6

[Plüm , Rüdiger , Vodafone Group]

> -Original Message-
> From: Stefan Eissing [mailto:stefan.eiss...@greenbytes.de]
> Sent: Montag, 21. März 2016 09:48
> To: dev@httpd.apache.org
> Subject: Re: Test framework vs IPv6
> 
> Yann,
> 
> I encountered this once on a new image where /etc/hosts listed first
> localhost ::1
> 
> Like you, I found that there seems to be no quick fix for this and
> edited /etc/hosts...
> 
> I think your listen patch should be applied.

+1

Just one comment on the patch. If you want to keep the old code in as commented
you should probably put in a comment above that explains the issue with IPv6.
Otherwise I guess it is somewhat pointless to keep old code commented out.
We are under version control :-)

Regards

Rüdiger

> 
> -Stefan
> 
> > Am 20.03.2016 um 01:18 schrieb Yann Ylavic :
> >
> > On my machine (Debian 9/testing, Linux 4.4), both "t/protocol/echo.t"
> > and "t/security/CVE-2009-3555.t" fail with:
> >  Connect failed: ; Connection refused at
> > /home/yle/src/apache/asf/httpd/test/framework/trunk/Apache-
> Test/lib/Apache/TestRequest.pm
> > line 297.
> >  Dubious, test returned 111 (wstat 28416, 0x6f00)
> >
> > This appears to be due to Perl trying to connect to ::1 (IPv6, as
> > shown by tcpdump) and failing because httpd Listen-s on 0.0.0.0 (IPv4)
> > only.
> > Some other tests do the same (I did not captured all, though) but
> > somehow they don't fail...
> >
> > Anyway, I tried to address this by Listen-ing on the port only (hence
> > any v4 or v6 address), using the attached patch, and indeed the two
> > tests pass (I first tried to disable IPv6 on my system and that worked
> > too).
> > However, there are even more tests failing now...
> >
> > Anyone ever had this issue?
> > Why is (our) Perl connecting localhost with IPv6?
> > Any idea on how to avoid that?
> >
> > Regards,
> > Yann.
> > 

Re: httpd-trunk proxy_http2 NetWare build wants extra sym.

[Stefan Eissing]

Applied in 1735928.

> Am 17.03.2016 um 22:45 schrieb NormW :
> 
> G/M,
> A recent addition to trunk mod_proxy_http2 needs an additional export from 
> hghttp2 lib, thus:
> 
>> Index: modules/http2/NWGNUmod_http2
>> ===
>> --- modules/http2/NWGNUmod_http2 (revision 1735506)
>> +++ modules/http2/NWGNUmod_http2 (working copy)
>> @@ -391,6 +391,7 @@
>>  @echo $(DL) nghttp2_session_callbacks_set_send_callback,$(DL) >> $@
>>  @echo $(DL) nghttp2_session_client_new2,$(DL) >> $@
>>  @echo $(DL) nghttp2_session_consume,$(DL) >> $@
>> +@echo $(DL) nghttp2_session_consume_connection,$(DL) >> $@
>>  @echo $(DL) nghttp2_session_del,$(DL) >> $@
>>  @echo $(DL) nghttp2_session_get_remote_settings,$(DL) >> $@
>>  @echo $(DL) nghttp2_session_get_stream_user_data,$(DL) >> $@
> 
> Excuse the noise.
> Norm
> 

Re: Test framework vs IPv6

[Stefan Eissing]

Yann,

I encountered this once on a new image where /etc/hosts listed first 
localhost ::1

Like you, I found that there seems to be no quick fix for this and
edited /etc/hosts...

I think your listen patch should be applied.

-Stefan

> Am 20.03.2016 um 01:18 schrieb Yann Ylavic :
> 
> On my machine (Debian 9/testing, Linux 4.4), both "t/protocol/echo.t"
> and "t/security/CVE-2009-3555.t" fail with:
>  Connect failed: ; Connection refused at
> /home/yle/src/apache/asf/httpd/test/framework/trunk/Apache-Test/lib/Apache/TestRequest.pm
> line 297.
>  Dubious, test returned 111 (wstat 28416, 0x6f00)
> 
> This appears to be due to Perl trying to connect to ::1 (IPv6, as
> shown by tcpdump) and failing because httpd Listen-s on 0.0.0.0 (IPv4)
> only.
> Some other tests do the same (I did not captured all, though) but
> somehow they don't fail...
> 
> Anyway, I tried to address this by Listen-ing on the port only (hence
> any v4 or v6 address), using the attached patch, and indeed the two
> tests pass (I first tried to disable IPv6 on my system and that worked
> too).
> However, there are even more tests failing now...
> 
> Anyone ever had this issue?
> Why is (our) Perl connecting localhost with IPv6?
> Any idea on how to avoid that?
> 
> Regards,
> Yann.
>