AW: [POLL] Final status of 2.2.x branch
> -Ursprüngliche Nachricht- > Von: Eric Covener [mailto:cove...@gmail.com] > Gesendet: Mittwoch, 21. Februar 2018 16:51 > An: Apache HTTP Server Development List > Betreff: Re: [POLL] Final status of 2.2.x branch > > > In the absence of three active contributors, I volunteer to clean up > > the website, www dist site and svn in the coming days (see the current > > state of 2.0.x resources for examples), based on original consensus. > > +1 +1 Regards Rüdiger
Re: [VOTE] Release Apache httpd 2.4.26 as GA
On Tue, Feb 20, 2018 at 9:20 PM, Eric Covener wrote: > On Tue, Jun 13, 2017 at 10:05 PM, Eric Covener wrote: >> +1 AIX/xlc/ppc64 >> >> I have two quirks to record, both are openssl / openssl 1.1 related >> but given the state of my AIX system I am still +1 on the release. >> >> - proxy/ssl.t almost totally fails with handhsake errors between >> client and origin >> [Tue Jun 13 21:37:04.265062 2017] [ssl:info] [pid 15073386:tid 6169] >> SSL Library Error: error:14171105:SSL >> routines:tls_process_server_hello:wrong cipher returned >> >> - There is some kind of atexit()-like issue with unloaded openssl-1.1 >> that causes a SIGILL at shutdown (goes away w/o mod_ssl, is not >> related to signal handling thing) >> .() at 0x0 >> exit(??) at 0x90550c0 >> destroy_and_exit_process(process = 0x00011001eb28, >> process_exit_value = 0), line 266 in "main.c" >> main(argc = 4, argv = 0x07c8), line 685 in "main.c" > > (replying to old vote thread for posterity) > > TIL: > - linux calls atexit() callbacks when a library is unloaded, not just > at process exit > - AIX doesn't > - openssl 1.1 adds an atexit handler > - openssl 1.1 has some code to try to prevent the library from really > being unloaded by inflating the dlopen reference count so its atexit > will really be available at exit. > - https://github.com/openssl/openssl/pull/1693 > - apparently this isn't working on AIX > - openssl 1.1 doesn't seem to be provided by IBM or third parties on > AIX as of early 2018. LoadFile of libcrypto.so.1.1 works around this by preventing libcrypto.so.1.1 from being unloaded when mod_ssl is loaded. Added a hint to https://wiki.apache.org/httpd/AIXPlatform > > > > > > > > > -- > Eric Covener > cove...@gmail.com -- Eric Covener cove...@gmail.com
Re: [VOTE] Release httpd-2.4.30
Am 19.02.2018 um 15:54 schrieb drugg...@primary.net: Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.30: [ ] +1: It’s not just good, it’s good enough! [ ] +0: Let’s have a talk… [ ] -1: There’s trouble in paradise. Here’s what’s wrong. -1 to release due to the flaws found by others. But we should be good with 2.4.31. Please update APR/APU in the deps tarball. Detailed report: - Sigs and hashes OK - contents of tarballs identical - contents of tag and tarballs identical except for expected deltas - deps convenience tarball does not contain latest APR/APU 1.6.3/1.6.1 -> please update Built on - Solaris 10 Sparc as 32 Bit Binaries - SLES 11+12 (64 Bits) - RHEL 6+7 (64 Bits) For all platforms built - with default (shared) and static modules - with module set reallyall - using --enable-load-all-modules - against "included" APR/APU from deps tarball, plus external APR/APU 1.6.3/1.6.1 and 1.5.2/1.5.4 - using external libraries - expat 2.2.5 - pcre 8.41 - openssl 1.0.2n plus patches - lua 5.3.4 (compiled with LUA_COMPAT_MODULE) - distcache 1.5.1 - libxml2 2.9.7 - libnghttp2 1.30.0 - brotli 1.0.2 - curl 7.58.0 - jansson 2.10 - Tool chain: - platform gcc except on Solaris (gcc 7.3.0 Solaris 10, only older APR/APU 1.5.x compiled with older gcc 4.9.2) - CFLAGS: -O2 -g -Wall -fno-strict-aliasing - on Solaris additionally -mpcu=v9, -D_XOPEN_SOURCE, -D_XOPEN_SOURCE_EXTENDED=1, -D__EXTENSIONS__ and -D_XPG6 All 40 builds succeeded. - compiler warnings: - modules/core/mod_watchdog.c:436: warning: 'rv' may be used uninitialized in this function -> warning is correct but not critical (debug log); not a regression on RHEL 6 and SLES 11 due to older GCC versions: - modules/md/md_json.c:31: warning: expected [error|warning|ignored] after '#pragma GCC diagnostic' - modules/md/md_json.c:45: warning: expected [error|warning|ignored] after '#pragma GCC diagnostic' due to strange jansson dependency library header files: include/jansson.h:117:6: warning: 'json_decrefp' defined but not used [-Wunused-function] include/jansson.h:187:5: warning: 'json_object_set_nocheck' defined but not used [-Wunused-function] include/jansson.h:193:5: warning: 'json_object_iter_set' defined but not used [-Wunused-function] include/jansson.h:208:5: warning: 'json_array_set' defined but not used [-Wunused-function] include/jansson.h:220:5: warning: 'json_array_insert' defined but not used [-Wunused-function] and only on Solaris (gcc 7.3.0) - modules/ldap/util_ldap_cache_mgr.c:728:32: warning: format '%ld' expects argument of type 'long int', but argument 6 has type 'long long int' [-Wformat=] - modules/ldap/util_ldap_cache.c:111:20: warning: format '%ld' expects argument of type 'long int', but argument 8 has type 'long long int' [-Wformat=] - srclib/apr-util/xlate/xlate.c:120:38: warning: passing argument 2 of 'iconv' from incompatible pointer type [-Wincompatible-pointer-types] - srclib/apr-util/xlate/xlate.c:343:42: warning: passing argument 2 of 'iconv' from incompatible pointer type [-Wincompatible-pointer-types] Tested for - Solaris 10, SLES 11+12, RHEL 6+7 - MPMs prefork, worker, event - default and static modules - log levels info, debug and trace8 - module set reallyall (127 modules plus MPMs) The following test failures were seen: a Lots of tests in t/module/session.t fail always for static builds. Not a regression. For 2.4.28 the analysis was: The whole setup for the /sessiontest uri is missing in the generated t/conf/httpd.conf. This is due to it missing from the also generated filet/conf/apache_test_config.pm. I do not know yet, why it is missing there, but this seems to be a test framework problem. b Test 59 of t/modules/include.t only and always on Solaris. Not a regression Old analysis was: This is due to a bug in the test, which uses strftime() with a "%s" pattern that is not supported on Solaris. Until recently the server and the test client both returned verbatim "%s" and the test succeeded. After updating some Perl modules for the http2 tests, the perl client even on Solaris now supports "%s" in strftime and the test starts to fail. It seems we have to fix the test. c Various tests in t/apache/expr_string.t Not a regression. Test numbers : 6, 11, 14, 17, 20, 23, 26, 29 Happens for 9 out of about 225 runs (8 times on RHEL6, once on Solaris). The failure is almost always on line 87, where the error_log contents are checked. d One single test run (RHEL 7) failed test 163 of t/ssl/proxy.t (line 131 of Apache-Test/lib/Apache/TestCommonPost.pm) e Only on Solaris and only with prefork proxy tests sometimes seem to hang until timeout. Not a regression Some test
FINAL REMINDER: CFP for Apache EU Roadshow Closes 25th February
Hello Apache Supporters and Enthusiasts This is your FINAL reminder that the Call for Papers (CFP) for the Apache EU Roadshow is closing soon. Our Apache EU Roadshow will focus on Cloud, IoT, Apache Tomcat, Apache Http and will run from 13-14 June 2018 in Berlin. Note that the CFP deadline has been extended to *25*^*th* *February *and it will be your final opportunity to submit a talk for thisevent. Please make your submissions at http://apachecon.com/euroadshow18/ Also note that early bird ticket registrations to attend FOSS Backstage including the Apache EU Roadshow, have also been extended and will be available until 23^rd February. Please register at https://foss-backstage.de/tickets We look forward to seeing you in Berlin! Thanks Sharan Foga, VP Apache Community Development PLEASE NOTE: You are receiving this message because you are subscribed to a user@ or dev@ list of one or more Apache Software Foundation projects.
Re: Licensing claims (pcreposix)
On Tue, Feb 20, 2018 at 03:27:57PM -0600, William A Rowe Jr wrote: > I ran into the same headache with my complete rewrite of > the fnmatch.c logic of BSD that we ship in APR, and delivered > my rewrite of the file under both licenses. For which OpenBSD is still grateful, by the way :)
Re: Licensing claims (pcreposix)
+1 On Tue, Feb 20, 2018 at 4:27 PM, William A Rowe Jr wrote: > I made a fundamental mistake as we removed PCRE from > the source tree of httpd; although we stopped distributing the > pcre library in 2.4.x source tree, our own util_pcre.c is largely > founded on the work of Philip Hazel/Cambridge; although the > larger work doesn't need to be advertised in our LICENSE and > NOTICE (except in the case of binaries derived from those > sources, which is up to the packager/builder), the origin of this > specific source file remains largely based on pcreposix.c. > > We can later ask for a relicensing by the PCRE effort, or we > may agree to license that entire file, including our corrections > and enhancements back under this compatible license. Since > it is largely pcre's own license, I would like to keep them in > harmony but not keep this file under a bifurcated license. > I ran into the same headache with my complete rewrite of > the fnmatch.c logic of BSD that we ship in APR, and delivered > my rewrite of the file under both licenses. > > I have the attached proposal to correct this in trunk for any > immediate release on the 2.4.x branch, and would open a > dialog with Philip and Cambridge over their preferred manner > of handling this file. Cambridge may already have a statement > on simplifying the advertising aspects, much like MIT. > > Any objections? -- Eric Covener cove...@gmail.com
Re: [POLL] Final status of 2.2.x branch
> In the absence of three active contributors, I volunteer to clean up > the website, www dist site and svn in the coming days (see the current > state of 2.0.x resources for examples), based on original consensus. +1
[POLL] Final status of 2.2.x branch
On 1 June of 2016 we concluded the 2.2.x lifecycle poll and discussion with the following summary; "The Apache Web Server Project will continue to provide maintenance releases of the 2.2.x flavor through June of 2017, and will provide some security patches beyond this date through at least December of 2017. Minimal maintenance patches are expected throughout this period, and users are strongly encouraged to complete their transitions to the 2.4.x flavor of httpd on an expedited basis to benefit from a larger assortment of bug fixes, software robustness and new features." Our users were communicated this message in June of 2016, these dates are now past. At the time there was discussion that several PMC members may have ongoing concerns beyond the 12 or 18 month window, I'd like to ensure these concerns are concluded. If you are volunteering to track security defects and CVE's applicable to the 2.2.x tree, publish patches in apply_to_2.2.34/, continue to revise documentation, etc. please speak up now. (I am not volunteering to maintain these resources myself.) In the absence of three active contributors, I volunteer to clean up the website, www dist site and svn in the coming days (see the current state of 2.0.x resources for examples), based on original consensus.
Re: Licensing claims (pcreposix)
+1 > Am 20.02.2018 um 22:27 schrieb William A Rowe Jr : > > I made a fundamental mistake as we removed PCRE from > the source tree of httpd; although we stopped distributing the > pcre library in 2.4.x source tree, our own util_pcre.c is largely > founded on the work of Philip Hazel/Cambridge; although the > larger work doesn't need to be advertised in our LICENSE and > NOTICE (except in the case of binaries derived from those > sources, which is up to the packager/builder), the origin of this > specific source file remains largely based on pcreposix.c. > > We can later ask for a relicensing by the PCRE effort, or we > may agree to license that entire file, including our corrections > and enhancements back under this compatible license. Since > it is largely pcre's own license, I would like to keep them in > harmony but not keep this file under a bifurcated license. > I ran into the same headache with my complete rewrite of > the fnmatch.c logic of BSD that we ship in APR, and delivered > my rewrite of the file under both licenses. > > I have the attached proposal to correct this in trunk for any > immediate release on the 2.4.x branch, and would open a > dialog with Philip and Cambridge over their preferred manner > of handling this file. Cambridge may already have a statement > on simplifying the advertising aspects, much like MIT. > > Any objections? >
