Re: [VOTE] Release httpd-2.4.40
Jan Ehrhardt in gmane.comp.apache.devel (Sat, 03 Aug 2019 21:22:58 +0200): >Gregg Smith in gmane.comp.apache.devel (Sat, 3 Aug 2019 08:43:21 -0700): >>On 8/3/2019 6:51 AM, Daniel Ruggeri wrote: >>> Hi, all; >>> Please find below the proposed release tarball and signatures: >>> https://dist.apache.org/repos/dist/dev/httpd/ >> >>[X] +1: It's good enough! >> >>VC14 & 15 x86 & x64 w/ makefiles > >Did you test mod_md? If I remove the apache/md directory httpd 2.4.39 >creates certificates, first in md/staging then in md/domains. >httpd 2.4.40 fails. > >No config changes. VC9 x86 OpenSSL 1.0.2, if that matters. Both 2.4.39 >and 2.4.40 were compiled today. > >I will test later on with VC15 x64 OpenSSL 1.1.1. Same problem with VC15 x64 OpenSSL 1.1.1 and Apachelounge's VS16 x64 https://www.apachelounge.com/viewtopic.php?t=8329 Maybe some config chanes are needed, but then they should be clearly documented in the change log. The trouble with this release is that the problem with mod_md will only show up when the first certificate has to be renewed. FWIW: [x] -1: There's trouble in paradise. Here's what's wrong. -- Jan
Re: [VOTE] Release httpd-2.4.40
Gregg Smith in gmane.comp.apache.devel (Sat, 3 Aug 2019 08:43:21 -0700): >On 8/3/2019 6:51 AM, Daniel Ruggeri wrote: >> Hi, all; >> Please find below the proposed release tarball and signatures: >> https://dist.apache.org/repos/dist/dev/httpd/ > >[X] +1: It's good enough! > >VC14 & 15 x86 & x64 w/ makefiles Did you test mod_md? If I remove the apache/md directory httpd 2.4.39 creates certificates, first in md/staging then in md/domains. httpd 2.4.40 fails. No config changes. VC9 x86 OpenSSL 1.0.2, if that matters. Both 2.4.39 and 2.4.40 were compiled today. I will test later on with VC15 x64 OpenSSL 1.1.1. -- Jan
Re: [VOTE] Release httpd-2.4.40
On 8/3/2019 6:51 AM, Daniel Ruggeri wrote: Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ [X] +1: It's good enough! VC14 & 15 x86 & x64 w/ makefiles Opps, looks like the APLOGNO's didn't get filled in. I'm still ok with releasing .40 w/o them. mod_md.c(386): warning C4003: not enough actual parameters for macro 'APLOGNO' mod_md.c(391): warning C4003: not enough actual parameters for macro 'APLOGNO' mod_md.c(601): warning C4003: not enough actual parameters for macro 'APLOGNO' mod_md.c(608): warning C4003: not enough actual parameters for macro 'APLOGNO' mod_md.c(659): warning C4003: not enough actual parameters for macro 'APLOGNO' mod_md.c(702): warning C4003: not enough actual parameters for macro 'APLOGNO' mod_md.c(912): warning C4003: not enough actual parameters for macro 'APLOGNO'
[VOTE] Release httpd-2.4.40
Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball as 2.4.40: [ ] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 31bc6f87ac209010b8b364abc1c80dfaee53cc64 *httpd-2.4.40.tar.gz sha256: 451e6cf6caa09119900b74652266427f70050de5c51948acd4aaaf60d0d3cad0 *httpd-2.4.40.tar.gz -- Daniel Ruggeri
Re: Vote thread for 2.4.40 not started yet?
Ahhh! I did send a VOTE email, but it looks like it never made it through to the list! I will retry from my ASF address through the ASF mail relay... Date: Fri, 02 Aug 2019 15:18:57 -0500 From: Daniel Ruggeri To: dev@httpd.apache.org Subject: [VOTE] Release httpd-2.4.40 Message-ID: X-Sender: drugg...@primary.net User-Agent: Roundcube Webmail/0.9.2 -- Daniel Ruggeri On 8/3/2019 6:43 AM, Rainer Jung wrote: > Hi Daniel, > > did you forget to start the vote thread or are the uploads not ready yet? > > Thanks and regards, > > Rainer > > Am 02.08.2019 um 22:18 schrieb drugg...@apache.org: >> Author: druggeri >> Date: Fri Aug 2 20:18:19 2019 >> New Revision: 35120 >> >> Log: >> Add 2.4.40 files >> >> Added: >> dev/httpd/CHANGES_2.4 >> dev/httpd/CHANGES_2.4.40 >> dev/httpd/httpd-2.4.40-deps.tar.bz2 (with props) >> dev/httpd/httpd-2.4.40-deps.tar.bz2.asc >> dev/httpd/httpd-2.4.40-deps.tar.bz2.md5 >> dev/httpd/httpd-2.4.40-deps.tar.bz2.sha1 >> dev/httpd/httpd-2.4.40-deps.tar.bz2.sha256 >> dev/httpd/httpd-2.4.40-deps.tar.gz (with props) >> dev/httpd/httpd-2.4.40-deps.tar.gz.asc >> dev/httpd/httpd-2.4.40-deps.tar.gz.md5 >> dev/httpd/httpd-2.4.40-deps.tar.gz.sha1 >> dev/httpd/httpd-2.4.40-deps.tar.gz.sha256 >> dev/httpd/httpd-2.4.40.tar.bz2 (with props) >> dev/httpd/httpd-2.4.40.tar.bz2.asc >> dev/httpd/httpd-2.4.40.tar.bz2.md5 >> dev/httpd/httpd-2.4.40.tar.bz2.sha1 >> dev/httpd/httpd-2.4.40.tar.bz2.sha256 >> dev/httpd/httpd-2.4.40.tar.gz (with props) >> dev/httpd/httpd-2.4.40.tar.gz.asc >> dev/httpd/httpd-2.4.40.tar.gz.md5 >> dev/httpd/httpd-2.4.40.tar.gz.sha1 >> dev/httpd/httpd-2.4.40.tar.gz.sha256 >> Modified: >> dev/httpd/Announcement2.4.html >> dev/httpd/Announcement2.4.txt >> >> Modified: dev/httpd/Announcement2.4.html >> == >> >> --- dev/httpd/Announcement2.4.html (original) >> +++ dev/httpd/Announcement2.4.html Fri Aug 2 20:18:19 2019 >> @@ -49,7 +49,7 @@ >> >> >> - Apache HTTP Server 2.4.39 Released >> + Apache HTTP Server 2.4.40 Released >> >> >> September 21, 2018 >> @@ -57,7 +57,7 @@ >> >> The Apache Software Foundation and the Apache HTTP Server >> Project are >> pleased to > href="https://www.apache.org/dist/httpd/Announcement2.4.html";>announce >> - the release of version 2.4.39 of the Apache >> + the release of version 2.4.40 of the Apache >> HTTP Server ("Apache"). This version of Apache is our latest GA >> release of the new generation 2.4.x branch of Apache HTTPD and >> represents fifteen years of innovation by the project, and is >> @@ -69,7 +69,7 @@ >> encourage users of all prior versions to upgrade. >> >> >> - Apache HTTP Server 2.4.39 is available for download from: >> + Apache HTTP Server 2.4.40 is available for download from: >> >> >> https://httpd.apache.org/download.cgi"; >> @@ -77,7 +77,7 @@ >> >> >> Please see the CHANGES_2.4 file, >> linked from the download page, for a >> - full list of changes. A condensed list, > href="./CHANGES_2.4.39">CHANGES_2.4.39 includes only >> + full list of changes. A condensed list, > href="./CHANGES_2.4.40">CHANGES_2.4.40 includes only >> those changes introduced since the prior 2.4 release. A summary >> of all >> of the security vulnerabilities addressed in this and earlier >> releases >> is available: >> >> Modified: dev/httpd/Announcement2.4.txt >> == >> >> --- dev/httpd/Announcement2.4.txt (original) >> +++ dev/httpd/Announcement2.4.txt Fri Aug 2 20:18:19 2019 >> @@ -1,9 +1,9 @@ >> - Apache HTTP Server 2.4.39 Released >> + Apache HTTP Server 2.4.40 Released >> September 21, 2018 >> The Apache Software Foundation and the Apache HTTP Server Project >> - are pleased to announce the release of version 2.4.39 of the Apache >> + are pleased to announce the release of version 2.4.40 of the Apache >> HTTP Server ("Apache"). This version of Apache is our latest GA >> release of the new generation 2.4.x branch of Apache HTTPD and >> represents fifteen years of innovation by the project, and is >> @@ -13,7 +13,7 @@ >> We consider this release to be the best version of Apache >> available, and >> encourage users of all prior versions to upgrade. >> - Apache HTTP Server 2.4.39 is available for download from: >> + Apache HTTP Server 2.4.40 is available for download from: >> https://httpd.apache.org/download.cgi >> @@ -24,7 +24,7 @@ >> https://httpd.apache.org/docs/trunk/new_features_2_4.html >> Please see the CHANGES_2.4 file, linked from the download >> page, for a >> - full list of changes. A condensed list, CHANGES_2.4.39 in
Vote thread for 2.4.40 not started yet?
Hi Daniel, did you forget to start the vote thread or are the uploads not ready yet? Thanks and regards, Rainer Am 02.08.2019 um 22:18 schrieb drugg...@apache.org: Author: druggeri Date: Fri Aug 2 20:18:19 2019 New Revision: 35120 Log: Add 2.4.40 files Added: dev/httpd/CHANGES_2.4 dev/httpd/CHANGES_2.4.40 dev/httpd/httpd-2.4.40-deps.tar.bz2 (with props) dev/httpd/httpd-2.4.40-deps.tar.bz2.asc dev/httpd/httpd-2.4.40-deps.tar.bz2.md5 dev/httpd/httpd-2.4.40-deps.tar.bz2.sha1 dev/httpd/httpd-2.4.40-deps.tar.bz2.sha256 dev/httpd/httpd-2.4.40-deps.tar.gz (with props) dev/httpd/httpd-2.4.40-deps.tar.gz.asc dev/httpd/httpd-2.4.40-deps.tar.gz.md5 dev/httpd/httpd-2.4.40-deps.tar.gz.sha1 dev/httpd/httpd-2.4.40-deps.tar.gz.sha256 dev/httpd/httpd-2.4.40.tar.bz2 (with props) dev/httpd/httpd-2.4.40.tar.bz2.asc dev/httpd/httpd-2.4.40.tar.bz2.md5 dev/httpd/httpd-2.4.40.tar.bz2.sha1 dev/httpd/httpd-2.4.40.tar.bz2.sha256 dev/httpd/httpd-2.4.40.tar.gz (with props) dev/httpd/httpd-2.4.40.tar.gz.asc dev/httpd/httpd-2.4.40.tar.gz.md5 dev/httpd/httpd-2.4.40.tar.gz.sha1 dev/httpd/httpd-2.4.40.tar.gz.sha256 Modified: dev/httpd/Announcement2.4.html dev/httpd/Announcement2.4.txt Modified: dev/httpd/Announcement2.4.html == --- dev/httpd/Announcement2.4.html (original) +++ dev/httpd/Announcement2.4.html Fri Aug 2 20:18:19 2019 @@ -49,7 +49,7 @@ - Apache HTTP Server 2.4.39 Released + Apache HTTP Server 2.4.40 Released September 21, 2018 @@ -57,7 +57,7 @@ The Apache Software Foundation and the Apache HTTP Server Project are pleased to https://www.apache.org/dist/httpd/Announcement2.4.html";>announce - the release of version 2.4.39 of the Apache + the release of version 2.4.40 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is @@ -69,7 +69,7 @@ encourage users of all prior versions to upgrade. - Apache HTTP Server 2.4.39 is available for download from: + Apache HTTP Server 2.4.40 is available for download from: https://httpd.apache.org/download.cgi"; @@ -77,7 +77,7 @@ Please see the CHANGES_2.4 file, linked from the download page, for a - full list of changes. A condensed list, CHANGES_2.4.39 includes only + full list of changes. A condensed list, CHANGES_2.4.40 includes only those changes introduced since the prior 2.4 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: Modified: dev/httpd/Announcement2.4.txt == --- dev/httpd/Announcement2.4.txt (original) +++ dev/httpd/Announcement2.4.txt Fri Aug 2 20:18:19 2019 @@ -1,9 +1,9 @@ -Apache HTTP Server 2.4.39 Released +Apache HTTP Server 2.4.40 Released September 21, 2018 The Apache Software Foundation and the Apache HTTP Server Project - are pleased to announce the release of version 2.4.39 of the Apache + are pleased to announce the release of version 2.4.40 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is @@ -13,7 +13,7 @@ We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. - Apache HTTP Server 2.4.39 is available for download from: + Apache HTTP Server 2.4.40 is available for download from: https://httpd.apache.org/download.cgi @@ -24,7 +24,7 @@ https://httpd.apache.org/docs/trunk/new_features_2_4.html Please see the CHANGES_2.4 file, linked from the download page, for a - full list of changes. A condensed list, CHANGES_2.4.39 includes only + full list of changes. A condensed list, CHANGES_2.4.40 includes only those changes introduced since the prior 2.4 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available:
Re: changelog mod_md ssl patch
Hi Steffen, Am 03.08.2019 um 12:36 schrieb Steffen: Changelog says mod_ssl needs patch. That is a typo or where is the patch. *) mod_md: new features - supports the ACMEv2 protocol - new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available I would say it's conatined in: *) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for adding certificates and keys to a virtual host. An additional hook allows answering special TLS connections as used in ACME challenges. Adding 2 new hooks for init/get of OCSP stapling status information when other modules want to provide those. Falls back to own implementation with same behaviour as before. [Stefan Eissing] especially in "An additional hook allows answering special TLS connections as used in ACME challenges.". The refence to a needed mod_ssl patch is a bit hard tu understand here and probably had a historical reason, before that patch actually got applied to mod_ssl (and if you are using mod_md from github and mod_ssl is older). Regards, Rainer
changelog mod_md ssl patch
Changelog says mod_ssl needs patch. That is a typo or where is the patch. *) mod_md: new features - supports the ACMEv2 protocol - new challenge method 'tls-alpn-01' implemented, needs mod_ssl patch to become available