trunk/rc usable with OpenSSL 3.0.0 ?
ALL : I may receive no reply to this but in general I have been able to build Apache httpd from any release tarball as well as from trunk. When httpd needed to get TLS 1.3 working it was a slam dunk to get that working and it did. However now we have OpenSSL 3.0.0 and it seems that neither the latest RC works nor does trunk. So then ... how to proceed ? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional PS: trunk 1893292 fails even autoreconf and then more horror follows
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On 9/12/21 22:41, Dennis Clarke wrote:
> On 9/12/21 07:55, Bernard Spil wrote:
reply to self again ...
Looking in trunk I see modules/ssl/ssl_private.h :
struct SSLSrvConfigRec {
SSLModConfigRec *mc;
ssl_enabled_tenabled;
const char *vhost_id;
const unsigned char *vhost_md5; /* = ap_md5_binary(vhost_id, ...) */
int session_cache_timeout;
BOOL cipher_server_pref;
BOOL insecure_reneg;
modssl_ctx_t*server;
#ifdef HAVE_TLSEXT
ssl_enabled_tstrict_sni_vhost_check;
#endif
#ifndef OPENSSL_NO_COMP
BOOL compression;
#endif
BOOL session_tickets;
};
This member vhost_md5 does not exist in 2.4.49 :
struct SSLSrvConfigRec {
SSLModConfigRec *mc;
ssl_enabled_tenabled;
const char *vhost_id;
int vhost_id_len;
int session_cache_timeout;
BOOL cipher_server_pref;
BOOL insecure_reneg;
modssl_ctx_t*server;
#ifdef HAVE_TLSEXT
ssl_enabled_tstrict_sni_vhost_check;
#endif
#ifdef HAVE_FIPS
BOOL fips;
#endif
#ifndef OPENSSL_NO_COMP
BOOL compression;
#endif
BOOL session_tickets;
};
I will go back to trunk and see where I land.
Dennis
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On 9/12/21 07:55, Bernard Spil wrote: > ERR_GET_FUNC was blocking this for me on FreeBSD 13 with OpenSSL 3.0 from > ports. > Warning in build logs, but failure at runtime > > ssl_engine_init.c:1375:22: warning: implicit declaration of function > 'ERR_GET_FUNC' is invalid in C99 [-Wimplicit-function-declaration] > && (ERR_GET_FUNC(ERR_peek_last_error()) > > and the fix is https://svn.apache.org/viewvc?view=revision&revision=1891138 > as noted above. > > All seems well with that r1891138 fix and OpenSSL 3.0.0 on FreeBSD > 13.0-p4 amd64 / clang 11.0.1 > > [Sun Sep 12 11:48:50.820341 2021] [mpm_event:notice] [pid 80970:tid > 34372395008] AH00489: Apache/2.4.49 (FreeBSD) OpenSSL/3.0.0 configured > -- resuming normal operations > Thank you for the top-post reply. I am still of the opinion that "-1 There's trouble in paradise." due to the fact that the 2.4.49-rc1 tarball will not work out of the box with the production release of OpenSSL 3.0.0. There needs to be a fix here such that it "just works"(tm) with the latest OpenSSL. > On Sun, Sep 12, 2021 at 7:02 AM Dennis Clarke wrote: >> >> On 9/12/21 02:36, Dennis Clarke wrote: >>> On 9/10/21 11:23, ste...@eissing.org wrote: Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball httpd-2.4.49-rc1 as 2.4.49: [ ] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. >> >> * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * * >> >> >> Reply to self here ... >> >> I discovered in the OpenSSL 3.0.0 release notes: >> >> >> * The ERR_GET_FUNC() function was removed. With the loss >>of meaningful function codes, this function can only >>cause problems for calling applications. >> >>Paul Dale >> >> >> Thus ERR_GET_FUNC() was removed, but it looks like httpd is still >> trying to use it, which explains the error I'm seeing. What I see >> is : >> >> >> >> beta # >> beta # /opt/bw/bin/httpd -V >> Server version: Apache/2.4.49 (Unix) >> Server built: Sep 12 2021 03:54:11 >> Server's Module Magic Number: 20120211:116 >> Server loaded: APR 1.7.0, APR-UTIL 1.6.1 >> Compiled using: APR 1.7.0, APR-UTIL 1.6.1 >> Architecture: 64-bit >> Server MPM: event >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_PROC_PTHREAD_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=256 >> -D HTTPD_ROOT="/opt/bw" >> -D SUEXEC_BIN="/opt/bw/bin/suexec" >> -D DEFAULT_PIDLOG="var/apache/httpd/logs/httpd.pid" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="etc/apache/httpd/mime.types" >> -D SERVER_CONFIG_FILE="etc/apache/httpd/httpd.conf" >> beta # >> beta # >> beta # /opt/bw/bin/apachectl start >> httpd: Syntax error on line 75 of /opt/bw/etc/apache/httpd/httpd.conf: >> Cannot load modules/mod_ssl.so into server: ld.so.1: httpd: fatal: >> relocation error: file /opt/bw/modules/mod_ssl.so: symbol ERR_GET_FUNC: >> referenced symbol not found >> beta # >> >> We see https://github.com/apache/httpd/pull/258 exists however I am >> only now looking at how to patch 2.4.49 based on those changes in >> trunk. I will take a close look at the patch links : https://svn.apache.org/viewvc?view=revision&revision=1891138 At first glance there are many changes to modules/ssl/ssl_engine_init.c so this is not just a three line change. However it may work /opt/bw/build-1/libtool --silent --mode=compile \ /opt/developerstudio12.6/bin/cc -I/opt/bw/include \ -std=iso9899:2011 -m64 -xarch=sparc -xO0 -g -errfmt=error \ -erroff=%none -errshort=full -xstrconst -xildoff \ -xmemalign=8s -xnolibmil -xcode=pic32 -xregs=no%appl \ -xlibmieee -mc -ftrap=%none -xbuiltin=%none -xunroll=1 -Qy \ -xdebugformat=dwarf -DSOLARIS2=10 -D_REENTRANT \ -I/opt/bw/include \ -D_POSIX_PTHREAD_SEMANTICS -D_LARGEFILE64_SOURCE -D_TS_ERRNO \ -D_X_OPEN_SOURCE=600 \ -I. \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/os/unix \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/include \ -I/opt/bw/include/apr-1 -I/opt/bw/include \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/aaa \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/cache \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/core \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10_sparcv9_sslv3.003/modules/database \ -I/opt/bw/build/httpd-2.4.49-rc1_sunos5.10
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On Fri, Sep 10, 2021 at 5:24 PM ste...@eissing.org wrote: > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.49-rc1 as 2.4.49: [X] +1: It's not just good, it's good enough! All my testing passed on debian(s) 11 and 10. Thanks again Stefan for this new release and the great procedure for future ones!
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
Hi, no problems found on Debian 11. 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 GNU/Linux OpenSSL 1.1.1l 24 Aug 2021 (Library: OpenSSL 1.1.1k 25 Mar 2021) Server version: Apache/2.4.49 (Unix) Server built: Sep 13 2021 00:03:20 Server's Module Magic Number: 20120211:116 Server loaded: APR 1.7.0, APR-UTIL 1.6.1 Compiled using: APR 1.7.0, APR-UTIL 1.6.1 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/opt/apache/2.4.49" -D SUEXEC_BIN="/opt/apache/2.4.49/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Cheers, C Am Fri, Sep 10, 2021 at 05:23:53PM +0200 schrieb ste...@eissing.org: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > [ ] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 525378680b3474ff319b83af76565891f8b98331 *httpd-2.4.49-rc1.tar.gz > sha256: 345d3b9b218b1974d1cebd5ae72f6a661d83b52d839310222ff9ec94abb62205 > *httpd-2.4.49-rc1.tar.gz > sha512: > 8efa12f239e1075c0eb8634dde5fa12e73b766a6a8f17882d6bedab8be3e02a1a15be8288413bb6da5be34e58a6e239342cdcb59ebe2d8d88ea4712028b03e5f > *httpd-2.4.49-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.49-rc1. > > PS. Some slight change to previous releases: > The tarballs carry a prefix '-rc1' but the directory it unpacks > to is 'httpd-2.4.49'. This is to make sure that, when you vote > on a tarball and it is accepted, that we can release this very > thing you voted on. > All other things should be the same as in previous releases.
Re: svn commit: r1893284 - /httpd/test/framework/trunk/README
On Sun, Sep 12, 2021 at 1:36 PM Christophe JAILLET wrote: > > Hi, > Caveat: I don't know much of anything on this stuff > I've also been looking at this README file today and I have a few questions: >- some of the explicitly named modules looks redundant with what is > already in Bundle::ApacheTest >- Crypt::SSLeay looks spurious. It doesn't compile on my machine > because of function name conflicts with my openssl > there is also a big warning that says that (recent) > LWP::Protocol::https should be enough Seems consistent with this rev: $ svn log -c r1237461 r1237461 | rjung | 2012-01-29 15:39:23 -0500 (Sun, 29 Jan 2012) | 14 lines Add LWP::Protocol::https to Bundle::ApacheTest and update version number of the bundle. Otherwise https support will not be installed. The docs of the added module tell us: "This module used to be bundled with the libwww-perl, but it was unbundled in v6.02 in order to be able to declare its dependencies properly for the CPAN tool-chain. Applications that need https support can just declare their dependency on LWP::Protocol::https and will no longer need to know what underlying modules to install." I guess the way we run it we can just casually change it in SVN and not worry about a release? >- this list is not in line with what is configured in .travis.yml >From eyeballing they don't seem too far off > What puzzles me the most is the 3rd point. Unfortunately I spoiled my env a little after reporting my results by playing with the cpanm one-liner, so when I just went in to remove Crypt::SSLeay I actually got more successful tests than what I reported for 2.4.49. I think we could synch them up, using the more modern list in travis as a basis, and cross-link them with comments so they have a chance of not drifting much further
Re: svn commit: r1893284 - /httpd/test/framework/trunk/README
Hi, I've also been looking at this README file today and I have a few questions: - some of the explicitly named modules looks redundant with what is already in Bundle::ApacheTest - Crypt::SSLeay looks spurious. It doesn't compile on my machine because of function name conflicts with my openssl there is also a big warning that says that (recent) LWP::Protocol::https should be enough - this list is not in line with what is configured in .travis.yml What puzzles me the most is the 3rd point. CJ Le 12/09/2021 à 19:12, cove...@apache.org a écrit : Author: covener Date: Sun Sep 12 17:12:55 2021 New Revision: 1893284 URL: http://svn.apache.org/viewvc?rev=1893284&view=rev Log: add FCGI and show cpanminus syntax for installation of all at onace Modified: httpd/test/framework/trunk/README Modified: httpd/test/framework/trunk/README URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/README?rev=1893284&r1=1893283&r2=1893284&view=diff == --- httpd/test/framework/trunk/README (original) +++ httpd/test/framework/trunk/README Sun Sep 12 17:12:55 2021 @@ -29,19 +29,15 @@ http://svn.apache.org/viewvc/perl/modper To run the tests for all Apache web server modules, some additional CPAN modules will be required. If the tests don't work, make sure that you have up to date versions of each of these perl modules: -- HTTP::DAV (DAV tests) -- DateTime (mod_include tests) -- Time::HiRes -- Protocol::HTTP2::Client and AnyEvent (mod_http2 tests) -- Test -- Test::Harness -- Crypt::SSLeay -- Net::SSLeay -- IO::Socket::SSL -- IO::Socket::IP -- IO::Select -- LWP::Protocol::https -- AnyEvent::WebSocket::Client; + +``` +cpan App::cpanminus +cpanm Bundle::ApacheTest \ + HTTP::DAV DateTime Time::HiRes Protocol::HTTP2::Client Test \ + Test::Harness Crypt::SSLeay Net::SSLeay IO::Socket::SSL \ + IO::Socket::IP IO::Select LWP::Protocol::https AnyEvent \ + AnyEvent::WebSocket::Client FCGI +``` Quick Start
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
+1, thanks again for RM'ing and the release improvements. AIX/xlc/ppc64 100% on httpd-framework albeit not the greatest module coverage on my new system Files=139, Tests=7027, 231 wallclock secs ( 1.82 usr 0.43 sys + 45.99 cusr 20.74 csys = 68.98 CPU) Result: PASS On Fri, Sep 10, 2021 at 11:24 AM ste...@eissing.org wrote: > > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > [ ] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 525378680b3474ff319b83af76565891f8b98331 *httpd-2.4.49-rc1.tar.gz > sha256: 345d3b9b218b1974d1cebd5ae72f6a661d83b52d839310222ff9ec94abb62205 > *httpd-2.4.49-rc1.tar.gz > sha512: > 8efa12f239e1075c0eb8634dde5fa12e73b766a6a8f17882d6bedab8be3e02a1a15be8288413bb6da5be34e58a6e239342cdcb59ebe2d8d88ea4712028b03e5f > *httpd-2.4.49-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.49-rc1. > > PS. Some slight change to previous releases: > The tarballs carry a prefix '-rc1' but the directory it unpacks > to is 'httpd-2.4.49'. This is to make sure that, when you vote > on a tarball and it is accepted, that we can release this very > thing you voted on. > All other things should be the same as in previous releases. -- Eric Covener cove...@gmail.com
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On 11/09/2021 01:23, ste...@eissing.org wrote: Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball httpd-2.4.49-rc1 as 2.4.49: [ ] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 525378680b3474ff319b83af76565891f8b98331 *httpd-2.4.49-rc1.tar.gz sha256: 345d3b9b218b1974d1cebd5ae72f6a661d83b52d839310222ff9ec94abb62205 *httpd-2.4.49-rc1.tar.gz sha512: 8efa12f239e1075c0eb8634dde5fa12e73b766a6a8f17882d6bedab8be3e02a1a15be8288413bb6da5be34e58a6e239342cdcb59ebe2d8d88ea4712028b03e5f *httpd-2.4.49-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.49-rc1. PS. Some slight change to previous releases: The tarballs carry a prefix '-rc1' but the directory it unpacks to is 'httpd-2.4.49'. This is to make sure that, when you vote on a tarball and it is accepted, that we can release this very thing you voted on. All other things should be the same as in previous releases. All good on slackware 14.2 and 15.0-rc1 (running 24 hours) using apr 1.70, and apr-util-1.6.1-patched (1 patch only applied against orig src, req'd for mariadb 10.2+) and openssl-1.1.1L -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On Sun, Sep 12, 2021 at 2:07 PM Eric Covener wrote: > > On Sun, Sep 12, 2021 at 3:02 AM Dennis Clarke wrote: > > > > On 9/12/21 02:36, Dennis Clarke wrote: > > > On 9/10/21 11:23, ste...@eissing.org wrote: > > >> Hi, all; > > >>Please find below the proposed release tarball and signatures: > > >> https://dist.apache.org/repos/dist/dev/httpd/ > > >> > > >> I would like to call a VOTE over the next few days to release > > >> this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > > >> [ ] +1: It's not just good, it's good enough! > > >> [ ] +0: Let's have a talk. > > >> [ ] -1: There's trouble in paradise. Here's what's wrong. > > >> > > > > * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * * > > > > > > > Reply to self here ... > > > > I discovered in the OpenSSL 3.0.0 release notes: > > > > > > * The ERR_GET_FUNC() function was removed. With the loss > >of meaningful function codes, this function can only > >cause problems for calling applications. > > > >Paul Dale > > > > > > Thus ERR_GET_FUNC() was removed, but it looks like httpd is still > > trying to use it, which explains the error I'm seeing. What I see > > is : > > > This seems like a configuration that wouldn't have worked for 2.4.48. > I don't think it has any bearing on a 2.4.49 release. +1
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On Sun, Sep 12, 2021 at 3:02 AM Dennis Clarke wrote: > > On 9/12/21 02:36, Dennis Clarke wrote: > > On 9/10/21 11:23, ste...@eissing.org wrote: > >> Hi, all; > >>Please find below the proposed release tarball and signatures: > >> https://dist.apache.org/repos/dist/dev/httpd/ > >> > >> I would like to call a VOTE over the next few days to release > >> this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > >> [ ] +1: It's not just good, it's good enough! > >> [ ] +0: Let's have a talk. > >> [ ] -1: There's trouble in paradise. Here's what's wrong. > >> > > * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * * > > > Reply to self here ... > > I discovered in the OpenSSL 3.0.0 release notes: > > > * The ERR_GET_FUNC() function was removed. With the loss >of meaningful function codes, this function can only >cause problems for calling applications. > >Paul Dale > > > Thus ERR_GET_FUNC() was removed, but it looks like httpd is still > trying to use it, which explains the error I'm seeing. What I see > is : This seems like a configuration that wouldn't have worked for 2.4.48. I don't think it has any bearing on a 2.4.49 release.
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
ERR_GET_FUNC was blocking this for me on FreeBSD 13 with OpenSSL 3.0 from ports. Warning in build logs, but failure at runtime ssl_engine_init.c:1375:22: warning: implicit declaration of function 'ERR_GET_FUNC' is invalid in C99 [-Wimplicit-function-declaration] && (ERR_GET_FUNC(ERR_peek_last_error()) and the fix is https://svn.apache.org/viewvc?view=revision&revision=1891138 as noted above. All seems well with that r1891138 fix and OpenSSL 3.0.0 on FreeBSD 13.0-p4 amd64 / clang 11.0.1 [Sun Sep 12 11:48:50.820341 2021] [mpm_event:notice] [pid 80970:tid 34372395008] AH00489: Apache/2.4.49 (FreeBSD) OpenSSL/3.0.0 configured -- resuming normal operations On Sun, Sep 12, 2021 at 7:02 AM Dennis Clarke wrote: > > On 9/12/21 02:36, Dennis Clarke wrote: > > On 9/10/21 11:23, ste...@eissing.org wrote: > >> Hi, all; > >>Please find below the proposed release tarball and signatures: > >> https://dist.apache.org/repos/dist/dev/httpd/ > >> > >> I would like to call a VOTE over the next few days to release > >> this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > >> [ ] +1: It's not just good, it's good enough! > >> [ ] +0: Let's have a talk. > >> [ ] -1: There's trouble in paradise. Here's what's wrong. > >> > > * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * * > > > Reply to self here ... > > I discovered in the OpenSSL 3.0.0 release notes: > > > * The ERR_GET_FUNC() function was removed. With the loss >of meaningful function codes, this function can only >cause problems for calling applications. > >Paul Dale > > > Thus ERR_GET_FUNC() was removed, but it looks like httpd is still > trying to use it, which explains the error I'm seeing. What I see > is : > > > > beta # > beta # /opt/bw/bin/httpd -V > Server version: Apache/2.4.49 (Unix) > Server built: Sep 12 2021 03:54:11 > Server's Module Magic Number: 20120211:116 > Server loaded: APR 1.7.0, APR-UTIL 1.6.1 > Compiled using: APR 1.7.0, APR-UTIL 1.6.1 > Architecture: 64-bit > Server MPM: event > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_PROC_PTHREAD_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=256 > -D HTTPD_ROOT="/opt/bw" > -D SUEXEC_BIN="/opt/bw/bin/suexec" > -D DEFAULT_PIDLOG="var/apache/httpd/logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="etc/apache/httpd/mime.types" > -D SERVER_CONFIG_FILE="etc/apache/httpd/httpd.conf" > beta # > beta # > beta # /opt/bw/bin/apachectl start > httpd: Syntax error on line 75 of /opt/bw/etc/apache/httpd/httpd.conf: > Cannot load modules/mod_ssl.so into server: ld.so.1: httpd: fatal: > relocation error: file /opt/bw/modules/mod_ssl.so: symbol ERR_GET_FUNC: > referenced symbol not found > beta # > > We see https://github.com/apache/httpd/pull/258 exists however I am > only now looking at how to patch 2.4.49 based on those changes in > trunk. > > -- > Dennis Clarke > RISC-V/SPARC/PPC/ARM/CISC > UNIX and Linux spoken > GreyBeard and suspenders optional
Bug report for Apache httpd-2 [2021/09/12]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i| |11580|Opn|Enh|2002-08-09|generate Content-Location headers | |12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long| |13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation | |14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR| |16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.| |17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi| |17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header| |20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment | |21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced ! | |21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut| |22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down| |22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7| |22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header | |23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54| |24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32| |24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact| |24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g| |25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files | |25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP | |26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability | |27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid | |27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins| |29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp| |29510|Ass|Enh|2004-06-10|ab does not support multiple cookies | |29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client | |30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do| |30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ| |31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in | |31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use| |31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules| |32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern| |32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak| |33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)| |34519|New|Enh|2005-04-19|Directory index should emit valid XHTML | |35098|Ver|Maj|2005-05-27|Install fails using --prefix | |35154|Opn|Nor|2005-06-01|Support for NID_serialNumber, etc. in SSLUserName | |35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c| |35768|Opn|Nor|2005-07-17|Missing file logs at far too high of log level| |36636|Opn|Maj|2005-09-13|database write lock taken for PROPFIND operations | |36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for| |36710|Opn|Blk|2005-09-19|CGI output not captured | |37006|Ver|Reg|2005-10-11|"pthread" error when compiling under AIX 5.3 using| |37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo| |37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i| |38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r| |38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes| |38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve| |39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning | |39287|New|Nor|2006-04-12|Incorrect If-Modified-Since validation (due to syn| |39727|Ass|Nor|2006-06-05|Incorrect ETag on gzip:ed content | |39748|
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On 9/12/21 02:36, Dennis Clarke wrote: > On 9/10/21 11:23, ste...@eissing.org wrote: >> Hi, all; >>Please find below the proposed release tarball and signatures: >> https://dist.apache.org/repos/dist/dev/httpd/ >> >> I would like to call a VOTE over the next few days to release >> this candidate tarball httpd-2.4.49-rc1 as 2.4.49: >> [ ] +1: It's not just good, it's good enough! >> [ ] +0: Let's have a talk. >> [ ] -1: There's trouble in paradise. Here's what's wrong. >> * * * NOTE -1 There's trouble in paradise. Here's what's wrong. * * * Reply to self here ... I discovered in the OpenSSL 3.0.0 release notes: * The ERR_GET_FUNC() function was removed. With the loss of meaningful function codes, this function can only cause problems for calling applications. Paul Dale Thus ERR_GET_FUNC() was removed, but it looks like httpd is still trying to use it, which explains the error I'm seeing. What I see is : beta # beta # /opt/bw/bin/httpd -V Server version: Apache/2.4.49 (Unix) Server built: Sep 12 2021 03:54:11 Server's Module Magic Number: 20120211:116 Server loaded: APR 1.7.0, APR-UTIL 1.6.1 Compiled using: APR 1.7.0, APR-UTIL 1.6.1 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/opt/bw" -D SUEXEC_BIN="/opt/bw/bin/suexec" -D DEFAULT_PIDLOG="var/apache/httpd/logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="etc/apache/httpd/mime.types" -D SERVER_CONFIG_FILE="etc/apache/httpd/httpd.conf" beta # beta # beta # /opt/bw/bin/apachectl start httpd: Syntax error on line 75 of /opt/bw/etc/apache/httpd/httpd.conf: Cannot load modules/mod_ssl.so into server: ld.so.1: httpd: fatal: relocation error: file /opt/bw/modules/mod_ssl.so: symbol ERR_GET_FUNC: referenced symbol not found beta # We see https://github.com/apache/httpd/pull/258 exists however I am only now looking at how to patch 2.4.49 based on those changes in trunk. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional
