2.2.12 ?

[Philip M. Gollucci]

Hi,

I count ~24 changes since 2.2.11 and at least 2 of which I've been asked to 
plop directly in freebsd ports tree.  That tells me its time.


I know I haven't done it before, but I might consider being the RM if everyone 
else is ENOTIME.


Thoughts?
--

1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollu...@p6m7g8.com) c: 703.336.9354
Consultant  - P6M7G8 Inc.http://p6m7g8.net
Senior Sys Admin- RideCharge, Inc.   http://ridecharge.com
Contractor  - PositiveEnergyUSA  http://positiveenergyusa.com
ASF Member  - Apache Software Foundation http://apache.org
FreeBSD Committer   - FreeBSD Foundation http://freebsd.org

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

Re: 2.2.12 ?

[Jeff Trawick]

On Mon, Apr 20, 2009 at 2:36 PM, Philip M. Gollucci wrote:

> Hi,
>
> I count ~24 changes since 2.2.11 and at least 2 of which I've been asked to
> plop directly in freebsd ports tree.  That tells me its time.
>
> I know I haven't done it before, but I might consider being the RM if
> everyone else is ENOTIME.
>
> Thoughts?


+1

Re: 2.2.12 ?

[jean-frederic clere]

Philip M. Gollucci wrote:

Hi,

I count ~24 changes since 2.2.11 and at least 2 of which I've been asked 
to plop directly in freebsd ports tree.  That tells me its time.


I know I haven't done it before, but I might consider being the RM if 
everyone else is ENOTIME.


Thoughts?


Rainer wanted to port some mod_balancer improvemenet I would like to 
wait for them.


Cheers

Jean-Frederic

Re: 2.2.12 ?

[Rainer Jung]

On 21.04.2009 08:48, jean-frederic clere wrote:
> Philip M. Gollucci wrote:
>> Hi,
>>
>> I count ~24 changes since 2.2.11 and at least 2 of which I've been
>> asked to plop directly in freebsd ports tree.  That tells me its time.
>>
>> I know I haven't done it before, but I might consider being the RM if
>> everyone else is ENOTIME.
>>
>> Thoughts?
> 
> Rainer wanted to port some mod_balancer improvemenet I would like to
> wait for them.

Are you talking about the way the load counters are done (porting the JK
by request algorithm)? I think that should not only go first into trunk,
but also should stay there for some time to allow people to decide,
whether it is fine to switch from one 2.2.x release to the next. 2.2.12
will be to early for that.

Or are you talking about something else?

Regards,

Rainer

Re: 2.2.12 ?

[Niklas Edmundsson]

On Mon, 20 Apr 2009, Philip M. Gollucci wrote:


Hi,

I count ~24 changes since 2.2.11 and at least 2 of which I've been asked to 
plop directly in freebsd ports tree.  That tells me its time.


I know I haven't done it before, but I might consider being the RM if 
everyone else is ENOTIME.


+1

To release often is usually good. If we have fixes committed that 
people want/need, ship it.


/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se  | ni...@acc.umu.se
---
 Paranoids are never alone.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Re: 2.2.12 ?

[jean-frederic clere]

Rainer Jung wrote:

On 21.04.2009 08:48, jean-frederic clere wrote:

Philip M. Gollucci wrote:

Hi,

I count ~24 changes since 2.2.11 and at least 2 of which I've been
asked to plop directly in freebsd ports tree.  That tells me its time.

I know I haven't done it before, but I might consider being the RM if
everyone else is ENOTIME.

Thoughts?

Rainer wanted to port some mod_balancer improvemenet I would like to
wait for them.


Are you talking about the way the load counters are done (porting the JK
by request algorithm)? I think that should not only go first into trunk,
but also should stay there for some time to allow people to decide,
whether it is fine to switch from one 2.2.x release to the next. 2.2.12
will be to early for that.

Or are you talking about something else?


It could wait... I need time to play with Jim's branch httpd-2.2-proxy.

Cheers

Jean-Frederic



Regards,

Rainer

Re: 2.2.12 ?

[Gregg L. Smith]

So does this mean we can expect to see 2.2.12 soon?

Regards,
Gregg

jean-frederic clere wrote:

Rainer Jung wrote:

On 21.04.2009 08:48, jean-frederic clere wrote:

Philip M. Gollucci wrote:

Hi,

I count ~24 changes since 2.2.11 and at least 2 of which I've been
asked to plop directly in freebsd ports tree.  That tells me its time.

I know I haven't done it before, but I might consider being the RM if
everyone else is ENOTIME.

Thoughts?

Rainer wanted to port some mod_balancer improvemenet I would like to
wait for them.


Are you talking about the way the load counters are done (porting the JK
by request algorithm)? I think that should not only go first into trunk,
but also should stay there for some time to allow people to decide,
whether it is fine to switch from one 2.2.x release to the next. 2.2.12
will be to early for that.

Or are you talking about something else?


It could wait... I need time to play with Jim's branch httpd-2.2-proxy.

Cheers

Jean-Frederic



Regards,

Rainer

  

Re: 2.2.12 ?

[Ruediger Pluem]

On 04/30/2009 05:51 PM, Gregg L. Smith wrote:
> So does this mean we can expect to see 2.2.12 soon?

Jim said that he thinks about tagging somewhere in May.
I hope to get the SNI patches summarized in a backportable
way by then to have them included in 2.2.12.
OTOH it looks like that we need fresh releases of apr and
apr-util before to fix some critical issues the current
versions of both cause with httpd. So it may take a bit
more time until 2.2.12.

Regards

Rüdiger

Re: 2.2.12 ?

[Kaspar Brand]

Ruediger Pluem wrote:
> I hope to get the SNI patches summarized in a backportable
> way by then to have them included in 2.2.12.

Didn't want to rush things, but since there were no objections to the
recent trunk commits so far - here's an updated backport for 2.2
(including your improvements from March/April, see revision list at the
top of the file):

http://sni.velox.ch/httpd-2.2.x-sni.20090426.diff

Kaspar

Re: 2.2.12 ?

[Ruediger Pluem]

On 05/01/2009 07:11 AM, Kaspar Brand wrote:
> Ruediger Pluem wrote:
>> I hope to get the SNI patches summarized in a backportable
>> way by then to have them included in 2.2.12.
> 
> Didn't want to rush things, but since there were no objections to the
> recent trunk commits so far - here's an updated backport for 2.2
> (including your improvements from March/April, see revision list at the
> top of the file):
> 
> http://sni.velox.ch/httpd-2.2.x-sni.20090426.diff

Thanks for this. Especially the list of revision numbers will be
very helpful for the further process.

Regards

Rüdiger

Re: 2.2.12 ?

[William A. Rowe, Jr.]

Ruediger Pluem wrote:
> 
> On 05/01/2009 07:11 AM, Kaspar Brand wrote:
>> Ruediger Pluem wrote:
>>> I hope to get the SNI patches summarized in a backportable
>>> way by then to have them included in 2.2.12.
>> Didn't want to rush things, but since there were no objections to the
>> recent trunk commits so far - here's an updated backport for 2.2
>> (including your improvements from March/April, see revision list at the
>> top of the file):
>>
>> http://sni.velox.ch/httpd-2.2.x-sni.20090426.diff
> 
> Thanks for this. Especially the list of revision numbers will be
> very helpful for the further process.

I have only one small concern about adopting this.  Consider the diversity
of installations which users install httpd onto.

--- httpd-2.2.x/modules/ssl/mod_ssl.c   (revision 768694)
+++ httpd-2.2.x/modules/ssl/mod_ssl.c   (working copy)
@@ -145,6 +145,10 @@ static const command_rec ssl_config_cmds[] = {
 "Use the server's cipher ordering preference")
 SSL_CMD_ALL(UserName, TAKE1,
 "Set user name to SSL variable value")
+#ifndef OPENSSL_NO_TLSEXT
+SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
+"Strict SNI virtual host checking")
+#endif

This provides no clue why the directive fails.  I'm not fond of conditional
compilation of directives.

If we can ensure the StrictSNIVHostCheck always exists, but exits when it
is not supported with;

#ifndef OPENSSL_NO_TLSEXT
return "StrictSNIVHostCheck failed; OpenSSL is not built with support "
   "for TLS extensions and SNI indication.  Refer to the "
   "documentation, and build a compatible version of openssl";
#else
... usual stuff
#endif

Does this make better sense to avoid user complaints?

Re: 2.2.12 ?

[Ruediger Pluem]

On 05/02/2009 12:21 AM, William A. Rowe, Jr. wrote:
> Ruediger Pluem wrote:
>> On 05/01/2009 07:11 AM, Kaspar Brand wrote:
>>> Ruediger Pluem wrote:
>>>> I hope to get the SNI patches summarized in a backportable
>>>> way by then to have them included in 2.2.12.
>>> Didn't want to rush things, but since there were no objections to the
>>> recent trunk commits so far - here's an updated backport for 2.2
>>> (including your improvements from March/April, see revision list at the
>>> top of the file):
>>>
>>> http://sni.velox.ch/httpd-2.2.x-sni.20090426.diff
>> Thanks for this. Especially the list of revision numbers will be
>> very helpful for the further process.
> 
> I have only one small concern about adopting this.  Consider the diversity
> of installations which users install httpd onto.
> 
> --- httpd-2.2.x/modules/ssl/mod_ssl.c (revision 768694)
> +++ httpd-2.2.x/modules/ssl/mod_ssl.c (working copy)
> @@ -145,6 +145,10 @@ static const command_rec ssl_config_cmds[] = {
>  "Use the server's cipher ordering preference")
>  SSL_CMD_ALL(UserName, TAKE1,
>  "Set user name to SSL variable value")
> +#ifndef OPENSSL_NO_TLSEXT
> +SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
> +"Strict SNI virtual host checking")
> +#endif
> 
> This provides no clue why the directive fails.  I'm not fond of conditional
> compilation of directives.
> 
> If we can ensure the StrictSNIVHostCheck always exists, but exits when it
> is not supported with;
> 
> #ifndef OPENSSL_NO_TLSEXT
> return "StrictSNIVHostCheck failed; OpenSSL is not built with support "
>"for TLS extensions and SNI indication.  Refer to the "
>"documentation, and build a compatible version of openssl";
> #else
> ... usual stuff
> #endif
> 
> Does this make better sense to avoid user complaints?

Apart for the fact that you need to swap both blocks above, yes this makes 
sense :-).
I try to adjust it if no one beats me to it.

Regards

Rüdiger

Re: 2.2.12 ?

[Ruediger Pluem]

On 05/02/2009 09:37 AM, Ruediger Pluem wrote:
> 
> On 05/02/2009 12:21 AM, William A. Rowe, Jr. wrote:
>> Ruediger Pluem wrote:
>>> On 05/01/2009 07:11 AM, Kaspar Brand wrote:
>>>> Ruediger Pluem wrote:
>>>>> I hope to get the SNI patches summarized in a backportable
>>>>> way by then to have them included in 2.2.12.
>>>> Didn't want to rush things, but since there were no objections to the
>>>> recent trunk commits so far - here's an updated backport for 2.2
>>>> (including your improvements from March/April, see revision list at the
>>>> top of the file):
>>>>
>>>> http://sni.velox.ch/httpd-2.2.x-sni.20090426.diff
>>> Thanks for this. Especially the list of revision numbers will be
>>> very helpful for the further process.
>> I have only one small concern about adopting this.  Consider the diversity
>> of installations which users install httpd onto.
>>
>> --- httpd-2.2.x/modules/ssl/mod_ssl.c(revision 768694)
>> +++ httpd-2.2.x/modules/ssl/mod_ssl.c(working copy)
>> @@ -145,6 +145,10 @@ static const command_rec ssl_config_cmds[] = {
>>  "Use the server's cipher ordering preference")
>>  SSL_CMD_ALL(UserName, TAKE1,
>>  "Set user name to SSL variable value")
>> +#ifndef OPENSSL_NO_TLSEXT
>> +SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
>> +"Strict SNI virtual host checking")
>> +#endif
>>
>> This provides no clue why the directive fails.  I'm not fond of conditional
>> compilation of directives.
>>
>> If we can ensure the StrictSNIVHostCheck always exists, but exits when it
>> is not supported with;
>>
>> #ifndef OPENSSL_NO_TLSEXT
>> return "StrictSNIVHostCheck failed; OpenSSL is not built with support "
>>"for TLS extensions and SNI indication.  Refer to the "
>>"documentation, and build a compatible version of openssl";
>> #else
>> ... usual stuff
>> #endif
>>
>> Does this make better sense to avoid user complaints?
> 
> Apart for the fact that you need to swap both blocks above, yes this makes 
> sense :-).
> I try to adjust it if no one beats me to it.

Ok. Done in r770907.

Regards

Rüdiger

Re: 2.2.12 ?

[William A. Rowe, Jr.]

Ruediger Pluem wrote:
> 
> On 05/02/2009 09:37 AM, Ruediger Pluem wrote:
>> On 05/02/2009 12:21 AM, William A. Rowe, Jr. wrote:
>>>
>>> If we can ensure the StrictSNIVHostCheck always exists, but exits when it
>>> is not supported with;
>> I try to adjust it if no one beats me to it.
> 
> Ok. Done in r770907.

Looks great!  A quick review suggests that this code is ready to consider
as-is for backport to 2.2.12, but let me spend a bit more review of this
on this Monday before throwing in a +1.

eta for apache 2.2.12?

[Oden Eriksson]

Hello.

Could someone please tell when apache 2.2.12 is expected to be released?

Thanks in advance.

This email has been processed by SmoothZap - www.smoothwall.net

[VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.

(it may take some time for the site to sync).

Intent to T&R 2.2.12

[Jim Jagielski]

Over the weekend I'll be doing some final things with the intent
to tag and roll 2.2.12 on Monday...

Re: [VOTE] httpd 2.2.12 tarballs

[Ruediger Pluem]

On 07/20/2009 10:32 PM, Jim Jagielski wrote:
> Available from the usual location (http://httpd.apache.org/dev/dist/)
> [not for distribution] are the release tarballs for httpd 2.2.12.
> Vote starts now and runs for ~48hrs.

Is this tarball created with APR 1.3.7 (yet unreleased)?

Regards

Rüdiger

Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

On Jul 20, 2009, at 5:09 PM, Ruediger Pluem wrote:




On 07/20/2009 10:32 PM, Jim Jagielski wrote:

Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.


Is this tarball created with APR 1.3.7 (yet unreleased)?

Regards

Rüdiger



Yes. The intent is to release both at the same time.

Re: [VOTE] httpd 2.2.12 tarballs

[Ruediger Pluem]

On 07/20/2009 10:32 PM, Jim Jagielski wrote:
> Available from the usual location (http://httpd.apache.org/dev/dist/)
> [not for distribution] are the release tarballs for httpd 2.2.12.
> Vote starts now and runs for ~48hrs.
> 
> (it may take some time for the site to sync).
> 
> 

+1 on release.

- checksums and signatures ok.
- Tested on the following platforms

Solaris 8 - 9 (SPARC): worker and prefork MPM build and start up.
   No testsuite due to lack of complete perl kit on my 
machines.
Solaris 10(SPARC): worker, event and prefork MPM build and start up.
   Only limited test results from the framework due to 
incomplete
   perl framework on my machine, but no regressions noted.
   Note: On Solaris _default_ in a virtual host
   causes httpd to try resolving 255.255.255.255 which 
still fails.
   But maybe this is just a configuration bug on my box.
RHEL4 & 5 32 / 64 Bit: All tests pass (worker, event, prefork).
SuSE 10.2 32 Bit : All tests pass (worker, event, prefork).

Regards

Rüdiger

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

On 21.07.2009 20:44, Ruediger Pluem wrote:
> Solaris 10(SPARC): worker, event and prefork MPM build and start up.
>Only limited test results from the framework due to 
> incomplete
>perl framework on my machine, but no regressions noted.
>Note: On Solaris _default_ in a virtual host
>causes httpd to try resolving 255.255.255.255 which 
> still fails.
>But maybe this is just a configuration bug on my box.

I think this lookup is expected behaviour, e.g. see

https://issues.apache.org/bugzilla/show_bug.cgi?id=20063

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[Peter Sylvester]

Are there any plans to make mod_ssl compilable against openssl-1.0.0betaX,
as far as I see, just some STACK things and casts need to be cleaned.

/PS

Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

On Jul 20, 2009, at 4:32 PM, Jim Jagielski wrote:


Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.

(it may take some time for the site to sync).



+1 for:

Solaris 10 (sparc)
Ubuntu 8.10
CentOS 4
OS X 10.5.7

Re: [VOTE] httpd 2.2.12 tarballs

[Mihai Moldovanu]

Jim Jagielski wrote:

Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.

(it may take some time for the site to sync).


+1 for:
tfm32
tfm64
Works as exected on both versions

Regards,
Mihai Moldovanu
TFM Group Software

--
Acest document apartine grupului de companii MPI / Pro Tv. Cu toate ca au fost 
luate masuri pentru a controla raspandirea virusilor, acest mesaj, impreuna cu 
orice atasament continut, este destinat numai pentru folosinta persoanei / 
persoanelor carora i se adreseaza si poate contine informatii confidentiale, 
care sunt supuse dreptului de autor sau constituie secret de marca. Daca nu 
sunteti destinatarul acestui mesaj, va notificam ca este strict interzisa orice 
transmitere, copiere sau distribuire a acestuia sau a oricarui atasament 
continut de acesta. Daca ati primit acest mesaj din greseala, va rugam sa ne 
anuntati imediat printr-un e-mail trimis la adresa postmas...@protv.ro
This document originates from within the MPI/Pro TV group of companies. Whilst we have taken steps to control the spread of viruses, this message together with any associated files, is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient of this communication you are hereby notified that any dissemination, copying or distribution of this message, or any files associated with this message, is strictly prohibited. If you have received this message in error, please notify us at once Mail to: postmas...@protv.ro 
-- 

Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

On Jul 20, 2009, at 4:32 PM, Jim Jagielski wrote:


Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.

(it may take some time for the site to sync).



I'm going to give it another ~24hrs to allow more people to
chime in :)

Re: [VOTE] httpd 2.2.12 tarballs

[Res]

On Wed, 22 Jul 2009, Jim Jagielski wrote:


Solaris 10 (sparc)
Ubuntu 8.10
CentOS 4
OS X 10.5.7


also good on Slackware 12.2



--
Res

-Beware of programmers who carry screwdrivers

Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

On Jul 20, 2009, at 4:32 PM, Jim Jagielski wrote:


Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.

(it may take some time for the site to sync).



Hrm... Just 2 binding +1 votes, Rüdiger and myself... Can I get
another Amen?!

Re: [VOTE] httpd 2.2.12 tarballs

[Nick Kew]

Jim Jagielski wrote:


On Jul 20, 2009, at 4:32 PM, Jim Jagielski wrote:


Available from the usual location (http://httpd.apache.org/dev/dist/)
[not for distribution] are the release tarballs for httpd 2.2.12.
Vote starts now and runs for ~48hrs.

(it may take some time for the site to sync).



Hrm... Just 2 binding +1 votes, Rüdiger and myself... Can I get
another Amen?!


Installed it on OpenSolaris, tried the test framework.
Seems most of the latter made no attempt to run.
I have yet to find time to investigate why - hence no
vote yet.

--
Nick Kew

Re: [VOTE] httpd 2.2.12 tarballs

[Sander Temme]

On Jul 21, 2009, at 11:59 AM, Peter Sylvester wrote:

Are there any plans to make mod_ssl compilable against  
openssl-1.0.0betaX,

as far as I see, just some STACK things and casts need to be cleaned.


Trunk became aware of OpenSSL trunk a while ago... but I don't recall  
putting that up for backport.  I'll do so when I have come cycles.


S.

--
Sander Temme
scte...@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF





smime.p7s
Description: S/MIME cryptographic signature

Re: [VOTE] httpd 2.2.12 tarballs

[William A. Rowe, Jr.]

Jim Jagielski wrote:
> 
> Hrm... Just 2 binding +1 votes, Rüdiger and myself... Can I get
> another Amen?!

Amen!

Oh - you want a vote :)  Working on that right now; just getting the
most modern openssl behaving right, to export postmortem diagnostics
e.g. sensible .pdb's.  So likely later today.

And of course, -1 previously reverted; presuming you are updating the
apr announce and site as RM, right?

Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

On Jul 23, 2009, at 12:57 PM, William A. Rowe, Jr. wrote:


And of course, -1 previously reverted; presuming you are updating the
apr announce and site as RM, right?



That's an APR question so I'm -1 on answering it here

*snark* :) :)

Re: [VOTE] httpd 2.2.12 tarballs

[William A. Rowe, Jr.]

Jim Jagielski wrote:
> 
> On Jul 23, 2009, at 12:57 PM, William A. Rowe, Jr. wrote:
>>
>> And of course, -1 previously reverted; presuming you are updating the
>> apr announce and site as RM, right?
>>
> 
> That's an APR question so I'm -1 on answering it here

In part... my -1 is gone here once there is something on apr.apache.org
that says it's released, so I simply asked as a reminder that httpd only
ships what APR says it shipped, IMHO :-)

Re: [VOTE] httpd 2.2.12 tarballs

[Oden Eriksson]

> Available from the usual location (http://httpd.apache.org/dev/dist/)
> [not for distribution] are the release tarballs for httpd 2.2.12.
> Vote starts now and runs for ~48hrs.
>
> (it may take some time for the site to sync).
>

Passes all tests with latest perl-framework and with apr-1.3.7 on Mandriva
Linux.

This email has been processed by SmoothZap - www.smoothwall.net

Re: [VOTE] httpd 2.2.12 tarballs

[Issac Goldstand]

Jim Jagielski wrote:
>
> On Jul 20, 2009, at 4:32 PM, Jim Jagielski wrote:
>
>> Available from the usual location (http://httpd.apache.org/dev/dist/)
>> [not for distribution] are the release tarballs for httpd 2.2.12.
>> Vote starts now and runs for ~48hrs.
>>
>> (it may take some time for the site to sync).
>>
>
> Hrm... Just 2 binding +1 votes, Rüdiger and myself... Can I get
> another Amen?!
>
I tested on an old Debian Sarge box.  Got a bunch of failures, to be
honest, but the same failures show up in 2.2.11, so I don't see any
regression.

+1

Re: [VOTE] httpd 2.2.12 tarballs

[Eric Covener]

On Mon, Jul 20, 2009 at 4:32 PM, Jim Jagielski wrote:
> Available from the usual location (http://httpd.apache.org/dev/dist/)
> [not for distribution] are the release tarballs for httpd 2.2.12.
> Vote starts now and runs for ~48hrs.
>
> (it may take some time for the site to sync).
>

+1 on AIX 6.1 with XLC.

-- 
Eric Covener
cove...@gmail.com

Re: [VOTE] httpd 2.2.12 tarballs

[Guenter Knauf]

Hi,
Sander Temme schrieb:
> 
> On Jul 21, 2009, at 11:59 AM, Peter Sylvester wrote:
> 
>> Are there any plans to make mod_ssl compilable against
>> openssl-1.0.0betaX,
>> as far as I see, just some STACK things and casts need to be cleaned.
> 
> Trunk became aware of OpenSSL trunk a while ago... but I don't recall
> putting that up for backport.  I'll do so when I have come cycles.
I've yesterday compiled both HEAD and 2.2.x branch with OpenSSL 1.0.0
beta 3, and that went fine - although I have a very picky compiler for
NetWare which normally breaks for every type mismatch ...

Günter.

Re: [VOTE] httpd 2.2.12 tarballs

[Guenter Knauf]

Jim Jagielski schrieb:
> Available from the usual location (http://httpd.apache.org/dev/dist/)
> [not for distribution] are the release tarballs for httpd 2.2.12.
> Vote starts now and runs for ~48hrs.
> 
> (it may take some time for the site to sync).
+1 for NetWare
no regressions; tested with mod_jk, Perl (CGI), PHP (mod_php), and all
served nicely.

Re: [VOTE] httpd 2.2.12 tarballs

[Guenter Knauf]

Hi,
Guenter Knauf schrieb:
> Hi,
> Sander Temme schrieb:
>> On Jul 21, 2009, at 11:59 AM, Peter Sylvester wrote:
>>
>>> Are there any plans to make mod_ssl compilable against
>>> openssl-1.0.0betaX,
>>> as far as I see, just some STACK things and casts need to be cleaned.
>> Trunk became aware of OpenSSL trunk a while ago... but I don't recall
>> putting that up for backport.  I'll do so when I have come cycles.
> I've yesterday compiled both HEAD and 2.2.x branch with OpenSSL 1.0.0
> beta 3, and that went fine - although I have a very picky compiler for
> NetWare which normally breaks for every type mismatch ...
whoops - I mixed up the include paths; Peter is right - seems that we
need to backport these:
http://svn.apache.org/viewvc?view=rev&revision=748396
http://svn.apache.org/viewvc?view=rev&revision=749466

Gün.

Re: [VOTE] httpd 2.2.12 tarballs

[Jeff Trawick]

On Thu, Jul 23, 2009 at 12:37 PM, Nick Kew  wrote:

> Jim Jagielski wrote:
>
>>
>> On Jul 20, 2009, at 4:32 PM, Jim Jagielski wrote:
>>
>>  Available from the usual location (http://httpd.apache.org/dev/dist/)
>>> [not for distribution] are the release tarballs for httpd 2.2.12.
>>> Vote starts now and runs for ~48hrs.
>>>
>>> (it may take some time for the site to sync).
>>>
>>>
>> Hrm... Just 2 binding +1 votes, Rüdiger and myself... Can I get
>> another Amen?!
>>
>
> Installed it on OpenSolaris, tried the test framework.
> Seems most of the latter made no attempt to run.
> I have yet to find time to investigate why - hence no
> vote yet.
>

Nick, I installed a few CPAN modules to the stock Perl on OpenSolaris many
moons ago (probably just Test::Harness, URI, LWP::Protocol::https,
HTTP::DAV, and Bundle::ApacheTest) and the test framework runs pretty well,
though there are a handful of tests that fail unexpectedly.

Anyway, on OpenSolaris 2009.06 2.2.12 passes more tests than 2.2.11, and
doesn't regress any tests w.r.t. 2.2.11, so I'm as happy I can get given the
time I have available ;)

+1 for release

Re: [VOTE] httpd 2.2.12 tarballs

[Nick Kew]

Nick Kew wrote:


Installed it on OpenSolaris, tried the test framework.
Seems most of the latter made no attempt to run.
I have yet to find time to investigate why - hence no
vote yet.



I have the test framework running now: seems what I
had before was incomplete.

I got a bunch of failures in access.t due to running
with a hostname that's not in DNS.  If I hack that
in t/modules/access.t, all is well.

That'll do, so +1.

Haven't tested other platforms: those I have at
my disposal appear already to be covered.

--
Nick Kew

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

I built and tested on Windows XP SP3. There's no Win source download
available at /dev/dist yet, but I did the build using the Unix sources.

It looks good in principle, so

+1

but I have some observations to remark (all tests done with
Win32DisableAcceptEx). See especially remark number 5).

1) Rotatelogs now uses cmd.exe (as expected) as an intermediate process
between httpd and rotatelogs.

2) There are still independent cmd/rotatelogs processes associated to
the parent and to the child. Each configure rotatelogs produces two
pairs of processes, cmd+rotatelogs as children of the parent and another
cmd/rotatelogs as children of the httpd child process.

3) Restarts recycle all those processes, including the ones attached to
the parent. This is true for real restarts as well as for
MaxRequestsPerChild induced ones.

4) Most of the times the restart occurs I get a "select" error message.
Here's an example:

[Sat Jul 25 15:26:07 2009] [notice] Child 5936: Process exiting because
it reached MaxRequestsPerChild. Signaling the parent to restart a new
child process.

[Sat Jul 25 15:26:07 2009] [error] (OS 10022)Ein ungültiges Argument
wurde angegeben.  : Too many errors in select loop. Child process exiting.

(the German message should be something like "Invalid Argument").

[Sat Jul 25 15:26:07 2009] [notice] Apache/2.2.12 (Win32) configured --
resuming normal operations

Nevertheless the restart works.

5) Starting a service only works using the ApacheMonitor or the Windows
Service Control. Using the commandline httpd.exe I can not start the
service. The event log shows:

[Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 API

(OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
make_sock: could not bind to address 127.0.0.1:8000

no listening sockets available, shutting down

Unable to open logs

So there's a warning about using IP address or port twice. I did check,
that no other process uses the port and starting via ApacheMonitor with
the same config is no problem. So I guess (wildly), that we have a bug
when starting from the commandline, resulting in the parent and the
child both trying to do the bind.

I'll see, what I can find out about it, but I would say it's not a
blocker, because IMHO most users do not control the service via the
commandline interface.

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[Jess Holle]

Rainer Jung wrote:

5) Starting a service only works using the ApacheMonitor or the Windows
Service Control. Using the commandline httpd.exe I can not start the
service. The event log shows:

[Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 API

(OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
make_sock: could not bind to address 127.0.0.1:8000

no listening sockets available, shutting down

Unable to open logs

So there's a warning about using IP address or port twice. I did check,
that no other process uses the port and starting via ApacheMonitor with
the same config is no problem. So I guess (wildly), that we have a bug
when starting from the commandline, resulting in the parent and the
child both trying to do the bind.

I'll see, what I can find out about it, but I would say it's not a
blocker, because IMHO most users do not control the service via the
commandline interface.
  

Hmmm...  We do.

--
Jess Holle

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

On 25.07.2009 16:05, Rainer Jung wrote:
> 5) Starting a service only works using the ApacheMonitor or the Windows
> Service Control. Using the commandline httpd.exe I can not start the
> service. The event log shows:
> 
> [Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 API
> 
> (OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
> Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
> make_sock: could not bind to address 127.0.0.1:8000
> 
> no listening sockets available, shutting down
> 
> Unable to open logs
> 
> So there's a warning about using IP address or port twice. I did check,
> that no other process uses the port and starting via ApacheMonitor with
> the same config is no problem. So I guess (wildly), that we have a bug
> when starting from the commandline, resulting in the parent and the
> child both trying to do the bind.

Additional logging shows: the commandline process sets up the listeners
for itself, and also the service when it tries to start.

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[William A. Rowe, Jr.]

Rainer Jung wrote:
> On 25.07.2009 16:05, Rainer Jung wrote:
>> 5) Starting a service only works using the ApacheMonitor or the Windows
>> Service Control. Using the commandline httpd.exe I can not start the
>> service. The event log shows:
>>
>> [Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 API
>>
>> (OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
>> Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
>> make_sock: could not bind to address 127.0.0.1:8000
>>
>> no listening sockets available, shutting down
>>
>> Unable to open logs
>>
>> So there's a warning about using IP address or port twice. I did check,
>> that no other process uses the port and starting via ApacheMonitor with
>> the same config is no problem. So I guess (wildly), that we have a bug
>> when starting from the commandline, resulting in the parent and the
>> child both trying to do the bind.
> 
> Additional logging shows: the commandline process sets up the listeners
> for itself, and also the service when it tries to start.

Interesting because I see no similar fault (using 2.2.13-dev and will
retest with 2.2.12).  How are you invoking httpd.exe?  What additional
modules had you loaded?  (Perhaps one also creates listening sockets?)
If you simplify your config to apache httpd shipped modules, is all
well again?

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

On 25.07.2009 18:36, William A. Rowe, Jr. wrote:
> Rainer Jung wrote:
>> On 25.07.2009 16:05, Rainer Jung wrote:
>>> 5) Starting a service only works using the ApacheMonitor or the Windows
>>> Service Control. Using the commandline httpd.exe I can not start the
>>> service. The event log shows:
>>>
>>> [Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 API
>>>
>>> (OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
>>> Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
>>> make_sock: could not bind to address 127.0.0.1:8000
>>>
>>> no listening sockets available, shutting down
>>>
>>> Unable to open logs
>>>
>>> So there's a warning about using IP address or port twice. I did check,
>>> that no other process uses the port and starting via ApacheMonitor with
>>> the same config is no problem. So I guess (wildly), that we have a bug
>>> when starting from the commandline, resulting in the parent and the
>>> child both trying to do the bind.
>> Additional logging shows: the commandline process sets up the listeners
>> for itself, and also the service when it tries to start.
> 
> Interesting because I see no similar fault (using 2.2.13-dev and will
> retest with 2.2.12).  How are you invoking httpd.exe?  What additional
> modules had you loaded?  (Perhaps one also creates listening sockets?)
> If you simplify your config to apache httpd shipped modules, is all
> well again?

httpd -k uninstall
httpd -k install
httpd -k start

or

httpd -k install myserv
httpd -k start myserv

Default config except for the disabled acceptex and non-standard port
8000. No 3rd-party modules.

I'll happily retest with the official windows source archive and I'm
going to narrow it down.

I saw that there's not really any difference in the winnt mpm between 11
and 12, so I'll shut down now and come back when I really know the
reason. The above remark about the commandline process opening the
socket is somehow garbage. It was always like that, but the socket is
closed again directly before invoking the service. Give me a little time
for analysis before I broadcast more incomplete incomplete explanations.

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

On 25.07.2009 18:57, Rainer Jung wrote:
Oups:

> and 12, so I'll shut down now and come back when I really know the

shut down -> shut up

Re: [VOTE] httpd 2.2.12 tarballs

[William A. Rowe, Jr.]

Rainer Jung wrote:
> On 25.07.2009 18:36, William A. Rowe, Jr. wrote:
>> Rainer Jung wrote:
>>> On 25.07.2009 16:05, Rainer Jung wrote:
>>>> 5) Starting a service only works using the ApacheMonitor or the Windows
>>>> Service Control. Using the commandline httpd.exe I can not start the
>>>> service. The event log shows:
>>>>
>>>> [Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 API
>>>>
>>>> (OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
>>>> Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
>>>> make_sock: could not bind to address 127.0.0.1:8000
>>>>
>>>> no listening sockets available, shutting down
>>>>
>>>> Unable to open logs
>>>>
>>>> So there's a warning about using IP address or port twice. I did check,
>>>> that no other process uses the port and starting via ApacheMonitor with
>>>> the same config is no problem. So I guess (wildly), that we have a bug
>>>> when starting from the commandline, resulting in the parent and the
>>>> child both trying to do the bind.
>>> Additional logging shows: the commandline process sets up the listeners
>>> for itself, and also the service when it tries to start.
>> Interesting because I see no similar fault (using 2.2.13-dev and will
>> retest with 2.2.12).  How are you invoking httpd.exe?  What additional
>> modules had you loaded?  (Perhaps one also creates listening sockets?)
>> If you simplify your config to apache httpd shipped modules, is all
>> well again?
> 
> httpd -k uninstall
> httpd -k install
> httpd -k start

You -do- understand that the service control manager can be very poor
at completing a service removal until the next reboot?  There are lots
of interesting delays to uninstalling.  I presume you -k stop'ed first.
It has bitten me more than once.

Maybe your "shut down now" comment is a really brilliant idea :)

> httpd -k install myserv
> httpd -k start myserv

I hope you mean -n in there ... Cut and paste would give me more
confidence in helping you debug instead of chasing ghosts :)

> Default config except for the disabled acceptex and non-standard port
> 8000. No 3rd-party modules.

I disabled acceptex, as you had (standard port though) on a guess that
it might be the difference.  I never use the mode and deleted it already
from trunk.

> I'll happily retest with the official windows source archive and I'm
> going to narrow it down.
> 
> I saw that there's not really any difference in the winnt mpm between 11
> and 12, so I'll shut down now and come back when I really know the
> reason. The above remark about the commandline process opening the
> socket is somehow garbage. It was always like that, but the socket is
> closed again directly before invoking the service. Give me a little time
> for analysis before I broadcast more incomplete incomplete explanations.

Sure thing, will look forward to hearing whatever you discover!

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

Still not a complete solution to the puzzle, but some more findings below.

On 25.07.2009 20:55, William A. Rowe, Jr. wrote:
> Rainer Jung wrote:
>> On 25.07.2009 18:36, William A. Rowe, Jr. wrote:
>>> Rainer Jung wrote:
>>>> On 25.07.2009 16:05, Rainer Jung wrote:
>>>>> 5) Starting a service only works using the ApacheMonitor or the Windows
>>>>> Service Control. Using the commandline httpd.exe I can not start the
>>>>> service. The event log shows:
>>>>>
>>>>> [Sat Jul 25 15:11:03 2009] [notice] Disabled use of AcceptEx() WinSock2 
>>>>> API
>>>>>
>>>>> (OS 10048)Normalerweise darf jede Socketadresse (Protokoll,
>>>>> Netzwerkadresse oder Anschluss) nur jeweils einmal verwendet werden.  :
>>>>> make_sock: could not bind to address 127.0.0.1:8000
>>>>>
>>>>> no listening sockets available, shutting down
>>>>>
>>>>> Unable to open logs
>>>>>
>>>>> So there's a warning about using IP address or port twice. I did check,
>>>>> that no other process uses the port and starting via ApacheMonitor with
>>>>> the same config is no problem. So I guess (wildly), that we have a bug
>>>>> when starting from the commandline, resulting in the parent and the
>>>>> child both trying to do the bind.
>>>> Additional logging shows: the commandline process sets up the listeners
>>>> for itself, and also the service when it tries to start.
>>> Interesting because I see no similar fault (using 2.2.13-dev and will
>>> retest with 2.2.12).  How are you invoking httpd.exe?  What additional
>>> modules had you loaded?  (Perhaps one also creates listening sockets?)
>>> If you simplify your config to apache httpd shipped modules, is all
>>> well again?
>> httpd -k uninstall
>> httpd -k install
>> httpd -k start
> 
> You -do- understand that the service control manager can be very poor
> at completing a service removal until the next reboot?  There are lots
> of interesting delays to uninstalling.  I presume you -k stop'ed first.
> It has bitten me more than once.

Yes, and since I'm a Unix guy, I do a lot of checking process table and
netstat even on Windows.

> Maybe your "shut down now" comment is a really brilliant idea :)
> 
>> httpd -k install myserv
>> httpd -k start myserv
> 
> I hope you mean -n in there ... Cut and paste would give me more
> confidence in helping you debug instead of chasing ghosts :)

Sorry, yes "-n myserv".

>> Default config except for the disabled acceptex and non-standard port
>> 8000. No 3rd-party modules.
> 
> I disabled acceptex, as you had (standard port though) on a guess that
> it might be the difference.  I never use the mode and deleted it already
> from trunk.

I tried without Win32DisableAcceptEx. No difference. I need
Win32DisableAcceptEx, because otherwise restarts do not work. There is
an open GZ about that, but that's a different story.

Now the new thing: as I reported before, I was testing rotatelogs, but
then when you asked about peculiarities I forgot to mention rotatelogs.

And yes: as soon as I throw out rotatelogs, the problem disappears. When
I add rotatelogs I can reproduce the problem.

It doesn't matter whether I use "|" or the new "||". It doesn't matter
whether I use rotatelogs in ErrorLog or CustomLog or both.

rotatelogs itself works fine (when starting as a commandline process, or
as a service via ApacheMonitor).

I added a sleep in winnt_post_config() in the part

 if (!strcasecmp(signal_arg, "start")) {
 ...
 }

directly after the closing of the listener sockets and before calling
mpm_service_start(ptemp, inst_argc, inst_argv).

If I include rotatelogs in the config, then the httpd commandline
process doing the start has one rotatelogs child at that point in time,
and ProcessExplorer tells me, that the httpd commandline process still
has the socket on LISTEN. netstat -ano shows the same result.

I checked the return code of apr_socket_close() which is done directly
before, but it is APR_SUCCESS. So slowly I'm running out of ideas, why
the socket doesn't get closed before starting the service.

As soon as I through rotatelogs out of the config, the socket gets
closed and thus the service can start.

I wonder, whether the socket gets inherited by rotatelogs and thus
closing it in the commandline httpd can not effectively close it. But
this is just a wild guess, and it doesn't go well with ProcessExplorer
and netstat both showing the LISTEN owned by httpd, not by rotatelogs.

Can you please try once with rotatelogs?

Thanks!

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

On 26.07.2009 00:41, Rainer Jung wrote:
> Now the new thing: as I reported before, I was testing rotatelogs, but
> then when you asked about peculiarities I forgot to mention rotatelogs.
> 
> And yes: as soon as I throw out rotatelogs, the problem disappears. When
> I add rotatelogs I can reproduce the problem.

... and it's not a regression. I tested with 2.2.8 and 2.2.11 and both
show the same problem.

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

Possible patch would be moving the "start" handling from post config to
pre config. That way everything gets easier (we are not establishing
listeners and shut them down again shortly after, not establishing
rotatelogs etc.).

Patch against 2.2 head at
http://people.apache.org/~rjung/patches/httpd-service-start.patch or here:

Index: mpm_winnt.c
===
--- mpm_winnt.c (Revision 797857)
+++ mpm_winnt.c (Arbeitskopie)
@@ -1452,6 +1452,13 @@

 apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));

+if (!strcasecmp(signal_arg, "start")) {
+apr_status_t rv = 0;
+rv = mpm_service_start(ptemp, inst_argc, inst_argv);
+apr_terminate();
+exit (rv);
+}
+
 return OK;
 }

@@ -1494,20 +1501,6 @@
 exit(0);
 }

-if (!strcasecmp(signal_arg, "start")) {
-ap_listen_rec *lr;
-
-/* Close the listening sockets. */
-for (lr = ap_listeners; lr; lr = lr->next) {
-apr_socket_close(lr->sd);
-lr->active = 0;
-}
-rv = mpm_service_start(ptemp, inst_argc, inst_argv);
-apr_pool_destroy(s->process->pool);
-apr_terminate();
-exit (rv);
-}
-
 if (!strcasecmp(signal_arg, "restart")) {
 mpm_signal_service(ptemp, 1);
 apr_pool_destroy(s->process->pool);

Re: [VOTE] httpd 2.2.12 tarballs

[William A. Rowe, Jr.]

Rainer Jung wrote:
>> You -do- understand that the service control manager can be very poor
>> at completing a service removal until the next reboot?  There are lots
>> of interesting delays to uninstalling.  I presume you -k stop'ed first.
>> It has bitten me more than once.
> 
> Yes, and since I'm a Unix guy, I do a lot of checking process table and
> netstat even on Windows.

That isn't what I was saying.  In many cases win32 does not remove the
various service registry (or memory-persistent) details of a previously
existing service until after reboot.  I wasn't really addressing any
running services.  Another example of Win32 bogosity is the necessity
to reboot for a service to pick up global envvar changes.

> Now the new thing: as I reported before, I was testing rotatelogs, but
> then when you asked about peculiarities I forgot to mention rotatelogs.
> 
> And yes: as soon as I throw out rotatelogs, the problem disappears. When
> I add rotatelogs I can reproduce the problem.

Very interesting, I will try to create a repro case.

> It doesn't matter whether I use "|" or the new "||". It doesn't matter
> whether I use rotatelogs in ErrorLog or CustomLog or both.

Note that || and |$ have not yet been backported.

> rotatelogs itself works fine (when starting as a commandline process, or
> as a service via ApacheMonitor).
> 
> I added a sleep in winnt_post_config() in the part
> 
>  if (!strcasecmp(signal_arg, "start")) {
>  ...
>  }
> 
> directly after the closing of the listener sockets and before calling
> mpm_service_start(ptemp, inst_argc, inst_argv).
> 
> If I include rotatelogs in the config, then the httpd commandline
> process doing the start has one rotatelogs child at that point in time,
> and ProcessExplorer tells me, that the httpd commandline process still
> has the socket on LISTEN. netstat -ano shows the same result.
> 
> I checked the return code of apr_socket_close() which is done directly
> before, but it is APR_SUCCESS. So slowly I'm running out of ideas, why
> the socket doesn't get closed before starting the service.
> 
> As soon as I through rotatelogs out of the config, the socket gets
> closed and thus the service can start.
> 
> I wonder, whether the socket gets inherited by rotatelogs and thus
> closing it in the commandline httpd can not effectively close it. But
> this is just a wild guess, and it doesn't go well with ProcessExplorer
> and netstat both showing the LISTEN owned by httpd, not by rotatelogs.
> 
> Can you please try once with rotatelogs?

Thanks for the tremendously detailed description :)  Will work from this.

Re: [VOTE] httpd 2.2.12 tarballs

[Rainer Jung]

On 26.07.2009 09:54, William A. Rowe, Jr. wrote:
>> It doesn't matter whether I use "|" or the new "||". It doesn't matter
>> whether I use rotatelogs in ErrorLog or CustomLog or both.
> 
> Note that || and |$ have not yet been backported.

It was done with the following backport:

r777193 | jim | 2009-05-21 19:31:52 +0200 (Thu, 21. May 2009) | 10 lines

and is also documented in the 2.2.12 changed I also tested it successfuly ;)

>> Can you please try once with rotatelogs?
> 
> Thanks for the tremendously detailed description :)  Will work from this.

Thanks. I'll test on some other Windows system (Win 2K3).

The patch I mentioned does fix it on my machine and makes the code path
used by "httpd -k start" quite a bit more simple.

Important: It's not a regression, so I'm still +1 for the release.

Regards,

Rainer

Re: [VOTE] httpd 2.2.12 tarballs

[William A. Rowe, Jr.]

Rainer Jung wrote:
> On 26.07.2009 09:54, William A. Rowe, Jr. wrote:
>>> It doesn't matter whether I use "|" or the new "||". It doesn't matter
>>> whether I use rotatelogs in ErrorLog or CustomLog or both.
>> Note that || and |$ have not yet been backported.
> 
> It was done with the following backport:
> 
> r777193 | jim | 2009-05-21 19:31:52 +0200 (Thu, 21. May 2009) | 10 lines
> 
> and is also documented in the 2.2.12 changed I also tested it successfuly ;)

LOL - that's terrific ... May seems like a year ago already.  Has it been
that long since 2.2.11 shipped?  We really aught to get our act together
with the whole "release early, release often" mantra, or we'll prove Roy
right that progress is absent :)

>>> Can you please try once with rotatelogs?
>> Thanks for the tremendously detailed description :)  Will work from this.
> 
> Thanks. I'll test on some other Windows system (Win 2K3).
> 
> The patch I mentioned does fix it on my machine and makes the code path
> used by "httpd -k start" quite a bit more simple.
> 
> Important: It's not a regression, so I'm still +1 for the release.

Agreed, I'm simply trying to understand how you are seeing things that
I don't (or at least, hadn't) :)

Re: [VOTE] httpd 2.2.12 tarballs

[Res]

On Sun, 26 Jul 2009, William A. Rowe, Jr. wrote:


LOL - that's terrific ... May seems like a year ago already.  Has it been
that long since 2.2.11 shipped?  We really aught to get our act together


December it was, release often is pointless unless it has serious security 
major exploit bug fixes, or a seriously new universally wanted feature.


Release often projects tend to need 15 times more bug fixes because release 
often, far far far more often than not, means not enough QC and careless

coding.


--
Res

-Beware of programmers who carry screwdrivers

Re: Intent to T&R 2.2.12

[Lars Eilebrecht]

Jim Jagielski wrote:
> Over the weekend I'll be doing some final things with the intent
> to tag and roll 2.2.12 on Monday...

I just realized that I still have one patch for 2.2.12 which fixes an
SSI-related bug causing a segfault when handling regex back-references
(see attachment).

I didn't propose it yet for inclusion in 2.2.12 as I didn't had the
chance to fix this in trunk yet. The code/api in trunk changed
and I don't know if this bug actually exists in trunk.
I don't know if I will have the time to do this over the weekend.

ciao...
-- 
Lars Eilebrecht
l...@eilebrecht.net

--- mod_include.c.orig	2008-12-17 14:27:41.0 +
+++ mod_include.c	2009-02-27 15:39:22.0 +
@@ -158,6 +158,7 @@
 const char *rexp;
 apr_size_t  nsub;
 ap_regmatch_t match[AP_MAX_REG_MATCH];
+int have_match;
 } backref_t;
 
 typedef struct {
@@ -664,6 +665,11 @@
 return NULL;
 }
 else {
+if (!re->have_match ||
+	re->match[idx].rm_so < 0 || re->match[idx].rm_eo < 0) {
+return NULL;
+}
+
 if (re->nsub < idx || idx >= AP_MAX_REG_MATCH) {
 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
   "regex capture $%" APR_SIZE_T_FMT
@@ -672,10 +678,6 @@
 return NULL;
 }
 
-if (re->match[idx].rm_so < 0 || re->match[idx].rm_eo < 0) {
-return NULL;
-}
-
 val = apr_pstrmemdup(ctx->dpool, re->source + re->match[idx].rm_so,
  re->match[idx].rm_eo - re->match[idx].rm_so);
 }
@@ -923,7 +925,6 @@
 {
 ap_regex_t *compiled;
 backref_t *re = ctx->intern->re;
-int rc;
 
 compiled = ap_pregcomp(ctx->dpool, rexp, AP_REG_EXTENDED);
 if (!compiled) {
@@ -939,10 +940,11 @@
 re->source = apr_pstrdup(ctx->pool, string);
 re->rexp = apr_pstrdup(ctx->pool, rexp);
 re->nsub = compiled->re_nsub;
-rc = !ap_regexec(compiled, string, AP_MAX_REG_MATCH, re->match, 0);
+re->have_match = !ap_regexec(compiled, string, AP_MAX_REG_MATCH, 
+ re->match, 0);
 
 ap_pregfree(ctx->dpool, compiled);
-return rc;
+return re->have_match;
 }
 
 static int get_ptoken(include_ctx_t *ctx, const char **parse, token_t *token, token_t *previous)

RE: Intent to T&R 2.2.12

[Plüm, Rüdiger, VF-Group]

 

> -Original Message-
> From: Lars Eilebrecht
> Sent: Freitag, 17. Juli 2009 15:49
> To: dev@httpd.apache.org
> Subject: Re: Intent to T&R 2.2.12
> 
> Jim Jagielski wrote:
> > Over the weekend I'll be doing some final things with the intent
> > to tag and roll 2.2.12 on Monday...
> 
> I just realized that I still have one patch for 2.2.12 which fixes an
> SSI-related bug causing a segfault when handling regex back-references
> (see attachment).
> 
> I didn't propose it yet for inclusion in 2.2.12 as I didn't had the
> chance to fix this in trunk yet. The code/api in trunk changed
> and I don't know if this bug actually exists in trunk.

IMHO trunk should have the same problem as the code looks similar.

> I don't know if I will have the time to do this over the weekend.

If you have time (fix in trunk, backport proposal) I will have a look
at the proposal and vote on it to get it in.

Regards

Rüdiger

Re: Intent to T&R 2.2.12

[Nick Kew]

Plüm, Rüdiger, VF-Group wrote:


If you have time (fix in trunk, backport proposal) I will have a look
at the proposal and vote on it to get it in.


+1.  Segfault sounds serious enough to prioritise!

--
Nick Kew

Re: Intent to T&R 2.2.12

[Jim Jagielski]

On Jul 17, 2009, at 9:49 AM, Lars Eilebrecht wrote:


Jim Jagielski wrote:

Over the weekend I'll be doing some final things with the intent
to tag and roll 2.2.12 on Monday...


I just realized that I still have one patch for 2.2.12 which fixes an
SSI-related bug causing a segfault when handling regex back-references
(see attachment).

I didn't propose it yet for inclusion in 2.2.12 as I didn't had the
chance to fix this in trunk yet. The code/api in trunk changed
and I don't know if this bug actually exists in trunk.
I don't know if I will have the time to do this over the weekend.

ciao...
--
Lars Eilebrecht
l...@eilebrecht.net




I'll look and review... Most likely we'll have enough others to
see this thru :)

Re: Intent to T&R 2.2.12

[Nick Kew]

Lars Eilebrecht wrote:

Jim Jagielski wrote:

Over the weekend I'll be doing some final things with the intent
to tag and roll 2.2.12 on Monday...


I just realized that I still have one patch for 2.2.12 which fixes an
SSI-related bug causing a segfault when handling regex back-references
(see attachment).


Heh.  Missed the attachment earlier.

I've a faint recollection of someone raising this issue,
but a quick google didn't find it.  Do you have a test-case
that provokes the bug you're fixing?

--
Nick Kew

Re: Intent to T&R 2.2.12

[Bob Ionescu]

2009/7/17 Nick Kew :
> I've a faint recollection of someone raising this issue,
> but a quick google didn't find it.  Do you have a test-case
> that provokes the bug you're fixing?


http://markmail.org/message/jlc7t5edsjujbe37  ;-)

Bob

Re: Intent to T&R 2.2.12

[Nick Kew]

Nick Kew wrote:


Patching trunk based on the above.  Will propose for backport
if noone disputes my amendment to the patch.


Done in r795445.

--
Nick Kew

Re: Intent to T&R 2.2.12

[Nick Kew]

Lars Eilebrecht wrote:

Jim Jagielski wrote:

Over the weekend I'll be doing some final things with the intent
to tag and roll 2.2.12 on Monday...


I just realized that I still have one patch for 2.2.12 which fixes an
SSI-related bug causing a segfault when handling regex back-references
(see attachment).


Just been reviewing it with the testcase Bob found.  I'm not able to
reproduce the problem on this platform because Sun CC sets the
non-matches to 0, so it all works.  But the problem is clear.

This throws up a non-serious problem with the patch: testing for <0.
Wouldn't a better test be rm_eo == rm_so, meaning null match?

Patching trunk based on the above.  Will propose for backport
if noone disputes my amendment to the patch.

--
Nick Kew

Re: Intent to T&R 2.2.12

[Lars Eilebrecht]

Nick Kew wrote on 2009-07-19 00:04:59:

> Just been reviewing it with the testcase Bob found.  I'm not able to
> reproduce the problem on this platform because Sun CC sets the
> non-matches to 0, so it all works.  But the problem is clear.
> 
> This throws up a non-serious problem with the patch: testing for <0.
> Wouldn't a better test be rm_eo == rm_so, meaning null match?

I think you are right. The tests for <0 are part of the original code
so I was just keeping them but testing for re->have_match first.

> Patching trunk based on the above.  Will propose for backport
> if noone disputes my amendment to the patch.

I've seen you added both tests in your patch so we are good anyway.

+1 (and thanks for getting this fixed in trunk, I didn't had the time
to look at this over the weekend).

cheers...
-- 
Lars Eilebrecht
l...@eilebrecht.net

Re: Intent to T&R 2.2.12

[Jim Jagielski]

HEAD on httpd-2.2 passes the perl framework tests and looks good.
Planning on tagging/rolling later on today assuming nothing pops up,
so please test beforehand :)

RE: Intent to T&R 2.2.12

[Plüm, Rüdiger, VF-Group]

 

> -Original Message-
> From: Jim Jagielski 
> Sent: Montag, 20. Juli 2009 13:29
> To: dev@httpd.apache.org
> Subject: Re: Intent to T&R 2.2.12
> 
> HEAD on httpd-2.2 passes the perl framework tests and looks good.
> Planning on tagging/rolling later on today assuming nothing pops up,
> so please test beforehand :)
> 

What about the dup3 / accept4 and so on detection issue in APR?
Do we want to see a fixed APR release before or do we live with
this issue in 2.2.12?

Regards

Rüdiger

Re: Intent to T&R 2.2.12

[Jim Jagielski]

On Jul 20, 2009, at 7:47 AM, Plüm, Rüdiger, VF-Group wrote:





-Original Message-
From: Jim Jagielski
Sent: Montag, 20. Juli 2009 13:29
To: dev@httpd.apache.org
Subject: Re: Intent to T&R 2.2.12

HEAD on httpd-2.2 passes the perl framework tests and looks good.
Planning on tagging/rolling later on today assuming nothing pops up,
so please test beforehand :)



What about the dup3 / accept4 and so on detection issue in APR?
Do we want to see a fixed APR release before or do we live with
this issue in 2.2.12?



I get the impression that we won't be seeing a new APR release anytime
soon, due to the concern on whether this is an APR issue or an OS
"related" one.

However, instead of waiting for a full APR release, it would be
nice to maybe tag an interim version of APR and bundle *that* with
2.2.12...

CCing d...@apr

Re: Intent to T&R 2.2.12

[Guenter Knauf]

all,
Jim Jagielski schrieb:
> HEAD on httpd-2.2 passes the perl framework tests and looks good.
> Planning on tagging/rolling later on today assuming nothing pops up,
> so please test beforehand :)
would be really great if I could get some votes on the gen_test_char
change - it doesnt alter code for any other platform, but only makes it
possible to decouple gen_test_char from APR with a define so I'm able to
build a native version of it when cross-compiling:
http://people.apache.org/~fuankg/diffs/gen_test_char.c.diff

if nobody objects I would like to start in around one hour, and prepare
our NetWare build system for this where I set it inactive by default
unless I get the votes for gen_test_char changes.

Günter.

Re: Intent to T&R 2.2.12

[Graham Leggett]

Guenter Knauf wrote:

> would be really great if I could get some votes on the gen_test_char
> change - it doesnt alter code for any other platform, but only makes it
> possible to decouple gen_test_char from APR with a define so I'm able to
> build a native version of it when cross-compiling:
> http://people.apache.org/~fuankg/diffs/gen_test_char.c.diff

I see there is a WANT_WIN32_OS2 symbol as well which seems unrelated to
the CROSS_COMPILE symbol, can you confirm whether you need both?

Regards,
Graham
--


smime.p7s
Description: S/MIME Cryptographic Signature

Re: Intent to T&R 2.2.12

[Jim Jagielski]

On Jul 20, 2009, at 12:56 PM, Graham Leggett wrote:


Guenter Knauf wrote:


would be really great if I could get some votes on the gen_test_char
change - it doesnt alter code for any other platform, but only  
makes it
possible to decouple gen_test_char from APR with a define so I'm  
able to

build a native version of it when cross-compiling:
http://people.apache.org/~fuankg/diffs/gen_test_char.c.diff


I see there is a WANT_WIN32_OS2 symbol as well which seems unrelated  
to

the CROSS_COMPILE symbol, can you confirm whether you need both?


+1

Re: Intent to T&R 2.2.12

[Guenter Knauf]

Hi Graham,
Graham Leggett schrieb:
> Guenter Knauf wrote:
> 
>> would be really great if I could get some votes on the gen_test_char
>> change - it doesnt alter code for any other platform, but only makes it
>> possible to decouple gen_test_char from APR with a define so I'm able to
>> build a native version of it when cross-compiling:
>> http://people.apache.org/~fuankg/diffs/gen_test_char.c.diff
> 
> I see there is a WANT_WIN32_OS2 symbol as well which seems unrelated to
> the CROSS_COMPILE symbol, can you confirm whether you need both?
yes, for two reasons:
1. I had problems with undefining WIN32 with the CodeWarrior Win32
compiler, so the WIN32 (now WANT_WIN32_OS2) part snapped in unwanted.
2. I also thought of a Win32 cross compile where I want to have the
WANT_WIN32_OS2 ifdef'd part in so that I can build the right
gen_test_char for Win32 platform which runs native on Linux (of course
in this case also a -DWIN32 would have done).

Günter.

Re: Intent to T&R 2.2.12

[Guenter Knauf]

Hi,
Graham Leggett schrieb:
> I see there is a WANT_WIN32_OS2 symbol as well which seems unrelated to
> the CROSS_COMPILE symbol, can you confirm whether you need both?
probably the name was not good - I was also thinking of something like
NEED_ENHANCED_ESCAPES or so ...; if someone has a better idea please
tell me ...

in the #else part of CROSS_COMPILE there I set WANT_WIN32_OS2:
#if defined(WIN32) || defined(OS2)
#define WANT_WIN32_OS2
#endif

Günter.

Re: Intent to T&R 2.2.12

[Jim Jagielski]

On Jul 20, 2009, at 1:48 PM, Guenter Knauf wrote:


Hi,
Graham Leggett schrieb:
I see there is a WANT_WIN32_OS2 symbol as well which seems  
unrelated to

the CROSS_COMPILE symbol, can you confirm whether you need both?

probably the name was not good - I was also thinking of something like
NEED_ENHANCED_ESCAPES or so ...; if someone has a better idea please
tell me ...

in the #else part of CROSS_COMPILE there I set WANT_WIN32_OS2:
#if defined(WIN32) || defined(OS2)
#define WANT_WIN32_OS2
#endif


Looks safe to me...

Re: Intent to T&R 2.2.12

[Jim Jagielski]

On Jul 20, 2009, at 1:23 PM, Guenter Knauf wrote:


Hi Graham,
Graham Leggett schrieb:

Guenter Knauf wrote:


would be really great if I could get some votes on the gen_test_char
change - it doesnt alter code for any other platform, but only  
makes it
possible to decouple gen_test_char from APR with a define so I'm  
able to

build a native version of it when cross-compiling:
http://people.apache.org/~fuankg/diffs/gen_test_char.c.diff


I see there is a WANT_WIN32_OS2 symbol as well which seems  
unrelated to

the CROSS_COMPILE symbol, can you confirm whether you need both?

yes, for two reasons:
1. I had problems with undefining WIN32 with the CodeWarrior Win32
compiler, so the WIN32 (now WANT_WIN32_OS2) part snapped in unwanted.
2. I also thought of a Win32 cross compile where I want to have the
WANT_WIN32_OS2 ifdef'd part in so that I can build the right
gen_test_char for Win32 platform which runs native on Linux (of course
in this case also a -DWIN32 would have done).



+1...

Re: Intent to T&R 2.2.12

[William A. Rowe, Jr.]

Jim Jagielski wrote:
> 
> However, instead of waiting for a full APR release, it would be
> nice to maybe tag an interim version of APR and bundle *that* with
> 2.2.12...

No, it would not, httpd will not become responsible for APR's releases
unless the APR project is folded and httpd project votes to accept the
responsibility for this code.  So...

-1 on any APR fork in an httpd release (and my feelings are similar on
PCRE or expat forks, and for very similar reasons).

[FINAL] Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

All looks good! Plenty of both binding and non-binding
+1s and not a -1 to be found.

I will start the process of releasing 2.2.12!

[ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[Jim Jagielski]

  Apache HTTP Server 2.2.12 Released

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.2.12 of the Apache HTTP
Server ("Apache").  This version of Apache is principally a security
and bug fix release.

We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.12 is available for download from:

http://httpd.apache.org/download.cgi

Apache 2.2 offers numerous enhancements, improvements, and performance
boosts over the 2.0 codebase.  For an overview of new features
introduced since 2.0 please see:

http://httpd.apache.org/docs/2.2/new_features_2_2.html

Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes.  A condensed list, CHANGES_2.2.12 provides the
complete list of changes since 2.2.11. A summary of security
vulnerabilities which were addressed in the previous 2.2.11 and earlier
releases is available:

http://httpd.apache.org/security/vulnerabilities_22.html

Apache HTTP Server 1.3.41 and 2.0.63 legacy releases are also currently
available.  See the appropriate CHANGES from the url above.  See the
corresponding CHANGES files linked from the download page.  The Apache
HTTP Project developers strongly encourage all users to migrate to
Apache 2.2, as only limited maintenance is performed on these legacy
versions.

This release includes the Apache Portable Runtime (APR) version 1.3.7
bundled with the tar and zip distributions.  The APR libraries libapr
and libaprutil (and on Win32, libapriconv) must all be updated to ensure
binary compatibility and address many known platform bugs.

This release builds on and extends the Apache 2.0 API.  Modules written
for Apache 2.0 will need to be recompiled in order to run with Apache
2.2, and require minimal or no source code changes.

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING

When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

Re: [FINAL] Re: [VOTE] httpd 2.2.12 tarballs

[Paul Querna]

On Mon, Jul 27, 2009 at 6:25 AM, Jim Jagielski wrote:
> All looks good! Plenty of both binding and non-binding
> +1s and not a -1 to be found.
>
> I will start the process of releasing 2.2.12!
>

I have upgraded www.apache.org to 2.2.12, yell if you see anything odd :)

Thanks,

Paul

Re: [FINAL] Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

Once all syncs, I'll refresh the main site and announce...

On Jul 27, 2009, at 3:10 PM, Paul Querna wrote:


On Mon, Jul 27, 2009 at 6:25 AM, Jim Jagielski wrote:

All looks good! Plenty of both binding and non-binding
+1s and not a -1 to be found.

I will start the process of releasing 2.2.12!



I have upgraded www.apache.org to 2.2.12, yell if you see anything  
odd :)


Thanks,

Paul

Re: [FINAL] Re: [VOTE] httpd 2.2.12 tarballs

[Jim Jagielski]

*Still* waiting for the sync between people and www
httpd.apache.org hasn't slurped up the updates yet (eg: index.html)

On Jul 27, 2009, at 9:25 AM, Jim Jagielski wrote:


All looks good! Plenty of both binding and non-binding
+1s and not a -1 to be found.

I will start the process of releasing 2.2.12!

Re: [FINAL] Re: [VOTE] httpd 2.2.12 tarballs

[Guenter Knauf]

Jim,
Jim Jagielski schrieb:
> *Still* waiting for the sync between people and www
> httpd.apache.org hasn't slurped up the updates yet (eg: index.html)
the announcement at:
http://www.apache.org/dist/httpd/Announcement2.2.html
reads:
...
A condensed list, CHANGES_2.2.12 provides the complete list of changes
since 2.2.10.

while:
http://www.apache.org/dist/httpd/CHANGES_2.2.12
seems to list only the changes since 2.2.11 ...

Also there appears another 'in the previous 2.2.10 and earlier releases'
in Announcement2.2.html.

Gün.

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[Gregg L. Smith]

Hello,

Did somebody forget the Win32 binaries or are they just not ready yet?
They do not exist at
http://www.apache.org/dist/httpd/binaries/win32/
therefore they do not exist anywhere. Pointed out by a person trying to
download them in a post at Apache Lounge.

Gregg

Jim Jagielski wrote:

  Apache HTTP Server 2.2.12 Released

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.2.12 of the Apache HTTP
Server ("Apache").  This version of Apache is principally a security
and bug fix release.
-snip-

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[William A. Rowe, Jr.]

Gregg L. Smith wrote:
> Hello,
> 
> Did somebody forget the Win32 binaries or are they just not ready yet?
> They do not exist at
> http://www.apache.org/dist/httpd/binaries/win32/
> therefore they do not exist anywhere. Pointed out by a person trying to
> download them in a post at Apache Lounge.

All ASF binaries are at the convenience of the project contributors; the
ASF  releases source code, not binaries.  Folks are just spoiled by the
fact that I've generally contributed them on the day of release.

That said; there is are question posted to the APR dev list to determine
if the dbm (Berkeley DB) and dbd (MySQL) bindings can finally ship, and
once that answer is posted, I'll be packaging win32 the binaries.

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[Ivan Zhakov]

On Fri, Jul 31, 2009 at 10:17 AM, William A. Rowe,
Jr. wrote:
> Gregg L. Smith wrote:
>> Hello,
>>
>> Did somebody forget the Win32 binaries or are they just not ready yet?
>> They do not exist at
>> http://www.apache.org/dist/httpd/binaries/win32/
>> therefore they do not exist anywhere. Pointed out by a person trying to
>> download them in a post at Apache Lounge.
>
> All ASF binaries are at the convenience of the project contributors; the
> ASF  releases source code, not binaries.  Folks are just spoiled by the
> fact that I've generally contributed them on the day of release.
>
I cannot find Windows _source_ package for Apache 2.2.12. I mean zip
archive like this
http://www.apache.org/dist/httpd/httpd-2.2.11-win32-src-r2.zip.

Is Windows source package also unofficial?

-- 
Ivan Zhakov
VisualSVN Team

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[William A. Rowe, Jr.]

Ivan Zhakov wrote:
> I cannot find Windows _source_ package for Apache 2.2.12. I mean zip
> archive like this
> http://www.apache.org/dist/httpd/httpd-2.2.11-win32-src-r2.zip.
> 
> Is Windows source package also unofficial?

No, but it is derivative (because it requires we export the .mak files
from .dsp files, something a unix RM is ill prepared to do).

Will have that up within the hour, just finished updating various
db libraries here, but it will take a number of hours to propagate
first to www.apache.org, and then to the mirrors.

The project is contemplating new solutions to the build, including
scons, which would hopefully solve the problem of a platform dependency
for a particular source release.  But that isn't expected until 2.4
or 3.0 is released.

Sorry for the delay, and thanks for calling this out.

Bill

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[Bob Ionescu]

2009/7/28 Jim Jagielski :
>  Apache HTTP Server 2.2.12 Released

BTW; shouldn't the announcement go to announce@ as well?

Hopefully there aren't new bugs but maybe someone could update the
version number in bugzilla?  :-)

Bob

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[Ivan Zhakov]

On Fri, Jul 31, 2009 at 11:11 AM, William A. Rowe,
Jr. wrote:
> Ivan Zhakov wrote:
>> I cannot find Windows _source_ package for Apache 2.2.12. I mean zip
>> archive like this
>> http://www.apache.org/dist/httpd/httpd-2.2.11-win32-src-r2.zip.
>>
>> Is Windows source package also unofficial?
>
> No, but it is derivative (because it requires we export the .mak files
> from .dsp files, something a unix RM is ill prepared to do).
>
> Will have that up within the hour, just finished updating various
> db libraries here, but it will take a number of hours to propagate
> first to www.apache.org, and then to the mirrors.
>
Great to hear. I'm just afraid that we depend on something unofficial
and Apache has different policy as other open-source projects.

> The project is contemplating new solutions to the build, including
> scons, which would hopefully solve the problem of a platform dependency
> for a particular source release.  But that isn't expected until 2.4
> or 3.0 is released.
>
Yeah, building framework is headache. In Subversion we have complex
python scripts to generate build files for different platforms. Btw
what is your impression of scons?

-- 
Ivan Zhakov
VisualSVN Team

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[William A. Rowe, Jr.]

Bob Ionescu wrote:
> 2009/7/28 Jim Jagielski :
>>  Apache HTTP Server 2.2.12 Released
> 
> BTW; shouldn't the announcement go to announce@ as well?

He probably sent it.  Trouble is, if not sent through an @apache.org
account, it dies without moderation.

> Hopefully there aren't new bugs but maybe someone could update the
> version number in bugzilla?  :-)

Fixed, nice catch, and thanks for the pointer.  I had noticed it earlier
today and I spaced out on fixing it.

Bill

Re: [ANNOUNCEMENT] Apache HTTP Server 2.2.12 Released

[William A. Rowe, Jr.]

Ivan Zhakov wrote:
>>
> Yeah, building framework is headache. In Subversion we have complex
> python scripts to generate build files for different platforms. Btw
> what is your impression of scons?

I strongly considered adopting the svn build schema at one time, but
it's a major investment of at least one person's time to refactor.
Hopefully it happens early this fall.

I haven't formed a strong impression yet, I'll let others comment on
their advocacy for scons :)

OpenSSL 1.0.0 (was: Re: [VOTE] httpd 2.2.12 tarballs)

[Guenter Knauf]

> Guenter Knauf schrieb:
>> Hi,
>> Sander Temme schrieb:
>>> On Jul 21, 2009, at 11:59 AM, Peter Sylvester wrote:
>>>
 Are there any plans to make mod_ssl compilable against
 openssl-1.0.0betaX,
 as far as I see, just some STACK things and casts need to be cleaned.
>>> Trunk became aware of OpenSSL trunk a while ago... but I don't recall
>>> putting that up for backport.  I'll do so when I have come cycles.
>> I've yesterday compiled both HEAD and 2.2.x branch with OpenSSL 1.0.0
>> beta 3, and that went fine - although I have a very picky compiler for
>> NetWare which normally breaks for every type mismatch ...
> whoops - I mixed up the include paths; Peter is right - seems that we
> need to backport these:
> http://svn.apache.org/viewvc?view=rev&revision=748396
> http://svn.apache.org/viewvc?view=rev&revision=749466
based on the above HEAD patches here's a 2.2.x branch patch:
http://people.apache.org/~fuankg/diffs/openssl-1.x-2.2.x.diff
please check and test if I catched all - I've tested on NetWare with
OpenSSL 0.9.7m, 0.9.8k and 1.0.0 beta3, and that went fine.
If nobody objects I'll propose this for backport.

Gün.

mod_perl test failure with CVE-2009-1195 fix in 2.2.12

[Stefan Fritsch]

Hi,

when backporting the CVE-2009-1195 fix in r773881+r779472 from 
branches/2.2.x to 2.2.9, I noticed that it causes a test failure when 
compiling mod_perl 2.0.4. Since I am neither familiar with mod_perl nor 
with the mod_include internals, maybe someone else can check if this is a 
necessary breakage or if the fix can be adjusted to be more backward 
compatible.


The test output:

t/api/add_config# connecting to 
http://localhost:8560/TestAPI__add_config/

1..9
# Running under perl version 5.01 for linux
# Current time local: Mon Jun  1 15:56:35 2009
# Current time GMT:   Mon Jun  1 13:56:35 2009
# Using Test.pm version 1.25
# Using Apache/Test.pm version 1.31

...

# expected: 8
# received: 40
not ok 7

...

FAILED test 7
Failed 1/9 tests, 88.89% okay
=

The interesting test file in mod_perls source is 
./t/response/TestAPI/add_config.pm.


It looks like the test sets "Options ExecCGI" and expects 
$r->allow_options to be 8 (Apache2::Const::OPT_EXECCGI), but the actual 
value is 40 (Apache2::Const::OPT_EXECCGI|Apache2::Const::OPT_INCNOEXEC).


Cheers,
Stefan

Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Kamesh Jayachandran]

Hi All,

We observe one strange error since exhibited in combination with 
SVN(with bulk import having more than 20k files).


Original posting is at
http://subversion.tigris.org/ds/viewMessage.do?dsMessageId=2379671&dsForumId=462


The problem exists even in httpd-2.2.13 and httpd-2.2.14.

We get errors like the following

svn: PUT of 
'/svn/svntest/!svn/wrk/fca6bd35-b260-7942-8f52-bcf3dcdfd734/abc/trunk/publish/q/xyz.gz':
 SSL negotiation failed: SSL error:
 parse tlsext (https://hostname  )




It happens only with windows client, server can be linux or win32.

I could manage to get the stack trace of apache child(in apache-2.2.13) 
when this error occurs.



**



#0  ssl_filter_io_shutdown (filter_ctx=0xa07b910, c=0xa07b350, abortive=1)
at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:976
#1  0x0038d5eb in ssl_io_filter_connect (filter_ctx=0xa07b910)
at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:1146
#2  0x0038dc1d in ssl_io_filter_input (f=0xa08c898, bb=0xa0d2ac8, 
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at /home/kamesh/Download/httpd-2.2.13/modules/ssl/ssl_engine_io.c:1336
#3  0x08086af9 in ap_get_brigade (next=0xa08c898, bb=0xa0d2ac8, 
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at /home/kamesh/Download/httpd-2.2.13/server/util_filter.c:489
#4  0x0806b274 in ap_rgetline_core (s=0xa0d1c78, n=8192, read=0xbf837c14, 
r=0xa0d1c60, fold=0, bb=0xa0d2ac8)
at /home/kamesh/Download/httpd-2.2.13/server/protocol.c:231
#5  0x0806b943 in read_request_line (r=0xa0d1c60, bb=0xa0d2ac8) at 
/home/kamesh/Download/httpd-2.2.13/server/protocol.c:596
#6  0x0806c299 in ap_read_request (conn=0xa07b350) at 
/home/kamesh/Download/httpd-2.2.13/server/protocol.c:891
#7  0x0808726e in ap_process_http_connection (c=0xa07b350)
at /home/kamesh/Download/httpd-2.2.13/modules/http/http_core.c:183
#8  0x08082c73 in ap_run_process_connection (c=0xa07b350) at 
/home/kamesh/Download/httpd-2.2.13/server/connection.c:43
#9  0x08083053 in ap_process_connection (c=0xa07b350, csd=0xa07b1b8)
at /home/kamesh/Download/httpd-2.2.13/server/connection.c:178
#10 0x080901df in child_main (child_num_arg=0) at 
/home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:662
#11 0x080903ca in make_child (s=0x9f70fa0, slot=0) at 
/home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:758
#12 0x08090424 in startup_children (number_to_start=1)
at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:776
#13 0x080908c8 in ap_mpm_run (_pconf=0x9f6f0a8, plog=0x9f9d160, s=0x9f70fa0)
at /home/kamesh/Download/httpd-2.2.13/server/mpm/prefork/prefork.c:997
#14 0x08064bb8 in main (argc=3, argv=0xbf837fe4) at 
/home/kamesh/Download/httpd-2.2.13/server/main.c:740





**



[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 
bytes from BIO#8494dd0 [mem: 835bb00] (BIO dump follows)
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1791): 
+-+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1830): | : 15 03 01 00 
02   .|
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1836): 
+-+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 2/2 
bytes from BIO#8494dd0 [mem: 835bb05] (BIO dump follows)
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1791): 
+-+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1830): | : 02 32 
   .2   |
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_io.c(1836): 
+-+
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_kernel.c(1888): OpenSSL: Read: 
SSLv3 read client certificate A
[Sat Oct 10 20:41:18 2009] [debug] ssl_engine_kernel.c(1907): OpenSSL: Exit: 
failed in SSLv3 read client certificate A
[Sat Oct 10 20:41:18 2009] [info] [client IP] SSL library error 1 in handshake 
(server hostname:443)
[Sat Oct 10 20:41:18 2009] [info] SSL Library Error: 336151578 
error:1409441A:SSL routines:SSL3_READ_BYTES:tlsv1 alert decode error
[Sat Oct 10 20:41:18 2009] [info] [client IP] Connection closed to child 5 with 
abortive shutdown (server hostname:443)


  




I could not isolate this issue to openssl versions as it happens with 
openssl-0.9.8k, openssl-0.9.8g, openssl-0.9.8-b


When I built the server against openssl-1.0.0-beta3, I could *not* 
access svn at all using svn client while I could access the same via 
browser.


Any clues?

With regards

Kamesh Jayachandran

Re: mod_perl test failure with CVE-2009-1195 fix in 2.2.12

[Jeff Trawick]

On Mon, Jun 1, 2009 at 7:30 AM, Stefan Fritsch  wrote:

> Hi,
>
> when backporting the CVE-2009-1195 fix in r773881+r779472 from
> branches/2.2.x to 2.2.9, I noticed that it causes a test failure when
> compiling mod_perl 2.0.4. Since I am neither familiar with mod_perl nor with
> the mod_include internals, maybe someone else can check if this is a
> necessary breakage or if the fix can be adjusted to be more backward
> compatible.
>
> The test output:
> 
> t/api/add_config# connecting to
> http://localhost:8560/TestAPI__add_config/
> 1..9
> # Running under perl version 5.01 for linux
> # Current time local: Mon Jun  1 15:56:35 2009
> # Current time GMT:   Mon Jun  1 13:56:35 2009
> # Using Test.pm version 1.25
> # Using Apache/Test.pm version 1.31
>
> ...
>
> # expected: 8
> # received: 40
> not ok 7
>
> ...
>
> FAILED test 7
>Failed 1/9 tests, 88.89% okay
> =
>
> The interesting test file in mod_perls source is ./t/response/TestAPI/
> add_config.pm.
>
> It looks like the test sets "Options ExecCGI" and expects $r->allow_options
> to be 8 (Apache2::Const::OPT_EXECCGI), but the actual value is 40
> (Apache2::Const::OPT_EXECCGI|Apache2::Const::OPT_INCNOEXEC).
>

Gosh we su^H^H^H^H...  Thanks so much!  The simple flipping of that bit in
ap_allow_options() is incorrect; it needs to do so only if OPT_INCLUDES is
turned on.

This patch works for me; please try it with the Perl suite.

Index: server/core.c
===
--- server/core.c (revision 780727)
+++ server/core.c (working copy)
@@ -665,7 +665,12 @@
  * inverted, such that the exposed semantics match that of
  * OPT_INCNOEXEC; i.e., the bit is only enabled if exec= is *not*
  * permitted. */
-return conf->opts ^ OPT_INC_WITH_EXEC;
+if (conf->opts & OPT_INCLUDES) {
+return conf->opts ^ OPT_INC_WITH_EXEC;
+}
+else {
+return conf->opts;
+}
 }

Re: mod_perl test failure with CVE-2009-1195 fix in 2.2.12

[Stefan Fritsch]

On Monday 01 June 2009, Jeff Trawick wrote:
> This patch works for me; please try it with the Perl suite.

That fixed it. Thanks

Stefan

Re: mod_perl test failure with CVE-2009-1195 fix in 2.2.12

[Joe Orton]

On Mon, Jun 01, 2009 at 10:22:45AM -0700, Jeff Trawick wrote:
> On Mon, Jun 1, 2009 at 7:30 AM, Stefan Fritsch  wrote:
> > The interesting test file in mod_perls source is ./t/response/TestAPI/
> > add_config.pm.
> >
> > It looks like the test sets "Options ExecCGI" and expects $r->allow_options
> > to be 8 (Apache2::Const::OPT_EXECCGI), but the actual value is 40
> > (Apache2::Const::OPT_EXECCGI|Apache2::Const::OPT_INCNOEXEC).
> 
> Gosh we su^H^H^H^H...  Thanks so much!  The simple flipping of that bit in
> ap_allow_options() is incorrect; it needs to do so only if OPT_INCLUDES is
> turned on.

I did think about this when writing the patch, but I presumed it would 
not matter.  It's not obviously incorrect to say that IncNoExec is 
"enabled" in such a configuration.  It's not obviously correct that 
mod_perl should dictate that no other bits are set in that such a 
configuration, even if that has been the case historically.

> This patch works for me; please try it with the Perl suite.

Nevertheless, +1 for 2.2.x

Regards, Joe

Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Guenter Knauf]

Hi Kamesh,
nice to meet you here again!
Kamesh Jayachandran schrieb:
> I could not isolate this issue to openssl versions as it happens with
> openssl-0.9.8k, openssl-0.9.8g, openssl-0.9.8-b
> 
> When I built the server against openssl-1.0.0-beta3, I could *not*
> access svn at all using svn client while I could access the same via
> browser.
> 
> Any clues?
sounds all strange. I would say since we have SNI support since 2.2.12
that there is the problem, and from the bug report it seems that the OP
used already 2 SSL virtual hosts with same IP before 2.2.12 which was
neither supported feature nor it was working properly at all; so
probably his configuration is the problem?
On the other side the needed support in OpenSSL started with 0.9.8j
IIRC, and with 0.9.8k it started to be enabled by default. So I would
assume that builds with 0.9.8g and 0.9.8b are not affected ...
Also since you post that the problem is with the client - did you also
rebuild the client with newer OpenSSL 0.8.8k, or even with 1.0.0.b3?

Günter.

Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Kaspar Brand]

Kamesh Jayachandran wrote:
> When I built the server against openssl-1.0.0-beta3, I could *not* 
> access svn at all using svn client while I could access the same via 
> browser.
> 
> Any clues?

The TLS session ticket extension might be the culprit here (or more
precisely, OpenSSL's implementation of that extension). Can you try the
attached patch and see whether it makes a difference?

Kaspar
--- httpd-2.2.14/modules/ssl/ssl_engine_init.c.orig 2009-08-16 
17:53:12.0 +0200
+++ httpd-2.2.14/modules/ssl/ssl_engine_init.c  2009-10-21 18:49:05.0 
+0200
@@ -382,6 +382,8 @@ static void ssl_init_ctx_tls_extensions(
 ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
 ssl_die();
 }
+
+SSL_CTX_set_options(mctx->ssl_ctx, SSL_OP_NO_TICKET);
 }
 #endif
 

RE: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Kamesh Jayachandran]

Hi Gunter,

Nice to meet you after a long time.

>sounds all strange. I would say since we have SNI support since 2.2.12
>that there is the problem, and from the bug report it seems that the OP
>used already 2 SSL virtual hosts with same IP before 2.2.12 which was
>neither supported feature nor it was working properly at all; so
>probably his configuration is the problem?

In my setup where this fails has only *one* SSL virtual host(_default_).



>On the other side the needed support in OpenSSL started with 0.9.8j
>IIRC, and with 0.9.8k it started to be enabled by default. So I would
>assume that builds with 0.9.8g and 0.9.8b are not affected ...

I need to double check it by myself(One of the internal tester was saying that 
this happens with openssl-0.9.8b).
I vaguely remember this happening with openssl-0.9.8g.


>Also since you post that the problem is with the client - did you also
>rebuild the client with newer OpenSSL 0.8.8k, or even with 1.0.0.b3?

Will experiment and get back.

With regards
Kamesh Jayachandran

RE: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Kamesh Jayachandran]

Thanks Kaspar, will try that tomorrow(Right now away from my dev box) and let 
you know.

With regards
Kamesh Jayachandran

-Original Message-
From: Kaspar Brand [mailto:httpd-dev.2...@velox.ch]
Sent: Wed 10/21/2009 10:29 PM
To: dev@httpd.apache.org
Subject: Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12
 
Kamesh Jayachandran wrote:
> When I built the server against openssl-1.0.0-beta3, I could *not* 
> access svn at all using svn client while I could access the same via 
> browser.
> 
> Any clues?

The TLS session ticket extension might be the culprit here (or more
precisely, OpenSSL's implementation of that extension). Can you try the
attached patch and see whether it makes a difference?

Kaspar

Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Kamesh Jayachandran]

On 10/21/2009 10:29 PM, Kaspar Brand wrote:

Kamesh Jayachandran wrote:
   

When I built the server against openssl-1.0.0-beta3, I could *not*
access svn at all using svn client while I could access the same via
browser.

Any clues?
 

The TLS session ticket extension might be the culprit here (or more
precisely, OpenSSL's implementation of that extension). Can you try the
attached patch and see whether it makes a difference?
   


Hi Kaspar,

I tried your patch. It does *not* fix the issue.
One difference it makes is , triggers failure early at 20/30 files(PUT 
requests) instead of 20k files earlier.


With regards
Kamesh Jayachandran

Re: Strange error(parse tlsext bug) in mod_ssl since httpd-2.2.12

[Joe Orton]

On Thu, Oct 22, 2009 at 12:49:10PM +0530, Kamesh Jayachandran wrote:
> I tried your patch. It does *not* fix the issue.
> One difference it makes is , triggers failure early at 20/30 files(PUT  
> requests) instead of 20k files earlier.

Can you get a packet dump/trace from the client side?  Is there anything 
between client and server which is intercepting the SSL traffic?  
(physical/software firewall?)  It would be good whether this problem is 
due to the traffic becoming corrupted.

There seem to be two places in OpenSSL's ssl_parse_serverhello_tlsext() 
which can send a "decode error" alert, if I am reading the code and 
following the error handling correctly.  It would be useful if you could 
use a custom OpenSSL build with an fprintf(stderr, ... ) or similar 
added before each of the "*al = SSL_AD_DECODE_ERROR;" lines in that 
function (in ssl/t1_lib.c), if you're able to try that?

Regards, Joe