Re: [VOTE] Release Apache httpd 2.4.16 as GA
On Jul 10, 2015, at 4:33 PM, Jim Jagielski j...@jagunet.com wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go Tested: o OSX 10.10.4, Xcode 6.4: x86_64 o CentOS 6, 7: : x86_64 o FreeBSD 9, 10: : x86_64
Re: Using UPN from subjectAltName with SSLUserName
On Sat, Jul 11, 2015 at 04:40:20PM +0200, Kaspar Brand wrote: On 29.06.2015 15:14, Jan Pazdziora wrote: How about just passing char * and doing all the mapping logic including possible OBJ_create in parse_otherName_value? My goal here is to have all the hard work of determining the semantics isolated in one place. Please see patch attached. You're right, an ASN1_OBJECT * as an argument for modssl_X509_getSAN makes handling of otherName entries relatively awkward. In the attached patch, I have switched to a string for specifying the requested otherName form (similar to what you did in your patch). OBJ_create adds new entries to a process-wide table, so instead of checking for the presence of a specific entry at each request (in parse_otherName_value), I consider it more appropriate and efficient to do this only once, in ssl_init_Module. Barring feedback against this approach (or the observation of bugs in the implementation), I intend to commit it to trunk in the next few days (including mod_ssl.xml changes and a CHANGES item). I've tried your patch and it works find for me. So I'm happy with your plan of committing it to trunk. ;-) Thank you! -- Jan Pazdziora Senior Principal Software Engineer, Identity Management Engineering, Red Hat
Re: Helping out with release testing
On Mon, Jul 13, 2015 at 8:25 AM, Daniel Gruno humbed...@apache.org wrote: As for the voting; Anyone can vote on a release, but only committers can cast binding votes. Having said that, if anyone - even a non-committer - casts a -1, it WILL cause us to pause and think about it, discuss etc. Strictly speaking, it is PMC members votes that are binding. But this is almost meaningless from a quality perspective and the distinction shouldn't dissuade anyone from testing candidates when they can.
Re: Linking sqlite in to apache module
Thanks for your reply Dirk, I made the changes you specified : Here's the source code for the new module : http://pastebin.com/q4KQfhBQ It gets only till line no 78 in the handler. (The first log) That it before calling the first sqlite function sqlite3_open() On Mon, Jul 13, 2015 at 2:41 PM, Dirk-Willem van Gulik di...@webweaving.org wrote: On 13 Jul 2015, at 10:21, Prakash Premkumar prakash.p...@gmail.com wrote: I'm trying to call sqlite function from my apache module. The source code for the module can be found here: http://pastebin.com/zkbTf03J .. When I navigate to localhost/ : I get It Works! message But when I naviage to any other URL like localhost/asd I get the following response No data received ERR_EMPTY_RESPONSE You may want to set a ap_set_content_type(r, text/html); before ap_rput()ing data. Secondly I woud sprinkle a few lines like: ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_NOTICE, 0, r-pool, “Past %s:%d, __FILE__, __LINE__); in your code - to see where it gets in the hook handler. Tail the error log to see what is going on. Dw.
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On 07/10/2015 04:33 PM, Jim Jagielski wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Vote will last the normal 72 hrs. wow, time waits for no man|woman :( I'll try to sneak in some testing during the day...
Re: Helping out with release testing
Anyone is free to test and help out, and frankly, we'd highly appreciate it if you did :). As for the voting; Anyone can vote on a release, but only committers can cast binding votes. Having said that, if anyone - even a non-committer - casts a -1, it WILL cause us to pause and think about it, discuss etc. We value input from our users, and anyone that can help out test a release will have our thanks and respect, and your opinions and findings WILL be taken into consideration. With regards, Daniel. On 2015-07-13 14:21, Jacob Perkins wrote: Agreed! I’d love to be able to spin up a new HTTPD release and send it through both httpd testing platform and our own testing platform. — Jacob Perkins Product Owner *cPanel Inc.* jacob.perk...@cpanel.net mailto:jacob.perk...@cpanel.net Office: 713-529-0800 x 4046 Cell: 713-560-8655 On Jul 13, 2015, at 7:17 AM, Kean Johnston kean.johns...@gmail.com mailto:kean.johns...@gmail.com wrote: Hi devs, As each release goes by I see the same few people involved with testing. It seems like a lot of work and I would like to help spread the load a little. Is it only committers than can participate in this process or do you invite help from others? I can help test on the common platforms, viz. CentOS 7, Mac OSX 10.10.4 and Debian, which I see a number of people already test. However, if me testing on those platforms may free up their time to test on other more exotic systems that I do not have access to, I am very happy to do so. Please let me know how I can help out. Sincerely, Kean
Re: trunk/modules/http2 built and tested
Thanks for the hint. sandbox, modified to run against an existing installation, is now checked in. //Stefan Am 10.07.2015 um 18:43 schrieb William A Rowe Jr wr...@rowe-clan.net: You can do an svn mkdir https://svn.apache.org/repos/asf/httpd/test/mod_h2 svn cp -r1690247 https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/http2/sandbox https://svn.apache.org/repos/asf/httpd/test/mod_h2/trunk to shift that all over to the test tree, perhaps integrate into test/framework/ a bit later on if it's possible. On Fri, Jul 10, 2015 at 10:50 AM, Stefan Eissing stefan.eiss...@greenbytes.de wrote: Am 10.07.2015 um 17:04 schrieb William A Rowe Jr wr...@rowe-clan.net: On Fri, Jul 10, 2015 at 6:57 AM, Stefan Eissing stefan.eiss...@greenbytes.de wrote: FYI: just checked in a modules/http2 that takes part in the build process, similar options as mod_ssl --enable-h2 --with-nghttp2=path Tests were removed, so all sandbox/* is gone. Instead, I transformed my git mod_h2 into a repository with just the test setup and cases. If interested, you may find it here: https://github.com/icing/mod_h2_test There is a repository, http://svn.apache.org/repos/asf/httpd/test/ for all test resources that aren't part of the httpd tarballs/distribution. It can certainly fit in a new mod_h2/trunk/ tree for the time being; if it were possible to integrate it into http://svn.apache.org/repos/asf/httpd/test/framework/trunk/ that would be excellent, as this is the regression test many of us perform to initially validate potentially breaking changes. I expect the behavior of mod_h2 to degrades over time, absent tests to demonstrate correct behavior. I agree. I was not sure about the test thing and how it's used. That is why I put the tests in a githup repo for the time being. //Stefan green/bytes GmbH Hafenweg 16, 48155 Münster, Germany Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
Re: Linking sqlite in to apache module
On 13 Jul 2015, at 10:21, Prakash Premkumar prakash.p...@gmail.com wrote: I'm trying to call sqlite function from my apache module. The source code for the module can be found here: http://pastebin.com/zkbTf03J .. When I navigate to localhost/ : I get It Works! message But when I naviage to any other URL like localhost/asd I get the following response No data received ERR_EMPTY_RESPONSE You may want to set a ap_set_content_type(r, text/html); before ap_rput()ing data. Secondly I woud sprinkle a few lines like: ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_NOTICE, 0, r-pool, “Past %s:%d, __FILE__, __LINE__); in your code - to see where it gets in the hook handler. Tail the error log to see what is going on. Dw.
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On 11/07/2015 06:33, Jim Jagielski wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ [1] I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Vote will last the normal 72 hrs. NOTE: The *-deps are only there for convenience. Thx! PS: Hopefully, 4th time's the charm! +1 Slackware 13.37, 14.0, 14.1, -current with APR 1.5.2 and APR-Util 1.5.4 Links: -- [1] http://httpd.apache.org/dev/dist/
Re: Helping out with release testing
Agreed! I’d love to be able to spin up a new HTTPD release and send it through both httpd testing platform and our own testing platform. — Jacob Perkins Product Owner cPanel Inc. jacob.perk...@cpanel.net mailto:jacob.perk...@cpanel.net Office: 713-529-0800 x 4046 Cell: 713-560-8655 On Jul 13, 2015, at 7:17 AM, Kean Johnston kean.johns...@gmail.com wrote: Hi devs, As each release goes by I see the same few people involved with testing. It seems like a lot of work and I would like to help spread the load a little. Is it only committers than can participate in this process or do you invite help from others? I can help test on the common platforms, viz. CentOS 7, Mac OSX 10.10.4 and Debian, which I see a number of people already test. However, if me testing on those platforms may free up their time to test on other more exotic systems that I do not have access to, I am very happy to do so. Please let me know how I can help out. Sincerely, Kean signature.asc Description: Message signed with OpenPGP using GPGMail
Re: test base line
Rainer, many thanks for the detailed description. I installed all the perl modules you listed, cleaned the test conf, rebuild the httpd with reallyreallyall modules and now the tests are running *almost* fine. I get 31 failures in modules/access.t and, frankly, cannot figure out what is wrong on my system. This seem basic grant/deny tests. Test Summary Report --- t/modules/access.t(Wstat: 0 Tests: 408 Failed: 31) Failed tests: 4, 20-21, 24, 26, 28, 30, 38, 55, 72, 89 106-107, 123-124, 141, 154, 168, 170, 175 192, 209, 226, 277, 290, 304, 306, 311 328, 345, 362 Files=110, Tests=4312, 72 wallclock secs ( 1.69 usr 0.17 sys + 32.46 cusr 8.66 csys = 42.98 CPU) Result: FAIL Failed 1/110 test programs. 31/4312 subtests failed. Since it matches the remote ip/host, it must be something in my name resolution, I assume? Does that ring a bell with anyone? PS. Btw. to eventually be helpful, I switched testing from trunk to the 2.4.16. Same access errors, but everything else runs. (Ubuntu 14.04 LTS x86_64) Am 11.07.2015 um 12:44 schrieb Rainer Jung rainer.j...@kippdata.de: Hi Stefan, Am 09.07.2015 um 13:46 schrieb Stefan Eissing: I need some help with establishing a test baseline. I checked out the test framework from https://svn.apache.org/repos/asf/httpd/test/framework/trunk, followed the README and ran the tests against a freshly installed 2.4.x in /opt/httpd/2.4-plain. It did PASS with the default httpd.conf, but many tests were skipped due to modules missing. I tried enable some more modules like mod_ssl or mod_rewrite and all of these attempts led to test failures and perl errors such as t/security/CVE-2011-3368-rewrite.t .. 1/3 # Failed test 1 in t/security/CVE-2011-3368-rewrite.t at line 13 Can't call method print on an undefined value at t/security/CVE-2011-3368-rewrite.t line 19. My perl is the default Ubuntu 14.04 perl 5.18. Is this a failure on my part or is the system supposed to operate like this? I am a bit confused... I typically use the default config from fresh build I do with configure flags --enable-modules=reallyall and --enable-load-all-modules. I don't get failures as described by you above. I typically run the perl framework with perl plus locally installed modules. To instal modules as a normal user separate from the system installed perl I use local::lib. The stuff I add is Bundle::ApacheTest and recent versions of Test::Harness, Crypt::SSLeay, Net:SSLeay, IO::Socket::SSL, LWP::Protocol::https, HTTP::DAV (plus whatever cpan automatically adds as further dependencies). The list probably could be shortened, but that's the cruft I accumulated over time. When building the HTTPS/SSL parts one must be careful to use the same OpenSSL version that one uses to build the web server. Sometimes this is a bit tricky. The failure in line 19 you describe happens at the end of the following snippet: my $sock = Apache::TestRequest::vhost_socket(); ok $sock $sock-connected; my $req = GET @.localhost/foobar.html HTTP/1.1\r\n. Host: . Apache::TestRequest::hostport() . \r\n. \r\n; ok $sock-print($req); So it seems $sock is not defined. And indeed the failure in line 13 is the ok check in the second code line above. So the test could not connect to the vhost. Using t/TEST (try help or -help or -h to see the options) you can also just start the web server configured for the tests without immediately running them. You can then try to connect yourself. You can also edit LogLevel in Apache-Test/lib/Apache/TestConfig.pm and increase it before the perl Makefile.PL and the t/TEST to get more log output. Not likely but maybe your system openssl is used by perl and can't connect to a vhost powered by some other OpenSSL that you build your web server against? The vhost_socket() used by the test is defined in lib/Apache/TestRequest.pm as: sub vhost_socket { my $module = shift; local $Apache::TestRequest::Module = $module if $module; my $hostport = hostport(Apache::Test::config()); my($host, $port) = split ':', $hostport; my(%args) = (PeerAddr = $host, PeerPort = $port); if ($module and $module =~ /ssl/) { require Net::SSL; local $ENV{https_proxy} ||= ; #else uninitialized value in Net/SSL.pm return Net::SSL-new(%args, Timeout = UA_TIMEOUT); } else { require IO::Socket; return IO::Socket::INET-new(%args); } } Maybe you can add some debug output to STDOUT there to see to which socket it tries to connect and where it fails. Finally: any locally active pieces of security software intercepting the connect? Regards, Rainer
Re: test base line
On Mon, Jul 13, 2015 at 9:50 AM, Stefan Eissing ste...@eissing.org wrote: I get 31 failures in modules/access.t and, frankly, cannot figure out what is wrong on my system. This seem basic grant/deny tests. Test Summary Report --- t/modules/access.t(Wstat: 0 Tests: 408 Failed: 31) Failed tests: 4, 20-21, 24, 26, 28, 30, 38, 55, 72, 89 106-107, 123-124, 141, 154, 168, 170, 175 192, 209, 226, 277, 290, 304, 306, 311 328, 345, 362 Files=110, Tests=4312, 72 wallclock secs ( 1.69 usr 0.17 sys + 32.46 cusr 8.66 csys = 42.98 CPU) Result: FAIL Failed 1/110 test programs. 31/4312 subtests failed. Since it matches the remote ip/host, it must be something in my name resolution, I assume? Does that ring a bell with anyone? PS. Btw. to eventually be helpful, I switched testing from trunk to the 2.4.16. Same access errors, but everything else runs. (Ubuntu 14.04 LTS x86_64) Maybe some non world readable/executable directory above docroot like $HOME?
Re: test base line
If you are using something like a hostname of foo.localdomain (or whatever), make sure that /etc/hosts has that resolving to 127.0.0.1 On Jul 13, 2015, at 9:50 AM, Stefan Eissing ste...@eissing.org wrote: Rainer, many thanks for the detailed description. I installed all the perl modules you listed, cleaned the test conf, rebuild the httpd with reallyreallyall modules and now the tests are running *almost* fine. I get 31 failures in modules/access.t and, frankly, cannot figure out what is wrong on my system. This seem basic grant/deny tests. Test Summary Report --- t/modules/access.t(Wstat: 0 Tests: 408 Failed: 31) Failed tests: 4, 20-21, 24, 26, 28, 30, 38, 55, 72, 89 106-107, 123-124, 141, 154, 168, 170, 175 192, 209, 226, 277, 290, 304, 306, 311 328, 345, 362 Files=110, Tests=4312, 72 wallclock secs ( 1.69 usr 0.17 sys + 32.46 cusr 8.66 csys = 42.98 CPU) Result: FAIL Failed 1/110 test programs. 31/4312 subtests failed. Since it matches the remote ip/host, it must be something in my name resolution, I assume? Does that ring a bell with anyone? PS. Btw. to eventually be helpful, I switched testing from trunk to the 2.4.16. Same access errors, but everything else runs. (Ubuntu 14.04 LTS x86_64) Am 11.07.2015 um 12:44 schrieb Rainer Jung rainer.j...@kippdata.de: Hi Stefan, Am 09.07.2015 um 13:46 schrieb Stefan Eissing: I need some help with establishing a test baseline. I checked out the test framework from https://svn.apache.org/repos/asf/httpd/test/framework/trunk, followed the README and ran the tests against a freshly installed 2.4.x in /opt/httpd/2.4-plain. It did PASS with the default httpd.conf, but many tests were skipped due to modules missing. I tried enable some more modules like mod_ssl or mod_rewrite and all of these attempts led to test failures and perl errors such as t/security/CVE-2011-3368-rewrite.t .. 1/3 # Failed test 1 in t/security/CVE-2011-3368-rewrite.t at line 13 Can't call method print on an undefined value at t/security/CVE-2011-3368-rewrite.t line 19. My perl is the default Ubuntu 14.04 perl 5.18. Is this a failure on my part or is the system supposed to operate like this? I am a bit confused... I typically use the default config from fresh build I do with configure flags --enable-modules=reallyall and --enable-load-all-modules. I don't get failures as described by you above. I typically run the perl framework with perl plus locally installed modules. To instal modules as a normal user separate from the system installed perl I use local::lib. The stuff I add is Bundle::ApacheTest and recent versions of Test::Harness, Crypt::SSLeay, Net:SSLeay, IO::Socket::SSL, LWP::Protocol::https, HTTP::DAV (plus whatever cpan automatically adds as further dependencies). The list probably could be shortened, but that's the cruft I accumulated over time. When building the HTTPS/SSL parts one must be careful to use the same OpenSSL version that one uses to build the web server. Sometimes this is a bit tricky. The failure in line 19 you describe happens at the end of the following snippet: my $sock = Apache::TestRequest::vhost_socket(); ok $sock $sock-connected; my $req = GET @.localhost/foobar.html HTTP/1.1\r\n. Host: . Apache::TestRequest::hostport() . \r\n. \r\n; ok $sock-print($req); So it seems $sock is not defined. And indeed the failure in line 13 is the ok check in the second code line above. So the test could not connect to the vhost. Using t/TEST (try help or -help or -h to see the options) you can also just start the web server configured for the tests without immediately running them. You can then try to connect yourself. You can also edit LogLevel in Apache-Test/lib/Apache/TestConfig.pm and increase it before the perl Makefile.PL and the t/TEST to get more log output. Not likely but maybe your system openssl is used by perl and can't connect to a vhost powered by some other OpenSSL that you build your web server against? The vhost_socket() used by the test is defined in lib/Apache/TestRequest.pm as: sub vhost_socket { my $module = shift; local $Apache::TestRequest::Module = $module if $module; my $hostport = hostport(Apache::Test::config()); my($host, $port) = split ':', $hostport; my(%args) = (PeerAddr = $host, PeerPort = $port); if ($module and $module =~ /ssl/) { require Net::SSL; local $ENV{https_proxy} ||= ; #else uninitialized value in Net/SSL.pm return Net::SSL-new(%args, Timeout = UA_TIMEOUT); } else { require IO::Socket; return IO::Socket::INET-new(%args); } } Maybe you can add some debug output to STDOUT there to see to which socket it tries to connect and where it fails. Finally: any locally active pieces of security software intercepting the connect?
Re: Linking sqlite in to apache module
Can someone kindly help me with this ? On Mon, Jul 13, 2015 at 3:41 PM, Prakash Premkumar prakash.p...@gmail.com wrote: Thanks for your reply Dirk, I made the changes you specified : Here's the source code for the new module : http://pastebin.com/q4KQfhBQ It gets only till line no 78 in the handler. (The first log) That it before calling the first sqlite function sqlite3_open() On Mon, Jul 13, 2015 at 2:41 PM, Dirk-Willem van Gulik di...@webweaving.org wrote: On 13 Jul 2015, at 10:21, Prakash Premkumar prakash.p...@gmail.com wrote: I'm trying to call sqlite function from my apache module. The source code for the module can be found here: http://pastebin.com/zkbTf03J .. When I navigate to localhost/ : I get It Works! message But when I naviage to any other URL like localhost/asd I get the following response No data received ERR_EMPTY_RESPONSE You may want to set a ap_set_content_type(r, text/html); before ap_rput()ing data. Secondly I woud sprinkle a few lines like: ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_NOTICE, 0, r-pool, “Past %s:%d, __FILE__, __LINE__); in your code - to see where it gets in the hook handler. Tail the error log to see what is going on. Dw.
Re: Linking sqlite in to apache module
One thing you should be concerned about when compiling your module with dependencies is, how are the dependencies linked? Static or dynamic? I see nothing to indicate the uuid and sqlite3 libs were linkded statically, so they would have to be somewhere httpd can find them at run time (dynmaic linking). I am uncertain if LoadModule directive can be used to load arbitary .so, but if so that could be an option. -Mark On Mon, Jul 13, 2015 at 8:11 AM, Prakash Premkumar prakash.p...@gmail.com wrote: Can someone kindly help me with this ? On Mon, Jul 13, 2015 at 3:41 PM, Prakash Premkumar prakash.p...@gmail.com wrote: Thanks for your reply Dirk, I made the changes you specified : Here's the source code for the new module : http://pastebin.com/q4KQfhBQ It gets only till line no 78 in the handler. (The first log) That it before calling the first sqlite function sqlite3_open() On Mon, Jul 13, 2015 at 2:41 PM, Dirk-Willem van Gulik di...@webweaving.org wrote: On 13 Jul 2015, at 10:21, Prakash Premkumar prakash.p...@gmail.com wrote: I'm trying to call sqlite function from my apache module. The source code for the module can be found here: http://pastebin.com/zkbTf03J .. When I navigate to localhost/ : I get It Works! message But when I naviage to any other URL like localhost/asd I get the following response No data received ERR_EMPTY_RESPONSE You may want to set a ap_set_content_type(r, text/html); before ap_rput()ing data. Secondly I woud sprinkle a few lines like: ap_log_perror(file, line, APLOG_MODULE_INDEX, APLOG_NOTICE, 0, r-pool, “Past %s:%d, __FILE__, __LINE__); in your code - to see where it gets in the hook handler. Tail the error log to see what is going on. Dw.
Re: Linking sqlite in to apache module
On Mon, Jul 13, 2015 at 9:42 AM, Mark Taylor mtt...@gmail.com wrote: I am uncertain if LoadModule directive can be used to load arbitary .so, but if so that could be an option. LoadFile is the alternative for that.
Re: Using UPN from subjectAltName with SSLUserName
On Sat, Jul 11, 2015 at 04:40:20PM +0200, Kaspar Brand wrote: @@ -1902,5 +1907,7 @@ apr_status_t ssl_init_ModuleKill(void *data) free_dh_params(); +OBJ_cleanup(); + return APR_SUCCESS; From being burnt previously three or four times, I get scared by OpenSSL process global stuff. Have you worked out that it's safe to do that call there? It looks odd to do that there rather than alongside other global cleanups in ssl_cleanup_pre_config, so it's at least worth a comment if you really want this here. There is some complicated interaction between EVP_cleanup() and OBJ_cleanup() which I haven't tried to decipher, but it looks like EVP_cleanup() will actually do the cleanup call? Regards, Joe
Re: Helping out with release testing
There is actually an ambiguity in our policy on that. We should fix it ;) With regards, Daniel. On 2015-07-13 14:42, Eric Covener wrote: On Mon, Jul 13, 2015 at 8:25 AM, Daniel Gruno humbed...@apache.org wrote: As for the voting; Anyone can vote on a release, but only committers can cast binding votes. Having said that, if anyone - even a non-committer - casts a -1, it WILL cause us to pause and think about it, discuss etc. Strictly speaking, it is PMC members votes that are binding. But this is almost meaningless from a quality perspective and the distinction shouldn't dissuade anyone from testing candidates when they can.
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On Fri, Jul 10, 2015 at 4:33 PM, Jim Jagielski j...@jagunet.com wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go Test suite passed with prefork and event on: CentOS 7 64-bit FreeBSD 10.1, 32-bit, kernel accept filter not loaded Fedora 22, 64-bit Ubuntu 12, 32-bit* Ubuntu 15, 32-bit* *silly failure of t/filter/case.t due to an expected Perl doc file not being installed Of course it is not === 2.4.16, but today's 2.4.17-dev with mod_proxy_scgi and a few Django apps works fine for me in a real deployment on Ubuntu 12. Thanks for RM-ing, Jim! Thanks everyone for your help testing, especially non-committers! -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: [VOTE] Release Apache httpd 2.4.16 as GA
All looks fine with Win32/Win64 VC14/11/10 builds. Tested by a bunch of users of the AL community, no regressions/issues reported. Build with: httpd.exe with OPENSSL_Applink and VC14 has SupportedOS Manifest apr 1.5.2 with IPv6 enabled apr-util 1.5.4 with Crypto OpenSSL enabled apr-iconv 1.2.1 openssl VC14 1.0.2d +asm , VC10/11 1.0.1p +asm zlib 1.2.8 +asm pcre 8.37 with JIT, UTF8 enabled libxml2 2.9.2 lua 5.1.5 expat 2.1.0 Steffen -Original Message- From: Jim Jagielski Sent: Friday, July 10, 2015 10:33 PM Newsgroups: gmane.comp.apache.devel To: httpd Subject: [VOTE] Release Apache httpd 2.4.16 as GA The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Vote will last the normal 72 hrs. NOTE: The *-deps are only there for convenience. Thx! PS: Hopefully, 4th time's the charm!
Re: [VOTE] Release 2.2.30 as GA?
On Sat, Jul 11, 2015 at 4:29 PM, William A Rowe Jr wr...@rowe-clan.net wrote: [+1] Release 2.2.30 GA (apr 1.5.2, apr-util 1.5.4) Worker and prefork, included apr-1.5.2 and apr-util-1.5.4: * Debian 8 - 64bit, * Debian 7 - 64bit, * Debian 6 - 64bit, * Debian 6 - mixed 32/64bit system/kernel. Thanks Bill for RM'ing.
Re: Linking sqlite in to apache module
Thanks a lot Mark and Eric I'm linking statically. I compiled the sqlite library with libtool by specifying the -static option. My path for the UUID has both static and dynamic libraries. The UUID library alone works when compiled with the apache module. It's the sqlite library which causing the trouble. Is there a solution for this ? On Mon, Jul 13, 2015 at 7:13 PM, Eric Covener cove...@gmail.com wrote: On Mon, Jul 13, 2015 at 9:42 AM, Mark Taylor mtt...@gmail.com wrote: I am uncertain if LoadModule directive can be used to load arbitary .so, but if so that could be an option. LoadFile is the alternative for that.
Re: test base line
Ok, narrowing it down, but not done yet. Problem is as follows: 1 with 'localhost' as servername, tests were failing with waiting for server to warm up, although server was reachable as http://localhost:8529/ strange. 2 with 'test.example.org' as servername and entry in /etc/hosts everything works except modules/access.t with 31 failures. After reading that code, I see that a) mod_access_compat makes a reverse lookup if it thinks the deny/allow is a host name and lookups are allowed. b) HostnameLookups is 'Off' in the test config c) /etc/hosts does not enable reverse lookups for the resolver (at least not on ubuntu/osx) So, it seems to me you all are testing with 127.0.0.1 or enable lookups and have a name from a DNS zone with proper reverse. Everything else should not work. //Stefan (needs a drink) PS. And yes, 2.4.16 seems to work on Ubuntu 14.04 LTS. Am 13.07.2015 um 16:02 schrieb Jim Jagielski j...@jagunet.com: If you are using something like a hostname of foo.localdomain (or whatever), make sure that /etc/hosts has that resolving to 127.0.0.1 On Jul 13, 2015, at 9:50 AM, Stefan Eissing ste...@eissing.org wrote: Rainer, many thanks for the detailed description. I installed all the perl modules you listed, cleaned the test conf, rebuild the httpd with reallyreallyall modules and now the tests are running *almost* fine. I get 31 failures in modules/access.t and, frankly, cannot figure out what is wrong on my system. This seem basic grant/deny tests. Test Summary Report --- t/modules/access.t(Wstat: 0 Tests: 408 Failed: 31) Failed tests: 4, 20-21, 24, 26, 28, 30, 38, 55, 72, 89 106-107, 123-124, 141, 154, 168, 170, 175 192, 209, 226, 277, 290, 304, 306, 311 328, 345, 362 Files=110, Tests=4312, 72 wallclock secs ( 1.69 usr 0.17 sys + 32.46 cusr 8.66 csys = 42.98 CPU) Result: FAIL Failed 1/110 test programs. 31/4312 subtests failed. Since it matches the remote ip/host, it must be something in my name resolution, I assume? Does that ring a bell with anyone? PS. Btw. to eventually be helpful, I switched testing from trunk to the 2.4.16. Same access errors, but everything else runs. (Ubuntu 14.04 LTS x86_64) Am 11.07.2015 um 12:44 schrieb Rainer Jung rainer.j...@kippdata.de: Hi Stefan, Am 09.07.2015 um 13:46 schrieb Stefan Eissing: I need some help with establishing a test baseline. I checked out the test framework from https://svn.apache.org/repos/asf/httpd/test/framework/trunk, followed the README and ran the tests against a freshly installed 2.4.x in /opt/httpd/2.4-plain. It did PASS with the default httpd.conf, but many tests were skipped due to modules missing. I tried enable some more modules like mod_ssl or mod_rewrite and all of these attempts led to test failures and perl errors such as t/security/CVE-2011-3368-rewrite.t .. 1/3 # Failed test 1 in t/security/CVE-2011-3368-rewrite.t at line 13 Can't call method print on an undefined value at t/security/CVE-2011-3368-rewrite.t line 19. My perl is the default Ubuntu 14.04 perl 5.18. Is this a failure on my part or is the system supposed to operate like this? I am a bit confused... I typically use the default config from fresh build I do with configure flags --enable-modules=reallyall and --enable-load-all-modules. I don't get failures as described by you above. I typically run the perl framework with perl plus locally installed modules. To instal modules as a normal user separate from the system installed perl I use local::lib. The stuff I add is Bundle::ApacheTest and recent versions of Test::Harness, Crypt::SSLeay, Net:SSLeay, IO::Socket::SSL, LWP::Protocol::https, HTTP::DAV (plus whatever cpan automatically adds as further dependencies). The list probably could be shortened, but that's the cruft I accumulated over time. When building the HTTPS/SSL parts one must be careful to use the same OpenSSL version that one uses to build the web server. Sometimes this is a bit tricky. The failure in line 19 you describe happens at the end of the following snippet: my $sock = Apache::TestRequest::vhost_socket(); ok $sock $sock-connected; my $req = GET @.localhost/foobar.html HTTP/1.1\r\n. Host: . Apache::TestRequest::hostport() . \r\n. \r\n; ok $sock-print($req); So it seems $sock is not defined. And indeed the failure in line 13 is the ok check in the second code line above. So the test could not connect to the vhost. Using t/TEST (try help or -help or -h to see the options) you can also just start the web server configured for the tests without immediately running them. You can then try to connect yourself. You can also edit LogLevel in Apache-Test/lib/Apache/TestConfig.pm and increase it before the perl Makefile.PL and the t/TEST to get more log output. Not likely but maybe your system openssl is used by
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On Jul 10, 2015 4:34 PM, Jim Jagielski j...@jagunet.com wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go Thx! And thank you! PS: Hopefully, 4th time's the charm! Indeed :)
Re: test base line
Am 13.07.2015 um 17:34 schrieb Stefan Eissing: Ok, narrowing it down, but not done yet. Problem is as follows: 1 with 'localhost' as servername, tests were failing with waiting for server to warm up, although server was reachable as http://localhost:8529/ strange. 2 with 'test.example.org' as servername and entry in /etc/hosts everything works except modules/access.t with 31 failures. After reading that code, I see that a) mod_access_compat makes a reverse lookup if it thinks the deny/allow is a host name and lookups are allowed. b) HostnameLookups is 'Off' in the test config c) /etc/hosts does not enable reverse lookups for the resolver (at least not on ubuntu/osx) So, it seems to me you all are testing with 127.0.0.1 or enable lookups and have a name from a DNS zone with proper reverse. Everything else should not work. Testing with localhost here. No precise idea here about your problem, but - make sure you don't have any proxy shell environment variables set (http_proxy, https_proxy or similar) - we might get an idea if we can see your /etc/hosts and /etc/resolv.conf (cleared from private info). //Stefan (needs a drink) Taming the beast makes one thirsty. Rainer
Re: [VOTE] Release 2.2.30 as GA?
Am 11.07.2015 um 16:29 schrieb William A Rowe Jr: The pre-release candidate tarballs of Apache httpd 2.2.30, can be found in; http://httpd.apache.org/dev/dist/ +/-1 [+1] Release 2.2.30 GA (apr 1.5.2, apr-util 1.5.4) Win32 src to follow shortly, vote to run through 14:30 GMT Tuesday. +1 to release, thanks for RMing Details: - Netware and Windows binary artefacts not checked (missing) - signature and hashes OK - key in KEYS file - gz and bz2 contents identical - no unexpected diff to svn tag - built and tested on - Solaris 8+10 Sparc - Suse Linux Enterprise Server 10+11 (64 Bit) - RedHat Enterprise Linux 6 (64Bit) - builds fine using gcc (209 different build combinations) - out of tree - with all, most and default module sets - with either default (static) or shared linked modules - MPMs prefork, worker, event (where applicable) - dependencies apr/apu/expat/pcre: a) all bundled b) 1.5.2/1.5.4/2.1.0/8.37 (2 variants) - OpenSSL 1.0.2c - one build warning: lex.ssl_expr_yy.c:1460: warning: ‘input’ defined but not used - I expect configure to still fail on Linux with external non-system PCRE. Not a regression, see my 2.2.23 voting mail for details. - test suite ran for the builds with module set all and log levels info and debug (168 variations) - no test regressions w.r.t. at least 2.2.16-2.2.29: - Failed test 2 in t/ssl/extlookup.t at line 27 - Failed test 9 in t/ssl/require.t at line 44 Happens always. For details about both see my 2.2.19 voting mail. - failed tests 2+3 in t/security/CVE-2008-2364.t when using LWP 6.0.3 or above Happens always. For details about both see my 2.2.23 voting mail. - Test 4 in t/modules/dav.t: Happens for 19 out of 168 runs. Creation, modified and now times not in the correct order. This seems to be a system issue, all tests done on NFS, many tested on virtualized guests. Likely similar than what I observed for 2.4. - Tests 55-57 of t/modules/cgi.t testing contents of ScriptLog. Happens for 60 out of 168 runs. Likely similar than what I observed for 2.4. Fix probably by porting r1651085 from mod_cgi to mod_cgid. Regards, Rainer
Re: [VOTE] Release Apache httpd 2.4.16 as GA
Am 10.07.2015 um 22:33 schrieb Jim Jagielski: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. +1 to release and thank a bunch for RMing. In short: No regressions found. Detailed report: - Sigs and hashes OK - contents of tarballs identical - contents of tag and tarballs identical except for expected deltas (we could cleanup some m4 files in apr-util/xml/expat/conftools at the end of buildconf, no regression) Built on - Solaris 8+10 Sparc as 32 Bit Binaries - SLES 10+11 (64 Bits) - RHEL 6 (64 Bits) For all platforms built - with default (shared), shared and static modules - with module sets none, few, most, all, reallyall and default (always mod_privileges disabled) - using --enable-load-all-modules - against included APR/APU from deps tarball, plus external APR/APU 1.5.2/1.5.4 - using external libraries - expat 2.1.0 - pcre 8.37 - openssl 1.0.2c - lua 5.2.4 - distcache 1.5.1 - libxml2 2.9.2 - Tool chain: - platform gcc except for Solaris (gcc 4.1.2 for Solaris 8 and 4.9.2 for Solaris 10) - CFLAGS: -O2 -g -Wall -fno-strict-aliasing (and -mpcu=v9 on Solaris) All builds succeeded - one compiler warning ssl/ssl_util_stapling.c:657: warning: 'ok' may be used uninitialized in this function Tested for - Solaris 8+10 (32), SLES 10+11 (64), RHEL 6 (64) - MPMs prefork, worker, event (except event on Solaris8, unsupported) - default, shared and static modules - log levels info, debug and trace8 - module set reallyall (121 modules plus MPMs) The following test failures were seen: a Test 4 or 5 in t/modules/dav.t: Happens for 37 out of 378 runs. Creation, modified and now times not in the correct order. This seems to be a system issue, all tests done on NFS, many tested on virtualized guests. Not a regression. b Various tests in t/apache/expr_string.t: (6, 11, 14, 17, 20 ,23) Happens for 74 out of 378 runs (almost all on SLES 10, 14 on RHEL6 3 on Solaris 8 and 2 on Solaris 10). The failure is always on line 68, where the error_log contents are checked. Not a regression. c Tests 55-57 of t/modules/cgi.t testing contents of ScriptLog. Likely similar than what I observed for 2.4.12. Fix probably by porting r1651085 from mod_cgi to mod_cgid. Not a regression. d One failure in test 60 of t/ssl/proxy.t. This was due to a timeout during a reverse proxy call and I can see from the log, that the system was just a bit too slow so it triggered the timeout. There was more activity going on on the system besides httpd testing so this failure looks tolerable to me. Regards, Rainer
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On 7/10/2015 1:33 PM, Jim Jagielski wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go PS: Hopefully, 4th time's the charm! Looking good, thanks for RMing. MSVC '08, '12 '13 Tested on Windows XP/2003/Vista/7/8.1
Re: [VOTE] Release 2.2.30 as GA?
On Sat, Jul 11, 2015 at 10:29 AM, William A Rowe Jr wr...@rowe-clan.net wrote: The pre-release candidate tarballs of Apache httpd 2.2.30, can be found in; http://httpd.apache.org/dev/dist/ +/-1 [ ] Release 2.2.30 GA (apr 1.5.2, apr-util 1.5.4) Thanks for RM-ing! [-1] Don't release due to Windows build error for mod_proxy discussed in this thread I see no regressions when comparing with 2.2.29 on FreeBSD and Linux: FreeBSD 10, 32-bit, no kernel accept filter loaded 2.2.30 with prefork Test Summary Report --- t/modules/cgi.t (Wstat: 0 Tests: 58 Failed: 3) Failed tests: 55-57 t/security/CVE-2008-2364.t(Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) Failed test: 9 Files=110, Tests=4001, 134 wallclock secs ( 2.23 usr 0.54 sys + 50.54 cusr 12.99 csys = 66.30 CPU) Result: FAIL 2.2.29 with prefork Test Summary Report --- t/apache/chunkinput.t (Wstat: 0 Tests: 37 Failed: 6) Failed tests: 23, 25, 31, 33, 35, 37 t/modules/cgi.t (Wstat: 0 Tests: 58 Failed: 3) Failed tests: 55-57 t/security/CVE-2008-2364.t(Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) Failed test: 9 Files=110, Tests=4001, 123 wallclock secs ( 1.87 usr 0.51 sys + 43.73 cusr 11.53 csys = 57.64 CPU) Result: FAIL Ubuntu 12, 32-bit 2.2.30 with prefork Test Summary Report --- t/filter/case.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/modules/cgi.t (Wstat: 0 Tests: 58 Failed: 3) Failed tests: 55-57 t/security/CVE-2008-2364.t(Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) Failed test: 9 Files=110, Tests=3631, 128 wallclock secs ( 1.89 usr 0.23 sys + 41.57 cusr 9.45 csys = 53.14 CPU) Result: FAIL 2.2.29 with prefork Test Summary Report --- t/apache/chunkinput.t (Wstat: 0 Tests: 37 Failed: 6) Failed tests: 23, 25, 31, 33, 35, 37 t/filter/case.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/modules/cgi.t (Wstat: 0 Tests: 58 Failed: 3) Failed tests: 55-57 t/security/CVE-2008-2364.t(Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1) Failed test: 2 t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1) Failed test: 9 Files=110, Tests=3631, 123 wallclock secs ( 1.62 usr 0.27 sys + 40.51 cusr 8.77 csys = 51.17 CPU) Result: FAIL (my t/filter/case.t failures on Ubuntu are noise)
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On Fri, Jul 10, 2015 at 10:33 PM, Jim Jagielski j...@jagunet.com wrote: I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go Event and worker, included apr-1.5.2 and apr-util-1.5.4: * Debian 8 - 64bit, * Debian 7 - 64bit, * Debian 6 - 64bit, * Debian 6 - mixed 32/64bit system/kernel. Thanks for RM'ing Jim.
Re: [VOTE] Release Apache httpd 2.4.16 as GA
event and worker * Ubuntu 14.04 LTS, 64 bit Am 13.07.2015 um 17:37 schrieb Yann Ylavic ylavic@gmail.com: On Fri, Jul 10, 2015 at 10:33 PM, Jim Jagielski j...@jagunet.com wrote: I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [X] +1: Good to go Event and worker, included apr-1.5.2 and apr-util-1.5.4: * Debian 8 - 64bit, * Debian 7 - 64bit, * Debian 6 - 64bit, * Debian 6 - mixed 32/64bit system/kernel. Thanks for RM'ing Jim. green/bytes GmbH Hafenweg 16, 48155 Münster, Germany Phone: +49 251 2807760. Amtsgericht Münster: HRB5782
Re: Linking sqlite in to apache module
char *zErrMsg; rc = sqlite3_open(a.db, db); if (rc) { Besides the faulty error trapping in the other mail - it just occurred to me that your default/current working directory is also in a place you are unlikely to be allowed to write So I would out the correct path there; or for testing use rc = sqlite3_open(“/tmp/a.db, db); in conjunction with not using exit0) adding error logging. Dw.
Re: [VOTE] Release 2.2.30 as GA?
On Tue, Jul 14, 2015 at 12:09 AM, Andy Wang aw...@ptc.com wrote: I'm running into a problem with mod_proxy_balancer unable to find ap_proxy_set_scoreboard_lb on Windows. There is possibly a missing PROXY_DECLARE for ap_proxy_set_scoreboard_lb. I'm planning on going back and setting my environment back up with 2.2.30 tomorrow, but thought I should mention this now in case it's obvious to someone. Maybe the attached patch helps? Regards, Yann. httpd-2.2.x-PROXY_DECLARE_set_scoreboard_lb.patch Description: application/download
Re: [VOTE] Release Apache httpd 2.4.16 as GA
On Jul 10, 2015, at 2:33 PM, Jim Jagielski j...@jagunet.com wrote: The pre-release test tarballs for Apache httpd 2.4.16 can be found at the usual place: http://httpd.apache.org/dev/dist/ I'm calling a VOTE on releasing these as Apache httpd 2.4.16 GA. [ ] +1: Good to go [ ] +0: meh [ ] -1: Danger Will Robinson. And why. Tested on Fedora 21, no issues to report. +1 (non-binding). — leif
Re: [VOTE] Release 2.2.30 as GA?
On 07/11/2015 09:29 AM, William A Rowe Jr wrote: The pre-release candidate tarballs of Apache httpd 2.2.30, can be found in; http://httpd.apache.org/dev/dist/ +/-1 [ ] Release 2.2.30 GA (apr 1.5.2, apr-util 1.5.4) Win32 src to follow shortly, vote to run through 14:30 GMT Tuesday. I'm running into a problem with mod_proxy_balancer unable to find ap_proxy_set_scoreboard_lb on Windows. I reverted my build to 2.2.29 to make sure it wasn't me and 2.2.29 completed, and then I looked at the 2.2.30 changes and see this function call was a new addition. I'm planning on going back and setting my environment back up with 2.2.30 tomorrow, but thought I should mention this now in case it's obvious to someone. Thanks, Andy
Re: [VOTE] Release 2.2.30 as GA?
On 07/13/2015 05:27 PM, Yann Ylavic wrote: On Tue, Jul 14, 2015 at 12:09 AM, Andy Wang aw...@ptc.com wrote: I'm running into a problem with mod_proxy_balancer unable to find ap_proxy_set_scoreboard_lb on Windows. There is possibly a missing PROXY_DECLARE for ap_proxy_set_scoreboard_lb. I'm planning on going back and setting my environment back up with 2.2.30 tomorrow, but thought I should mention this now in case it's obvious to someone. Maybe the attached patch helps? Yup, that patch helped. == Build: 94 succeeded, 0 failed, 0 up-to-date, 0 skipped == I haven't actually tested it yet, but it builds. Thanks, Andy
Re: [RFC] Enable OCSP Stapling by default in httpd trunk
On 07/11/2015 08:55 PM, William A Rowe Jr wrote: If you are suggesting we shouldn't change the compiled-in default, I can agree, POLS (Principal Of Least Surprise). If you are suggesting the default config shouldn't reflect the ability to efficiently handle OCSP by stapling, here I think we would disagree. This something I can agree with: Leave the default compiled in to off and in the configuration distributed by us have it set to on. Regards Rüdiger