Re: mod_ssl and pkg-config on AIX (Re: [Vote] httpd 2.2.23 release)
Hi. Thanks for the answer. AIX does not have pkg-config standard. There is a version you can download from IBM (AIX Toolbox) in RPM format, but those tend to be old. I hear the main reason for not updating quickly is bedded in legal concerns. fyi - pkg-config new version is not a simple build. Has a dependency on a library and the embedded version does not compile with the IBM compiler. Feels like there is a dependency on gcc. I have not had the time to build a load a new sandbox to test that. Maybe this week. On Mon, Sep 3, 2012 at 7:11 AM, Kaspar Brand httpd-dev.2...@velox.chwrote: On 02.09.2012 14:04, Michael Felt wrote: The simple part first. AIX has a default install of openssl. -- however, the name of the library is libssl.a - see attachment for a filelist of what is included in openssl.base Ok, this also shows that the AIX package does not include a pkg-config file for OpenSSL (openssl.pc). There's nothing wrong with that, as long as AIX does not come with a bundled version of pkg-config, there's no strong argument to provide this file in the openssl.base package. running the pkg-config command by hand (not the newest version (0.25), so I will try updating that asap it gives the same error. I could not find a pkg-config command to tell me it's default search path - maybe it is not looking in /usr/include/openssh. By default it's looking for openssl.pc in the directories /usr/lib/pkgconfig or /usr/share/pkgconfig (or whatever was specified for libdir and datadir when pkg-config was compiled). Thanks for the reply - I'll update pkg-config and see it that helps. This won't change anything, I guess. As mentioned before, what you're seeing is pretty much the expected behavior (the stderr output could also be silenced by adding --silence-errors to the first $PKGCONFIG command in acinclude.m4/configure). Kaspar
Re: mod_ssl and pkg-config on AIX (Re: [Vote] httpd 2.2.23 release)
The simple part first. AIX has a default install of openssl.
-- however, the name of the library is libssl.a - see attachment for a
filelist of what is included in openssl.base
running the pkg-config command by hand (not the newest version (0.25), so I
will try updating that asap it gives the same error. I could not find a
pkg-config command to tell me it's default search path - maybe it is not
looking in /usr/include/openssh.
Thanks for the reply - I'll update pkg-config and see it that helps.
On Sat, Sep 1, 2012 at 8:29 AM, Kaspar Brand httpd-dev.2...@velox.chwrote:
On 27.08.2012 15:42, Michael Felt wrote:
FYI: I get an error message from configure that I do not understand.
+ ./configure
--enable-layout=AIX
--with-apr=/opt/bin/apr-1-config
--with-apr-util=/opt/bin/apu-1-config
--with-mpm=worker
--enable-ssl
--enable-mods-shared=all build/aix/configure.out
Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'openssl' found
Does AIX come with a bundled version of OpenSSL (under /usr or similar)?
How does the configure output look like after the checking whether to
enable
mod_ssl... line (up to checking whether to enable
mod_optional_hook_export...)?
With 2.2.x, configure will try pkg-config for figuring out the -l, -I and
-L flags - and fall back to -lssl -lcrypto if pkg-config fails for some
reason:
if test $ap_ssltk_type = openssl; then
if test x$ap_ssltk_base != x -a \
-f ${ap_ssltk_base}/lib/pkgconfig/openssl.pc; then
dnl Ensure that the given path is used by pkg-config too, otherwise
dnl the system openssl.pc might be picked up instead.
PKG_CONFIG_PATH=${ap_ssltk_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}
export PKG_CONFIG_PATH
fi
if test -n $PKGCONFIG; then
ap_ssltk_libs=`$PKGCONFIG --libs-only-l openssl`
if test $? -eq 0; then
pkglookup=`$PKGCONFIG --cflags-only-I openssl`
APR_ADDTO(CPPFLAGS, [$pkglookup])
APR_ADDTO(INCLUDES, [$pkglookup])
pkglookup=`$PKGCONFIG --libs-only-L --libs-only-other openssl`
APR_ADDTO(LDFLAGS, [$pkglookup])
else
ap_ssltk_libs=-lssl -lcrypto `$apr_config --libs`
fi
else
ap_ssltk_libs=-lssl -lcrypto `$apr_config --libs`
fi
fi
However, the packaging proceeds fine.
It's kind of expected behavior, yes. Replacing
ap_ssltk_libs=`$PKGCONFIG --libs-only-l openssl`
by
ap_ssltk_libs=`$PKGCONFIG --libs-only-l openssl 2/dev/null`
would suppress the (perhaps confusing) message.
Kaspar
openssl filelist.text
Description: Binary data
Re: mod_ssl and pkg-config on AIX (Re: [Vote] httpd 2.2.23 release)
On 02.09.2012 14:04, Michael Felt wrote: The simple part first. AIX has a default install of openssl. -- however, the name of the library is libssl.a - see attachment for a filelist of what is included in openssl.base Ok, this also shows that the AIX package does not include a pkg-config file for OpenSSL (openssl.pc). There's nothing wrong with that, as long as AIX does not come with a bundled version of pkg-config, there's no strong argument to provide this file in the openssl.base package. running the pkg-config command by hand (not the newest version (0.25), so I will try updating that asap it gives the same error. I could not find a pkg-config command to tell me it's default search path - maybe it is not looking in /usr/include/openssh. By default it's looking for openssl.pc in the directories /usr/lib/pkgconfig or /usr/share/pkgconfig (or whatever was specified for libdir and datadir when pkg-config was compiled). Thanks for the reply - I'll update pkg-config and see it that helps. This won't change anything, I guess. As mentioned before, what you're seeing is pretty much the expected behavior (the stderr output could also be silenced by adding --silence-errors to the first $PKGCONFIG command in acinclude.m4/configure). Kaspar
mod_ssl and pkg-config on AIX (Re: [Vote] httpd 2.2.23 release)
On 27.08.2012 15:42, Michael Felt wrote:
FYI: I get an error message from configure that I do not understand.
+ ./configure
--enable-layout=AIX
--with-apr=/opt/bin/apr-1-config
--with-apr-util=/opt/bin/apu-1-config
--with-mpm=worker
--enable-ssl
--enable-mods-shared=all build/aix/configure.out
Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
No package 'openssl' found
Does AIX come with a bundled version of OpenSSL (under /usr or similar)?
How does the configure output look like after the checking whether to enable
mod_ssl... line (up to checking whether to enable
mod_optional_hook_export...)?
With 2.2.x, configure will try pkg-config for figuring out the -l, -I and
-L flags - and fall back to -lssl -lcrypto if pkg-config fails for some
reason:
if test $ap_ssltk_type = openssl; then
if test x$ap_ssltk_base != x -a \
-f ${ap_ssltk_base}/lib/pkgconfig/openssl.pc; then
dnl Ensure that the given path is used by pkg-config too, otherwise
dnl the system openssl.pc might be picked up instead.
PKG_CONFIG_PATH=${ap_ssltk_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}
export PKG_CONFIG_PATH
fi
if test -n $PKGCONFIG; then
ap_ssltk_libs=`$PKGCONFIG --libs-only-l openssl`
if test $? -eq 0; then
pkglookup=`$PKGCONFIG --cflags-only-I openssl`
APR_ADDTO(CPPFLAGS, [$pkglookup])
APR_ADDTO(INCLUDES, [$pkglookup])
pkglookup=`$PKGCONFIG --libs-only-L --libs-only-other openssl`
APR_ADDTO(LDFLAGS, [$pkglookup])
else
ap_ssltk_libs=-lssl -lcrypto `$apr_config --libs`
fi
else
ap_ssltk_libs=-lssl -lcrypto `$apr_config --libs`
fi
fi
However, the packaging proceeds fine.
It's kind of expected behavior, yes. Replacing
ap_ssltk_libs=`$PKGCONFIG --libs-only-l openssl`
by
ap_ssltk_libs=`$PKGCONFIG --libs-only-l openssl 2/dev/null`
would suppress the (perhaps confusing) message.
Kaspar
Re: [Vote] httpd 2.2.23 release
Not this time, but I have in the past. Need to automate the key-generation, etc. for https:// - sounds like a ToDo! Good reminder. On Mon, Aug 27, 2012 at 3:58 PM, Guenter Knauf fua...@apache.org wrote: Hi Michael, Am 27.08.2012 15:42, schrieb Michael Felt: No package 'openssl' found that means that most likely your build doesnt support https protocol. However, the packaging proceeds fine. And I get an It Works message. yes, but have you checked https:// too?? Gün.
Re: [Vote] httpd 2.2.23 release
Guenter, working on it - after generating a test key, turning on two mod_'s and adding extra/*ssl.conf I was able to do: $ openssl s_client -connect localhost:443 -state -debug GET / HTTP/1.0 snip - from end: 00d0 - 99 7a 90 ca 1c 28 b4 3e-a9 af 26 d4 cd 33 88 99 .z...(.3.. 00e0 - bf de f5 60 da 89 5a ac-04 f4 23 dc 5b 3f 16 cb ...`..Z...#.[?.. 00f0 - a2 57 7d d1 88 8d cb c5-c1 7d 6b bc 0e cb 17 03 .W}..}k. !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title408 Request Timeout/title /headbody h1Request Timeout/h1 pServer timeout waiting for the HTTP request from the client./p /body/html read from 0x20050b38 [0x20056108] (5 bytes = 0 (0x0)) read:errno=0 write to 0x20050b38 [0x2005a918] (37 bytes = 37 (0x25)) - 15 03 01 00 20 30 26 15-ec 9a 2e 90 65 49 db 2f 0.eI./ 0010 - 80 40 bc df 8a 90 63 d3-32 d1 0b 90 07 d2 ed b8 .@c.2... 0020 - a8 0d d0 17 94. SSL3 alert write:warning:close notify michael@x054:[/etc/httpd/extra] So, it seems I still do not understand the error message - openssl seems to be integrated. On Wed, Aug 29, 2012 at 1:23 PM, Michael Felt mamf...@gmail.com wrote: Not this time, but I have in the past. Need to automate the key-generation, etc. for https:// - sounds like a ToDo! Good reminder. On Mon, Aug 27, 2012 at 3:58 PM, Guenter Knauf fua...@apache.org wrote: Hi Michael, Am 27.08.2012 15:42, schrieb Michael Felt: No package 'openssl' found that means that most likely your build doesnt support https protocol. However, the packaging proceeds fine. And I get an It Works message. yes, but have you checked https:// too?? Gün.
Re: [Vote] httpd 2.2.23 release
FYI: I get an error message from configure that I do not understand. + ./configure --enable-layout=AIX --with-apr=/opt/bin/apr-1-config --with-apr-util=/opt/bin/apu-1-config --with-mpm=worker --enable-ssl --enable-mods-shared=all build/aix/configure.out Package openssl was not found in the pkg-config search path. Perhaps you should add the directory containing `openssl.pc' to the PKG_CONFIG_PATH environment variable No package 'openssl' found However, the packaging proceeds fine. And I get an It Works message. Will add beta in name in http://dl.aixtools.net/httpd p.s. If it is not appropriate to add a URL by non-ASF - please slap gently :)
Re: [Vote] httpd 2.2.23 release
Hi Michael, Am 27.08.2012 15:42, schrieb Michael Felt: No package 'openssl' found that means that most likely your build doesnt support https protocol. However, the packaging proceeds fine. And I get an It Works message. yes, but have you checked https:// too?? Gün.
Re: [Vote] httpd 2.2.23 release
[+1] Release httpd 2.2.23 as GA Tested on Debian sid. I see the same (non-regression) test failures as Rainer. Cheers, Stefan
Re: [Vote] httpd 2.2.23 release
+1 NetWare Gün.
Re: [Vote] httpd 2.2.23 release
On 23.08.2012 03:16, Jeff Trawick wrote: On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Me too, but these happen for me only when I use a very recent Perl. The tests fail, because the Perl client reads status 100 instead of 200 resp. 502. Checking our logs indicates we did send the right status codes. So this seems to be a test framework problem (and as you already stated not a regression). Regards, Rainer
RE: [Vote] httpd 2.2.23 release
-Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Donnerstag, 23. August 2012 03:17 To: dev@httpd.apache.org Subject: Re: [Vote] httpd 2.2.23 release On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Hm. Which Linux? I have never seen these on Centos 64 Bit. Regards Rüdiger
RE: [Vote] httpd 2.2.23 release
-Original Message- From: Plüm, Rüdiger, Vodafone Group Sent: Donnerstag, 23. August 2012 09:55 To: dev@httpd.apache.org Subject: RE: [Vote] httpd 2.2.23 release -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Donnerstag, 23. August 2012 03:17 To: dev@httpd.apache.org Subject: Re: [Vote] httpd 2.2.23 release On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Hm. Which Linux? I have never seen these on Centos 64 Bit. Perl used on Centos (5): Summary of my perl5 (revision 5 version 8 subversion 8) configuration: Regards Rüdiger
Re: [Vote] httpd 2.2.23 release
On 23.08.2012 09:57, Plüm, Rüdiger, Vodafone Group wrote: -Original Message- From: Plüm, Rüdiger, Vodafone Group Sent: Donnerstag, 23. August 2012 09:55 To: dev@httpd.apache.org Subject: RE: [Vote] httpd 2.2.23 release -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Donnerstag, 23. August 2012 03:17 To: dev@httpd.apache.org Subject: Re: [Vote] httpd 2.2.23 release On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Hm. Which Linux? I have never seen these on Centos 64 Bit. Perl used on Centos (5): Summary of my perl5 (revision 5 version 8 subversion 8) configuration: It should be this https://github.com/gisle/libwww-perl/commit/25f86ba92ebf3d0abcf45cfda1880a1a12a91a0b change in LWP. Changed on April 11, 2011, so probably only part of the latest LWP 6.0.3. Jeff: can you confirm the your lib is indeed this latest version 6.0.3? Regards, Rainer
Re: [Vote] httpd 2.2.23 release
Am 21.08.2012 21:25, schrieb William A. Rowe Jr.: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [ +1 ] Release httpd 2.2.23 as GA works as far as i can see under Fedora 16/17 x86_64 with PHP5.3, modsec, mod_rewrite fine and ab -c 100 -n 5 ran without any issue signature.asc Description: OpenPGP digital signature
Re: [Vote] httpd 2.2.23 release
On Thu, Aug 23, 2012 at 4:41 AM, Rainer Jung rainer.j...@kippdata.de wrote: On 23.08.2012 09:57, Plüm, Rüdiger, Vodafone Group wrote: -Original Message- From: Plüm, Rüdiger, Vodafone Group Sent: Donnerstag, 23. August 2012 09:55 To: dev@httpd.apache.org Subject: RE: [Vote] httpd 2.2.23 release -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Donnerstag, 23. August 2012 03:17 To: dev@httpd.apache.org Subject: Re: [Vote] httpd 2.2.23 release On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Hm. Which Linux? I have never seen these on Centos 64 Bit. Perl used on Centos (5): Summary of my perl5 (revision 5 version 8 subversion 8) configuration: It should be this https://github.com/gisle/libwww-perl/commit/25f86ba92ebf3d0abcf45cfda1880a1a12a91a0b change in LWP. Changed on April 11, 2011, so probably only part of the latest LWP 6.0.3. Jeff: can you confirm the your lib is indeed this latest version 6.0.3? $ perl -MLWP -le print(LWP-VERSION) 6.04 Regards, Rainer -- Born in Roswell... married an alien... http://emptyhammock.com/
Re: [Vote] httpd 2.2.23 release
On 23.08.2012 13:29, Jeff Trawick wrote: On Thu, Aug 23, 2012 at 4:41 AM, Rainer Jung rainer.j...@kippdata.de wrote: On 23.08.2012 09:57, Plüm, Rüdiger, Vodafone Group wrote: -Original Message- From: Plüm, Rüdiger, Vodafone Group Sent: Donnerstag, 23. August 2012 09:55 To: dev@httpd.apache.org Subject: RE: [Vote] httpd 2.2.23 release -Original Message- From: Jeff Trawick [mailto:traw...@gmail.com] Sent: Donnerstag, 23. August 2012 03:17 To: dev@httpd.apache.org Subject: Re: [Vote] httpd 2.2.23 release On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22 Hm. Which Linux? I have never seen these on Centos 64 Bit. Perl used on Centos (5): Summary of my perl5 (revision 5 version 8 subversion 8) configuration: It should be this https://github.com/gisle/libwww-perl/commit/25f86ba92ebf3d0abcf45cfda1880a1a12a91a0b change in LWP. Changed on April 11, 2011, so probably only part of the latest LWP 6.0.3. Jeff: can you confirm the your lib is indeed this latest version 6.0.3? $ perl -MLWP -le print(LWP-VERSION) 6.04 OK, even newer. Wasn't in the tag list for LWP in their git, so I thought 6.0.3 was latest. But the suspect code is also in 6.0.4. So I'd say the test failure is a result of the above change in Perl LWP. No idea though, how the test framework could work around this. Regards, Rainer
Re: [Vote] httpd 2.2.23 release
I get the same w/ OSX 10.8 On Aug 22, 2012, at 9:16 PM, Jeff Trawick traw...@gmail.com wrote: On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22
Re: [Vote] httpd 2.2.23 release
On 21.08.2012 21:25, William A. Rowe Jr. wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... +/-1 [+1] Release httpd 2.2.23 as GA Build problems: Build problems on SLES 10 when using bundled APR and OpenSSL 1.0.1c as static libs. It's due to a bug in pkg-config on SuSe Linux, which does not preserve order of -l flags when a.pc file also contains a Libs.private entry. I built a pkg-config 0.23 which contains a patch for that and the problem was gone. Not httpd's fault. Problem with configure on Linux when using external PCRE in a non-system path. configure puts -lpcre into the LIBS early and the later tests all fail, when they try to run the contest binary, because the pcre lib can not be found. IT#s a bit unfortunate, that all libs needed to build httpd are added as libs during all configure tests after the respective --with flag. Workaround is setting LD_LIBRARY_PATH just during configure. Works out of the box on Solaris, because pcre-config --libs on Solaris also outputs a -R flag. Test suite: Two failures only happen when I use a very recent LWP Perl module (version 6.0.3 and above): tests 2+3 in t/security/CVE-2008-2364.t fail, because the Perl client reads status 100 instead of 200 resp. 502. Checking our logs indicates we did send the right status codes. So this seems to be a test framework problem. Don't know how a workaround in the framework would be. Failed test 2 in t/ssl/extlookup.t and 9 in t/ssl/require.t - not a regression. Details: - win32 artefacts not checked, because not yet available - Signature and Hashes OK - key in KEYS file - gz and bz2 contents identical - no unexpected diff to svn tag - built and tested on - Solaris 8+10 Sparc - SuSE Linux Enterprise 10 (32Bit and 64Bit) - SLES 11 (64 Bit) - RedHat Enterprise Linux 5/6 64Bit - builds fine using gcc - out of tree - with all, most and default module sets - with either default (static) or shared linked modules - MPMs prefork, worker, event (where applicable) - dependencies apr/apu/expat/pcre/openssl: a) all bundled b) 1.4.6/1.4.1/2.1.0/8.30/1.0.1c - configure fails for external non system pcre (see above) - test suite ran for all those builds with log levels info and debug - no test regressions w.r.t. at least 2.2.16-2.2.22: - Failed test 2 in t/ssl/extlookup.t at line 27 - Failed test 9 in t/ssl/require.t at line 44 For details about both see my 2.2.19 voting mail. - Failed tests 2+3 in t/security/CVE-2008-2364.t when using LWP 6.0.3 or above Regards, Rainer
Re: [Vote] httpd 2.2.23 release
+1 AIX/XLC/PPC64
Re: [Vote] httpd 2.2.23 release
All looks fine on Windows. Steffen -Original Message- From: William A. Rowe Jr. Sent: Tuesday, August 21, 2012 9:25 PM Newsgroups: gmane.comp.apache.devel To: dev@httpd.apache.org Subject: [Vote] httpd 2.2.23 release Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... +/-1 [ ] Release httpd 2.2.23 as GA
Re: [Vote] httpd 2.2.23 release
On Tue, Aug 21, 2012 at 3:25 PM, William A. Rowe Jr. wr...@rowe-clan.net wrote: Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... [+1] Release httpd 2.2.23 as GA I get this testing both 2.2.22 and 2.2.23 on Linux 64-bit: # Failed test 2 in t/security/CVE-2008-2364.t at line 19 # Failed test 3 in t/security/CVE-2008-2364.t at line 22
[Vote] httpd 2.2.23 release
Candidate binaries are available from http://httpd.apache.org/dev/dist/ - these do not yet constitute ASF releases. Win32 specific artifacts (x86 binary distribution and -win32-src.zip) will follow sometime later this evening. Feedback and edits to the draft announcement are greatly appreciated, since we need to better position 2.2 as 'just maintenance' and we can drop some of the 'shiny new' bits of that Announcement text, given that it is old hat now, and they should be reading the 2.4 Announce (which this document now links to). So, for your consideration, a vote... +/-1 [ ] Release httpd 2.2.23 as GA
