Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Tue, Jun 25, 2019 at 09:06:42AM +, Plüm, Rüdiger, Vodafone Group wrote: > > On Tue, Jun 25, 2019 at 08:49:08AM +0100, Joe Orton wrote: > > > Unless I am missing something the apr_dir_open/apr_dir_read API design > > > is always going to have memory use propor

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Tue, Jun 25, 2019 at 08:49:08AM +0100, Joe Orton wrote: > Unless I am missing something the apr_dir_open/apr_dir_read API design > is always going to have memory use proportional to directory size > because apr_dir_read() duplicates the filename into the directory's > po

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Mon, Jun 24, 2019 at 09:54:21PM +0200, Ruediger Pluem wrote: > On 06/24/2019 07:04 PM, Joe Orton wrote: > > #11 0x7f8110ce6448 in dav_do_prop_subreq (propdb=0x100cfc0) at > > props.c:331 > > What if you go here and do a > > dump_all_pools propdb->p >

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Fri, Feb 08, 2019 at 08:07:57AM +0100, Ruediger Pluem wrote: > On 11/13/2018 10:26 AM, Joe Orton wrote: > > On Mon, Nov 12, 2018 at 08:26:48AM +0100, Ruediger Pluem wrote: > >> The discussion died a little bit, because of the other issue (frequent > >> writeev calls)

Re: [VOTE] Release httpd-2.4.39

On Sat, Mar 30, 2019 at 07:17:59AM +0100, Christophe JAILLET wrote: > = > t/ssl/varlookup.t .. 73/83 [  error] oh dangnabit, server dumped core > > Program terminated with signal SIGABRT, Aborted. > #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > 50   

Re: [VOTE] Release httpd-2.4.39

On Wed, Mar 27, 2019 at 10:09:52AM -0500, Daniel Ruggeri wrote: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release this candidate > tarball as 2.4.39: >

Re: [NOTICE] Intent to T 2.4.39

On Tue, Mar 26, 2019 at 02:39:02PM -, Daniel Ruggeri wrote: > I'll assume the absence of shouts to be a good sign :-) > > I'll T in about 24 hours from now. Smoke tests of 2.4.x are looking good here, goferit! Regards, Joe

Re: svn commit: r1856208 - /httpd/test/framework/trunk/t/apache/mergeslashes.t

On Tue, Mar 26, 2019 at 07:13:03AM +0100, Christophe JAILLET wrote: > Hi, > > not related to this patch (I have the same output before it was applied), > but on my system, I get: > >    # SENDING to 127.0.0.1:8546 >    # GET /authz_core/a/b/c//index.html HTTP/1.1\r\nHost: >

Re: svn commit: r1853631 - /httpd/httpd/trunk/modules/md/mod_md_config.c

On Mon, Feb 18, 2019 at 01:23:53PM +0100, ste...@eissing.org wrote: > Would that not effectively relocate the directory on a server upgrade > and cause all existing certificates to no longer be found? If the statedir is not the same as the serverroot, then yes, and I wouldn't propose to change

Re: t/ssl/ocsp.t

On Thu, Jan 17, 2019 at 09:02:02PM +0100, Christophe JAILLET wrote: > Hi, > > I see test errors in #1 and #3 in t/ssl/ocsp.t. > > Does anyone else see it? I see it too. I changed it as you suggested in r1852984, maybe Rainer will comment if it breaks things for for him again. I was seeing

Re: [VOTE] Release httpd-2.4.38

On Thu, Jan 17, 2019 at 12:49:18PM -0600, Daniel Ruggeri wrote: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release this candidate > tarball as 2.4.38: >

Re: svn commit: r1850835 - /httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c

On Wed, Jan 16, 2019 at 12:02:01PM -0600, William A Rowe Jr wrote: > Doesn't this simply gloss over an underlying defect? > > [...] > if (apr_dbm_fetch(f, key, ) == APR_SUCCESS && val.dptr) { > *value = apr_pstrmemdup(pool, val.dptr, val.dsize); > } > > apr_dbm_close(f); > >

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Mon, Nov 12, 2018 at 08:26:48AM +0100, Ruediger Pluem wrote: > The discussion died a little bit, because of the other issue (frequent > writeev calls). I know that the liveprops issue is not fixed yet, but > I guess it makes sense if you commit the patch you posted here > already. Sorry, I

Re: [VOTE] Release httpd-2.4.37

On Thu, Oct 18, 2018 at 09:36:41AM -0500, Daniel Ruggeri wrote: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release this candidate > tarball as 2.4.37: >

Re: svn commit: r1844309 - /httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL

On Fri, Oct 19, 2018 at 11:39:27AM +0200, Rainer Jung wrote: > Concerning your simpler approach: it is OK if we give up supporting 0.9.8 > but we should probably keep the "or `$openssl list -commands 2>&1` !~ > /ocsp/" part of the test. OK good point, let's leave it as-is. r1844320 works for me,

Re: svn commit: r1844309 - /httpd/test/framework/trunk/t/htdocs/modules/cgi/ocsp.pl.PL

On Fri, Oct 19, 2018 at 07:25:55AM -, rj...@apache.org wrote: > Author: rjung > Date: Fri Oct 19 07:25:55 2018 > New Revision: 1844309 > > URL: http://svn.apache.org/viewvc?rev=1844309=rev > Log: > Do not use STDIN / STDOUT as -reqin and -respout > for "openssl ocsp", since that is supported

ap_request_core_filter issues

On Thu, Oct 18, 2018 at 12:51:06PM +0200, Ruediger Pluem wrote: > >>> > >>> Curiously inefficient writev use when stracing the process, though, > >>> dunno what's going on there (trunk/prefork): > >>> > >>> writev(46, [{iov_base="\r\n", iov_len=2}], 1) = 2 > >>> writev(46, [{iov_base="1f84\r\n",

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Thu, Oct 18, 2018 at 11:09:13AM +0200, Ruediger Pluem wrote: > On 10/17/2018 07:47 PM, Joe Orton wrote: > > On Wed, Oct 17, 2018 at 03:32:34PM +0100, Joe Orton wrote: > >> I see constant memory use for a simple PROPFIND/depth:1 for the > >> attached, though I'm

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Wed, Oct 17, 2018 at 03:32:34PM +0100, Joe Orton wrote: > I see constant memory use for a simple PROPFIND/depth:1 for the > attached, though I'm not sure this is sufficient to repro the problem > you saw before. I needed to also remove the new apr_pool_clear() there. Is the re

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Tue, Oct 16, 2018 at 02:28:06PM +0200, Ruediger Pluem wrote: > Gentle ping :-). Did you find some time to have a look? "I'm not Greg, but..." This seems to be duplicating the ctx->scratchpool which was added for use in dav_propfind_walker specifically to solve this kind of problem, I think?

Re: svn commit: r1844001 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_kernel.c ssl_private.h

On Wed, Oct 17, 2018 at 02:29:42PM +0200, jean-frederic clere wrote: > One of the customer complains is that having the variables exposed like > in StdEnvars has a huge performances cost (everything is exposed for > each request) , he wants to check one variable and then decide in his > code what

Re: svn commit: r1844001 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_kernel.c ssl_private.h

On Tue, Oct 16, 2018 at 07:21:54PM +0200, Ruediger Pluem wrote: > On 10/16/2018 02:53 PM, jfcl...@apache.org wrote: > > Author: jfclere > > Date: Tue Oct 16 12:53:18 2018 > > New Revision: 1844001 > > > > URL: http://svn.apache.org/viewvc?rev=1844001=rev > > Log: > > And a way to custom modules

Re: h2 broken in 2.4.36 with OpenSSL 1.1.1? Related to SSL_MODE_AUTO_RETRY?

On Mon, Oct 15, 2018 at 12:55:45PM +0200, Rainer Jung wrote: > I'm currently testing the following patch which looks OK wrt. test suite > results. Need to run more combinations (OpenSSL version client versus > server) though. Server with 1.1.1 and with 1.0.2p both look OK (including > the h2

Re: [VOTE] Release httpd-2.4.36

On Wed, Oct 10, 2018 at 02:18:45PM -0500, Daniel Ruggeri wrote: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release this candidate > tarball as 2.4.36: >

Re: NOTICE: Intent to T 2.4.36

On Wed, Oct 10, 2018 at 02:52:13PM +0200, Stefan Eissing wrote: > I cannot get the test framework to properly initialise any longer (MacOS > 10.14): > > > t/TEST -clean > > t/TEST > [warning] setting ulimit to allow core files > ulimit -c unlimited; /usr/bin/perl >

Re: NOTICE: Intent to T 2.4.36

On Tue, Oct 09, 2018 at 03:29:49PM -0500, Daniel Ruggeri wrote: > Hi, all; >I ran through my usual testing routine, this time with OpenSSL 1.1.1, but > found several test failures. In the past, these issues have been isolated to > my environment so I just wanted to drop a line to see if anyone

PATCH: "persistent state" directory default/config/API

On Fri, Sep 28, 2018 at 11:22:22AM +0100, Joe Orton wrote: > Example users are the mod_dav_fs lock database, mod_md's MD data store. > With an API & default, these can have hard-coded default paths so the > modules work without needing configuration. The proxy cache root could >

RFC: "persistent state" directory default/config/API

I'd like to add a "persistent state" directory with a hard-coded default, config directive and API equivalent to the runtimdir in config.layout, DefaultRuntimeDir directive and ap_runtime_dir_relative(). The "runtime" directory is used for transient state which disappears and can be deleted

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Wed, Sep 26, 2018 at 09:30:25AM +, Plüm, Rüdiger, Vodafone Group wrote: > Thanks for reporting. Does the below patch cause the crash to go away? Yes, works for me!

Re: svn commit: r1841225 - /httpd/httpd/trunk/modules/dav/main/props.c

On Tue, Sep 18, 2018 at 03:04:13PM +0200, Ruediger Pluem wrote: > Pools are very tricky in mod_dav. Hence additional eyeballs are very much > welcome here. > As I only did testing with mod_dav_fs I would be keen to know if things still > work with Subversion. > So if someone from the Subversion

Re: NOTICE: Intent to T 2.4.35 in the next few hours

On Fri, Sep 21, 2018 at 08:52:32AM -0500, Daniel Ruggeri wrote: > I've updated the proposed, generated announcements here: > https://dist.apache.org/repos/dist/dev/httpd/Announcement2.4.html > https://dist.apache.org/repos/dist/dev/httpd/Announcement2.4.txt > > A quick proofread would be

Re: NOTICE: Intent to T 2.4.35 in the next few hours

On Wed, Sep 19, 2018 at 01:19:29PM +0200, Apache Lounge wrote: > Are there examples what (maybe) does not work with OpenSSL 1.1.1 ? Have you run the test suite? The flipped setting of SSL_MODE_AUTO_RETRY is expected to break TLSv1.2 as well, that problem is consistent with the hangs Daniel

Re: [VOTE] Release httpd-2.4.35

On Mon, Sep 17, 2018 at 07:56:52PM -0500, Daniel Ruggeri wrote: > Hi, all; >    Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release this > candidate tarball as 2.4.35: > [

Re: NOTICE: Intent to T 2.4.35 in the next few hours

On Tue, Sep 18, 2018 at 11:19:10AM -0500, William A Rowe Jr wrote: > On Tue, Sep 18, 2018 at 2:43 AM Joe Orton wrote: > > You'll likely see issues testing against OpenSSL 1.1.1 until the TLSv1.3 > > merge is integrated for 2.4.x, yeah, I wouldn't worry about that. > > But

Re: TLSv1.3 supprt for 2.4.x?

On Tue, Sep 18, 2018 at 04:54:58PM +0200, Yann Ylavic wrote: > On Tue, Sep 18, 2018 at 4:08 PM Joe Orton wrote: > > > > As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging... > > Thanks Joe for the hard work! Thanks to Stefan for getting us most of the

Re: TLSv1.3 supprt for 2.4.x?

As of r1841219 I think the tlsv1.3-for-2.4.x is ready for merging... A BIG caveat remains around Post-Handshake Auth. With the current Perl stack (including whatever adjustments for OpenSSL 1.1.1 already required) the failures I get with the test suite and that branch are significant, because

Re: NOTICE: Intent to T 2.4.35 in the next few hours

On Mon, Sep 17, 2018 at 06:16:34PM -0500, Daniel Ruggeri wrote: >    Sorry - I know it wasn't a very good report. I was just seeing if > anyone has experienced a similar holdup. In fact, I let it run while > tending to other things and came back to see it had completed (but > failed), so perhaps

Re: svn commit: r1840585 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_kernel.c

On Wed, Sep 12, 2018 at 03:11:48PM +0200, Stefan Eissing wrote: > How much have your testings now proceeded? Yann reported interop with > firefox for him against trunk. Did you manage to track down your > problems? Something missing in the branch? Right now for me there is only the

Re: TLSv1.3 supprt for 2.4.x?

On Tue, Sep 11, 2018 at 03:39:42PM +0200, Yann Ylavic wrote: > On Tue, Sep 11, 2018 at 12:13 PM Joe Orton wrote: > > > > Does anybody have successful test results with post-handshake auth? I'm > > testing against Fedora's OpenSSL 1.1.1pre9 which has merged the changes >

Re: svn commit: r1840585 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_kernel.c

On Tue, Sep 11, 2018 at 06:35:17PM +0200, Yann Ylavic wrote: > On Tue, Sep 11, 2018 at 6:01 PM wrote: > > > > Author: jorton > > Date: Tue Sep 11 16:01:47 2018 > > New Revision: 1840585 > > > > URL: http://svn.apache.org/viewvc?rev=1840585=rev > > Log: > > * modules/ssl/ssl_engine_kernel.c

Re: TLSv1.3 supprt for 2.4.x?

On Tue, Sep 11, 2018 at 03:39:42PM +0200, Yann Ylavic wrote: > On Tue, Sep 11, 2018 at 12:13 PM Joe Orton wrote: > > > > Does anybody have successful test results with post-handshake auth? I'm > > testing against Fedora's OpenSSL 1.1.1pre9 which has merged the changes >

Re: TLSv1.3 supprt for 2.4.x?

On Tue, Sep 11, 2018 at 10:42:02AM +0200, Stefan Eissing wrote: > > Am 10.09.2018 um 10:59 schrieb Joe Orton : > > http://svn.apache.org/viewvc?view=revision=1828220 > > - I think this is merged in the branch slightly differently? > > I think this overlaps

Re: TLSv1.3 supprt for 2.4.x?

On Wed, Sep 05, 2018 at 01:36:06PM +0200, Stefan Eissing wrote: > A member of the OpenSSL project gave me a "go ahead" and we now have branch: > > https://svn.apache.org/repos/asf/httpd/httpd/branches/tlsv1.3-for-2.4.x > > as a copy of 2.4.x with >

Re: TLSv1.3 supprt for 2.4.x?

On Mon, Sep 03, 2018 at 11:17:39AM +0200, Stefan Eissing wrote: > Dear SSL care takers and stake holders, > > trunk has TLSv1.3 support for some time. I just now changed the 'all' > SSLProtocol selection, so that it does not include TLSv1.3. This means that > in order to enable it, admins must

Re: svn commit: r1831398 - in /httpd/test/framework/trunk/t: conf/ssl/ssl.conf.in htdocs/modules/cgi/ htdocs/modules/cgi/ocsp.pl.PL ssl/ocsp.t

On Tue, Aug 21, 2018 at 08:46:39PM +0200, Christophe JAILLET wrote: > SSLOCSPResponderCertificateFile is only supported since 2.4.26. > Does just surrounding this directive by a = 2.4.26> is enough, > or should the corresponding test be adjusted some way or another as well? The latter, yes - I

Re: [VOTE] Release Apache httpd 2.4.34 as GA

On Wed, Jul 11, 2018 at 11:42:49PM +0200, Christophe Jaillet wrote: > I got once: > t/modules/dav.t . 1/16 # Failed test 1 in > t/modules/dav.t at line 47 > # Failed test 2 in t/modules/dav.t at line 52 > t/modules/dav.t . 3/16 # Failed test 9 in >

Re: [VOTE] Release Apache httpd 2.4.34 as GA

On Tue, Jul 10, 2018 at 10:03:17AM -0400, Jim Jagielski wrote: > I'm calling a VOTE on releasing these as Apache httpd 2.4.34 GA. > > [X] +1: Good to go > [ ] +0: meh > [ ] -1: Danger Will Robinson. And why. +1 for release, passes test suite on Fedora 28/x86_64, sigs good, CHANGES good...

Re: Host header checking too strict?

On Fri, Jun 22, 2018 at 05:21:08PM -0400, Eric Covener wrote: > After CVE-2016-8743 we only accept hostnames that are valid in DNS, > which notably excludes underscores. But it seems like 7230 does not > require HTTP Host: to use a DNS registry, and excluding '_' should > have broken IDN

Re: Brigade memory lifetime & leaks

On Tue, Jun 05, 2018 at 12:07:31PM +, Plüm, Rüdiger, Vodafone Group wrote: > The usual approach in many locations is to store the created bucket brigade > and reuse it. How about the following (untested): Passes tests and fixes the leak, though I we need to change the _destroy() to be a

Re: Brigade memory lifetime & leaks

On Tue, Jun 05, 2018 at 12:07:31PM +, Plüm, Rüdiger, Vodafone Group wrote: > The usual approach in many locations is to store the created bucket brigade > and reuse it. How about the following (untested): Yes, that works too, thanks! Passes test suite and fixes the leak, though I we need to

Brigade memory lifetime & leaks

In 2.4's http_request.c there are two places doing: bb = apr_brigade_create(c->pool, c->bucket_alloc); to handle sending a FLUSH between requests and an EOR bucket which both can't be done off r->pool. Because the brigade structure itself is allocated out of c->pool this means we leak

SSLPolicy code questions/backport review

Easier to do here than dump in STATUS; looking at reviewing the 2.4.x backport: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/ssl-policy.patch 0. Overall looks good, I like the way this has been done! 1. Is there a reason why we need SSLPolicyRec with (name, sc) members rather

Re: Experimental C unit test suite available for hacking

On Wed, May 23, 2018 at 04:14:39PM +0200, Micha Lenk wrote: > Hi Eric, > > On 05/23/2018 02:59 PM, Eric Covener wrote: > > I guess the CI setup needs to be updated to at least build the unit tests? > > I did not configure the build explicitly to run the unit tests, so it is > just the plain

Re: Layout and best practices for the testing framework

On Sun, May 13, 2018 at 12:49:30PM +0200, Luca Toscano wrote: > Hi everybody, > > I came up with http://home.apache.org/~elukey/httpd-framework-pr61860.patch > to add some tests for PR 61860. The patch that I have in mind is for > http_protocol, but for the moment the "visible" use case is that

Re: modssl_load_engine_keypair() for server

On Mon, May 14, 2018 at 08:48:52AM +1000, zzz wrote: > Basically my use case is I want to construct (or obtain) an SSL_CTX from > another server for an authorization module - partly to avoid having to deal > directly with loading encrypted certificates myself. Allowing Apache to "do > it's thing"

Re: svn commit: r1830819 - in /httpd/httpd/trunk: ./ docs/log-message-tags/ docs/manual/mod/ modules/ssl/

On Thu, May 03, 2018 at 10:20:23PM +0200, Christophe Jaillet wrote: > Le 03/05/2018 à 15:06, jor...@apache.org a écrit : > > > -SSLCertificateKeyFile file-path > > +SSLCertificateKeyFile file-path|keyid > > Mixing and looks odd, even if the result is the same. > Just my 2c. Fixed in r1830879

Re: time for 2.4.34?

On Tue, May 01, 2018 at 05:15:54PM -0400, Jim Jagielski wrote: > Considering that we have some regressions in .33 which > will soon be fixed (these are the 2 noted ShowStoppers) > as well as a limited number of "other" changes to the > codebase, maybe now is a Good Time to consider a 2.4.34...? >

Re: Revisit Versioning? (Was: 2.4.3x regression w/SSL vhost configs)

Feel like I should drop 2c in here... I'd be VERY happy to see more frequent "major" version bumps, i.e. 2.4->2.6->2.8 or whatever which break backwards compat/ABI. We have the chance to break compat every ~6 months in Fedora so it's no problem getting new code into the hands of users. I've

Re: 2.4.3x regression w/SSL vhost configs

Thanks to everyone who followed through :) For completion, I pushed this to trunk in r1829513 though arguably we could/should accept some behavioural change here in 2.5. No strong opinion on this really. 2.4 backport also proposed. It bugs me to be left with the "surprising" behaviour of

Re: 2.4.3x regression w/SSL vhost configs

On Fri, Apr 13, 2018 at 01:55:40PM +0200, Yann Ylavic wrote: > At runtime, *with SNI*, when ssl_callback_ServerNameIndication() gets > called and ap_vhost_iterate_given_conn()::ssl_find_vhost() reaches the > second nvh (beta, with no SSL) corresponding to the SNI, we do > SSL_set_SSL_CTX to switch

Re: 2.4.3x regression w/SSL vhost configs

On Thu, Apr 12, 2018 at 09:38:46PM +0200, Ruediger Pluem wrote: > On 04/12/2018 09:28 AM, Joe Orton wrote: > > But logged is: > > > > ::1 - - [12/Apr/2018:08:11:12 +0100] "GET /agag HTTP/1.1" 404 12 HTTPS=on > > SNI=localhost.localdomain > > 127.0.0.1

Re: 2.4.3x regression w/SSL vhost configs

On Wed, Apr 11, 2018 at 10:24:23PM +0200, Yann Ylavic wrote: > On Wed, Apr 11, 2018 at 7:54 PM, Joe Orton <jor...@redhat.com> wrote: > > Yes, exactly - and for affected configs the defining feature is the > > absence of SSL* in the second vhost. The non-SSL config still takes

Re: 2.4.3x regression w/SSL vhost configs

On Wed, Apr 11, 2018 at 01:37:22PM -0400, Eric Covener wrote: > On Wed, Apr 11, 2018 at 1:07 PM, Yann Ylavic <ylavic@gmail.com> wrote: > > On Wed, Apr 11, 2018 at 7:03 PM, Joe Orton <jor...@redhat.com> wrote: > >> Like this? Is this likely to break some

Re: 2.4.3x regression w/SSL vhost configs

Like this? Is this likely to break some other currently-working config? Index: modules/ssl/ssl_engine_init.c === --- modules/ssl/ssl_engine_init.c (revision 1828914) +++ modules/ssl/ssl_engine_init.c (working copy) @@

Re: 2.4.3x regression w/SSL vhost configs

On Wed, Apr 11, 2018 at 05:49:47PM +0200, Yann Ylavic wrote: > I agree... to both Stefan's and your points of view here :p YOU FENCE SITTER! :) > We can hardly break existing configurations, even if they rely on a > bug (our bug...). > But another user (or the same!) may open a bug when her/his

Re: 2.4.3x regression w/SSL vhost configs

On Wed, Apr 11, 2018 at 02:10:27PM +0200, Stefan Eissing wrote: > What we fixed here is a bug, plain and simple. And if installations rely > on a bug, they might break on an update. Seems unavoidable. > > Nowhere is this "a certificate is visible in other vhosts if it is configured > in the >

Re: 2.4.3x regression w/SSL vhost configs

Thanks for the responses, Stefan. I understand this a bit better now, but it still seems very clearly like a regression. On Wed, Apr 11, 2018 at 10:28:05AM +0200, Stefan Eissing wrote: > Additional example of the brokeness. If you add > a SSL directive to the 2nd vhost in your example > -

Re: ab issues (just on macOS?)

On Tue, Apr 10, 2018 at 08:47:03AM -0400, Jim Jagielski wrote: > My understanding is that this patch was specifically designed > to address this exact situation, so I am confused why it > seems to be causing the problem... It's like ab tries ::1, > doesn't connect and then fails immediately

2.4.3x regression w/SSL vhost configs

I don't quite understand the new AP_MODULE_FLAG_ALWAYS_MERGE logic so I'm struggling to debug this, but I've had a couple of reports that configurations like: Listen 443 https ServerName www.example.com:443 SSLCertificateFile ... ServerName other.example.com:443 worked in 2.4.29

Re: svn commit: r1811831 - /httpd/httpd/trunk/server/util_script.c

On Thu, Apr 05, 2018 at 01:38:05PM +0200, Yann Ylavic wrote: > On Wed, Oct 11, 2017 at 4:48 PM, wrote: > > Author: jorton > > Date: Wed Oct 11 14:48:55 2017 > > New Revision: 1811831 > > > > URL: http://svn.apache.org/viewvc?rev=1811831=rev > > Log: > > * server/util_script.c

Re: svn commit: r1826279 - /httpd/httpd/branches/2.4.x/STATUS

On Fri, Mar 16, 2018 at 11:50:17AM +0100, Luca Toscano wrote: > From my point of view, adding a comment nearby a directive (except in some > cases like you explained above) should be totally safe and transparent to > the user. I haven't ever thought about the possibility that having a inline >

Re: svn commit: r1826995 - in /httpd/httpd/trunk: docs/manual/mod/mod_ssl.xml modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c module

On Fri, Mar 16, 2018 at 03:25:08PM -, ic...@apache.org wrote: > Author: icing > Date: Fri Mar 16 15:25:08 2018 > New Revision: 1826995 > > URL: http://svn.apache.org/viewvc?rev=1826995=rev > Log: > Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf of a > certificate chain.

Re: svn commit: r1826279 - /httpd/httpd/branches/2.4.x/STATUS

On Thu, Mar 08, 2018 at 11:05:29PM +0100, Yann Ylavic wrote: > On Thu, Mar 8, 2018 at 11:00 PM, wrote: > > > >*) mod_access_compat, mod_authz_host: Prevent access control > > misconfiguration > > due to interpretation of #comments in Require host or Allow/Deny > >

Re: [VOTE] Release httpd-2.4.32

On Wed, Mar 14, 2018 at 02:56:19PM +, Joe Orton wrote: > This looks like the failure I see when localhost resolves to both ::1 > and 127.0.0.1, which happens with modern Fedora hosts: > > $ grep localhost /etc/hosts > 127.0.0.1 localhost localhost.localdomain localh

Re: [VOTE] Release httpd-2.4.32

On Wed, Mar 14, 2018 at 12:10:20PM +0100, Rainer Jung wrote: > All 280 builds succeeded. Geez, now I feel bad just testing one build ;) Great stuff! > The following test failures were seen: > > a t/ab/base.t tests 1, 3 and 5 fail always on Linux > - # Failed test 1 in t/ab/base.t at line 29 >

Re: svn commit: r1826585 - /httpd/test/framework/trunk/t/apache/http_strict.t

On Mon, Mar 12, 2018 at 07:05:41PM -, cove...@apache.org wrote: > Author: covener > Date: Mon Mar 12 19:05:41 2018 > New Revision: 1826585 > > URL: http://svn.apache.org/viewvc?rev=1826585=rev > Log: > don't depend on need_min_apache_ver > > Sorry, when I added this, it magically just used

Re: [VOTE] Release httpd-2.4.32

On Fri, Mar 09, 2018 at 08:49:15PM -0600, Daniel Ruggeri wrote: > Hi, all; > >Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release this candidate > tarball as

Re: [VOTE] Release httpd-2.4.31

On Sat, Mar 03, 2018 at 09:56:50AM -0600, Daniel Ruggeri wrote: > Hi, all; > >Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > > > I would like to call a VOTE over the next few days to release this candidate > tarball as

Re: One more make pain point

On Mon, Feb 26, 2018 at 02:58:48PM -0600, William A Rowe Jr wrote: > Any objections to > > --- build/mkdir.sh (revision 1825390) > +++ build/mkdir.sh (working copy) > @@ -38,7 +38,6 @@ > continue ;; > esac > if test ! -d "$pathcomp"; then > -echo

Re: Lua detection autoconf mess (was: [VOTE] Release httpd-2.4.30)

On Fri, Feb 23, 2018 at 09:23:50PM +0100, Yann Ylavic wrote: > Though this is the "else" (legacy) branch. > > $ pkg-config --list-all |grep ^lua ... > lua51 Lua - Lua language engine > lua52 Lua - Lua language engine > lua5.2

Re: Lua detection autoconf mess (was: [VOTE] Release httpd-2.4.30)

On Fri, Feb 23, 2018 at 10:04:30AM -0600, William A Rowe Jr wrote: > Correct, as I said this may not be a regression, as it continues to locate > /use/lib64 files. > > Modern ld is tolerant on linux at least when not in -Wall more. Other archs > may not be so kind. r1825147 works for me on

Re: svn commit: r1824592 - /httpd/httpd/branches/2.4.x/STATUS

On Mon, Feb 19, 2018 at 08:38:05PM +0100, Ruediger Pluem wrote: > On 02/19/2018 07:50 PM, Joe Orton wrote: > > On Sat, Feb 17, 2018 at 02:06:20PM -, minf...@apache.org wrote: > >> Author: minfrin > >> Date: Sat Feb 17 14:06:20 2018 > >> New R

Re: svn commit: r1824592 - /httpd/httpd/branches/2.4.x/STATUS

On Sat, Feb 17, 2018 at 02:06:20PM -, minf...@apache.org wrote: > Author: minfrin > Date: Sat Feb 17 14:06:20 2018 > New Revision: 1824592 > > URL: http://svn.apache.org/viewvc?rev=1824592=rev > Log: > Update proposal with fix for rpluem/jorton. Extending dav_resource still breaks binary

Re: BalancerMember and RFC1035 compliance - BalancerMember worker hostname (65-character.long.DNS.name.com) too long

On Wed, Feb 07, 2018 at 06:52:28PM +0100, Yann Ylavic wrote: > On Wed, Feb 7, 2018 at 6:33 PM, Jim Jagielski wrote: > > So can I assume that a backport req to bump-up the field sizes to, at least, > > what is in trunk, would not be vetoed? > > Not by me, +1. It's not getting a

Re: svn commit: r1822879 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

On Mon, Feb 05, 2018 at 09:06:09AM -0600, William A Rowe Jr wrote: > You can't retrieve in the register fn hook, without creating load order > dependencies. Yup, that's why there is ap_hook_optional_fn_retrieve which is the right place to do it.

Re: svn commit: r1822879 - /httpd/httpd/trunk/modules/proxy/proxy_util.c

On Thu, Feb 01, 2018 at 03:01:41PM -, yla...@apache.org wrote: > Author: ylavic > Date: Thu Feb 1 15:01:40 2018 > New Revision: 1822879 > > URL: http://svn.apache.org/viewvc?rev=1822879=rev > Log: > mod_proxy: follow up to r1822849 and r1822878. > > Does r1822878's "static"

Re: IncludeOptional: feature request to be less strict

On Sat, Nov 04, 2017 at 01:15:07PM +0100, Luca Toscano wrote: > Hi everybody, > > in https://bz.apache.org/bugzilla/show_bug.cgi?id=57585 it was asked to > relax a bit how IncludeOptional works to allow a config to specify a path > in IncludeOptional that might not be (yet) on the file system

Re: [VOTE] Release Apache httpd 2.4.29 as GA

On Tue, Oct 17, 2017 at 03:00:36PM -0400, Jim Jagielski wrote: > The pre-release test tarballs for Apache httpd > version 2.4.29 can be found at the usual place: > > http://httpd.apache.org/dev/dist/ > > I'm calling a VOTE on releasing these as Apache httpd 2.4.29 GA. +1 - looks good on

Re: expr changes and 2.4.29-dev

On Tue, Oct 17, 2017 at 07:57:51AM -0400, Jim Jagielski wrote: > HEAD of 2.4 now has errors with the test framework: > > t/apache/expr_string.t .. 1/32 # Failed test 27 in > t/apache/expr_string.t at line 73 fail #10 > # Failed test 28 in t/apache/expr_string.t at line 83 fail #9 > #

Re: AC_CHECK_LIB issues under maintainer mode (Was: Re: Tagging 2.4.29 / 2.5.0-{alpha/beta?} today)

On Fri, Oct 13, 2017 at 11:51:54AM -0400, Jim Jagielski wrote: > The long and short is that under maintainer mode, we cannot > expect AC_CHECK_LIB to being correct any longer, because > the combination of -Werror and -Wstrict-prototypes means > that any and all functions looked for/checked for

Re: svn commit: r1811800 - /httpd/httpd/branches/2.4.x/STATUS

On Wed, Oct 11, 2017 at 08:03:57AM -, elu...@apache.org wrote: > Author: elukey > Date: Wed Oct 11 08:03:57 2017 > New Revision: 1811800 > > URL: http://svn.apache.org/viewvc?rev=1811800=rev > Log: > Add the (hopefully) intended change for r1811799's proposal Doh! Yes, indeed. Thanks :)

Re: httpd memory consumption

On Fri, Oct 06, 2017 at 09:46:39AM +0200, Ruediger Pluem wrote: > For this I used the new dump_pool_and_children I added to .gdbinit which > delivers me the memory used by all > pools below 'apr_global_pool' and the amount of memory in the allocator free > lists associated to these pools. > This

Re: svn commit: r1808230 - /httpd/httpd/trunk/server/protocol.c

On Fri, Sep 22, 2017 at 11:39:54AM -0500, William A Rowe Jr wrote: > This defect still appears to exist in 2.4.28-dev, no? > > The rewrite appears to have enjoyed both committer and external testing and > the patch looks suitable for backport. It has enjoyed careful consideration by > at least

Re: svn commit: r1809302 - in /httpd/httpd/trunk: include/ap_mmn.h include/http_config.h server/config.c

On Fri, Sep 22, 2017 at 11:58:53AM -, yla...@apache.org wrote: > --- httpd/httpd/trunk/include/ap_mmn.h (original) > +++ httpd/httpd/trunk/include/ap_mmn.h Fri Sep 22 11:58:53 2017 ... > @@ -562,7 +563,7 @@ > #ifndef MODULE_MAGIC_NUMBER_MAJOR > #define MODULE_MAGIC_NUMBER_MAJOR 20161018 >

C-L filter buffering snafu

https://bz.apache.org/bugzilla/show_bug.cgi?id=61222 I may be missing something here, ap_content_length_filter looks broken. Currently it implements an unlimited size buffer, by trying to morph every indeterminate length bucket into the heap. It has the standard "read till it blocks then

Re: svn commit: r1799356 - in /httpd/httpd/branches/2.2.x: ./ server/scoreboard.c

On Tue, Jun 20, 2017 at 10:00:35AM -0700, Jacob Champion wrote: > On 06/20/2017 09:47 AM, wr...@apache.org wrote: > > Log: > > Make the range test legible > Hmm, out of curiosity, is the legibility you mention from the > parenthesization change or the switch to greater-than-or-equal for one side?

Re: [PATCH 2.2] fix ap_get_scoreboard_*

On Tue, Jun 20, 2017 at 11:48:53AM -0500, William A Rowe Jr wrote: > Joe, I compromised on your fix and retained parens for legibility, > following the pattern of the other fix. > > Committed as r1799356, thanks Thanks a lot Bill! I will survive the extra parentheses... :)

[PATCH 2.2] fix ap_get_scoreboard_*

The limit checking is broken in 2.2's ap_get_scoreboard_*. This was fixed in 2.4 in http://svn.apache.org/viewvc?view=revision=417252 Patch below backports that, plus fixes the additional broken comparison in ap_get_scoreboard_lb(), discovered by Hisanobu Okuda. Can I get +1s for this for

listener buckets regressions

There seems to be some weird regressions in this. A mis-configuration like: Listen 127.0.0.1:8025 Listen [::1]:8025 Listen 127.0.0.1:8025 Listen [::1]:8025 ListenCoresBucketsRatio 8 ... no longer triggers a startup failure - is that expected? I guess it should be documented if so. Such a

Re: [RFC] ?

On Tue, Mar 07, 2017 at 11:52:17AM -0800, Jacob Champion wrote: > On 02/28/2017 04:32 PM, Jacob Champion wrote: > > I just don't like hamstringing a nice new directive with what's > > effectively a (rare) bug. > > (The conversation kinda died shortly after I said this. That was not my > intent --

<    1   2   3   4   5   6   7   8   9   10   >