On 07.09.2012 23:56, Stefan Fritsch wrote:
Hi,
here comes the next try. Tarballs/zipfiles are at
http://apr.apache.org/dev/dist/
Full CHANGES are here:
http://apr.apache.org/dev/dist/CHANGES-APR-UTIL-1.5
http://apr.apache.org/dev/dist/CHANGES-APR-UTIL-1.5.1
+/-1
[+1] Release apr-util 1.5.1 as GA
My test results:
All problems are no regressions from 1.4.1 or 1.5.0.
Summary
=======
- some libtool m4 files not deleted by buildconf (see below)
- crypto configure for OpenSSL at least fails on Solaris,
because when linking against the libssl we need
the additional flags "-ldl -lsocket -lnsl". Currently
there's no way to fix this apart from hacking configure.
For Linux I'm not sure, but likely you'll need "-ldl".
- LDADD flags are typically not respected during configure.
- configure fails for Berkeley DB in non-standard path,
because it doesn't add an rpath to conftest and then tries
to run the compiled conftest binary.
- no rpath for ldap, mysql and crypto dso extensions. So no
way to run the result without LD_LIBRARY_PATH.
Interesting: the m4 file does add an rpath only for oracle.
Since there's no platform independent way to add rpath,
we might want to remove it everywhere (and users would need
to use the respective LDADD variables).
- no rpath for dependency libs when building without dso support,
e.g. when the ldap, crypto, mysql, oracle, sqlite etc. extensions
are all in the big apr util library.
- testall sometimes fails in testpass on Linux and often fails
in testcrypto when testing nss passphrase (see below).
- Windows Build system:
- all *.dep and *.mak files are missing
- test/testutildll.dsp is the only DSP containing "Release9x" and
"Debug9x" configuration info. IMHO that's obsolete and could
be removed.
Details
=======
- svn compared with gz, bz2 and zip only expected differences
except for the following in the directory xml/expat/conftools
which are not a blocker;
IMHO we could remove those at the and of buildconf
libtool.m4
lt~obsolete.m4
ltoptions.m4
ltsugar.m4
ltversion.m4
- files signed, checksums correct
- built and made check on the following platforms:
- Solaris 8 and 10 Sparc (gcc 4.1.2 resp. 4.7.2)
- SuSE Linux Enterprise 10 32 Bit and 10 and 11 64 Bit
- RedHat Enterprise Linux 5 and 6 64 Bit
- using all combinations of:
- apr 1.4.6 / 1.4.x r1372028
- expat builtin / 2.1.0
- dso disable / enable
- Berkeley DB 5.3.21
- sqlite 3.7.14.0
- mysql 6.0.2 (only Solaris)
- oracle 11.2.0.2.0 (Solaris 10), resp. 10.2.0.5.0 (Solaris 8)
- platform nss (Solaris 10 and RHEL 5 and 6)
- make check for the successful build ran fine for 111 build,
but failed for 57 builds. The failures for "testpass" observed in
1.5.0 are gone. Remaining ones:
- one failure in testdbm on SLES 11 without DSO,
*not* reproducible (Failed 1 of 2)
Though not reproducible exactly the same failure happened
when testing 1.5.0. Maybe due to increased load during the
parallel builds and checks on the virtualized server. Could
be a race condition.
- 16 failures only on RHEL 5 when DSO is disabled due to
segmentation fault in testcrypto. Searching for the stack
indicates, that the nss library might have been used after
some sort of shutdown:
#0 0x00000034d140b90e in NSSRWLock_LockRead_Util () from
/usr/lib64/libnssutil3.so
#1 0x00000034d1c562be in PK11_GetAllTokens () from /usr/lib64/libnss3.so
#2 0x00000034d1c566ed in ?? () from /usr/lib64/libnss3.so
#3 0x00000034d1c4dfdd in ?? () from /usr/lib64/libnss3.so
#4 0x00000034d1c4e202 in PK11_CreatePBEV2AlgorithmID () from
/usr/lib64/libnss3.so
#5 0x00002b54999ae5f7 in crypto_passphrase (k=0xc, ivSize=0x0,
pass=0x410be6 "secret", passLen=6, salt=0x410be1 "salt", saltLen=4,
type=APR_KEY_3DES_192, mode=APR_MODE_CBC,
doPad=1, iterations=4096, f=0xc263e00, p=0xc263d88) at
/shared/build/dev/httpd/sources/apr-util/1.5.x/1.5.1/apr-util-1.5.1/crypto/apr_crypto_nss.c:482
#6 0x000000000040c3e6 in passphrase (tc=0xc245880, pool=0xc263d88,
driver=0x2b5499bb7480, f=0xc263e00, type=<value optimized out>,
mode=<value optimized out>, doPad=1,
description=0x410c07 "KEY_3DES_192/MODE_CBC") at
/shared/build/dev/httpd/sources/apr-util/1.5.x/1.5.1/apr-util-1.5.1/test/testcrypto.c:113
#7 0x000000000040c6ed in crypto_block_cross (tc=0xc245880,
pool=0xc263d88, drivers=<value optimized out>, type=APR_KEY_3DES_192,
mode=APR_MODE_CBC, doPad=1,
in=0x410cbb "12345", inlen=6, description=0x410c07
"KEY_3DES_192/MODE_CBC") at
/shared/build/dev/httpd/sources/apr-util/1.5.x/1.5.1/apr-util-1.5.1/test/testcrypto.c:337
#8 0x000000000040d3a1 in test_crypto_block_nss_pad (tc=0xc245880,
data=<value optimized out>)
at
/shared/build/dev/httpd/sources/apr-util/1.5.x/1.5.1/apr-util-1.5.1/test/testcrypto.c:572
#9 0x00000000004059fd in abts_run_test (ts=<value optimized out>,
f=0x40d300 <test_crypto_block_nss_pad>, value=0x0)
at
/shared/build/dev/httpd/sources/apr-util/1.5.x/1.5.1/apr-util-1.5.1/test/abts.c:169
#10 0x000000000040bbb5 in testcrypto (suite=0xc23f4f0) at
/shared/build/dev/httpd/sources/apr-util/1.5.x/1.5.1/apr-util-1.5.1/test/testcrypto.c:849
- 56 failures in testcrypto
testing crypto for nss gives errors on Solaris 10 and on RHEL
where I had built crypto with nss and OpenSSL (no nss build
on the other platforms):
Count Message
96 passphrase: KEY_3DES_192/MODE_CBC nss native error -8128: ()
192 passphrase: KEY_3DES_192/MODE_CBC nss native error -8186: ()
64 passphrase: KEY_AES_128/MODE_CBC nss native error -8128: ()
64 passphrase: KEY_AES_128/MODE_CBC nss native error -8186: ()
48 passphrase: KEY_AES_128/MODE_ECB nss native error -8128: ()
64 passphrase: KEY_AES_192/MODE_CBC nss native error -8128: ()
64 passphrase: KEY_AES_192/MODE_CBC nss native error -8186: ()
48 passphrase: KEY_AES_192/MODE_ECB nss native error -8128: ()
96 passphrase: KEY_AES_256/MODE_CBC nss native error -8128: ()
192 passphrase: KEY_AES_256/MODE_CBC nss native error -8186: ()
64 passphrase: KEY_AES_256/MODE_ECB nss native error -8128: ()
64 passphrase: KEY_AES_256/MODE_ECB nss native error -8186: ()
Error number -8186 is on Solaris and RHEL 6, -8128 on RHEL 5.
I debugged into one failure for 1.5.0 and there the problem was,
that
algid = PK11_CreatePBEV2AlgorithmID(key->cipherOid, key->cipherOid,
SEC_OID_HMAC_SHA1, 0, iterations, &saltItem);
returns NULL. Don't know how to fix that.
- I have not run the httpd test framework against those builds
Regards,
Rainer
