Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On 10/7/21 11:17, ste...@eissing.org wrote: > Then I close the vote and start pushing the release. > > Thanks for everyone to participate here on such a short notice! > Well gee ... that was far too fast for me to catch! I guess I will just go get the production release. -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 on Slackware64 -current Alex > On Oct 7, 2021, at 09:17, ste...@eissing.org wrote: > > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan
Passed: apache/httpd#2027 (2.4.51 - 275f2c2)
Build Update for apache/httpd - Build: #2027 Status: Passed Duration: 21 mins and 10 secs Commit: 275f2c2 (2.4.51) Author: Stefan Eissing Message: release 2.4.51 from voted 2.4.51-rc1 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.51@1893997 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/87ad5964a936^...275f2c2d7f32 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239352053?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
Then I close the vote and start pushing the release. Thanks for everyone to participate here on such a short notice! Kind Regards, Stefan > Am 07.10.2021 um 17:06 schrieb Joe Orton : > > ASF release policy [1] suggests that we have a >=72 hour voting period > for releases, but this is a "SHOULD" not a hard rule. Due to: > > a) the severity of the issue being fixed, and > > b) the extensive review and testing which the patch has received both > here and off-list, and > > c) the fact we already have sufficient binding votes on the release, > with no negative feedback either from PMC members or the community > > my recommendation as PMC Chair is that we close the vote now and ship > the update. Normal 72+ hour release votes must be resumed after this. > > Regards, Joe > > [1] https://www.apache.org/legal/release-policy.html >
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 Cent6/7/8 Ubuntu 20.04 Thanks, Cory McIntire PO – cPanel Security Team Release Manager – EasyApache cPanel / WebPros From: ste...@eissing.org Date: Thursday, October 7, 2021 at 8:17 AM To: dev@httpd.apache.org Subject: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51 Hi all, due to found security weaknesses in our 2.4.50 release, the security team feels it is necessary to do a new release on very short notice. We will skip the usual 3 day voting period and close the vote once we feel comfortable with our testing. Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days^h^h^h^hhours to release this candidate tarball httpd-2.4.51-rc1 as 2.4.51: [ ] +1: It's not just good, it's hopefully good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz sha512: 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 *httpd-2.4.51-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.51-rc1. Kind Regards, Stefan
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
ASF release policy [1] suggests that we have a >=72 hour voting period for releases, but this is a "SHOULD" not a hard rule. Due to: a) the severity of the issue being fixed, and b) the extensive review and testing which the patch has received both here and off-list, and c) the fact we already have sufficient binding votes on the release, with no negative feedback either from PMC members or the community my recommendation as PMC Chair is that we close the vote now and ship the update. Normal 72+ hour release votes must be resumed after this. Regards, Joe [1] https://www.apache.org/legal/release-policy.html
Passed: apache/httpd#2026 (candidate-2.4.51-rc1 - 7193538)
Build Update for apache/httpd - Build: #2026 Status: Passed Duration: 20 mins and 29 secs Commit: 7193538 (candidate-2.4.51-rc1) Author: Stefan Eissing Message: Post 2.4.51-rc1 tag updates git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/candidate-2.4.51-rc1@1893986 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/fc143ab55c53...402159afad22 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239340141?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Passed: apache/httpd#2025 (candidate-2.4.51-rc1 - 87ad596)
Build Update for apache/httpd - Build: #2025 Status: Passed Duration: 17 mins and 5 secs Commit: 87ad596 (candidate-2.4.51-rc1) Author: Stefan Eissing Message: Tag branches/2.4.x@1893984 as 2.4.51-rc1 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/candidate-2.4.51-rc1@1893985 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/commit/87ad5964a936 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239340006?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On Thu, Oct 7, 2021 at 3:17 PM ste...@eissing.org wrote: > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: +1 on Debian 10 and 11. Thanks Stefan!
Fixed: apache/httpd#2022 (trunk - 499f5d1)
Build Update for apache/httpd - Build: #2022 Status: Fixed Duration: 20 mins and 26 secs Commit: 499f5d1 (trunk) Author: Yann Ylavic Message: Fix ap_mmn.h after r1893971. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893981 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/607bc8677fa8...499f5d137c0f View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239337135?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 looks ok on Windows On Thursday 07/10/2021 at 15:17, ste...@eissing.org wrote: Hi all, due to found security weaknesses in our 2.4.50 release, the security team feels it is necessary to do a new release on very short notice. We will skip the usual 3 day voting period and close the vote once we feel comfortable with our testing. Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days^h^h^h^hhours to release this candidate tarball httpd-2.4.51-rc1 as 2.4.51: [ ] +1: It's not just good, it's hopefully good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz sha512: 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 *httpd-2.4.51-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.51-rc1. Kind Regards, Stefan
Re: Broken: apache/httpd#2020 (2.4.x - c3a95d7)
Poor travis hamsters... > Am 07.10.2021 um 16:16 schrieb Travis CI : > > apache / httpd > 2.4.x > Build #2020 was broken21 mins and 29 secs > Yann Ylavicc3a95d7 CHANGESET → > Merge r1893971 from trunk: > > core: Add ap_unescape_url_ex() for better decoding control, and deprecate > unused AP_NORMALIZE_DROP_PARAMETERS flag. > > Submitted by: ylavic > Reviewed by: ylavic, icing, gbechis > > > git-svn-id: > https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@189397713f79535-47bb-0310-9956-ffa450edef68 > Want to know about upcoming build environment updates? > > Would you like to stay up-to-date with the upcoming Travis CI build > environment updates? We set up a mailing list for you! > > SIGN UP HERE > Documentation about Travis CI > Have any questions? We're here to help. > Unsubscribe from build emails from the apache/httpd repository. > To unsubscribe from all build emails, please update your settings. > > Travis CI GmbH, Rigaer Str. 8, 10427 Berlin, Germany | GF/CEO: Randy Jacops | > Contact: cont...@travis-ci.com | Amtsgericht Charlottenburg, Berlin, HRB > 140133 B | Umsatzsteuer-ID gemäß §27 a Umsatzsteuergesetz: DE282002648
Broken: apache/httpd#2020 (2.4.x - c3a95d7)
Build Update for apache/httpd - Build: #2020 Status: Broken Duration: 21 mins and 29 secs Commit: c3a95d7 (2.4.x) Author: Yann Ylavic Message: Merge r1893971 from trunk: core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. Submitted by: ylavic Reviewed by: ylavic, icing, gbechis git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1893977 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/9ec872f21e21...c3a95d75da78 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239336547?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On Thu, Oct 7, 2021 at 9:17 AM ste...@eissing.org wrote: > > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. +1 AIX/xlc/ppc64
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On Thu, Oct 07, 2021 at 03:17:36PM +0200, ste...@eissing.org wrote: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [X] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz +1 for release, tested on Fedora 34 and RHEL8. Regards, Joe
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
On 10/7/21 3:17 PM, ste...@eissing.org wrote: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > +1 on RedHat 8 Regards Rüdiger
Re: SIGSEGV, Segmentation fault
On 10/6/21 11:56 AM, Nick Gearls wrote: > Hello, > > I'm using the Redhat 8 distribution (httpd 2.4.46) and I have a segmentation > fault in mod_proxy_http.c. > How can I work on this? Can I open a bug on bugzilla for a Redhat build? Please open a ticket with RedHat as they patch their version with backports and possibly further patches. Hence we cannot check if this is related to the original source or their patching. They will report back if the issue is caused by the vanilla code and then we can follow up if this is the case. Regards Rüdiger
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
> Am 07.10.2021 um 15:17 schrieb ste...@eissing.org: > > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan +1 on macOS.
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 on Fedora 34 On 2021/10/07 13:17:36, "ste...@eissing.org" wrote: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan
Re: [VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
+1 on Debian 11 ste...@eissing.org schrieb am Do., 7. Okt. 2021, 15:17: > Hi all, > > due to found security weaknesses in our 2.4.50 release, the security team > feels it is necessary to do a new release on very short notice. We will > skip > the usual 3 day voting period and close the vote once we feel comfortable > with our testing. > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days^h^h^h^hhours to release > this candidate tarball httpd-2.4.51-rc1 as 2.4.51: > [ ] +1: It's not just good, it's hopefully good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz > sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 > *httpd-2.4.51-rc1.tar.gz > sha512: > 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 > *httpd-2.4.51-rc1.tar.gz > > The SVN candidate source is found at tags/candidate-2.4.51-rc1. > > Kind Regards, > Stefan
Still Failing: apache/httpd#2019 (trunk - 5c385f2)
Build Update for apache/httpd - Build: #2019 Status: Still Failing Duration: 26 mins and 29 secs Commit: 5c385f2 (trunk) Author: Yann Ylavic Message: test/modules/http2: more encoding tests. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893972 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/48b5dfd6968c...5c385f2b6c83 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239334595?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
[VOTE] Release httpd-2.4.51-rc1 as httpd-2.4.51
Hi all, due to found security weaknesses in our 2.4.50 release, the security team feels it is necessary to do a new release on very short notice. We will skip the usual 3 day voting period and close the vote once we feel comfortable with our testing. Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days^h^h^h^hhours to release this candidate tarball httpd-2.4.51-rc1 as 2.4.51: [ ] +1: It's not just good, it's hopefully good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 516128e5acb7311e6e4d32d600664deb0d12e61f *httpd-2.4.51-rc1.tar.gz sha256: c2cedb0b47666bea633b44d5b3a2ebf3c466e0506955fbc3012a5a9b078ca8b4 *httpd-2.4.51-rc1.tar.gz sha512: 507fd2bbc420e8a1f0a90737d253f1aa31000a948f7a840fdd4797a78f7a4f1bd39250b33087485213a3bed4d11221e98eabfaf4ff17c7d0380236f8a52ee157 *httpd-2.4.51-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.51-rc1. Kind Regards, Stefan
Still Failing: apache/httpd#2018 (trunk - 48b5dfd)
Build Update for apache/httpd - Build: #2018 Status: Still Failing Duration: 27 mins and 29 secs Commit: 48b5dfd (trunk) Author: Yann Ylavic Message: core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893971 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/7ecfc5b3a8f6...48b5dfd6968c View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239334523?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c
On Thu, Oct 7, 2021 at 2:31 PM Rainer Jung wrote: > > Am 07.10.2021 um 14:27 schrieb yla...@apache.org: > > Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h > > URL: > > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff > > == > > --- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original) > > +++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Thu Oct 7 12:27:43 2021 > > @@ -579,6 +579,9 @@ > >* ap_proxy_define_worker_ex() to mod_proxy.h > >* 20120211.116 (2.4.49-dev) add conn_rec->outgoing and > > ap_ssl_bind_outgoing() > >* 20120211.117 (2.4.50-dev) Add ap_pre_connection > > + * 20210926.1 (2.5.1-dev) Add ap_unescape_url_ex() and deprecate > > + * AP_NORMALIZE_DROP_PARAMETERS > > + * > >*/ > > > > #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ > > Doesn't this need (a cosmetic) adjustment for 2.4.x? Yeah, was wrong in original trunk r1893971 too so I fixed both. Thanks Rainer (and Rüdiger) for noticing.
Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c
On 10/7/21 2:27 PM, yla...@apache.org wrote: > Author: ylavic > Date: Thu Oct 7 12:27:43 2021 > New Revision: 1893977 > > URL: http://svn.apache.org/viewvc?rev=1893977=rev > Log: > Merge r1893971 from trunk: > > core: Add ap_unescape_url_ex() for better decoding control, and deprecate > unused AP_NORMALIZE_DROP_PARAMETERS flag. > > Submitted by: ylavic > Reviewed by: ylavic, icing, gbechis > > Modified: > httpd/httpd/branches/2.4.x/ (props changed) > httpd/httpd/branches/2.4.x/CHANGES > httpd/httpd/branches/2.4.x/include/ap_mmn.h > httpd/httpd/branches/2.4.x/include/httpd.h > httpd/httpd/branches/2.4.x/server/gen_test_char.c > httpd/httpd/branches/2.4.x/server/request.c > httpd/httpd/branches/2.4.x/server/util.c > > Propchange: httpd/httpd/branches/2.4.x/ > -- > Merged /httpd/httpd/trunk:r1893971 > > Modified: httpd/httpd/branches/2.4.x/CHANGES > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1893977=1893976=1893977=diff > == > --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original) > +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Oct 7 12:27:43 2021 > @@ -1,6 +1,10 @@ > -*- coding: utf-8 > -*- > Changes with Apache 2.4.51 > > + *) core: Add ap_unescape_url_ex() for better decoding control, and > deprecate > + unused AP_NORMALIZE_DROP_PARAMETERS flag. > + [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Joe Orton] > + > Changes with Apache 2.4.50 > >*) SECURITY: CVE-2021-41773: Path traversal and file disclosure > > Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff > == > --- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original) > +++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Thu Oct 7 12:27:43 2021 > @@ -579,6 +579,9 @@ > * ap_proxy_define_worker_ex() to mod_proxy.h > * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and > ap_ssl_bind_outgoing() > * 20120211.117 (2.4.50-dev) Add ap_pre_connection > + * 20210926.1 (2.5.1-dev) Add ap_unescape_url_ex() and deprecate > + * AP_NORMALIZE_DROP_PARAMETERS > + * > */ > This is wrong and needs fixing. I have the below fix in my working copy that I can commit instantly: Index: include/ap_mmn.h === --- include/ap_mmn.h(revision 1893979) +++ include/ap_mmn.h(working copy) @@ -579,7 +579,7 @@ * ap_proxy_define_worker_ex() to mod_proxy.h * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() * 20120211.117 (2.4.50-dev) Add ap_pre_connection - * 20210926.1 (2.5.1-dev) Add ap_unescape_url_ex() and deprecate + * 20120211.118 (2.4.51-dev) Add ap_unescape_url_ex() and deprecate * AP_NORMALIZE_DROP_PARAMETERS * */ @@ -589,7 +589,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 117 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 118 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a Regards Rüdiger > #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ > > Modified: httpd/httpd/branches/2.4.x/include/httpd.h > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/httpd.h?rev=1893977=1893976=1893977=diff > == > --- httpd/httpd/branches/2.4.x/include/httpd.h (original) > +++ httpd/httpd/branches/2.4.x/include/httpd.h Thu Oct 7 12:27:43 2021 > @@ -1741,6 +1741,18 @@ AP_DECLARE(int) ap_unescape_url(char *ur > */ > AP_DECLARE(int) ap_unescape_url_keep2f(char *url, int decode_slashes); > > +#define AP_UNESCAPE_URL_KEEP_UNRESERVED (1u << 0) > +#define AP_UNESCAPE_URL_FORBID_SLASHES (1u << 1) > +#define AP_UNESCAPE_URL_KEEP_SLASHES(1u << 2) > + > +/** > + * Unescape a URL, with options > + * @param url The url to unescape > + * @param flags Bitmask of AP_UNESCAPE_URL_* flags > + * @return 0 on success, non-zero otherwise > + */ > +AP_DECLARE(int) ap_unescape_url_ex(char *url, unsigned int flags); > + > /** > * Unescape an application/x-www-form-urlencoded string > * @param query The query to unescape > @@ -1768,7 +1780,7 @@ AP_DECLARE(void) ap_no2slash_ex(char *na > #define AP_NORMALIZE_NOT_ABOVE_ROOT (1u << 1) > #define AP_NORMALIZE_DECODE_UNRESERVED (1u << 2) > #define AP_NORMALIZE_MERGE_SLASHES (1u << 3) > -#define AP_NORMALIZE_DROP_PARAMETERS(1u << 4) > +#define
Re: svn commit: r1893977 - in /httpd/httpd/branches/2.4.x: ./ CHANGES include/ap_mmn.h include/httpd.h server/gen_test_char.c server/request.c server/util.c
Am 07.10.2021 um 14:27 schrieb yla...@apache.org: Modified: httpd/httpd/branches/2.4.x/include/ap_mmn.h URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/ap_mmn.h?rev=1893977=1893976=1893977=diff == --- httpd/httpd/branches/2.4.x/include/ap_mmn.h (original) +++ httpd/httpd/branches/2.4.x/include/ap_mmn.h Thu Oct 7 12:27:43 2021 @@ -579,6 +579,9 @@ * ap_proxy_define_worker_ex() to mod_proxy.h * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() * 20120211.117 (2.4.50-dev) Add ap_pre_connection + * 20210926.1 (2.5.1-dev) Add ap_unescape_url_ex() and deprecate + * AP_NORMALIZE_DROP_PARAMETERS + * */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ Doesn't this need (a cosmetic) adjustment for 2.4.x? Plus: if a minor bump is needed, this commit contains only a comment change. Thanks for your intensive work! Rainer
Still Failing: apache/httpd#2017 (trunk - 7ecfc5b)
Build Update for apache/httpd - Build: #2017 Status: Still Failing Duration: 13 mins and 53 secs Commit: 7ecfc5b (trunk) Author: Ruediger Pluem Message: * Fix memory leak in case of failures to load the private key. PR: 65620 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893969 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/e77dffef9aa8...7ecfc5b3a8f6 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239334187?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Still Failing: apache/httpd#2016 (trunk - e77dffe)
Build Update for apache/httpd - Build: #2016 Status: Still Failing Duration: 22 mins and 19 secs Commit: e77dffe (trunk) Author: Joe Orton Message: * modules/ssl/ssl_engine_init.c (ssl_init_ctx_callbacks, ssl_init_server_certs): Flip logic for enabling/disabling DH auto parameter selection for OpenSSL 1.1+ to be simpler and consistent with auto ECDH curve selection. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893964 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/34f7c6ed3bd6...e77dffef9aa8 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239326637?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: svn commit: r1893876 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
On Thu, Oct 07, 2021 at 09:09:32AM +0200, Ruediger Pluem wrote:
> On 10/4/21 12:26 PM, jor...@apache.org wrote:
> > Author: jorton
> > Date: Mon Oct 4 10:26:18 2021
> > New Revision: 1893876
> >
> > URL: http://svn.apache.org/viewvc?rev=1893876=rev
...
> > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Oct 4 10:26:18 2021
> > @@ -1589,7 +1589,14 @@ static apr_status_t ssl_init_server_cert
> > certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *);
> > if (certfile && !modssl_is_engine_id(certfile)
> > && (dh = ssl_dh_GetParamFromFile(certfile))) {
> > +/* ### This should be replaced with SSL_CTX_set0_tmp_dh_pkey()
> > + * for OpenSSL 3.0+. */
> > SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh);
> > +#if !MODSSL_USE_OPENSSL_PRE_1_1_API
> > +/* OpenSSL ignores manually configured DH params if automatic
> > + * selection if enabled, so disable auto selection here. */
> > +SSL_CTX_set_dh_auto(mctx->ssl_ctx, 0);
> > +#endif
>
> Stupid question: Don't we need to disable it via SSL_CTX_set_dh_auto, before
> we do SSL_CTX_set_tmp_dh with custom parameters?
> Hence is the order of both above correct?
The order doesn't matter, it only gets checked later at runtime where
the logic is to honour the _auto setting over the configured params:
https://github.com/openssl/openssl/blob/openssl-3.0.0/ssl/statem/statem_srvr.c#L2458
but actually there is simpler code possible here, which is also
consistent with how the ECDH auto curve selection works, so -> r1893964
and thanks for the review.
Regards, Joe
Re: svn commit: r1893643 - in /httpd/httpd/trunk: include/ap_mmn.h modules/dav/main/mod_dav.h modules/dav/main/props.c
On 10/7/21 12:00 PM, Ruediger Pluem wrote:
>
>
> On 9/26/21 2:27 PM, minf...@apache.org wrote:
>> Author: minfrin
>> Date: Sun Sep 26 12:27:59 2021
>> New Revision: 1893643
>>
>> URL: http://svn.apache.org/viewvc?rev=1893643=rev
>> Log:
>> Add dav_get_liveprop_element() to hide the implementation by which
>> the element is passed.
>>
>> Modified:
>> httpd/httpd/trunk/include/ap_mmn.h
>> httpd/httpd/trunk/modules/dav/main/mod_dav.h
>> httpd/httpd/trunk/modules/dav/main/props.c
>>
>> Modified: httpd/httpd/trunk/include/ap_mmn.h
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_mmn.h?rev=1893643=1893642=1893643=diff
>> ==
>> --- httpd/httpd/trunk/include/ap_mmn.h (original)
>> +++ httpd/httpd/trunk/include/ap_mmn.h Sun Sep 26 12:27:59 2021
>> @@ -692,14 +692,15 @@
>> * for 20210506.0 + 20210924.0, MINOR bump only for
>> * adding ap_proxy_tunnel_conn_bytes_{in,out}().
>> * 20210924.1 (2.5.1-dev) Add ap_proxy_fill_error_brigade()
>> + * 20210926.0 (2.5.1-dev) Add dav_get_liveprop_element(), remove
>> DAV_PROP_ELEMENT.
>> */
>>
>> #define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */
>>
>> #ifndef MODULE_MAGIC_NUMBER_MAJOR
>> -#define MODULE_MAGIC_NUMBER_MAJOR 20210924
>> +#define MODULE_MAGIC_NUMBER_MAJOR 20210926
>> #endif
>> -#define MODULE_MAGIC_NUMBER_MINOR 1 /* 0...n */
>> +#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
>>
>> /**
>> * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
>>
>> Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.h
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.h?rev=1893643=1893642=1893643=diff
>> ==
>> --- httpd/httpd/trunk/modules/dav/main/mod_dav.h (original)
>> +++ httpd/httpd/trunk/modules/dav/main/mod_dav.h Sun Sep 26 12:27:59 2021
>> @@ -1068,21 +1068,19 @@ DAV_DECLARE(long) dav_get_liveprop_ns_co
>> DAV_DECLARE(void) dav_add_all_liveprop_xmlns(apr_pool_t *p,
>> apr_text_header *phdr);
>>
>> -/*
>> - ** When calling insert_prop(), the request element is associated with
>> - ** the pool userdata attached to the resource. Access as follows:
>> - **
>> - ** apr_pool_userdata_get(, DAV_PROP_ELEMENT, resource->pool);
>> - **
>> - */
>> -#define DAV_PROP_ELEMENT "mod_dav-element"
>> -
>
> Hm, mod_dav.h is public. This IMHO means that removing the define would
> require a major bump.
> Furthermore this move to props.c would not be backportable. But I guess this
> is no a big deal as the remainder of the patch is
> backportable without any trouble.
Scratch this. I should read the patches better. You do a major bump above.
Regards
Rüdiger
Re: svn commit: r1893643 - in /httpd/httpd/trunk: include/ap_mmn.h modules/dav/main/mod_dav.h modules/dav/main/props.c
On 9/26/21 2:27 PM, minf...@apache.org wrote:
> Author: minfrin
> Date: Sun Sep 26 12:27:59 2021
> New Revision: 1893643
>
> URL: http://svn.apache.org/viewvc?rev=1893643=rev
> Log:
> Add dav_get_liveprop_element() to hide the implementation by which
> the element is passed.
>
> Modified:
> httpd/httpd/trunk/include/ap_mmn.h
> httpd/httpd/trunk/modules/dav/main/mod_dav.h
> httpd/httpd/trunk/modules/dav/main/props.c
>
> Modified: httpd/httpd/trunk/include/ap_mmn.h
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_mmn.h?rev=1893643=1893642=1893643=diff
> ==
> --- httpd/httpd/trunk/include/ap_mmn.h (original)
> +++ httpd/httpd/trunk/include/ap_mmn.h Sun Sep 26 12:27:59 2021
> @@ -692,14 +692,15 @@
> * for 20210506.0 + 20210924.0, MINOR bump only for
> * adding ap_proxy_tunnel_conn_bytes_{in,out}().
> * 20210924.1 (2.5.1-dev) Add ap_proxy_fill_error_brigade()
> + * 20210926.0 (2.5.1-dev) Add dav_get_liveprop_element(), remove
> DAV_PROP_ELEMENT.
> */
>
> #define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */
>
> #ifndef MODULE_MAGIC_NUMBER_MAJOR
> -#define MODULE_MAGIC_NUMBER_MAJOR 20210924
> +#define MODULE_MAGIC_NUMBER_MAJOR 20210926
> #endif
> -#define MODULE_MAGIC_NUMBER_MINOR 1 /* 0...n */
> +#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
>
> /**
> * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
>
> Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.h
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.h?rev=1893643=1893642=1893643=diff
> ==
> --- httpd/httpd/trunk/modules/dav/main/mod_dav.h (original)
> +++ httpd/httpd/trunk/modules/dav/main/mod_dav.h Sun Sep 26 12:27:59 2021
> @@ -1068,21 +1068,19 @@ DAV_DECLARE(long) dav_get_liveprop_ns_co
> DAV_DECLARE(void) dav_add_all_liveprop_xmlns(apr_pool_t *p,
> apr_text_header *phdr);
>
> -/*
> - ** When calling insert_prop(), the request element is associated with
> - ** the pool userdata attached to the resource. Access as follows:
> - **
> - ** apr_pool_userdata_get(, DAV_PROP_ELEMENT, resource->pool);
> - **
> - */
> -#define DAV_PROP_ELEMENT "mod_dav-element"
> -
Hm, mod_dav.h is public. This IMHO means that removing the define would require
a major bump.
Furthermore this move to props.c would not be backportable. But I guess this is
no a big deal as the remainder of the patch is
backportable without any trouble.
Regards
Rüdiger
Still Failing: apache/httpd#2015 (trunk - 34f7c6e)
Build Update for apache/httpd - Build: #2015 Status: Still Failing Duration: 8 mins and 20 secs Commit: 34f7c6e (trunk) Author: Stefan Eissing Message: * changed status expectations git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893957 13f79535-47bb-0310-9956-ffa450edef68 View the changeset: https://github.com/apache/httpd/compare/47c7dc7f0976...34f7c6ed3bd6 View the full build log and details: https://app.travis-ci.com/github/apache/httpd/builds/239317428?utm_medium=notification_source=email -- You can unsubscribe from build emails from the apache/httpd repository going to https://app.travis-ci.com/account/preferences/unsubscribe?repository=16806660_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://app.travis-ci.com/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
Re: pollset WAKEABLE
> Am 07.10.2021 um 05:55 schrieb William A Rowe Jr : > > On Tue, Sep 28, 2021, 07:22 ste...@eissing.org wrote: > > > Am 28.09.2021 um 14:10 schrieb ste...@eissing.org: > > > >> Am 28.09.2021 um 14:04 schrieb Yann Ylavic : > >> > >> On Tue, Sep 28, 2021 at 1:08 PM ste...@eissing.org > >> wrote: > >>> > >>> Does anyone know which platforms do *not* support WAKEABLE apr pollsets? > >> > >> Last time I checked (IIRC) all platforms support it on the APR side, > >> every platform handles pipes at least it seems. > >> Possibly it wasn't the case some (long) time ago, we are probably > >> overly cautious with APR_POLLSET_WAKEABLE availability check in > >> mpm_event.. > >> > >>> > >>> And if http2 should support this, would be adding an own wakeup pipe be > >>> the way to go? > >> > >> Looks overly cautious to me :) > > > > Uhm, due to an error report from Windows, I am reading the APR pollset > > implementation again. And Windows does not support polling on pipes? > > > > There is a special hack inside apr to realize a wakeup pipe, > > but otherwise it returns APR_EBADF. If I read it correctly... > > > > That would pose some major difficulties. > > Hmm, apr_file_pipe_create() under Windows makes me cry... > > Indeed, what you think of as pipes are not what windows implemented, and > while they have been stdio for years, the left a lot to be desired. > > This means I need another strategy under Windows. *sadge* > > Such as true AF_UNIX pipes, introduced after the initial launch of Window > 10/Server 2019. And can do one better in Server 2022/Windows 11 with actual > edge triggered eventing. Neat. > To bake this into apr, it needs to be run-time detected, at least if there > continues to be a single binary for apr-1.dll, but our feature macros are all > compile time. > > Compound this with the fact that MS supports named pipes, but isn't > supporting socketpair to create a usefully unnamed pipe. > > None of this will work in the initial Windows 10/Server 2019 releases. > > At least this opens up a number of options that had been missing for 25 years. In the http2 case, changing the switching to dynamic detection should not pose a problem or performance penalty. When the CVE storm this week is over, I'll bring my code into trunk here. Nice hearing from you! Kind Regards, Stefan
Re: svn commit: r1893876 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
On 10/4/21 12:26 PM, jor...@apache.org wrote:
> Author: jorton
> Date: Mon Oct 4 10:26:18 2021
> New Revision: 1893876
>
> URL: http://svn.apache.org/viewvc?rev=1893876=rev
> Log:
> * modules/ssl/ssl_engine_init.c (ssl_init_server_certs): For OpenSSL
> 1.1+, disable auto DH parameter selection if parameters have been
> manually configured. This fixes a regression in r1890067 after
> which manually configured parameters are ignored.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1893876=1893875=1893876=diff
> ==
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Mon Oct 4 10:26:18 2021
> @@ -1589,7 +1589,14 @@ static apr_status_t ssl_init_server_cert
> certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *);
> if (certfile && !modssl_is_engine_id(certfile)
> && (dh = ssl_dh_GetParamFromFile(certfile))) {
> +/* ### This should be replaced with SSL_CTX_set0_tmp_dh_pkey()
> + * for OpenSSL 3.0+. */
> SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dh);
> +#if !MODSSL_USE_OPENSSL_PRE_1_1_API
> +/* OpenSSL ignores manually configured DH params if automatic
> + * selection if enabled, so disable auto selection here. */
> +SSL_CTX_set_dh_auto(mctx->ssl_ctx, 0);
> +#endif
Stupid question: Don't we need to disable it via SSL_CTX_set_dh_auto, before we
do SSL_CTX_set_tmp_dh with custom parameters?
Hence is the order of both above correct?
Regards
Rüdiger
