Re: svn commit: r1908179 - /httpd/dev-tools/release/README
the irony! Thanks. On Tue, Mar 7, 2023 at 6:05 PM wrote: > > Author: gbechis > Date: Tue Mar 7 23:05:49 2023 > New Revision: 1908179 > > URL: http://svn.apache.org/viewvc?rev=1908179=rev > Log: > typo > > Modified: > httpd/dev-tools/release/README > > Modified: httpd/dev-tools/release/README > URL: > http://svn.apache.org/viewvc/httpd/dev-tools/release/README?rev=1908179=1908178=1908179=diff > == > --- httpd/dev-tools/release/README (original) > +++ httpd/dev-tools/release/README Tue Mar 7 23:05:49 2023 > @@ -51,7 +51,7 @@ Usage overview: > and tweak as needed. g...@github.com:/apache/httpd-site has one-time > copies of CVE.json, edit and > commit and the site will be rebuilt immediately. > > - If CHANGES is really bad, cosnider replacing the various CHANGES files > on dist/httpd. > + If CHANGES is really bad, consider replacing the various CHANGES files > on dist/httpd. > > On vote failure or when aborting for other reasons: > > $DEV_TOOLS/release/reset-candidate.sh version > > -- Eric Covener cove...@gmail.com
fixed autolinks from cve process
FYI, I made some minor changes to the post-release description on httpd-site and within 2.4.x/CHANGES for CVE-2023-2569 The form we use for editing the CVE json info has a feature for autolinking anything that looks like a URL reference. Unfortunately, it's buggy and cannot be turned off. When the form was updated yesterday, the autolinks came back. This causes every example URL to be repeated in the text as a link, which of course makes them an invalid example. I have fixed the JSON on httpd-site, rebuilding https://httpd.apache.org/security/vulnerabilities_24.html and committed a fix in CHANGES. I have not sent an update for the official CVE database, since I have no idea what that would break. No worries, but some users might complain about the weird examples. Cheers, and thanks for the release, Roy
Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56
I am going to call this one early and proceed with the release. 9 binding +1 and no other votes. fielding, covener, icing, gbechis, ylavic, jblond, jorton, steffenAL, rpluem On Tue, Mar 7, 2023 at 3:18 AM Ruediger Pluem wrote: > > > > On 3/5/23 10:31 PM, Eric Covener wrote: > > Hi all, > > > > Please find below the proposed release tarball and signatures: > > > > https://dist.apache.org/repos/dist/dev/httpd/ > > > > I would like to call a VOTE over the next few days to release > > this candidate tarball httpd-2.4.56-rc1 as 2.4.56: > > [X] +1: It's not just good, it's good enough! > > [ ] +0: Let's have a talk. > > [ ] -1: There's trouble in paradise. Here's what's wrong. > > > > The computed digests of the tarball up for vote are: > > sha256: db0d4c76007b231fd3ab41b580548dc798ae3844bb7c3d5ce1e4174ca2364698 > > *httpd-2.4.56-rc1.tar.gz > > sha512: > > 68b1e8c3e3436e6947c0ccfeee6fea83254560e4d43bddbc79a4206d804a6dda6662cf5734e0b2f4019ab5c1fff40141a16dd7698e8fe72b7fd343fbebd42724 > > *httpd-2.4.56-rc1.tar.gz > > > > The SVN candidate source is found at tags/2.4.56-rc1-candidate. > > > > Sigs and Hashes ok > Tested on RedHat 8 x86_64 with apr 1.7.2 / apr-util 1.6.3 > > Regards > > Rüdiger -- Eric Covener cove...@gmail.com
Re: svn commit: r1908060 - in /httpd/httpd/trunk/test/modules: http1/htdocs/cgi/ http2/ http2/htdocs/cgi/ md/ tls/ tls/htdocs/a.mod-tls.test/ tls/htdocs/b.mod-tls.test/
On 3/7/23 11:04 AM, Joe Orton wrote: > On Tue, Mar 07, 2023 at 09:15:59AM +0100, Stefan Eissing via dev wrote: >> >> >>> Am 06.03.2023 um 17:53 schrieb Joe Orton : >>> >>> [resent to dev@] >>> >>> On Sat, Mar 04, 2023 at 01:40:39PM -, ic...@apache.org wrote: Author: icing Date: Sat Mar 4 13:40:38 2023 New Revision: 1908060 URL: http://svn.apache.org/viewvc?rev=1908060=rev Log: Test case updates related to macOS ventura changes: - python 3.11 deprecates the `cg` module, replacing url query and multipart form-data handling with new code - adaptions to changes in openssl/curl behaviours - all mod_tls test cases now have prefix `test_tls_` for easier scoping. >>> >>> This seems to be failing: >>> >>> https://github.com/apache/httpd/actions/runs/4341851149/jobs/7581956398 >>> >>> 1) Maybe some new pypi requirement or something? Looks like the CGI >>> scripts are now giving 500 errors. >> >> Yes, for the deprecated `cgi` python module, the `multipart` module >> is recommended by the PyGods to replace parts of it. I have no idea >> how that is named on ubuntu-latest. > > It exists but it is prehistoric or something completely different to > what is in pypi as "multipart" now - apt-get logs say: > > Setting up python3-multipart (0.0.5-2) ... > > which is not listed here: https://pypi.org/project/multipart/#history > > The new error_log is: > > [Tue Mar 07 09:34:12.322270 2023] [cgid:error] [pid 51124:tid > 139809792149056] [client 127.0.0.1:34504] AH01215: stderr from > /home/runner/work/httpd/httpd/test/gen/apache/htdocs/b.mod-tls.test/vars.py: > AttributeError: module 'multipart' has no attribute 'parse_form_data' > > maybe we should "pip install" the deps here rather than relying on > Ubuntu packages. +1 Regards Rüdiger
Re: svn commit: r1908060 - in /httpd/httpd/trunk/test/modules: http1/htdocs/cgi/ http2/ http2/htdocs/cgi/ md/ tls/ tls/htdocs/a.mod-tls.test/ tls/htdocs/b.mod-tls.test/
On Tue, Mar 07, 2023 at 09:15:59AM +0100, Stefan Eissing via dev wrote: > > > > Am 06.03.2023 um 17:53 schrieb Joe Orton : > > > > [resent to dev@] > > > > On Sat, Mar 04, 2023 at 01:40:39PM -, ic...@apache.org wrote: > >> Author: icing > >> Date: Sat Mar 4 13:40:38 2023 > >> New Revision: 1908060 > >> > >> URL: http://svn.apache.org/viewvc?rev=1908060=rev > >> Log: > >> Test case updates related to macOS ventura changes: > >> > >> - python 3.11 deprecates the `cg` module, replacing > >> url query and multipart form-data handling with new code > >> - adaptions to changes in openssl/curl behaviours > >> - all mod_tls test cases now have prefix `test_tls_` for > >> easier scoping. > > > > This seems to be failing: > > > > https://github.com/apache/httpd/actions/runs/4341851149/jobs/7581956398 > > > > 1) Maybe some new pypi requirement or something? Looks like the CGI > > scripts are now giving 500 errors. > > Yes, for the deprecated `cgi` python module, the `multipart` module > is recommended by the PyGods to replace parts of it. I have no idea > how that is named on ubuntu-latest. It exists but it is prehistoric or something completely different to what is in pypi as "multipart" now - apt-get logs say: Setting up python3-multipart (0.0.5-2) ... which is not listed here: https://pypi.org/project/multipart/#history The new error_log is: [Tue Mar 07 09:34:12.322270 2023] [cgid:error] [pid 51124:tid 139809792149056] [client 127.0.0.1:34504] AH01215: stderr from /home/runner/work/httpd/httpd/test/gen/apache/htdocs/b.mod-tls.test/vars.py: AttributeError: module 'multipart' has no attribute 'parse_form_data' maybe we should "pip install" the deps here rather than relying on Ubuntu packages. > > 2) What is the path to the relevant error_log when running those tests, > > we can tweak the config to grab that file and upload it for easy > > diagnosis. > > The server error log on all pytests is found in > test/gen/apache/logs/error_log. It is cleared on test start. Thanks, that works at least. Regards, Joe
Re: svn commit: r1908060 - in /httpd/httpd/trunk/test/modules: http1/htdocs/cgi/ http2/ http2/htdocs/cgi/ md/ tls/ tls/htdocs/a.mod-tls.test/ tls/htdocs/b.mod-tls.test/
On 3/7/23 9:15 AM, Stefan Eissing via dev wrote: > > >> Am 06.03.2023 um 17:53 schrieb Joe Orton : >> >> [resent to dev@] >> >> On Sat, Mar 04, 2023 at 01:40:39PM -, ic...@apache.org wrote: >>> Author: icing >>> Date: Sat Mar 4 13:40:38 2023 >>> New Revision: 1908060 >>> >>> URL: http://svn.apache.org/viewvc?rev=1908060=rev >>> Log: >>> Test case updates related to macOS ventura changes: >>> >>> - python 3.11 deprecates the `cg` module, replacing >>> url query and multipart form-data handling with new code >>> - adaptions to changes in openssl/curl behaviours >>> - all mod_tls test cases now have prefix `test_tls_` for >>> easier scoping. >> >> This seems to be failing: >> >> https://github.com/apache/httpd/actions/runs/4341851149/jobs/7581956398 >> >> 1) Maybe some new pypi requirement or something? Looks like the CGI >> scripts are now giving 500 errors. > > Yes, for the deprecated `cgi` python module, the `multipart` module > is recommended by the PyGods to replace parts of it. I have no idea > how that is named on ubuntu-latest. I would try python3-multipart. Regards Rüdiger
Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56
On 3/5/23 10:31 PM, Eric Covener wrote: > Hi all, > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.56-rc1 as 2.4.56: > [X] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > sha256: db0d4c76007b231fd3ab41b580548dc798ae3844bb7c3d5ce1e4174ca2364698 > *httpd-2.4.56-rc1.tar.gz > sha512: > 68b1e8c3e3436e6947c0ccfeee6fea83254560e4d43bddbc79a4206d804a6dda6662cf5734e0b2f4019ab5c1fff40141a16dd7698e8fe72b7fd343fbebd42724 > *httpd-2.4.56-rc1.tar.gz > > The SVN candidate source is found at tags/2.4.56-rc1-candidate. > Sigs and Hashes ok Tested on RedHat 8 x86_64 with apr 1.7.2 / apr-util 1.6.3 Regards Rüdiger
Re: svn commit: r1908060 - in /httpd/httpd/trunk/test/modules: http1/htdocs/cgi/ http2/ http2/htdocs/cgi/ md/ tls/ tls/htdocs/a.mod-tls.test/ tls/htdocs/b.mod-tls.test/
> Am 06.03.2023 um 17:53 schrieb Joe Orton : > > [resent to dev@] > > On Sat, Mar 04, 2023 at 01:40:39PM -, ic...@apache.org wrote: >> Author: icing >> Date: Sat Mar 4 13:40:38 2023 >> New Revision: 1908060 >> >> URL: http://svn.apache.org/viewvc?rev=1908060=rev >> Log: >> Test case updates related to macOS ventura changes: >> >> - python 3.11 deprecates the `cg` module, replacing >> url query and multipart form-data handling with new code >> - adaptions to changes in openssl/curl behaviours >> - all mod_tls test cases now have prefix `test_tls_` for >> easier scoping. > > This seems to be failing: > > https://github.com/apache/httpd/actions/runs/4341851149/jobs/7581956398 > > 1) Maybe some new pypi requirement or something? Looks like the CGI > scripts are now giving 500 errors. Yes, for the deprecated `cgi` python module, the `multipart` module is recommended by the PyGods to replace parts of it. I have no idea how that is named on ubuntu-latest. > 2) What is the path to the relevant error_log when running those tests, > we can tweak the config to grab that file and upload it for easy > diagnosis. The server error log on all pytests is found in test/gen/apache/logs/error_log. It is cleared on test start. Kind Regards, Stefan