Re: Changing the httpd security process
+1 > On Aug 20, 2020, at 9:24 AM, Joe Orton wrote: > > On Mon, Aug 17, 2020 at 12:08:35PM +0100, Joe Orton wrote: >> This roughly reverts the httpd process to what we used prior to adopting >> the Tomcat-esque policy for the whole ASF. We would have to document >> this and possibly need it approved by the ASF security team. > > Thanks to those who have given feedback. > > I won't rush this since it's Summer and people may be on holiday, if by > the start of September there is no dissent I will assume PMC consensus > for making this change and work out how to document & notify security@. > > Regards, Joe >
Re: [Vote] Overhaul modules.apache.org
On Jan 25, 2013, at 5:21 AM, Daniel Gruno rum...@cord.dk wrote: [ ] +1: I support this proposal +1 ...and whatever you want to do with the old site is fine by me. What level of traffic are we seeing on it? Shouldn't we just make a clean break and respond to any URL into the old database with a 410 Gone to encourage the search engines to clean themselves up? S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: [VOTE] accept mod_macro as standard module in httpd
On Jan 2, 2013, at 6:06 PM, Eric Covener cove...@gmail.com wrote: Pending IP clearance... [+1] accept mod_macro as a standard module and responsibility for its maintenance [ +/- 0] don't care won't help [ -1] don't accept mod_macro as a standard module +1 S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: [RE-VOTE] adoption of mod_firehose MODULE
On Mar 1, 2012, at 10:11 AM, William A. Rowe Jr. wrote: Let's simply reset this whole mess. A proposal to adopt mod_firehose is attached. [X] Option 1: adopt as trunk module [ ] Option 2: adopt only as subproject [ ] Option 3: do not adopt Dimpled chad: I would support option 2 if 1 doesn't have traction. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: ******** Interesting server-status at w.a.o
On Feb 24, 2012, at 3:50 AM, Rainer Jung wrote: On 24.02.2012 12:12, Steffen wrote: Looks like the hanging L's, which I reported way back, which was investigated by Stefan Could be but not necessarily. It depends on your MaxConnectionsPerChild setting. The situation at w.a.o is due to processes getting recycled. I sporadically watched the server-status there and the L situation did not show up for a long time. I expect the adminds did restart Apache gracefully. If I recall correctly, a.o httpds get a Graceful every 24h to turn over the logs. So you should never see a really long-lived scoreboard on any of those instances. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
Remember the CHIL engine cleanup was fixed to prevent a dangling cleanup function pointer... I forget which OpenSSL version got that fix but in any case RH only recently backported it. I'm sure I didn't test with any proxy config at the time. S. -- Sander Temme san...@temme.net Sent from my phone On Feb 3, 2012, at 1:27 PM, Dr Stephen Henson shen...@opensslfoundation.com wrote: On 03/02/2012 17:45, Daniel Ruggeri wrote: On 2/2/2012 1:02 PM, Daniel Ruggeri wrote: Since this happens with every attempt to start, I suspect it has nothing to do with the new directive and more to do with something I did on the openssl build. I was, indeed, doing something stupid. A build with openssl 1.0.0g replicates the behavior of 0.9.8g in that it fails when SSLProxyMachineCertificateChainFile is enabled. The annoying part is that (due to the error I get when running in dbx) I can get no useful information in a debug session from Solaris. ... so I've switched to RHEL and gdb and have interesting information. Under Linux, I get this error on init: [Fri Feb 03 10:56:21 2012] [error] Init: Failed to enable Crypto Device API `chil' [Fri Feb 03 10:56:21 2012] [error] SSL Library Error: 2164682852 error:81067064:CHIL engine:HWCRHK_INIT:already loaded [Fri Feb 03 10:56:21 2012] [error] SSL Library Error: 638287981 error:260B806D:engine routines:ENGINE_TABLE_REGISTER:init failed This only happens when SSLProxyMachineCertificateChainFile is set With some quick debugging I see that the hwcrhk_finish DOES NOT get called during ssl_cleanup_pre_config... but DOES get called when the directive has been removed. To me, it looks like httpd has not registered the engine for cleanup, but that certainly shouldn't be impacted by this patch. It seems something in the process of loading the store is complicating things. I'll continue poking around, but pointers are certainly appreciated. Hmm... the ENGINE code is careful not to shutdown an ENGINE if keys exist which make use of it. So there is a possibility that the some chain verification leaves a reference to an RSA key which prevents the ENGINE from closing down completely. In engines/e_chil.c try commenting out the line containing ERR_load_HWCRHK_strings(). Only side effect of doing that is you will only get numerical error codes and not error strings. Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
Re: Segfault in openssl's err_cmp when using SSLCryptoDevice and new SSLProxyMachineCertificateChainFile
On Jan 18, 2012, at 8:40 AM, Daniel Ruggeri wrote: All; I stumbled across this yesterday and was hoping some of our more experienced openssl developers may be able to offer suggestions on how I can track this down. I've been testing on 2.2.21 though the code should be the same in trunk/2.4. The patch I've applied is currently proposed for backport in 2.2 (and works fine until using an openssl engine). Patch applied to 2.2.21 distribution - trunk already has this: http://people.apache.org/~druggeri/patches/httpd-2.2-SSLProxyMachineCertificateChainFile.patch When the new SSLProxyMachineCertificateChainFile directive is set at the same time SSLCryptoDevice is set, a segfault occurs during ssl_hook_pre_config while calling SSL_load_error_strings. The backtrace I gathered with dbx points to something deeper inside openssl, but I'm sure I've done something to cause it. Interesting... which version of OpenSSL? Must be 0.9.7 or 0.9.8, because err_cmp() disappeared after that. And the signature doesn't match what we're seeing in the backtrace. And which platform? Solaris? SPARC or x86_64? t@1 (l@1) signal SEGV (no mapping at the fault address) in err_cmp at 0x7ab05540 0x7ab05540: err_cmp : ld [%o0 + 4], %o3 Current function is ssl_hook_pre_config (optimized) 280 SSL_load_error_strings(); (dbx) where current thread: t@1 [1] err_cmp(0x7ae542a8, 0x7fff9470, 0x22cd, 0x100251f30, 0xac, 0xab), at 0x7ab05540 [2] lh_retrieve(0x10023aa80, 0x7fff9470, 0x14064057, 0x57, 0x10024edc8, 0x7ab05540), at 0x7ab034bc [3] int_err_get_item(0x7fff9470, 0x7acb4528, 0x14520, 0x7aca0008, 0x19b904, 0x14400), at 0x7ab0476c [4] ERR_func_error_string(0x64, 0x7acbdf48, 0x14520, 0x7acbdf48, 0x7acb4528, 0x14400), at 0x7ab053d0 [5] ERR_load_SSL_strings(0x0, 0x77e542a8, 0x77e4f0d0, 0x51d8, 0x105df4, 0x5000), at 0x77d492f8 =[6] ssl_hook_pre_config(pconf = ???, plog = ???, ptemp = ???) (optimized), at 0x77f08f04 (line ~280) in mod_ssl.c [7] ap_run_pre_config(pconf = ???, plog = ???, ptemp = ???) (optimized), at 0x10004cfe4 (line ~85) in config.c [8] main(argc = ???, argv = ???) (optimized), at 0x100031954 (line ~709) in main.c For reference, removing one directive or the other avoids the segfault. This seems to be brought on by the combination of the two (and possibly the engine implementation). So the combination of directives causes some memory to be overwitten that ends up pointing outside httpd's allocated address space. Does the order of the directives matter? Which Engine if I may ask? A fix was applied to the CHIL Engine that removes a dangling cleanup function pointer which caused a segfault on startup on platforms that vary the address location in which libraries are loaded (RHEL 5 being a prime example). I don't remember off the top of my head which OpenSSL version got the fix. Can you reproduce with a non-optimized, debug/symbols enabled build of OpenSSL and Apache? With the latest versions of each? S. Any ideas? -- Daniel Ruggeri -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Time for 2.4.0 GA??
On Jan 12, 2012, at 2:24 AM, Steffen wrote: We have at least 4 hard bugs in 2.3.16. Known for a long time, and no need to exposure more for these. Are they listed in STATUS under the Release Showstoppers section? That currently only lists the need to remove undocumented modules as showstopper, and I believe we have even booked some progress on that one. Going by STATUS, things do indeed look stable, good and happy. This is not so much for folks like yourself who are intimately familiar with these bugs, but more for the rest of us who don't use Windows and may never encounter the problems. Fine a GA, with a big note that it is not ready for Windows and advising to run 2.2.21 as proven stable. I would hate that: we have lots of users on Windows and I'd like to enable them to use the latest, greatest. S. So not happy with 2.4. Op 11 jan. 2012 om 16:37 heeft Jim Jagielski j...@jagunet.com het volgende geschreven: Things look stable. Things look good. Things look happy. So are we ready to finally make this happen?? I offer to RM. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Style violations
On Jan 9, 2012, at 11:35 AM, André Malo wrote: Here it's 80 chars (actually I'm use 78 personally) both about putting multiple editors side by side and keeping diffs readable by email clients. I'm in much the same mode: multiple 80 char wide windows side-by-side. I would favor keeping the 80 char limit unless the message (code or otherwise) benefits from expression in a wider format. For that reason, not elated about automated post-commit enforcement. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Fwd: svn commit: r1228700 - in /httpd/httpd/trunk/docs: STATUS manual/mod/mod_heartbeat.xml manual/mod/mod_heartmonitor.xml manual/mod/mod_watchdog.xml manual/mod/mod_watchdog.xml.meta
Folks, I've put in some updates to the mod_heart* modules, taken from the README supplied with the modules and some perusal of the source code. I have not run these as I'm too lazy to set up the servers. Review would be appreciated, especially by the original authors (Cc), before backport to 2.4.x. Also added a doc file for mod_watchdog. Question for the docs folks: since this one is only of interest for consumption by other modules, how much documentation should we supply in the user-facing pages? I said this module defines programmatic hooks... do we need to define what the hook handler prototypes are? That's more like developer documentation. Thoughts? S. Begin forwarded message: From: scte...@apache.org Subject: svn commit: r1228700 - in /httpd/httpd/trunk/docs: STATUS manual/mod/mod_heartbeat.xml manual/mod/mod_heartmonitor.xml manual/mod/mod_watchdog.xml manual/mod/mod_watchdog.xml.meta Date: January 7, 2012 11:10:29 AM PST To: c...@httpd.apache.org Reply-To: dev@httpd.apache.org Author: sctemme Date: Sat Jan 7 19:10:28 2012 New Revision: 1228700 URL: http://svn.apache.org/viewvc?rev=1228700view=rev Log: Update heartbeat module documentation, add documentation for mod_watchdog Added: httpd/httpd/trunk/docs/manual/mod/mod_watchdog.xml (with props) httpd/httpd/trunk/docs/manual/mod/mod_watchdog.xml.meta Modified: httpd/httpd/trunk/docs/STATUS httpd/httpd/trunk/docs/manual/mod/mod_heartbeat.xml httpd/httpd/trunk/docs/manual/mod/mod_heartmonitor.xml Modified: httpd/httpd/trunk/docs/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/STATUS?rev=1228700r1=1228699r2=1228700view=diff == --- httpd/httpd/trunk/docs/STATUS (original) +++ httpd/httpd/trunk/docs/STATUS Sat Jan 7 19:10:28 2012 @@ -56,12 +56,8 @@ To Do List Start is in expr.xml, igalic is working on this - modules docs -- the follwing modules added since 2.2 lack documentation +- the following modules added since 2.2 lack documentation - mod_serf -- mod_watchdog -- mod_heartbeat -- mod_heartmonitor -- mod_lbmethod_heartbeat - mpm_simple the list may be incomplete maybe some of the modules will not be included in 2.4 Modified: httpd/httpd/trunk/docs/manual/mod/mod_heartbeat.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_heartbeat.xml?rev=1228700r1=1228699r2=1228700view=diff == --- httpd/httpd/trunk/docs/manual/mod/mod_heartbeat.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_heartbeat.xml Sat Jan 7 19:10:28 2012 @@ -35,21 +35,66 @@ that advertises the servers current conn will be running on a proxy server with modulemod_lbmethod_heartbeat/module loaded, which allows directive module=mod_proxyProxyPass/directive to use the heartbeat emlbmethod/em inside of directive module=mod_proxyProxyPass/directive./p +p +modulemod_heartbeat/module itself is loaded on the origin server(s) that serve requests +through the proxy server(s). +/p + +note type=warning +To use modulemod_heartbeat/module, +modulemod_status/module and modulemod_watchdog/module +must be either a static modules or, if a dynamic module, it must +be loaded before modulemod_heartbeat/module. +/note + /summary +section id=consuming +titleConsuming mod_heartbeat Output/title + p + Every 1 second, this module generates a single multicast UDP + packet, containing the number of busy and idle workers. The + packet is a simple ASCII format, similiar to GET query parameters + in HTTP. + /p + +exampletitleAn Example Packet/title +v=1amp;ready=75amp;busy=0 +/example + + p +Consumers should handle new variables besides busy and ready, +separated by 'amp;', being added in the future. + /p + +/section + +section id=miscellaneous +titleMiscellaneous/title +pThe interval of 1 seconds is controlled by the HEARTBEAT_INTERVAL +compile time define. This is not currently tunable at run time. To make +this module send the status packet more often, you must add to the +CFLAGS used to compile the module to include:/p +example-DHEARTBEAT_INTERVAL=3/example +pWould cause the broadcasts to be sent every 3 seconds./p +/section + directivesynopsis nameHeartbeatAddress/name -descriptionAddress to send heartbeat requests/description +descriptionMulticast address for heartbeat packets/description syntaxHeartbeatAddress varaddr:port/var/syntax defaultdisabled/default contextlistcontextserver config/context/contextlist usage -pThe directiveHeartbeatAddress/directive directive specifies the -address modulemod_heartbeat/module will send status information to. This -address will
Re: svn commit: r1228700 - in /httpd/httpd/trunk/docs: STATUS manual/mod/mod_heartbeat.xml manual/mod/mod_heartmonitor.xml manual/mod/mod_watchdog.xml manual/mod/mod_watchdog.xml.meta
On Jan 7, 2012, at 1:08 PM, Rainer Jung wrote: hook handler prototypes are? That's more like developer documentation. Thoughts? I don't know about the history of similar decisions, but IMHO what you wrote is good enough for 2.4.0. Sounds good. +pThe interval of 1 seconds is controlled by the HEARTBEAT_INTERVAL +compile time define. This is not currently tunable at run time. To make +this module send the status packet more often, you must add to the +CFLAGS used to compile the module to include:/p +example-DHEARTBEAT_INTERVAL=3/example +pWould cause the broadcasts to be sent every 3 seconds./p +/section more often than 1 second does not match the example 3 seconds ;) I guess more often is not possible (if resolution is seconds), so it would be less often? More important: I think this is totally wrong. The define exists, but I couldn't find any place in the code, which is influenced by it. I *guess* it uses the global watchdog interval configured for mod_watchdog. Yep, it's not used. And WatchdogInterval in mod_watchdog should do the trick. Perhaps an early approach soon abandoned? Removed from docs. +pThedirectiveHeartbeatAddress/directive directive specifies the +multicast address to whichmodulemod_heartbeat/module will send +status information. This address will usually correspond to a configured +directive module=mod_heartmonitorHeartbeatListen/directive on a +frontend proxy system./p +example +HeartbeatAddress 239.0.0.1:27999 +/example /usage /directivesynopsis Should we note, that Multicast needs to be enabled on both notes and routing needs to be set up, so that the multicast packets from the origin server can reach the proxy? On the one hand it is obvious, on the other hand not unlikely to be the typical first problem people run into. I'm +1 on a note, but don't think we should tell the story on setting up IP Multicast. I omitted this mainly because I don't know the story well enough. Same for IPv6 address examples. +note type=warning +To usemodulemod_heartmonitor/module, +modulemod_status/module andmodulemod_watchdog/module +must be either a static modules or, if a dynamic module, it must +be loaded beforemodulemod_heartmonitor/module. +/note + ?? The README talks only about mod_status. I added mod_watchdog because mod_heart* has a hard dependency on its symbols. The mod_status dependency is not hard (mod_heartbeat loads without mod_status loaded, or with mod_status later in the config), but not having actually run this I don't know what more subtle issues might arise. Removed the orphaned singular it must be loaded. +example +HeartbeatListen 239.0.0.1:27999 +/example Same remark concerning the use of multicast as above. p This module is inactive until this directive is used./p /usage @@ -88,7 +100,7 @@ heartbeat requests to this server/descr pThedirectiveHeartbeatMaxServers/directive directive specifies the maximum number of servers that will be sending requests to this monitor server. It is used to control the size of the shared memory allocated -to store the heartbeat info./p +to store the heartbeat info whenmodulemod_slotmem_shm/module is in use./p Can this be changed using graceful restart? Only for flat file or also for shm? This gets set up in the post_config hook handler. I forget whether that gets called on a graceful, and have not analyzed whether the graceful restart case gets handled properly. I suspect this depends on the behaviour of the slotmem provider. In the file case, it seems that very few assumptions about the state of the world are made. Typo: corrspond - correspond Thank you. Additional info: it seems the data used for the load balancer is updated about every 5 seconds (define HM_UPDATE_SEC). More precisely it seems the heartmonitor is called by watchdog (with interval 0 seconds, but watchdog sleep at least 100ms), then updates the data from what is had previously read, then loops for 5 seconds reading new data and then returns to watchdog. This is done one one thread per child, but a mutex guarantees, that it only runs in one child at every time. Hope I'm right. I hope so, too. Furthermore the heartmonitor contains some additional code to handle POST requests directed to it and reading usage data directly from the POST body (in addition to the multicast method). I think the current info in mod_lbmethod_heartbeat.xml is confusing. It contains: I did not edit that doc. This modules load balancing algorithm favors servers with more ready (idle) capacity over time, but does not select the server with the most ready capacity every time. Servers that have 0 active clients are penalized, with the assumption that they are not fully initialized. As far as I can see in the code, it randomly chooses one of the idle origin server slots based on the last
Re: remove mod_heart* from 2.4?(was: 2.4.0 GA This week?)
On Jan 2, 2012, at 8:09 PM, Eric Covener wrote: I will crank out docs for these tomorrow and ping paul to review. Thank you for getting this going: it seems to be the most constructive way to resolve this issue. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Proposal: adoption of mod_firehose subproject
On Dec 13, 2011, at 7:19 AM, Graham Leggett wrote: - mod_firehose: tcpdump for httpd +1 on adopting. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Time for httpd 2.4.0-RC1 ??
On Dec 11, 2011, at 6:01 AM, Jim Jagielski wrote: Now that apu-1.4.1 is close to release, it looks like we are close to being able to have our 1st RC for 2.4.0... My plan is to TR sometime this week... +1, let's do it. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: [VOTE] Formal deprecation of 2.0.x branch
On Nov 11, 2011, at 8:49 AM, William A. Rowe Jr. wrote: Stealing a plan executed by Colm for 1.3, I'd like to propose that we set a two week window following committers' return-from-ApacheCon to execute any backports of general interest and apply important fixes/backports to pregsub allocation and non-absolute uri parsing. On approval of this plan, I would offer to introduce the EOL notices (as we ultimately committed to 1.3), tag and roll 2.0.65 on Nov 26th and we would potentially approve and release 2.0 'final' this month. And as we did with 1.3, we would start a 12 month clock to removing 2.0.x pretty much in its entirety from the live httpd.apache.org site and /dist/ mirrors (although still available from archive.a.o/dist/). Otherwise we will be developing towards 4 releases even beyond this month, which seems excessive when the current stable has rendered the prior version obsolete six years ago, on December 1, 2005. +1. It is time. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: svn commit: r1200993 - in /httpd/httpd/branches/2.4.x/docs/manual/platform: windows.html.en windows.xml windows.xml.ko
On Nov 11, 2011, at 9:48 AM, cove...@apache.org wrote: - licodeINSTALLDIR/code (default ProgramFilesFolder\Apache Software Foundation\Apache2.2\)/li + licodeINSTALLDIR/code (default ProgramFilesFolder\Apache Software Foundation\Apache2.3\)/li Shouldn't those things be something like '2.4' on the branch and '2.5' on trunk? S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Server Process Pool Behavior
On Nov 11, 2011, at 1:21 PM, Jeff Trawick wrote: On Fri, Nov 11, 2011 at 1:02 PM, Jeff Trawick traw...@gmail.com wrote: 2011/11/11 Torsten Förtsch torsten.foert...@gmx.net: On Friday, 11 November 2011 20:09:09 Jason Gionta wrote: While I expect the count to increment by one after each request. It seems like if there is a time gap between requests (over 10 seconds), the count gets reset (apr_hash_count = 0). May it be that your requests simply hit another worker process? That must be it. Jason, your code is going to run in different child processes as new client connections are accepted by different child processes. The children started off with the same empty hash inherited over fork(), and in different child processes it will have different contents, at least once a child handles its first connection. Also, note that in-memory caches served between child processes use shared memory. Check out mod_example_ipc.c in trunk and the new 2.4 branch. Note on that... should we port that to slotmem? S. You can get a bit of mileage in the short term from configuring a single-child-process configuration (worker or event MPM, MaxClients==ThreadsPerChild) but that probably won't be viable (different reasons why you want more child processes, don't want to lose your cache if the child segfaults or you need to use MaxRequestsPerChild, etc.).
Re: BRANCHED : httpd 2.4.x
On Nov 11, 2011, at 9:42 AM, Jim Jagielski wrote: The 2.4.x httpd branch was created from the r1200449 point of trunk… I've tried to backport pretty much all non-apreq patches from trunk. I have added version 2.4-HEAD to Bugzilla. As well as 2.3.15-beta... S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Who's at the Hackathon?
Folks, The httpd table now has: Jeff Trawick Jean-Frederic Leclere Stefan Fritsch Rainer Jung and myself Who else is at the conference? Anybody joining tomorrow? Rainer brought a Euro power strip, so this table's going to be right popular. (: S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Survery: how do you use httpd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Apache developers/users, I have created a quick survey to see how YOU use Apache and what is important to you: http://www.surveymonkey.com/s/HFGDY3C It's only eight questions, and there's only one matrix! Shouldn't take but a minute to fill out. Nothing official: I'm just curious. I'll post the results back to the list and if I get interesting stuff, I may do a Lightning Talk about it next week at ApacheCon. Thank you! S. - -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJOrkwMAAoJEJu4Y7D1G7iKMv0P/3cOdqwd9yBBdjIePrxCUWR/ Vs2i1CE6/rWGpOfBKL2F1XpmMF02v0mI6zFIWEYMjjwlof0FS27bwbq7cDwFYK5b VF6BoOGrw1W8ZGYfZ2GW82YBjiOzWmV1M535ajfKRw7XrByA+Xp1ZRsqMVssC+m5 svBchPRvPbFF9b0P88PyQ4ePhFZptDAjRZlzx2b7WfY/TlK2hFjfEzEcKrVWeyy+ iucZVWjlwyTu7E8SfH+0mQ43MszIKwlziY6VReEyvilfUYdWhU0P72lhfXC7ZZXC 1S2Y7tWsguI2P86nI/PvNMvW8SByl5o1f93bbDzxGqGgENlayP7y08hrwPnjbiaO cCPLju41CvwbuoEMLx2tLdqMKwufh67V0QQ65kSp0CWgsLypmjz5y1MQOf6q05Cp tScxKbZgBMwm/YgwPv4CQp86hjgHtOavJ7QJuVWuLgBfe9ASruY6jrLkY+5RZnBP yDCt0RK84aCVt2HCFOadK6u+/e8MFVTAXCv4M2Pq89meGRi3lUvN/imuJjuQlLx8 qcl8uOWkvl9I63SMBdpt+nHjNgO+iO0GwlzFXiYCL8jDxB+5qEJ+/HqInt2zabsj rIZIMIOrEO7nQfb+/pr5/0aouYdi8xYscgOxLBL0enLF0lKRFxX0pPF8O1F5GeLn qk4ParaTc7jADviFdUPG =DzEA -END PGP SIGNATURE-
Re: Survery: how do you use httpd?
On Oct 31, 2011, at 12:56 AM, Graham Dumpleton wrote: On 31 October 2011 18:24, William A. Rowe Jr. wr...@rowe-clan.net wrote: On 10/31/2011 2:19 AM, Sander Temme wrote: Dear Apache developers/users, I have created a quick survey to see how YOU use Apache and what is important to you: http://www.surveymonkey.com/s/HFGDY3C It's only eight questions, and there's only one matrix! Shouldn't take but a minute to fill out. Nothing official: I'm just curious. Under 4. you missed fcgid... and next to mod_python, mod_wsgi. Since mod_python has been sent to the attic, is no longer maintained, hasn't had a release in almost 5 years and would have to be patched to even build with latest Apache versions, one wonders why it is even listed. Listing it in same category next to mod_wsgi, which is actively looked after, is going to give importance to mod_python that probably it shouldn't get. Yeah, I should have listed mod_wsgi. And FastCGI. And plain ole mod_proxy. Too late to change the survey now, we're 45 responses into it. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: 2.0.65 and 2.3.15-dev
On Oct 27, 2011, at 10:31 AM, Jim Jagielski wrote: Still hoping to get these out, esp getting the ball rolling for an actual 2.4.0 GA by ApacheCon… There is a hold up due to an issue which may need to be fixed/addressed and that's the reason for the delay... Thanks Jim, I was just considering asking about this. Is anyone on the list actually running the previous beta in anger? Aside from www.apache.org? S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Next update
On Aug 31, 2011, at 7:20 AM, William A. Rowe Jr. wrote: We must advise that 1.3 is not affected, per our further research, although we can note that the default configuration (MaxClients etc) may already be inappropriate in any number of distributions, and remind administrators to tune their configuration to gracefully handle the maximum volume of requests. Or upgrade already. (: S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Half-baked subprojects
On Aug 11, 2011, at 6:48 AM, Plüm, Rüdiger, VF-Group wrote: +1 to component of libapreq2 under apache-httpd2. Is that an infra ticket or do some folks here have access? Done. IMHO the PMC chair should have the Bugzilla karma to do this. If you don't have it, please ask infra to grant it. I have given covener at gmail the Edit Components capability, same Rüdiger has. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Reminder: TAC Assistance to ApacheCon NA 2011 closes July 8th
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, Just a friendly (and final) reminder that applications for financial help to attend ApacheCon NA 2011 in Vancouver close this coming Friday 8th July (2200 BST : UTC+1). Financial assistance is available for Travel (planes, trains, whatever) , Accomodation (at the conference venue hotel) and Conference entrance fees. Dependant on your circumstances will decide how much of that you would be given. Please visit http://apache.org/travel for more information and a link to the application form. Remember: We DO help people get to ApacheCon and other Apache events every year, we DO want to help people get there who otherwise could not, that is why we exist. Spread the word, you are welcome to tweet, blog, email, post, phone or smoke signal to anyone who you think might benefit from attending ApacheCon this year. Kind Regards, The Travel Assistance Committee. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJOFIfaAAoJEJu4Y7D1G7iKxjkP/RI+FUTDOapL3+1NqwsQhnps XUa7v+nfQC+/J1SnqISge6EberqOPBSVzqNGzq299nbC3ANljbmolOKxp8b5gUFQ fmAixkq8D41byW/Ct+c8gO3uyGbiolps75+b+wB50eM+W7OuO2s+eI6FnCchx93a z5LDz6+o8F3f4GRDZYcN4toRNRu5FYpbgnP+z93SFlDu1BV6idRc9453GSHaMnAK A3XOhfuni7OEmvcO0XwVem5W8BK5P1nk9lO1MXUvRp2Lg4X9i8NnN5MSBdkheHfc cxveJgRXAo9aE0WdyR8fjVLvEJBdlpWDWsJRCb/7+fROl9ek3j7A7cxaAodgU6fa Qc4jGcvD8geqhdP18b4IxgphZsdyqhfDuOyskFswnnUmqzIj2uRetRXxt7mGVJh5 hgJV2BoGK4ix+0/AP5UMjgwgte4e5z5LnqYvnK3SdJxNlMjkhnN2C40ytjp+59ub y4FZ7o4idnHYhiFMdRVsN/h+SeycrW6AP7xjvvsCJeefeioR/AKINimTMKUS+VS2 wTc2KvXmJe5OBb03GJtDN1gv8dM2pfjBzQ5VMdnCWKf8T0Mtk26ogam7j8Y48fS3 pVtJm+aOEpkCpRfr0nWWh4w4vG5eaGEfLjE6GRZBEqbz9GtNGpP08lCv7/ybqdey udoxTUpzdmGGGBcMzNLG =VxYQ -END PGP SIGNATURE-
Travel Assistance applications now open for ApacheCon NA 2011
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Apache Software Foundation (ASF)'s Travel Assistance Committee (TAC) is now accepting applications for ApacheCon North America 2011, 7-11 November in Vancouver BC, Canada. The TAC is seeking individuals from the Apache community at-large --users, developers, educators, students, Committers, and Members-- who would like to attend ApacheCon, but need some financial support in order to be able to get there. There are limited places available, and all applicants will be scored on their individual merit. Financial assistance is available to cover flights/trains, accommodation and entrance fees either in part or in full, depending on circumstances. However, the support available for those attending only the BarCamp (7-8 November) is less than that for those attending the entire event (Conference + BarCamp 7-11 November). The Travel Assistance Committee aims to support all official ASF events, including cross-project activities; as such, it may be prudent for those in Asia and Europe to wait for an event geographically closer to them. More information can be found at http://www.apache.org/travel/index.html including a link to the online application and detailed instructions for submitting. Applications will close on 8 July 2011 at 22:00 BST (UTC/GMT +1). We wish good luck to all those who will apply, and thank you in advance for tweeting, blogging, and otherwise spreading the word. Regards, The Travel Assistance Committee -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJN7VhPAAoJEJu4Y7D1G7iKgHUQAK5jQfCrdj94GaPTnyHNkXNT wvseWS9DmiW+HvIVBiWPwZG0sESoV8xy+oFiMigwrrA5LZWYPkihRSzr2i8L1L3k SpglLc2i9gfSnrUtbkBlguWl6JmBoKGJF/v2han7osCeCGlGYO6oAohNqs6Ie0qU V6jsICKQESNadzHmdDUTFp3iu5J3EkCj2I0eBjUlYGwHdNmwc0QzHiJkG212aU4Y XtSTxAfeUxigQ5B6VDp1+/zw0P/39XWw9Ip/XJWo/dk11n50obZj7MFqbTzRIrcg 7JWALCnO2ipwWdyLHRFMdmNaauvKMzkLBpO/h+ur/i+CFLdWwmyQCSuFOfcQtv6P ekMxqFZdXYDs8Edu7AUBcE+iVnPOW8p99qo3OK4l3Rt9eYiEMA5qGFY8taIX9KmI qsTb3YthCOUoJGg5aRajKDEfsdXBkqp4vrhY/W2lV7KsDaRLRYR7tmzKcXY+K2Rt rya3xtqY4yHbnx/sIKT2O5p6dUSOIFts3pggdeVZDMRfKNPfwFARZD4Cv7FfBMdF uF/4sY0KsbDE+KhMf14c8IA4x0nR8ohjkEzJVuHFZqyBIvimZplVdZlh7kk+lG8v pQLTOAzok3yVMgqkIu+JPcLeXNUYj7I1Md2flVzzj4DMn5dJlQxfG+CI/1GI0MXF fHPM6SToANHkuMbbpvs0 =zBne -END PGP SIGNATURE-
Re: about ApacheBench
On Apr 23, 2011, at 6:48 PM, William A. Rowe Jr. wrote: On 4/23/2011 8:10 AM, Atsushi Ishii wrote: Hi, It's first time to post here. Recently, I'm developing new function regarding ApacheBench(ab). Present ApacheBench supports only single URL. New function which I'm developing supports multi URLs like next. Have you looked at flood? Depending on what you re trying to accomplish, you will probably find that ab continues to limit your flexibility. When it comes to sophistication, I don't think ab is the place to invest that sort of energy. Patches to flood are welcome... http://httpd.apache.org/test/flood/ +1 ApacheBench should stay simplistic. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Presentations on 2.4 in Vancouver?
All, Are any of you planning to submit a session proposal for ApacheCon in Vancouver that covers 2.4? Surely it will have been released by then... Perhaps a session on what's New and Important? Or one on migrating from legacy releases to the latest, greatest? We have until the end of next week to propose sessions. S. -- scte...@apache.orghttp://www.temme.net/sander/ PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: problem w/ apache 2.2.3 under redhat 5.6 (kernel 2.6.18)
On 01/18/11 16:01, martin olivera wrote: Good day -- Hey Martin, We have three Redhat 5.6 servers running Apache 2.2.3. After our last week software update (directly from Redhat), the three Apache servers became unaccessible from any browser. A simple service httpd restart gives no errors, and we can see the daemon running. Put the list of processes just shows [httpd] defunct. It appears to be an SSL/NSS problem. A status check yields: httpd (pid ...) is running But the services manages indicates: httpd dead but subsys locked. You might consider taking this to us...@httpd.apache.org: maybe someone there has seen a similar problem. mod_nss is not apache.org code: it was done by Red Hat so you should probably open a ticket with them. S. The messages log shows: SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED NSS_Initialized failed. Certificate database:/etc/.httpd/alias The ssl error log says (both are warnings): RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !? RSA server certificate CommonName (CN) 'localhost.local.domain' does NOT match server name!? I've obvioulsy missed creating certificates somewhere. It's the first time I find errors after an Apache upgrade. I thought the upgrades were automatic. Nothing else (firewall, httpd.conf) has been changed from the time we had apache working w/o problems. Any clue as to how to proceed to fix this problem? I don't subscribe to the list, so answers by direct mail is preferred. Thank you, Martin -- Sander Temmescte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: STATUS proposal for 2.2.x
On Dec 4, 2010, at 9:56 AM, Daniel Ruggeri wrote: Good day, all; I would appreciate it if a committer could spare a moment to patch the 2.2 STATUS file to include this as a proposal (a +1 would be really great, too). For reference, the patch is also attached. The trunk patch was applied in r1039304. Committed in r1043835. Haven't reviewed it. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: [RELEASE CANDIDATE] libapreq2 2.13 RC
On Nov 25, 2010, at 11:34 AM, Issac Goldstand wrote: After a year and a half, the apreq team would like to release version 2.13 of libapreq. Good PGP signature; good md5. Built and tested on an x64 Meerkat box, against bundled Apache2. Build against httpd and apr trunk fails: configure looks for apr-util which does not exist. I don't see this as a blocker. +1 S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Proposed: PKI Authentication for secure web access
On Nov 20, 2010, at 12:39 PM, Rob Lemaster wrote: Thanks for the link Issac. If this is already in Apache, why isn't everyone using it? Because key management is just too freaking hard, and too much of a management and support burden. For God's sake, if we can't even get the Apache developer community to use PGP without handholding, how would you expect the general public to handle this tech? S. On Sat, Nov 20, 2010 at 12:32 PM, Issac Goldstand mar...@beamartyr.net wrote: Nope, you have full x509 based authentication out-of-the-box. See http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#allclients Issac -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: [RFC] Error directive to generate custom error messages from httpd.conf
On Nov 7, 2010, at 4:35 PM, Jeff Trawick wrote:
This is handy when a module depends on another module at load time or
run time, and the config for that module needs to display a message
more helpful than the normal symbol-not-found or
optional-function-not-found or invalid-filter message.
+1. We also discussed last week the possibility that a module provides
functionality not captured in the config file, and server startup should fail
if that module is not loaded.
With the Error directive:
IfModule !mod_include.c
Error mod_foo requires mod_include! Use the LoadModule directive to
load mod_include.
/IfModule
$ ./httpd -t
Syntax error on line 486 of /home/trawick/inst/23/conf/httpd.conf:
mod_foo requires mod_include! Use the LoadModule directive to load
mod_include.
Index: server/core.c
===
--- server/core.c (revision 1032266)
+++ server/core.c (working copy)
@@ -1092,6 +1092,11 @@
return NULL;
}
+static const char *set_error(cmd_parms *cmd, void *dummy, const char *arg)
+{
+return arg;
+}
+
#ifdef GPROF
static const char *set_gprof_dir(cmd_parms *cmd, void *dummy, const char *arg)
{
@@ -3432,6 +3437,8 @@
Define the existence of a variable. Same as passing
-D to the command line.),
AP_INIT_TAKE1(UnDefine, unset_define, NULL, RSRC_CONF,
Undefine the existence of a variable. Undo a Define.),
+AP_INIT_RAW_ARGS(Error, set_error, NULL, OR_ALL,
+ Generate error message from within configuration),
AP_INIT_RAW_ARGS(If, ifsection, NULL, OR_ALL,
Container for directives to be conditionally applied),
+1
Pardon my rust, but what actually makes the process error out? Returning !nil?
S.
--
Sander Temme
scte...@apache.org
PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
View my availability: http://tungle.me/sctemme
Re: [RFC] Error directive to generate custom error messages from httpd.conf
On Nov 7, 2010, at 5:35 PM, Jeff Trawick wrote: +1. We also discussed last week the possibility that a module provides functionality not captured in the config file, and server startup should fail if that module is not loaded. The example I remember discussing was some module (or even just some configuration snippet) that requires the INCLUDES filter to work. I don't think it is feasible for the core to make any checks, even if it sees AddOutputFilter INCLUDES .shtml without mod_include available. But somebody writing a config snippet to be installed along with some application/module/static files could add a config time check using IfModule and use the Error directive. Were you thinking of something else? That sounds familiar, yes, S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: Patch for mod_ssl
On Nov 4, 2010, at 12:26 PM, Rich Bowen wrote:
I'd like to make the following change to mod_ssl in 2.2. It's actually a
documentation change, in the sense that it changes an error message, but I
wanted to be sure that there's no strong objection to the change before I
make it. This attempts to avoid the confusion that happens when you get an
error message that doesn't actually tell you anything useful.
+1
Note: I've also made this change in trunk.
Index: ssl_engine_init.c
===
--- ssl_engine_init.c (revision 1029506)
+++ ssl_engine_init.c (working copy)
@@ -403,7 +403,7 @@
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
Illegal attempt to re-initialise SSL for server
-(theoretically shouldn't happen!));
+(SSLEngine On should go in the VirtualHost, not in global
scope.));
ssl_die();
}
}
--
Rich Bowen
rbo...@rcbowen.com
--
Sander Temme
scte...@apache.org
PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
View my availability: http://tungle.me/sctemme
Re: ApacheCon httpd MeetUp
On Oct 23, 2010, at 6:08 PM, Sander Temme wrote: As part of ApacheCon in Atlanta, the HTTP Server Project will have a MeetUp. This MeetUp is freely accessible for all. If you're in Atlanta, whether for ApacheCon or because you live there, please join us to discuss the HTTP Server project. There is a SignUp section on the page now: http://wiki.apache.org/httpd/ApacheCon2010Atlanta Put your name there (WikiName or otherwise) if you would like to join. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
ApacheCon httpd MeetUp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, As part of ApacheCon in Atlanta, the HTTP Server Project will have a MeetUp. This MeetUp is freely accessible for all. If you're in Atlanta, whether for ApacheCon or because you live there, please join us to discuss the HTTP Server project. Here is a page about the ApacheCon MeetUps in general: http://wiki.apache.org/apachecon/ApacheMeetupsNa10 And here is a page about our http://wiki.apache.org/httpd/ApacheCon2010Atlanta The MeetUp will be held: Thursday, November 4, 8PM-10PM Westin Peachtree Plaza, Atlanta, GA Room TBD Please let us know if you would like to come. S. - -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJMw4cZAAoJEJu4Y7D1G7iKZ0MP/iZu2IJxNK6BplFnoKnKkPeD 2eCiNZW9w2e35tKVNX6Q/YyFxxMD2aGGRbBYwTMLG1YQRHvlWNeHr8e7JbM6TWgN 2tDcubEOWN5CChKbDDpQWkNmi4m6AajcJf4qGFu9V364bvGMAOWlYYN+s/PEagQ8 Nl6z4HEjLZkY+XaPh+4g5UohdE9S4yQUFRV7wHe6mdSf3+f+uPXQWWzDEXtzbhyu 5CRTYX7BVUPnLLo0KHKABL9hCMLo98TQHFDkmu2ETUCDhIndruNDa7GL4N1tS1E2 x1Z4v5mka5C0h93paw0E6x4wPiLl6yfytM00ItfJyco83WRMROjVgv1CjI4Z/Wm8 jYgDZPcc9n7i2ZiovRNdiYySPz3wEbMNQkkatkhP2mEl1yQNEeJ40dNodprZTHM9 JEmIqxY6AW4eoVBr4C9kCHnmWgEBiJyUD9bMxMuZU5XY9fguR2Zy7PAwDKkN/icK F5M4jwDHGkMRvZa0F3CVlcDI+P+GF/q8DLo+TstkM8qgD3g3paNEOKPr4TTwpNwh wkU2etVSlkjI3cWQFQW6EKTFIrd92BrfjyDEnLT+IF89MtBd3ln5dVoQjFzqz1po Narlc+jC14pRFkQ1K2xkvFoWVZp2ULSp4vvnc47GAugwdCp0Hr92qD7MaSMgGEpT K9gYJZ/+29nyla9iMntg =MUO1 -END PGP SIGNATURE-
Re: [vote] bump mod_ftp rev for next tag?
On Sep 24, 2010, at 11:02 AM, William A. Rowe Jr. wrote: [ ] Vote on a 0.9.7 tarball as beta or GA [+1] Bump to 1.0.0 and vote on tarball for GA -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A View my availability: http://tungle.me/sctemme
Re: [VOTE] Release httpd-2.3.8 (alpha)
On Aug 28, 2010, at 10:25 AM, Sander Temme wrote: Decent tests. Even more decent: Linux surtur 2.6.32-24-generic #41-Ubuntu SMP Thu Aug 19 01:38:40 UTC 2010 x86_64 GNU/Linux All tests successful. Files=91, Tests=3362, 79 wallclock secs ( 2.31 usr 0.40 sys + 40.61 cusr 6.00 csys = 49.32 CPU) Result: PASS Installed libpcre3-dev to get the headers. Also installed liblua5.1-0 and -dev to get mod_lua built. FreeBSD freebsd8.sandla.org. 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 All tests successful, 3 tests and 5 subtests skipped. Files=91, Tests=3342, 167 wallclock secs (47.10 cusr + 11.62 csys = 58.73 CPU) Installed devel/pcre an lang/lua ports. Still +1 for Alpha. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: [VOTE] Release httpd-2.3.8 (alpha)
=shared \ --enable-proxy-fcgi=shared \ --enable-proxy-ajp=shared \ --enable-proxy-balancer=shared \ --enable-ssl=shared \ --enable-optional-hook-export=shared \ --enable-optional-hook-import=shared \ --enable-optional-fn-import=shared \ --enable-optional-fn-export=shared \ --enable-dialup=shared \ --enable-suexec=shared \ --enable-dav-lock=shared \ --enable-lua=shared \ --enable-slotmem-plain=shared \ --with-ssl=/usr/local \ CFLAGS=-DDEBUG -O0 -DDYNAMIC_MODULE_LIMIT=128 \ $@ -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: [PRERELEASE TARBALLS] httpd-2.3.8
On Aug 24, 2010, at 3:04 PM, Guenter Knauf wrote: Between your alternatives: [ ] YES - include recent PCRE again with dependencies (means we create a PCRE repo in svn, check in a recent version, and add platform-dependent makefiles which are fully integrated into main build process). [X] NO - dont include PCRE (as currently) because of reason: ... I am OK with including the currently shipping PCRE in the -deps tarball, together with the currently shipping APR and APU. So currently that would be PCRE 8.10. I do not want us to maintain a fork. We used to maintain a fork: we have very good reasons to not want to do that anymore. If you have build improvements that make it easier to slide PCRE into srclib and build it along with httpd, the right place for those is, IMHO, the upstream. I assume we could work with Philip to have him include our build bits. Pending our proposal to him, a compromise I would entertain would be to include, in our -deps tarball with the shipping PCRE, a patch file or zip file that has the missing bits with a name like APPLY_TO_PCRE_ON_WIN32.ZIP (or APPLY_~1.ZIP, modulo Netware) to allow builders on those platforms to set up their environment. That file or those files would disappear as soon as the upstream picks it up. I regard the primary consumers of our source tarball to be packagers and distributors, who can be expected to have extensive scaffolding in place. Those who want to build their own should be served by the source and -deps, just like Subversion does, to build a default configuration (./configure make sudo make install). Users who want to build non-default things should be expected to pull in the dependencies themselves. Note: by this reasoning, we should put libz in the dependencies since mod_deflate is part of the default most complement. However, unless someone (not me) comes up with the autofoo to build libz in absence of a viable installed copy, we can let the mod_deflate autoconf soft fail like it does today. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: [VOTE] Release httpd 2.2.16
On Jul 29, 2010, at 9:07 AM, bswen wrote: httpd 2.2.16+: No more Win32 releases?? I think no one has gotten around to posting Win32 sources, that's all. S. Cheers, bing -- 发件人: Paul Querna [mailto:p...@querna.org] 发送时间: 2010年7月25日 1:25 收件人: dev@httpd.apache.org 主题: Re: [VOTE] Release httpd 2.2.16 Plenty of +1s, one +0.9 and no -1s, so I'll start syncing the files out to the mirror network, and prep the announcement mail for tomorrow. Thanks everyone for voting and testing On Wed, Jul 21, 2010 at 11:45 AM, Paul Querna p...@querna.org wrote: Test tarballs for Apache httpd 2.2.16 are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/- 1 [ ] Release httpd-2.2.16 Vote closes at 02:00 UTC on Saturday July 24 2010. Thanks, Paul -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: 2.3 upgrade on apache.org
On Jul 18, 2010, at 12:28 PM, William A. Rowe Jr. wrote: On 7/18/2010 12:58 PM, Paul Querna wrote: We have now disabled Sendfile on apache.org, and the load average dropped from ~80 to 0.35. Wow. Is it unreasonable for us to change the API to disable sendfile as the default from 2.3-alphas forward? +1 S. The feature is loaded with simply too many gotchas - NFS mounts, broken kernels, and although we don't need to remove it, and can encourage people to use it with caution, it doesn't seem rational to leave such an unintuitive choice up to the novice/beginning user. Comments? -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: A 2.3.7 this month?
On Jul 15, 2010, at 4:38 AM, Jim Jagielski wrote: major patches to be folded in and ~1 week for some good internal testing at which point, assuming all is good, I tag 2.3.7 as beta. Once released, we allow for a shakedown and then, assuming all is good, branch off 2.4.x. +1. What constitutes internal testing? Paul's work to upgrade www.a.o? S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: A 2.3.7 this month?
Would OSCON be a good moment to branch 2.4.x? Or aren't we there yet? Are the issues between us and branching in STATUS? S. -- Sander Temme san...@temme.net Sent from my phone On Jul 14, 2010, at 1:25 PM, Stefan Fritsch s...@sfritsch.de wrote: Hi, what do you think about releasing 2.3.7 in the next 2 weeks, and hopefully make it a beta? Are there any open issues that are not in STATUS? Cheers, Stefan
Re: STATUS: * RFC 2616 violations.
On Jun 4, 2010, at 9:07 AM, Igor Galić wrote: n.b.: I only have commit on docs, so I couldn't actually put that in place Committed in r951477. Thanks for going through these. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: Module build defaults for trunk
On Jun 3, 2010, at 4:30 AM, Rainer Jung wrote: Reading the feedback on the modules list I posted got me into thinking: 1) Should static module linking be still the default for httpd building? +1 for dynamic build by default when APR_HAS_DSO. I don't buy the security argument: if you have sufficient privileges to replace DSO, you can also replace the web server itself. Of course folks should be able to keep building their modules static if they want to. How much autofoo is required for this and who will write it? This would be trunk, no changes to 2.2... give 'em a reason to upgrade. 2) Which pre-cooked sets of modules to provide via configure? minimal (the minimum needed to run and serve pages) default (a sane set likely to satisfy the majority of users) all (all that could reasonably be used in a deployment scenario) lint(every scrap of code in the tree) The lint option would be mostly of interest to developers who want to ensure that every module in the tree can be built and tested. If we build a module, we should turn it on (LoadModule). If the user doesn't want it turned on, they shouldn't build it. If a distributor wants to build a module and not turn it on by default, they can munge the configuration file (and many have done so). How much additional autofoo would be needed for this, and who will write it? Again, no changes to 2.2.x, trunk only. S. Currently the default set (no configure flags) is a mixture of minimal and some additional modules likely because their APACHE_MODULE m4 was copied. Then there is most, all and the possibility to enable or disable individual modules. I wonder whether some notion of most would be a better build default - but maybe not enabling the built modules by default. So there would be most (default), all and minimal. Before actually defining the according sets of modules, what do you think about the general direction? Rainer -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: What's next for 2.2 and 2.3/trunk?
On Jun 3, 2010, at 7:15 AM, Jim Jagielski wrote: PHP should largely move to FastCGI, so module compatibility should not be a problem. Any idea about other popular modules? WSGI? mod_perl? Are they ready for HEAD? That's a good question, but until we get a version of httpd 2.3/2.4/trunk out in people's hands with some confidence that what you are testing is pretty close to what it will be, API-wise, we'll never know. If I was just a module developer, I wouldn't be wasting my time following trunk either, due to our track record ;) Are we ready to freeze the API? I think that's our Alpha - Beta transition point. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Use cases for httpd?
Folks, Should we have a how do YOU use Apache checkpoint with our community to see how our users are actually deploying the server? I have a feeling many people just use their distro package, which means our discussions on what ./configure ... does has a different primary audience than we might think. We could launch an e-mail discussion, or setup a Survey Monkey (but keep it SHORT!!!) or something like that. Thoughts? S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: What's next for 2.2 and 2.3/trunk?
On Jun 3, 2010, at 8:45 AM, William A. Rowe Jr. wrote: On 6/3/2010 9:59 AM, Sander Temme wrote: On Jun 3, 2010, at 7:15 AM, Jim Jagielski wrote: PHP should largely move to FastCGI, so module compatibility should not be a problem. Any idea about other popular modules? WSGI? mod_perl? Are they ready for HEAD? That's a good question, but until we get a version of httpd 2.3/2.4/trunk out in people's hands with some confidence that what you are testing is pretty close to what it will be, API-wise, we'll never know. If I was just a module developer, I wouldn't be wasting my time following trunk either, due to our track record ;) Are we ready to freeze the API? I think that's our Alpha - Beta transition point. Freeze? Our versioning policy is and has been, n.odd == unstable, n.even == stable. Yep, and now we're working on bringing 2.3/trunk towards 2.4/stable. Beta could have some extra encouragement to avoid changing the API. Perhaps chilled over ice? Code Slush, that's where it's at. Extra assurances things are 'finished'? But users will probably react more strongly to '-beta' than they do to '-alpha', and will be more likely to participate if their favorite new feature didn't also become part of 2.2. As Jim pointed out, third party module developers are unlikely to waste cycles until we indicate that we won't pull the rug out from under them API-wise. S. -- Sander Temme scte...@apache.org PGP FP: FC5A 6FC6 2E25 2DFD 8007 EE23 9BB8 63B0 F51B B88A
Re: RFC: drop support for OpenSSL 1.0 in trunk/2.3?
On Jun 2, 2010, at 9:23 AM, Joe Orton wrote: Thanks very much for all the responses. There is strong consensus for retaining support for some varieties of 0.9.8 and possibly some 0.9.7. A new RFC, then, for trunk/2.3 and beyond: - support and build warning-free with OpenSSL = 0.9.8 - support and build with OpenSSL = 0.9.7a, albeit with (harmless) compiler warnings about argument const-ness all over the shop - drop support for OpenSSL 0.9.7a - drop support for non-OpenSSL/derivatives of OpenSSL +1 across the board. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Alpha of 2.3.6 next week
On Jun 2, 2010, at 9:02 AM, Eric Covener wrote: On Wed, Jun 2, 2010 at 11:55 AM, Jim Jagielski j...@jagunet.com wrote: I'm planning on releasing an alpha of 2.3.6 next week in hopes that we can push out a beta v. soon after. Were infra's concerns wrapped up from the last alpha? I'm sorry, I've had blackouts covering this list. What were their concerns? Were they discussed on this list? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: RFC: drop support for OpenSSL 1.0 in trunk/2.3?
On Jun 2, 2010, at 9:30 AM, Jim Jagielski wrote: On Jun 2, 2010, at 12:23 PM, Joe Orton wrote: Thanks very much for all the responses. There is strong consensus for retaining support for some varieties of 0.9.8 and possibly some 0.9.7. A new RFC, then, for trunk/2.3 and beyond: - support and build warning-free with OpenSSL = 0.9.8 - support and build with OpenSSL = 0.9.7a, albeit with (harmless) compiler warnings about argument const-ness all over the shop - drop support for OpenSSL 0.9.7a - drop support for non-OpenSSL/derivatives of OpenSSL (I have tried this out and it seems perfectly feasible.) How about --with-ssl only looks for OpenSSL = 1.0.0 and we have a new option, --with-old-ssl (or whatever) which allows for 0.9.[87] varieties... Would it reduce the complexity of the autofoo behind it enough to justify the increase in complexity for the user^Wbuilder? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Alpha of 2.3.6 next week
On Jun 2, 2010, at 11:11 AM, Eric Covener wrote: tags are cheap. If soon after 2.3.6 I need to do a 2.3.7 then I'm alright with that ;) slightly off-topic, how come our CHANGES has both a 2.3.6 and 2.3.7 banner but there's no tag for the former? Per Jim, 2.3.6 will be tagged next week. 2.3.7 will follow afterwards. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Fast by default
On Jun 2, 2010, at 12:06 PM, Sergey Chernyshev wrote: No, I'm not overthinking it - as Bryan mentioned before, hosting providers are not configuring stuff and relying on httpd project to provide viable defaults. Have you considered that the default settings are fine for the vast majority of deployments? Even for hosting services? They are in business of selling services, not development and best practices on the web and that slows down improvements (in this case performance). What slows down improvements for everyone, hosters and users alike, is the putrid mess in existence on the client side and the requirement that we target the lowest common denominator. As we have once again learned this week, even Deflate is not something that we can just enable in the expectation that it will work with all clients. Your hoster is likely not interested in fielding angry phone calls from their customers, whose customers' pages inexplicably don't load right because of a problem in the way they handle transfer encoding. That's a business decision for them: wetware staffing the phone or a potential increase in bandwidth. If your performance requirements outstrip the (technical or service) capabilities of your hoster, you'll have to look for other options. It seems to me that the hosting market is extremely commoditized at this point: there should be plenty of choice. If you still need more performance, you'll get your own infrastructure which you can then configure to your heart's desire. It's another part of performance movement to help them decide and show that gzip saves more money in traffic then it takes in CPU, for example. Documentation and education are good. Improving the documentation is especially good, since it ships with every server. I believe you have already started working on that: good idea. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: What's next for 2.2 and 2.3/trunk?
On Jun 1, 2010, at 9:08 AM, Jim Jagielski wrote: Considering that 2.3/trunk is back to limbo-land, I'd like to propose that we be more aggressive is backporting some items. Even if under experimental, it would be nice if slotmem and socache were backported. I also like the refactoring of the providers for proxy in trunk as compared to 2.2, but last time I suggested it, it looked like 2.3/2.4 was close(r) to reality... comments...? Amusingly (at least to me), I happened upon an old post by Joel Spolsky from 2002: http://www.joelonsoftware.com/articles/PickingShipDate.html For Systems With Millions of Customers and Millions of Integration Points, Prefer Rare Releases. You can do it like Apache: one release at the beginning of the Internet Bubble, and one release at the end. Perfect. I personally think we have enough to release for users to chew on: http://httpd.apache.org/docs/trunk/new_features_2_4.html PHP should largely move to FastCGI, so module compatibility should not be a problem. Any idea about other popular modules? WSGI? mod_perl? Are they ready for HEAD? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Fast by default
All, I was once offered money to provide a high-performance Apache configuration file for a website. When I pointed out that I would need to come in, analyze their app and its performance, and then iteratively tune the config accordingly, I was given to understand that this was not necessary. Just send us the config, please. They were highly miffed when I didn't lay that particular flavor of golden egg for them. I actually got fired from that gig. On Jun 1, 2010, at 5:50 AM, Plüm, Rüdiger, VF-Group wrote: And others have argued well to leave it off by default. My personal opinion is that we should leave it disabled by default for the reasons (CPU, Proxies, Browser behaviour, ETAG problem) mentioned by others. I thought it isn't in the default build because it requires an external library that may not be on the system. If this is not of concern, we might as well turn it on in the default build. Same for mod_ssl. Generally, I think we see the build and runtime configuration as a starting point from which to create your own environment, not a canonical default that is right for all (or even most) users. Distributors (Red Hat et. al.) should (and do) build httpd according to the capabilities of their environment. If that environment includes libz and openssl, no reason why packagers shouldn't build those modules. Including those features is good for their customers. As others have pointed out, a lot of performance tuning is highly site and situation specific. Once again the default configuration file cannot be expected to cover all possible situations. Deflate, caching, load balancing, proxying, content segregation, etc. can only be optimally configured only in the context of the individual deployment. If there were a silver bullet to making the web server fast, don't you think we would have fired it some time in the past 15 years? There is no such thing. The only way to get a handle on it is to read the books, figure it out, or hire a consultant. But don't expect him to lay any golden performance eggs. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: RFC: drop support for OpenSSL 1.0 in trunk/2.3?
On May 29, 2010, at 6:02 AM, Steve Marquess wrote: Dr Stephen Henson wrote: On 25/05/2010 13:45, Joe Orton wrote: I'd like to drop support for versions of OpenSSL older than 1.0 in the trunk mod_ssl. We have 200+ lines of compat macro junk and still six different compiler warnings remain in a trunk build against 1.0.0. pro: simplify code: remove ssl_toolkit_compat.h and all compat macro mess which litters the code pro: simplify testing: no longer have to test/worry about regressing builds against N subtly different versions of the OpenSSL API all pro: can drop the internal CRL revocation code in favour of OpenSSL's pro: users will be encouraged to upgrade to a modern OpenSSL which has secure TLS reneg con: trunk/2.3 won't build on all platforms/distros which ship natively with OpenSSL 1.0 (duh) con: I presume this will mean dropping support for the RSA/... toolkits, if they even work still, which I very much doubt I have several times requested access to sslc from RSA, for the stated purpose of testing Apache integration, and have always been summarily denied. Can it. So... love/hate? Deprecating obsolete libraries is a good thing, especially if there is a compelling replacement. I think this goes hand in hand with what operating system versions we will be targeting for 2.4. We should inventory which versions of the libraries are offered on each and then make the decision whether to accomodate: * Windows: none * Mac OS X 10.6: OpenSSL 0.9.8l 5 Nov 2009 * FreeBSD 6.4-STABLE: OpenSSL 0.9.7e-p1 25 Oct 2004 * FreeBSD 7.2-STABLE: OpenSSL 0.9.8e 23 Feb 2007 * FreeBSD 8-STABLE: OpenSSL 0.9.8k 25 Mar 2009 * OpenBSD 4.6: OpenSSL 0.9.8k 25 Mar 2009 * Solaris 10: 0.9.7 with backports... don't recall what's in the Coolstack but someone else may be able to tell us. * Sunfreeware.com: 1.0.0 and 0.9.7g, with both Apache 2.0.59 and 2.2.15 built against 1.0.0 * Red Hat 5: 0.9.8b with backports * Red Hat 4: 0.9.7 with backports * Ubuntu 10.04: OpenSSL 0.9.8k 25 Mar 2009 ... It seems that 0.9.8 is still fairly prevalent, and dropping support for it in 2.3/2.4 might hurt adoption in the near term. con: means FIPS 140-2 support would be dropped too. FIPS 140-2 is not supported in 1.0.0, only 0.9.8 (well 0.9.7 too but we recommend everyone use the 1.2 module with 0.9.8 if possible). Belated comment: FIPS 140-2 is used with Apache, both directly as open source and as vendor supplied binaries. FIPS 140-2 is required in U.S. DoD and federal government environments (where I do much of my consulting work). That requirement has been in place for years but is now actually being enforced. Many users would like to upgrade but can't due to that requirement. Until a new FIPS validation is available for OpenSSL 1.0.0 it would IMHO be a Very Bad Thing to drop support for 0.9.8. Such a validation will require commercial or government sponsorship, as did the earlier validations, plus a long lead time. We get occasional expressions of interest but nothing solid yet, but I'm confident it will happen eventually. In the meantime, dropping support for 0.9.8 will force many government sector Apache users elsewhere. Please note that no released version of Apache knows how to put OpenSSL into FIPS mode. When your Many Users run Apache in a situation with FIPS requirements, which and whose patches do they use? Work on FIPS integration at Apache itself stalled in 2007: http://svn.apache.org/viewvc/httpd/sandbox/gaithersburg/README-FIPS?view=log and the last commit message: In an effort to dissuade users from adopting this tree as 'ready for openssl fips', rename this repository. Gaithersburg happens to be one of the two campuses of NIST who issues the FIPS standards. When this is ready to be merged to httpd and apr, it's ready. Not before, there is a security policy document for openssl's implementation which must be adhered to. Using FIPS 140-2 certified hardware to protect the RSA private keys for websites generally happens mostly transparently through OpenSSL Engines, of which I can tell you that one, CHIL, works perfectly fine in 1.0.0. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: [PATCH] Support compiling httpd against APR/apr-util 1.x when buildconf against 2.x/trunk
On May 29, 2010, at 6:36 PM, Justin Erenkrantz wrote:
I would like to go commit the following to apr and httpd trunk.
I don't think it is appropriate for the local buildconf-time
environment to make it impossible at configure-time to use an older
APR configuration. Restoring find_apu.m4 to apr trunk resolves this
issue for me. (I'm leaving the ifdef in httpd configure.in to not
force everyone to update their APR/httpd trunks in unison; but I can
be convinced to remove the ifdef...)
Wouldn't we rather move to a construct where APR is not needed to buildconf?
If all we're doing is copy in find_apr.m4, can't we just fork that and allow it
to evolve into our own idea of finding an appropriate APR against which to
configure?
That would render the issue of buildconf against 2.x/trunk vs. configure
against 1.x moot.
S.
Thoughts? -- justin
(for APR)
svn cp
https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x/build/find_apu.m4
https://svn.apache.org/repos/asf/apr/apr/trunk/build/find_apu.m4
(for httpd)
Index: configure.in
===
--- configure.in (revision 949455)
+++ configure.in (working copy)
@@ -120,8 +120,6 @@
elif test x$with_included_apr = xyes; then
apu_found=reconfig
else
- dnl If httpd is buildconf'ed against an apr 2.x tree, then 1.x
- dnl isn't supported.
ifdef([APR_FIND_APU], [
APR_FIND_APU($srcdir/srclib/apr-util, ./srclib/apr-util,
1, ${apr_major_version})
Index: buildconf
===
--- buildconf (revision 949455)
+++ buildconf (working copy)
@@ -170,6 +170,8 @@
$apr_src_dir/build/find_apr.m4 build
if [ $apr_major_version -lt 2 ] ; then
cp $apu_src_dir/build/find_apu.m4 build
+else
+cp $apr_src_dir/build/find_apu.m4 build
fi
# Remove any libtool files so one can switch between libtool 1.3
--
Sander Temme
scte...@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
[Travel Assistance] - Applications Open for ApacheCon NA 2010
Sent on behalf of the Travel Assistance Committee: The Travel Assistance Committee is now taking in applications for those wanting to attend ApacheCon North America (NA) 2010, which is taking place between the 1st and 5th November in Atlanta. The Travel Assistance Committee is looking for people who would like to be able to attend ApacheCon, but who need some financial support in order to be able to get there. There are limited places available, and all applications will be scored on their individual merit. Financial assistance is available to cover travel to the event, either in part or in full, depending on circumstances. However, the support available for those attending only the barcamp is smaller than that for people attending the whole event. The Travel Assistance Committee aims to support all ApacheCons, and cross-project events, and so it may be prudent for those in Asia and the EU to wait for an event closer to them. More information can be found on the main Apache website at http://www.apache.org/travel/index.html - where you will also find a link to the online application and details for submitting. Applications for applying for travel assistance are now being accepted, and will close on the 7th July 2010. Good luck to all those that will apply. You are welcome to tweet, blog as appropriate. Regards, The Travel Assistance Committee. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
[Travel Assistance] - Applications Open for ApacheCon NA 2010
Sent on behalf of the Travel Assistance Committee: The Travel Assistance Committee is now taking in applications for those wanting to attend ApacheCon North America (NA) 2010, which is taking place between the 1st and 5th November in Atlanta. The Travel Assistance Committee is looking for people who would like to be able to attend ApacheCon, but who need some financial support in order to be able to get there. There are limited places available, and all applications will be scored on their individual merit. Financial assistance is available to cover travel to the event, either in part or in full, depending on circumstances. However, the support available for those attending only the barcamp is smaller than that for people attending the whole event. The Travel Assistance Committee aims to support all ApacheCons, and cross-project events, and so it may be prudent for those in Asia and the EU to wait for an event closer to them. More information can be found on the main Apache website at http://www.apache.org/travel/index.html - where you will also find a link to the online application and details for submitting. Applications for applying for travel assistance are now being accepted, and will close on the 7th July 2010. Good luck to all those that will apply. You are welcome to tweet, blog as appropriate. Regards, The Travel Assistance Committee. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: svn commit: r945879 - /httpd/test/framework/trunk/t/modules/info.t
On May 23, 2010, at 7:13 AM, Ruediger Pluem wrote: This seems to fail with non shared builds of mpms: How can the Test framework find out whether the MPM has been built shared? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: FixedInTrunk keyword?
On May 10, 2010, at 11:36 AM, William A. Rowe Jr. wrote: On 5/10/2010 1:28 PM, Daniel Ruggeri wrote: Hi, all. I found this document today stating the following: Each developer is responsible for notifying the mailing list and adding an action item to STATUS when they have an idea for a new feature or major change to propose for the product. Since I am not a committer, how would I go about having my submitted patch added to the STATUS file in the 2.2 branch after it has been FixedInTrunk? Speaking for myself only, we seem to have an interesting symbiosis with Bugzilla. We all agree it's necessary to have a formal issue tracker, but the informal discussion on dev@ often works faster and smoother. Just post a patch to the dev@ list. The plain text would be fine by me, but you want to ensure any committer can patch STATUS for you, no matter which workflow they use. I agree with wrowe. Check out http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x and edit STATUS. See the existing backport proposals for guidance on formatting. Then run svn diff STATUS and send the result to the list. If the backported patch materially differs from the revision changes in trunk, I'd suggest either publishing a patch against 2.2.x HEAD somewhere (anywhere) or attaching it to your patch for STATUS. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Stop accepting PRs for 1.3?
Crowd, Since we have released our last release, how about we close the Apache httpd-1.3 product in Bugzilla for entering new bugs? Say the word and I'll click the clicky in the Bugzilla admin. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
UTF-8 strings through ap_log_cerror()?
Folks, Referring to this exchange: http://www.mail-archive.com/openssl-us...@openssl.org/msg60934.html the culprit calling X509_NAME_oneline() is obviously us, around ssl_engine_kernel.c: 1318 in 2.2.x-head. While this code has moved to ssl_engine_log.c in trunk, we're still calling the deprecated function. According to dr. Stephen, the correct function to call is X509_NAME_print_ex(), but that writes to a BIO. Could a string be made of a BIO? And if one were, would ap_log_cerror() be able to print it in all its UTF-8-y glory? S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: [Survey] Maintained builds - was Re: httpd trunk, apr/apu 1.4 branches and Linux
On Apr 25, 2010, at 9:07 AM, William A. Rowe Jr. wrote: Maintainers, which of the below do you *frequently* use during development against trunk (as opposed to occasional/infrequent testing)? [ ] ./configure and build entirely in-tree (httpd/srclib/* etc) [ ] ../httpd/configure into a single seperate vpath tree [√] configure for separately built or OS-provisioned expat [√] configure for separately built or OS-provisioned pcre [√] configure for separately built or OS-provisioned apr[-util] Please check off all-of-the-above that apply, thanks! My typical build on my laptop goes as follows: 1) svn up apr and apr-util 1.4.x and httpd 2) Put my own autotools build in front of my PATH (specifically for libtool 1.5.26) 3) Buildconf and build apr and apr-util in a directory keyed to their revision (like /tmp/r937654) 4) Buildconf httpd trunk and try to configure it 5) svn up pcre, buildconf, build and install it in the same prefix 6) Configure httpd with the following script: #! /bin/sh -x # # Created by configure prefix=$1 if [ x$prefix = x ]; then echo Usage: $0 install-prefix exit 1 fi CFLAGS=-DDEBUG -O0 -DDYNAMIC_MODULE_LIMIT=128; export CFLAGS ./configure \ --prefix=$prefix \ --with-apr=$prefix \ --with-apr-util=$prefix \ --with-pcre=$prefix \ --with-ssl=$prefix \ --with-port=8080 \ --enable-maintainer-mode \ --enable-so \ --with-layout=Apache \ --enable-modules=all \ --enable-mods-shared=all \ --enable-isapi=shared \ --enable-bucketeer=shared \ --enable-echo=shared \ --enable-example-hooks=shared \ --enable-case-filter=shared \ --enable-case-filter-in=shared \ --enable-example-ipc=shared \ --enable-charset-lite=shared \ --enable-proxy=shared \ --enable-proxy-connect=shared \ --enable-proxy-ftp=shared \ --enable-proxy-http=shared \ --enable-proxy-fcgi=shared \ --enable-proxy-ajp=shared \ --enable-proxy-balancer=shared \ --enable-ssl=shared \ --enable-optional-hook-export=shared \ --enable-optional-hook-import=shared \ --enable-optional-fn-import=shared \ --enable-optional-fn-export=shared \ --enable-dialup=shared \ --enable-suexec=shared \ --enable-dav-lock=shared Note that this can also pull in an included OpenSSL, but quietly falls back on the system copy if none have been installed under $prefix. I guess I could do this vpath, and I should be able to independently vary the httpd --prefix so I can build multiple httpds when experimenting. But this works. The module complement is what the perl-framework needs. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: HTTP trailers?
Mark, On Apr 22, 2010, at 5:40 PM, Mark Nottingham wrote: I couldn't find any obvious way to set HTTP trailers in Apache 2.x without taking over all response processing (a la nph). Stupid question: what is an HTTP trailer? Is this in the context of Chunked transfer-encoding? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: FixedInTrunk keyword?
On Apr 20, 2010, at 12:41 PM, Daniel Ruggeri wrote: Hi all; I have a little confusion regarding the FixedInTrunk keyword when applied to a bug. What does it mean? My assumption is that it means that the code changes needed to fix the bug have been committed to the source repository and the fix will be available in the next stable release. Once that happens, the bug will be closed. Is this accurate? That's not how I read it. The current stable releases are taken from the 2.2.x branch. Issues fixed in trunk are proposed for backport in the STATUS file: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS and backported once they collect the requisite three +1 votes. A FixedInTrunk keyword would allow you to take the fix and backport it on your own, ahead of any activity by the httpd project, should you have a need to do so. S. Thank you for your time answering my simple question -Daniel Ruggeri -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Reminder: ApacheCon NA 2010 HTTP Server Track Call for Participation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reminder: the Call For Proposals for the Apache HTTP Server track closes TOMORROW NIGHT, April 4. If you would like to submit a session proposal, please do so now! See below for instructions. - ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA. The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more. ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference. Topics of interest include: * Case studies on deployment of the Apache HTTP Server within your organization * How-to sessions on working with certain aspects of the Apache HTTP Server technology * What's New? sessions on new features of recent and upcoming versions of the Apache HTTP Server * Sessions discussing third-party extensions to the Apache HTTP Server * Security topics surrounding the Apache HTTP Server * Performance and scalability of Apache HTTP Server deployment * Cool things we all should know the Apache HTTP Server can do * How you solved particularly gnarly problems deploying the Apache HTTP Server Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon. Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations. All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed. To submit a presentation proposal, please edit the following Wiki page: http://wiki.apache.org/httpd/ApacheCon2010Atlanta and add your proposal, including: 1) Your full name, title and organization 2) Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load 3) The name of your proposed session (keep your title simple and relevant to the topic) 4) A 75-200 word overview of your presentation 5) A 100-200 word speaker bio that includes prior conference speaking or related experience You will find an empty table template at the bottom of the page. Please copy this and fill it in. Please mail any quesions regarding proposal submissions to p...@httpd.apache.org. To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee. Key Dates: April 4, 2010: Call for Participation closes May 17, 2010: Speaker Acceptance/Rejection notification November 1-5, 2010: ApacheCon NA 2010 We look forward to seeing you in Atlanta! Sander Temme Apache HTTP Server Track Coordinator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLuAsFAAoJEJu4Y7D1G7iK8+IP/2Vksf9BUIH+FftV2/CQYEPv R2OPHp3lCaTo30YTWE++q3gCMA64JjPOTD386GMEqyCG1xRDsbRCrztXlrfPExM7 SG5X/1CLYXyvDvWNK7UvW0aXlYGeZH/UZpoVD6P8rvCP3s1GBl4QT/mXbHbTsrxH xqCoezCX5TloPH+VNtnAlsIq0vmWeWQ5xDmbH7LRbl/eTQdRlQb52sCeK4vjVUdF 7Kjee8TwomHqjfaztyzRJsQcwfgzXq1iKwuFkL/ZXl6qHR4ob6Qo7DcSr8En/Ug2 +x5rv5k/85bbVv00BLBcHnkSIzly+E+19BjIqkFoBdgG0dTjm6YGP+NWiw4qtS/U CbfC4VAeX3stsfaMeElHPUrGPZ9CBx2uKAaXHvi7UXbfskiAT6P0zPhJq+PLuoOg ImySdlWoAq94ZZJziktfIxppRaOqbiEL5LXCMvyBYMmmEgZ15Z+lmdWk0akoedZp ous+m12nYTq9DsK/+iQxHytIxnmQNsOmsghdNllORkWhA4sdgQt3XUdiR+JSWqkY OQXN0Gy/PbPzLgqbM+GkXsTZoJJ0M4nAvjODrNaH89RGD4dBMW/O4PATuVfSpjCB 7ZI4G0CG0FFE01J3ingX+X/nAWXA4N/WHD/J9SRmFHrrLi805kIMcyDxzsKptdVE oSmqggCWEADo1JaJ/nE4 =ROm7 -END PGP SIGNATURE- -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Reminder: ApacheCon NA 2010 HTTP Server Track Call for Participation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reminder: the Call For Proposals for the Apache HTTP Server track closes TOMORROW NIGHT, April 4. If you would like to submit a session proposal, please do so now! See below for instructions. - ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA. The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more. ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference. Topics of interest include: * Case studies on deployment of the Apache HTTP Server within your organization * How-to sessions on working with certain aspects of the Apache HTTP Server technology * What's New? sessions on new features of recent and upcoming versions of the Apache HTTP Server * Sessions discussing third-party extensions to the Apache HTTP Server * Security topics surrounding the Apache HTTP Server * Performance and scalability of Apache HTTP Server deployment * Cool things we all should know the Apache HTTP Server can do * How you solved particularly gnarly problems deploying the Apache HTTP Server Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon. Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations. All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed. To submit a presentation proposal, please edit the following Wiki page: http://wiki.apache.org/httpd/ApacheCon2010Atlanta and add your proposal, including: 1) Your full name, title and organization 2) Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load 3) The name of your proposed session (keep your title simple and relevant to the topic) 4) A 75-200 word overview of your presentation 5) A 100-200 word speaker bio that includes prior conference speaking or related experience You will find an empty table template at the bottom of the page. Please copy this and fill it in. Please mail any quesions regarding proposal submissions to p...@httpd.apache.org. To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee. Key Dates: April 4, 2010: Call for Participation closes May 17, 2010: Speaker Acceptance/Rejection notification November 1-5, 2010: ApacheCon NA 2010 We look forward to seeing you in Atlanta! Sander Temme Apache HTTP Server Track Coordinator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLuAsFAAoJEJu4Y7D1G7iK8+IP/2Vksf9BUIH+FftV2/CQYEPv R2OPHp3lCaTo30YTWE++q3gCMA64JjPOTD386GMEqyCG1xRDsbRCrztXlrfPExM7 SG5X/1CLYXyvDvWNK7UvW0aXlYGeZH/UZpoVD6P8rvCP3s1GBl4QT/mXbHbTsrxH xqCoezCX5TloPH+VNtnAlsIq0vmWeWQ5xDmbH7LRbl/eTQdRlQb52sCeK4vjVUdF 7Kjee8TwomHqjfaztyzRJsQcwfgzXq1iKwuFkL/ZXl6qHR4ob6Qo7DcSr8En/Ug2 +x5rv5k/85bbVv00BLBcHnkSIzly+E+19BjIqkFoBdgG0dTjm6YGP+NWiw4qtS/U CbfC4VAeX3stsfaMeElHPUrGPZ9CBx2uKAaXHvi7UXbfskiAT6P0zPhJq+PLuoOg ImySdlWoAq94ZZJziktfIxppRaOqbiEL5LXCMvyBYMmmEgZ15Z+lmdWk0akoedZp ous+m12nYTq9DsK/+iQxHytIxnmQNsOmsghdNllORkWhA4sdgQt3XUdiR+JSWqkY OQXN0Gy/PbPzLgqbM+GkXsTZoJJ0M4nAvjODrNaH89RGD4dBMW/O4PATuVfSpjCB 7ZI4G0CG0FFE01J3ingX+X/nAWXA4N/WHD/J9SRmFHrrLi805kIMcyDxzsKptdVE oSmqggCWEADo1JaJ/nE4 =ROm7 -END PGP SIGNATURE- -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
ApacheCon NA 2010 HTTP Server Track Call for Participation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA. The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more. ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference. Topics of interest include: * Case studies on deployment of the Apache HTTP Server within your organization * How-to sessions on working with certain aspects of the Apache HTTP Server technology * What's New? sessions on new features of recent and upcoming versions of the Apache HTTP Server * Sessions discussing third-party extensions to the Apache HTTP Server * Security topics surrounding the Apache HTTP Server * Performance and scalability of Apache HTTP Server deployment * Cool things we all should know the Apache HTTP Server can do * How you solved particularly gnarly problems deploying the Apache HTTP Server Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon. Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations. All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed. To submit a presentation proposal, please edit the following Wiki page: http://wiki.apache.org/httpd/ApacheCon2010Atlanta and add your proposal, including: 1) Your full name, title and organization 2) Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load 3) The name of your proposed session (keep your title simple and relevant to the topic) 4) A 75-200 word overview of your presentation 5) A 100-200 word speaker bio that includes prior conference speaking or related experience You will find an empty table template at the bottom of the page. Please copy this and fill it in. Please mail any quesions regarding proposal submissions to p...@httpd.apache.org. To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee. Key Dates: April 4, 2010: Call for Participation closes May 17, 2010: Speaker Acceptance/Rejection notification November 1-5, 2010: ApacheCon NA 2010 We look forward to seeing you in Atlanta! Sander Temme Apache HTTP Server Track Coordinator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLpxTlAAoJEJu4Y7D1G7iKB64QAKNCzqAor7FYgGZ6pOQfx1Ww 23BnJ8T2TWoMjav31McX7GgMaZK9b5X4gGy/TiCU695EuIMCtHu7V7rJncIrfbwF csmfvFPDUBzCLDAa1r5qitqy2SA0lBxpZkDABGhY9Yy05m01HXQqq0pWQDMl21VC e+TR2kXdAWmiBi604CIahsN+ek3K6m3LmmL7A/LRT210RTD8EYHuCHepC9FpdCvo uToy8ZU724FqHqW8gWrg0dcXIiIpBkrrZy/RvjXg5UWubokfk9QuG99e+cKnXofK P9VBptOAss0YlRL5gNPwd8FUyFfh+bPT3q1BxTAOolMghCWVzsPHCrRkIGavsLm2 Bik8OJnYH1UjSX8T6un7L42RQhEpQ2UZIjzlaVXFwtI3ZESc/vEM0Rh0yFYZKntg 89D0JqKeN4xb+O40M241Nvt3tj7nHE1ZVmVaoFq0cYULF7vnkeLgQadjXUbvpxgS 6gX0WYGsZA6DLD7lTpiNOxSLs7LOpWK6L4fsOcFe/LTEhSOKc2BImpId+vPJCL6c km2R2DpTCuyR0VTnOU9yDWniSaOaf85YCZcOkk1hokYBHEPawrHRiIQ/nFzDgRka qNZ7SzzkSSttqnfrA0pRXDcET1u+L1VoiVwWPGFXEG9InxWW/EsAlLF+NjmZVqt+ RjgTqhraVbOryn+hECMD =G6Q/ -END PGP SIGNATURE- -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
ApacheCon NA 2010 HTTP Server Track Call for Participation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ApacheCon North America 2010 will be held 1-5 November 2010, at the Westin Peachtree in Atlanta, Georgia, USA. The official conference, trainings and expo of the Apache Software Foundation (ASF) will run to Atlanta this November, with dozens of sessions on Servers, Cloud Computing, Search NoSQL, Incubating projects, innovations, emerging technologies, and more. ApacheCon would not be complete without a track dedicated to the project that started it all, the Apache HTTP Server. The Project Management Committee (PMC) are currently planning our own technical track for ApacheCon. We are solliciting 50-minute presentations for our conference track, to fill one day at the conference. Topics of interest include: * Case studies on deployment of the Apache HTTP Server within your organization * How-to sessions on working with certain aspects of the Apache HTTP Server technology * What's New? sessions on new features of recent and upcoming versions of the Apache HTTP Server * Sessions discussing third-party extensions to the Apache HTTP Server * Security topics surrounding the Apache HTTP Server * Performance and scalability of Apache HTTP Server deployment * Cool things we all should know the Apache HTTP Server can do * How you solved particularly gnarly problems deploying the Apache HTTP Server Submissions are open to anyone with relevant expertise: ASF affiliation is not required to present at, attend, or otherwise participate in ApacheCon. Please keep in mind that whilst we are encourage submissions that the highlight the use of specific Apache solutions, we are unable to accept marketing/commercially-oriented presentations. All accepted speakers (not co-presenters) qualify for general conference admission and a minimum of two nights lodging at the conference hotel. Additional hotel nights and travel assistance are possible, depending on the number of presentations given and type of assistance needed. To submit a presentation proposal, please edit the following Wiki page: http://wiki.apache.org/httpd/ApacheCon2010Atlanta and add your proposal, including: 1) Your full name, title and organization 2) Contact information, including your e-mail address. Feel free to obfuscate if you think that this will make a difference in your SPAM load 3) The name of your proposed session (keep your title simple and relevant to the topic) 4) A 75-200 word overview of your presentation 5) A 100-200 word speaker bio that includes prior conference speaking or related experience You will find an empty table template at the bottom of the page. Please copy this and fill it in. Please mail any quesions regarding proposal submissions to p...@httpd.apache.org. To be considered, proposals must be received by Sunday, April 4nd, 2010, at 23:59:59 Pacific Time. Following this time, the PMC will hold a vote and suggest the most interesting proposals to the ApacheCon Planning Committee for acceptance to the conference. Note that the Apache HTTP Server PMC does not itself accept session proposals: it merely makes recommendations to the Planning Committee. Key Dates: April 4, 2010: Call for Participation closes May 17, 2010: Speaker Acceptance/Rejection notification November 1-5, 2010: ApacheCon NA 2010 We look forward to seeing you in Atlanta! Sander Temme Apache HTTP Server Track Coordinator -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJLpxTlAAoJEJu4Y7D1G7iKB64QAKNCzqAor7FYgGZ6pOQfx1Ww 23BnJ8T2TWoMjav31McX7GgMaZK9b5X4gGy/TiCU695EuIMCtHu7V7rJncIrfbwF csmfvFPDUBzCLDAa1r5qitqy2SA0lBxpZkDABGhY9Yy05m01HXQqq0pWQDMl21VC e+TR2kXdAWmiBi604CIahsN+ek3K6m3LmmL7A/LRT210RTD8EYHuCHepC9FpdCvo uToy8ZU724FqHqW8gWrg0dcXIiIpBkrrZy/RvjXg5UWubokfk9QuG99e+cKnXofK P9VBptOAss0YlRL5gNPwd8FUyFfh+bPT3q1BxTAOolMghCWVzsPHCrRkIGavsLm2 Bik8OJnYH1UjSX8T6un7L42RQhEpQ2UZIjzlaVXFwtI3ZESc/vEM0Rh0yFYZKntg 89D0JqKeN4xb+O40M241Nvt3tj7nHE1ZVmVaoFq0cYULF7vnkeLgQadjXUbvpxgS 6gX0WYGsZA6DLD7lTpiNOxSLs7LOpWK6L4fsOcFe/LTEhSOKc2BImpId+vPJCL6c km2R2DpTCuyR0VTnOU9yDWniSaOaf85YCZcOkk1hokYBHEPawrHRiIQ/nFzDgRka qNZ7SzzkSSttqnfrA0pRXDcET1u+L1VoiVwWPGFXEG9InxWW/EsAlLF+NjmZVqt+ RjgTqhraVbOryn+hECMD =G6Q/ -END PGP SIGNATURE- -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Nod to 2.0, one more time?
On Mar 22, 2010, at 6:52 AM, William A. Rowe Jr. wrote: Wondering if we are comfortable tagging and releasing 2.0.64 in the coming days? These security issues aught to be addressed, and while we are at it, it just seems like a nice thing to do as we get closer to some 2.3 beta and further from any more improvements to 2.0. +1 Opinions? Volunteers? If there are no objections and no volunteer, its something I'm happy to do later this week. I'll review the set of ssl patches tomorrow. I don't think I'd RM but I'll endeavor to test. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: What happened to mod_lua?
On Mar 7, 2010, at 7:58 PM, HyperHacker wrote: Nothing on Apache's site at all. It's been adopted into httpd trunk: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/ Also mentioned on the New Features page: http://httpd.apache.org/docs/trunk/new_features_2_4.html although it seems that documentation is a work in progress. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: State of mod_lua?
On Feb 19, 2010, at 9:19 AM, Igor Galić wrote: I've thought about trying it out, but haven't yet, in part because there doesn't seem to be any documentation under httpd trunk. Does Brian have any of his slides online? That may be as far as we got yet concerning docs. Yesterday I finally received my copy of ``Programming in Lua'' and I'm planning to work through Nick's ``The Apache Modules Book'' again, as a first preparation for the documentation. So far the plan is to make it a project for Dublin. Ehm. There are two incarnations already of a Lua module. One in trunk/modules/lua, and one http://svn.apache.org/viewvc/httpd/mod_wombat/ that could load into older versions of httpd. The latter is an earlier version of the former, both written by Brian McAllister. Aside from satisfying your own curiosity (which is a perfectly valid reason), why invent another one? Or am I misreading you? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Fwd: Cron bugm...@brutus /root/bin/bugcron.sh
Begin forwarded message: ASF Bugzilla is running its weekly stats at Sun Feb 7 23:08:02 UTC 2010 .. 65 bugs for Apache httpd-1.3 Now that we have lowered the boom on 1.3, shall we close it out for new bugs? Anyone have an opinion on the existing open bugs? Uproot them or let them wilt? S. -- san...@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] 1.3.42 release candidate
On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; What happened to this, besides making Slashdot? BTW: No regressions. +1 S. Darwin Legadema.local 10.2.0 Darwin Kernel Version 10.2.0: Tue Nov 3 10:37:10 PST 2009; root:xnu-1486.2.11~1/RELEASE_I386 i386 1.3.41: Test Summary Report --- t/apache/contentlength.t (Wstat: 0 Tests: 20 Failed: 6) Failed tests: 6, 10, 14, 16, 18, 20 t/apache/headers.t(Wstat: 0 Tests: 24 Failed: 3) Failed tests: 3, 6, 9 t/apache/pr37166.t(Wstat: 0 Tests: 4 Failed: 1) Failed test: 4 t/modules/include.t (Wstat: 0 Tests: 81 Failed: 2) Failed tests: 29, 44 TODO passed: 20 t/modules/proxy.t (Wstat: 0 Tests: 15 Failed: 2) Failed tests: 12-13 t/modules/rewrite.t (Wstat: 0 Tests: 29 Failed: 1) Failed test: 24 t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 Files=72, Tests=1902, 42 wallclock secs ( 1.27 usr 0.40 sys + 20.64 cusr 4.70 csys = 27.01 CPU) Result: FAIL Failed 7/72 test programs. 17/1902 subtests failed. [warning] server localhost:8529 shutdown [ error] error running tests (please examine t/logs/error_log) 1.3.42: Test Summary Report --- t/apache/contentlength.t (Wstat: 0 Tests: 20 Failed: 6) Failed tests: 6, 10, 14, 16, 18, 20 t/apache/headers.t(Wstat: 0 Tests: 24 Failed: 3) Failed tests: 3, 6, 9 t/apache/pr37166.t(Wstat: 0 Tests: 4 Failed: 1) Failed test: 4 t/modules/include.t (Wstat: 0 Tests: 81 Failed: 2) Failed tests: 29, 44 TODO passed: 20 t/modules/proxy.t (Wstat: 0 Tests: 15 Failed: 2) Failed tests: 12-13 t/modules/rewrite.t (Wstat: 0 Tests: 29 Failed: 1) Failed test: 24 t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 Files=72, Tests=1902, 38 wallclock secs ( 1.25 usr 0.38 sys + 20.53 cusr 4.68 csys = 26.84 CPU) Result: FAIL Failed 7/72 test programs. 17/1902 subtests failed. [warning] server localhost:8529 shutdown [ error] error running tests (please examine t/logs/error_log) -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] 1.3.42 release candidate
On Jan 26, 2010, at 5:03 PM, Colm MacCárthaigh wrote: On Wed, Jan 27, 2010 at 12:43 AM, Sander Temme scte...@apache.org wrote: On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; What happened to this, besides making Slashdot? I transited the atlantic twice. I actually wasted about 2 days and 7 EC2 instances trying to document how many build problems there were on modern linux distros due to the glibc/dash problems ... to try and come up with a coherent here's how to build, run, and test ... but it's a complete mess. A valiant effort! And an illustration of one of the reasons why we're calling it a day: this code is stale and by now impossible to maintain. We have since grown cleaner, more versatile and more maintainable ways to copy data from one file descriptor to another. We move forward on those, and stop clinging to the past. There are technically enough binding votes for release now, though there is still the outstanding with the bundled docs tree (which ironically turned out to be due to my using dash for testing!). Unless there are any vetoes in the next 2 days, I'd be inclined to release as-is, with the docs tree rerolled to fix includes. It is *definitely* worth never making another release again imo, patches are far less burden than this show! Why don't we do this: roll the same tag with the docs fixes as you indicate immediately above; sign, hash and put them up on dev/dist. Then call 72 hours. We have a quick look to see if smoke emerges and, if not, we can release early next week. That would also give us the opportunity to align PRC. Thoughts? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] Release httpd 2.3.5-alpha
On Jan 21, 2010, at 2:34 PM, Paul Querna wrote: +/- 1 [+1] Release httpd-2.3.5 as Alpha Sigs good, it unpacks, builds and runs. Set it free. Give the packagers and 3rd party module developers something to play with (PHP5 for instance, does not build). S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: next alpha, this Wednesday?
On Jan 19, 2010, at 6:14 PM, William A. Rowe Jr. wrote: For APR, we can use 1.4.1: http://svn.apache.org/repos/asf/apr/apr/tags/1.4.1/ Actually 1.4.1 is going not-released, because of a significant hash/table regression. But I'll make life easy, and tag 1.4.2 [essentially 1.4.1 less that broken commit] before lunchtime tomorrow. As 1.4.1 saw no -other- objections than this problem observed at SVN, there's almost no reason it won't be approved. And the %lld printf formatter on MacOSX... small, but it does break a test. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: next alpha, this Wednesday?
On Jan 20, 2010, at 9:42 AM, William A. Rowe Jr. wrote: On 1/20/2010 10:01 AM, Sander Temme wrote: And the %lld printf formatter on MacOSX... small, but it does break a test. That's fixed on the branch, or no? About to tag 1.4.2. I'm about to get on a flight, will test once under way. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: next alpha, this Wednesday?
On Jan 19, 2010, at 1:37 PM, Paul Querna wrote: I'm planning roughly on doing another 2.3.x-alpha tag on this late Wednesday, January 20th. Should give us enough time to vote on it over the weekend, and ship it out on Monday/tuesday next week, during the hackathon at G. Do we have an APR to roll into a *-deps, or are we canning the notion of *-deps until such things solidify? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
We're on Slashdot
http://apache.slashdot.org/story/10/01/12/1359206/Apache-May-Stop-13-20-Series-Releases Quoting this article from Australia: http://www.techworld.com.au/article/332190/apache_mulls_end_1_3_2_0_releases Note: no buzz whatsoever about 2.4. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] 1.3.42 release candidate
On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; http://people.apache.org/~colm/1.3.42/ Not seeing gpg sigs or md5s on the tarballs. Didn't we used to do that back then? S. As per the changes, there are two updates; *) SECURITY: CVE-2010-0010 (cve.mitre.org) mod_proxy: Prevent chunk-size integer overflow on platforms where sizeof(int) sizeof(long). Reported by Adam Zabrocki. [Colm MacCárthaigh *) Protect logresolve from mismanaged DNS records that return blank/null hostnames. [Jim Jagielski] Notes; this is intended as the final release of Apache httpd 1.3, which has reached end of life. Security updates may continue to be provided by another means (see the CHANGES file for details). Apache httpd 1.3's ./configure script does not work with some versions of dash. Please change the hash-bang line to execute a bourne-compatible shell, such as /bin/bash on platforms affected. Many thanks in advance for your help and testing. -- Colm -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] 1.3.42 release candidate
On Jan 8, 2010, at 9:41 AM, Sander Temme wrote: On Jan 8, 2010, at 4:29 AM, Colm MacCárthaigh wrote: There is a 1.3.42 release candidate for testing, and voting, at; http://people.apache.org/~colm/1.3.42/ Not seeing gpg sigs or md5s on the tarballs. Didn't we used to do that back then? Never mind, two sips of coffee later I found the .asc files. Maybe by the end of my cup I'll see hashes. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: httpd meetup/hackathon, January?
On Dec 9, 2009, at 4:53 AM, Jeff Trawick wrote: On Tue, Dec 8, 2009 at 7:49 PM, Paul Querna p...@querna.org wrote: On Mon, Dec 7, 2009 at 11:50 AM, Paul Querna p...@querna.org wrote: Hi Everyone, Over on TraffiicServer, there is rough talk of doing some kind of meetup/hackathon the week of January 27th 2010, in Silicon Valley. Alternative is the week of January 13th -- would this earlier date change the ability of anyone to attend? no difference to me I'd prefer the later time slot. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: httpd meetup/hackathon, January?
On Dec 7, 2009, at 11:50 AM, Paul Querna wrote: I was thinking it might also be a good time to get some httpd'ers together and spend a day finishing 2.4, and cross-pollinate ideas with the TS developers. +1 Count me in. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] Release httpd 2.3.4-alpha
On Nov 30, 2009, at 9:32 AM, Jeff Trawick wrote: On Wed, Nov 25, 2009 at 5:43 PM, Paul Querna p...@querna.org wrote: Test tarballs for Apache httpd 2.3.4-alpha are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/- 1 [ ] Release httpd-2.3.4 as Alpha Vote closes at 18:00 UTC on Monday November 30 2009. I could use an extra couple of hours. Who else is still playing or about to start? I've had my look and my say, but yes if others are willing to spend some time I'd encourage Paul to extend the vote. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] Release httpd 2.3.4-alpha
On Nov 30, 2009, at 12:19 PM, Michael Felt wrote: update: what you probably already knew: httpd-2.2.14 included a srclib directory with pcre. That is missing in the alpha tarball. mich...@x054:[/data/prj/alpha/httpd-2.3.4-alpha]find . | grep pcre ./server/util_pcre.c How you deal with it is your concern, but anyone with AIX will have to create an adjusted system to build the sources. Yes, as Paul said this is deliberate: PCRE is no longer bundled. It now has the same status as Zlib, which I see from your original post you also pull in from a non-OS location. Whether we should include appropriate versions of libraries like libz and pcre in our Deps tarball is another discussion... S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] Release httpd 2.3.4-alpha
On Nov 30, 2009, at 1:12 PM, William A. Rowe Jr. wr...@rowe- clan.net wrote: Paul Querna wrote: Test tarballs for Apache httpd 2.3.4-alpha are available at: http://httpd.apache.org/dev/dist/ Your votes please; +/- 1 [-1] Release httpd-2.3.4 as Alpha for shipping the package httpd-2.3.4-deps; 1.4.0-dev is not released and I strongly feel the httpd project isn't in the business of doing so. How big an overlap do we still have, community wise, with APR? Obviously we should discuss that on the d...@apr list. Look, PCRE is a mandatory component. APR is a mandatory component. Let's please start applying some rhyme to our reasoning again. Meaning? Put pcre in -deps? With libz? That's mandatory for deflate. S.
Re: A fundamentally secure Apache server, any interest?
Hi Kevin, Definitely not the right list: this is where we discuss development of the Apache HTTP Server code. us...@httpd.apache.org may be a better forum within apache.org. Outside Apache, several initiatives exist to look into hardening web servers. The Center for Internet Security http://www.cisecurity.org/ is one of them. On Nov 16, 2009, at 8:42 AM, Sweere, Kevin E CTR USAF AFRL/RYT wrote: I work for the US Air Force. We have a prototype that dramatically, fundamentally increases a web server's security. We run an Apache server within a minimized, user-level-only, Linux variant only within RAM and from only a DVD (no harddrive). With no shells, hackers have nowhere to go. With no persistent memory, malware has no place to reside. A simple reboot restores the website to a pristine state within minutes. I agree. Putting the entire OS and content on a read-only device (whether DVD or otherwise) significantly reduces your exposure to attacks for all these reasons. The OS will need *some* writable space (like /tmp and /var/run), but I assume you made like Knoppix and Ubuntu Live and their ilk, and use RAM disks for that. Because a LiveDVD holds the OS, apps and content, its best for static, non-interactive, low-volume, high-value, highly-targeted websites. Any change means burning a new DVD, but this also makes testing easier and less noisy. Logs are tricky to extract. You could write logs to a RAM disk, with obvious implications on retention. Or you could spool them to another server either through a network mount or mod_log_spread. The httpd configuration language allows you to put log files in any place you like, and there are several approaches to rotating log files if space is an issue. Or you can use a third party module to write logs like the aforementioned mod_log_spread, which is not part of httpd itself. While it has worked well, some of us believe its usability drawbacks (e.g. limited ability to receive input from users, every change needs a new DVD) outweigh its great security benefits making it unmarketable (in govt or industry) and thus just another prototype to leave on the shelf. You are in for a perpetual war between Operations (whose pager goes off when things break) and dev (whose time-to-market is implicated by the fixed environment). You could mitigate that problem by reading site content from a remote machine, either continuously over a network mount or by copying it into a RAM disk on boot. The former might be slower, but would allow for more frequent site updates. It's a trade-off, as usual. Keeping the remote mount read-only (even for root) will allow you achieve your goal of a read-only environment. More comprehensive upgrades that would involve adding modules or changing configuration parameters should trigger a change management process that would lead to an update of the boot image. I'm curious what your group thinks. Thanks in advance -- I don't quite know with whom to discuss this idea. As Mark points out, this would be very secure but very hard to manage, and my impression is that time-to-market pressure and available expertise frequently cause ideas like this to fall by the wayside. Fundamentally, booting web heads from a read-only medium like an optical drive or PXE is a sound idea. Any initiative, installation method or distribution that makes this easier to manage might increase adoption. S. bikeshedI'd base it on BSD though/bikeshed -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: Obsolete modules in 2.3
On Nov 12, 2009, at 8:13 AM, Niklas Edmundsson wrote: So drop the confusing example module instead? Or has it been fixed lately? ;) mod_example is now mod_example_hooks and aims to implement a handler for every hook in the server. It should no longer have the threading issues previously ascribed to it. There is a mod_example_ipc that shows how to use shared memory and mutexes. I thought I'd put in a very skinny mod_example that would be similar to (or the same as) what apxs -g produces, but I don't see that in trunk and forget what if anything was discussed about it. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: ssl related test failures
Hi Stefan, On Nov 9, 2009, at 2:25 AM, Stefan Fritsch wrote: Hi, with openssl 0.9.8k, I currently get a large number of test failures: These tests do not fail for me. Can you run a subset in verbose and see how they fail? Like: t/TEST ... -verbose t/ssl/basicauth.t should get you some more insight. Also, which platform? S. Test Summary Report --- t/ssl/basicauth.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/env.t (Wstat: 0 Tests: 30 Failed: 15) Failed tests: 16-30 t/ssl/extlookup.t (Wstat: 0 Tests: 2 Failed: 2) Failed tests: 1-2 t/ssl/fakeauth.t (Wstat: 0 Tests: 3 Failed: 2) Failed tests: 2-3 t/ssl/proxy.t (Wstat: 0 Tests: 172 Failed: 118) Failed tests: 1-59, 114-172 t/ssl/require.t (Wstat: 0 Tests: 5 Failed: 2) Failed tests: 2, 5 t/ssl/varlookup.t (Wstat: 0 Tests: 72 Failed: 72) Failed tests: 1-72 t/ssl/verify.t(Wstat: 0 Tests: 3 Failed: 1) Failed test: 2 Can somebody verify that this is a problem in trunk and not with my perl-framework setup? Thanks. Stefan -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: intend to roll 2.3 alpha on Wednesday
On Nov 9, 2009, at 10:04 AM, Graham Leggett wrote:
Paul Querna wrote:
I intend to roll a 2.3 alpha release on Wednesday November 11th.
I will bundle APR from the 1.4.x branch. (APR people should make a
release, but this shouldn't be a blocker for our own alpha releases).
I am almost 90% sure the release might fail due to various issues,
but
we need to start cleaning those issues out.
+1
Is there a need to bundle APR at all?
Not sure that we do... we could do as Subversion does, and release a
dependencies tarball with srclib/{apr,apr-util,pcre} from a known
release.
S.
Otherwise +1.
Regards,
Graham
--
--
Sander Temme
scte...@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
Re: ssl related test failures
On Nov 9, 2009, at 11:49 AM, Ruediger Pluem wrote: Thanks, that was the right hint. With a new svn checkout of the framework, all tests pass and t/TEST -clean or make clean cleans the certs. For some reason, the cleaning of the certs does not work with the old tree. I don't think I am interested enough in the problem right now to debug it, though. I noticed as well that from time to time for whatever reason t/TEST - clean doesn't clean the certificates. But as a fresh checkout fixes this I haven't had the energy so far to look deep into this. Same here. perl-framework insists on reconfiguring, recompiling and re-keying every time I run it on my Mac. It reconfigures when I don't want it to, and I can't make it reconfigure when I do want it to. I don't have the perl-fu, time or energy to figure this out. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: mod_fcgid: add mod_status support?
On Nov 9, 2009, at 5:51 PM, pqf wrote: Hi, all I am new to this community, I am think to add mod_status support to mod_fcgid, which provide more internal information to administrators. Is it a good idea? I am working on it now, but if someone think it's not a good idea, please let me know. +1 See mod_ssl.c:314, ssl_scache.c:228 and ssl_scache.c:199 in trunk to see how mod_ssl does it. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Pull mod_unique_id out of default build?
Folks, Maybe my understanding is limited and my fu is weak, but I have personally never had a use for mod_unique_id. The only thing it does for me is an error message on startup or, when my server finds itself on a box with a hostname that doesn't resolve to an IP address, failure. Could we take it out of the default module build? Index: modules/metadata/config.m4 === --- modules/metadata/config.m4 (revision 832908) +++ modules/metadata/config.m4 (working copy) @@ -16,7 +16,7 @@ AC_CHECK_FUNCS(times) ]) -APACHE_MODULE(unique_id, per-request unique ids) +APACHE_MODULE(unique_id, per-request unique ids, , , most) APACHE_MODULE(setenvif, basing ENV vars on headers, , , yes) APACHE_MODULE(version, determining httpd version in config files, , , yes) APACHE_MODULE(remoteip, translate header contents to an apparent client remote_ip, , , most) Thoughts? S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: [VOTE] release httpd mod_ftp-0.9.5 beta?
On Sep 14, 2009, at 9:43 PM, William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: William A. Rowe, Jr. wrote: [X] +1 to release as 0.9.5-beta But with a single vote, I'll declare this vote DOA on Tuesday night, after seven days of voting. And in 18 hours, with no other voters, it seems appropriate to begin a vote for dissolving mod_ftp from the httpd project. Please share your thoughts on the topic. I disagree. I have personally found no cycles to test this particular go-around: I am mind-bogglingly busy and about to get busier. However, I am convinced mod_ftp is viable. However, it looks as if it is not getting the attention it deserves as a subproject. Nick's remark about the testsuite is highly pertinent: I think the module would receive more exercise, attention and coverage if it were in trunk and touched by the perl-framework. So, rather than threatening to get rid of the module, I move to fold it into trunk. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: ApacheCon opportunities
On Aug 20, 2009, at 2:59 PM, Paul J. Reder wrote: On 08/20/2009 12:00 AM, William A. Rowe, Jr. wrote: Hardening Enterprise Apache Installations Against Attacks by Sander Temme Heh... Couldn't you just buy Sander a beer and ask him nicely not to attack your Apache installation? I am open to bribery by adult beverage. More pertinently, the conference is in November, not September. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
Re: Main httpd web site page: update needed for 2.2.13
On Aug 10, 2009, at 8:56 AM, Rainer Jung wrote: Am 10.08.2009 17:47, schrieb Lars Eilebrecht: Rainer Jung wrote: I noticed there was still a 2.2.12 in a section heading of the httpd landing page. I updated in svn: BTW, the download page actually talks about the release of 2.2.18. That's already fixed in svn, but also needs svn up on people.apache.org. I ran svn up just now. Next rsync run should catch it: I saw the updates come in. S. -- Sander Temme scte...@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF smime.p7s Description: S/MIME cryptographic signature
