Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
Le 10/09/2021 à 17:23, ste...@eissing.org a écrit : Hi, all; Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a VOTE over the next few days to release this candidate tarball httpd-2.4.49-rc1 as 2.4.49: [X] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: sha1: 525378680b3474ff319b83af76565891f8b98331 *httpd-2.4.49-rc1.tar.gz sha256: 345d3b9b218b1974d1cebd5ae72f6a661d83b52d839310222ff9ec94abb62205 *httpd-2.4.49-rc1.tar.gz sha512: 8efa12f239e1075c0eb8634dde5fa12e73b766a6a8f17882d6bedab8be3e02a1a15be8288413bb6da5be34e58a6e239342cdcb59ebe2d8d88ea4712028b03e5f *httpd-2.4.49-rc1.tar.gz The SVN candidate source is found at tags/candidate-2.4.49-rc1. PS. Some slight change to previous releases: The tarballs carry a prefix '-rc1' but the directory it unpacks to is 'httpd-2.4.49'. This is to make sure that, when you vote on a tarball and it is accepted, that we can release this very thing you voted on. All other things should be the same as in previous releases. +1 ; Tested only with event. Tested with: Linux pop-os 5.11.0 gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0 OpenSSL 1.1.1j 16 Feb 2021 libssl-dev 1.1.1j libbrotli-dev 1.0.9 libjansson-dev 2.13.1 libnghttp2-dev 1.43.0 libpcre2-dev 10.36 liblua5.3-dev 5.3.3 libsystemd-dev 247.3 libldap2-dev 2.4.57+dfsg libxml2-dev 2.9.10+dfsg libcurl4-openssl-dev 7.74.0 Also, a few things should be fixed, but can be done later: LuaHookPreTranslateName is not documented (neither in trunk nor in 2.4.x) is not documented (neither in trunk nor in 2.4.x) Thx a lot Stefan for RM and tools. CJ
buildbot success in on httpd-trunk
The Buildbot has detected a restored build on builder httpd-trunk while building . Full details are available at: https://ci.apache.org/builders/httpd-trunk/builds/6229 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf945_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'httpd-trunk-on-commit' triggered this build Build Source Stamp: [branch httpd/httpd/trunk] 1893306 Blamelist: icing,lgentis Build succeeded! Sincerely, -The Buildbot
Re: trunk/rc usable with OpenSSL 3.0.0 ?
On Mon, Sep 13, 2021 at 11:16:15AM +0200, Rainer Jung wrote: > Hi Dennis, > Am 13.09.2021 um 11:05 schrieb Dennis Clarke: > > That Apache httpd, the biggest web server on planet Earth ( let me check > > mars ) has never looked at OpenSSL 3.0.0 as an event in the mail? It has > > been shipped. Delivered. Done. It works. What are you saying? > > We - for instance me - look at it since quite some time. The breaks were > introduced recently in OpenSSL land. That's why we need a few weeks to > react. Big +1s to the responses from Stefan and Rainer. In fact one of those breaks [1] happened precisely because we found problems when testing httpd against OpenSSL 3.0. Dennis, as Stefan suggests, contributions are always welcome here. Naturally the number of contributors actively testing against bleeding-edge third party dependencies is smaller than against stable versions. So, if you want to encourage better support, test, publish results, send patches, try backports from trunk to 2.4, whatever you can do to help will be great. Regards, Joe [1] https://github.com/openssl/openssl/issues/15946
Re: trunk/rc usable with OpenSSL 3.0.0 ?
> Am 13.09.2021 um 11:05 schrieb Dennis Clarke : > > On 9/13/21 04:22, Joe Orton wrote: >> On Mon, Sep 13, 2021 at 01:23:37AM -0400, Dennis Clarke wrote: >>> >>> ALL : >>> >>> >>> I may receive no reply to this but in general I have been able to build >>> Apache httpd from any release tarball as well as from trunk. When httpd >>> needed to get TLS 1.3 working it was a slam dunk to get that working and >>> it did. However now we have OpenSSL 3.0.0 and it seems that neither the >>> latest RC works nor does trunk. >>> >>> So then ... how to proceed ? >> >> What fails with trunk? >> >> It's expected that httpd 2.4 doesn't support 3.0 yet, hopefully we can >> get this in for a future release but OpenSSL 3.0 has been a moving >> target until just six days ago. >> >> Regards, Joe >> > > Why "expected" that httpd 2.4 doesn't support 3.0 ? > > While I realize that 3.0.0 is very shiney new and still has a green glow > to is we also know that the beta program has been in place for months > and the release candidates go back a year. > > You have me at a loss. > > That Apache httpd, the biggest web server on planet Earth ( let me check > mars ) has never looked at OpenSSL 3.0.0 as an event in the mail? It has > been shipped. Delivered. Done. It works. What are you saying? What we are saying and what you found out on testing it is that 2.4.49 is not ready for OpenSSL 3.0. No laying blame anywhere will make it so. Rather than painting this black and white picture, you have to see that there have been adaptations to changes in OpenSSL 3.0. They are just not complete. If that could have been better, well, of course. I could say that You could have done the necessary also. But such discussions do not lead us anywhere. 2.4.49 contains relevant changes for people who run OpenSSL 1.1 and other SSL libraries. And I think it should therefore ship as a better 2.4.48. Unless we find a regression. - Stefan > -- > Dennis Clarke > RISC-V/SPARC/PPC/ARM/CISC > UNIX and Linux spoken > GreyBeard and suspenders optional
Re: trunk/rc usable with OpenSSL 3.0.0 ?
Hi Dennis, Am 13.09.2021 um 11:05 schrieb Dennis Clarke: On 9/13/21 04:22, Joe Orton wrote: On Mon, Sep 13, 2021 at 01:23:37AM -0400, Dennis Clarke wrote: ALL : I may receive no reply to this but in general I have been able to build Apache httpd from any release tarball as well as from trunk. When httpd needed to get TLS 1.3 working it was a slam dunk to get that working and it did. However now we have OpenSSL 3.0.0 and it seems that neither the latest RC works nor does trunk. So then ... how to proceed ? What fails with trunk? It's expected that httpd 2.4 doesn't support 3.0 yet, hopefully we can get this in for a future release but OpenSSL 3.0 has been a moving target until just six days ago. Regards, Joe Why "expected" that httpd 2.4 doesn't support 3.0 ? "expected" in the sense that the httpd project developers know about this. So "we" expect it. While I realize that 3.0.0 is very shiney new and still has a green glow to is we also know that the beta program has been in place for months and the release candidates go back a year. We did successfully test 3.0.0 alpha and beta in combination with the previous 2.4 releases. See for instance my release vote mails then. 3.0.0 use in combination with httpd 2.4.x did only break recently, due to changes in 3.0.0 that were not part of earlier alpha and beta releases. That's why we only recently got aware of needed mod_ssl changes to again make it work with 3.0.0. As mentioned by others the 2.4.49 release is important for other reasons and we do not want to break it due to last minute mod_ssl changes, which would only be useful for a minority of users. Most would not yet go with OpenSSL 3.0.0. Joe (Orton) has provided a pull request for 2.4.x based on httpd trunk to again support OpenSSL 3.0.0 and that's why he is interested in your observed httpd trunk failures with 3.0.0. You have me at a loss. Hopefully our situation is now understandable again? That Apache httpd, the biggest web server on planet Earth ( let me check mars ) has never looked at OpenSSL 3.0.0 as an event in the mail? It has been shipped. Delivered. Done. It works. What are you saying? We - for instance me - look at it since quite some time. The breaks were introduced recently in OpenSSL land. That's why we need a few weeks to react. Thanks for caring about httpd in Solaris land! Regards, Rainer
Re: trunk/rc usable with OpenSSL 3.0.0 ?
On 9/13/21 04:22, Joe Orton wrote: > On Mon, Sep 13, 2021 at 01:23:37AM -0400, Dennis Clarke wrote: >> >> ALL : >> >> >> I may receive no reply to this but in general I have been able to build >> Apache httpd from any release tarball as well as from trunk. When httpd >> needed to get TLS 1.3 working it was a slam dunk to get that working and >> it did. However now we have OpenSSL 3.0.0 and it seems that neither the >> latest RC works nor does trunk. >> >> So then ... how to proceed ? > > What fails with trunk? > > It's expected that httpd 2.4 doesn't support 3.0 yet, hopefully we can > get this in for a future release but OpenSSL 3.0 has been a moving > target until just six days ago. > > Regards, Joe > Why "expected" that httpd 2.4 doesn't support 3.0 ? While I realize that 3.0.0 is very shiney new and still has a green glow to is we also know that the beta program has been in place for months and the release candidates go back a year. You have me at a loss. That Apache httpd, the biggest web server on planet Earth ( let me check mars ) has never looked at OpenSSL 3.0.0 as an event in the mail? It has been shipped. Delivered. Done. It works. What are you saying? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional
Re: trunk/rc usable with OpenSSL 3.0.0 ?
anticipating also a possible (likely?) OpenSSL 3.0.1, as a common then when releases are done and the test base broadens significantly. +1 for 3.0.1 Steffen On Monday 13/09/2021 at 10:08, ste...@eissing.org wrote: Am 13.09.2021 um 07:23 schrieb Dennis Clarke : ALL : I may receive no reply to this but in general I have been able to build Apache httpd from any release tarball as well as from trunk. When httpd needed to get TLS 1.3 working it was a slam dunk to get that working and it did. However now we have OpenSSL 3.0.0 and it seems that neither the latest RC works nor does trunk. So then ... how to proceed ? The plan is to make a "OpenSSL 3.0" ready release soon after 2.4.49, anticipating also a possible (likely?) OpenSSL 3.0.1, as a common then when releases are done and the test base broadens significantly. That's my understanding. One could argue, that 2.4.49 should do that as well, which would mean delaying it. And there are security relevant changes, not visible in the candidate, that sit on a timeline. My personal opinion is that we need to release every other month and take into it what is ready. The old model of waiting till all stars align - which is nice as a developer - does not work for CVEs. - Stefan -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional PS: trunk 1893292 fails even autoreconf and then more horror follows
Re: trunk/rc usable with OpenSSL 3.0.0 ?
On Mon, Sep 13, 2021 at 01:23:37AM -0400, Dennis Clarke wrote: > > ALL : > > > I may receive no reply to this but in general I have been able to build > Apache httpd from any release tarball as well as from trunk. When httpd > needed to get TLS 1.3 working it was a slam dunk to get that working and > it did. However now we have OpenSSL 3.0.0 and it seems that neither the > latest RC works nor does trunk. > > So then ... how to proceed ? What fails with trunk? It's expected that httpd 2.4 doesn't support 3.0 yet, hopefully we can get this in for a future release but OpenSSL 3.0 has been a moving target until just six days ago. Regards, Joe
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On Fri, Sep 10, 2021 at 05:23:53PM +0200, ste...@eissing.org wrote: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > [X] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. +1 for release, passes test suite on Fedora 34 and RHEL8, and in CI :) Huge thanks to Stefan for the release and process improvements. Regards, Joe
Re: trunk/rc usable with OpenSSL 3.0.0 ?
> Am 13.09.2021 um 07:23 schrieb Dennis Clarke : > > > ALL : > > > I may receive no reply to this but in general I have been able to build > Apache httpd from any release tarball as well as from trunk. When httpd > needed to get TLS 1.3 working it was a slam dunk to get that working and > it did. However now we have OpenSSL 3.0.0 and it seems that neither the > latest RC works nor does trunk. > > So then ... how to proceed ? The plan is to make a "OpenSSL 3.0" ready release soon after 2.4.49, anticipating also a possible (likely?) OpenSSL 3.0.1, as a common then when releases are done and the test base broadens significantly. That's my understanding. One could argue, that 2.4.49 should do that as well, which would mean delaying it. And there are security relevant changes, not visible in the candidate, that sit on a timeline. My personal opinion is that we need to release every other month and take into it what is ready. The old model of waiting till all stars align - which is nice as a developer - does not work for CVEs. - Stefan > > > -- > Dennis Clarke > RISC-V/SPARC/PPC/ARM/CISC > UNIX and Linux spoken > GreyBeard and suspenders optional > > > PS: trunk 1893292 fails even autoreconf and then more horror follows
Re: [VOTE] Release httpd-2.4.49-rc1 as httpd-2.4.49
On 9/10/21 17:23, ste...@eissing.org wrote: > Hi, all; >Please find below the proposed release tarball and signatures: > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a VOTE over the next few days to release > this candidate tarball httpd-2.4.49-rc1 as 2.4.49: > [ ] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. +1, works fine on Fedora 34 and OpenBSD 6.9. Giovanni OpenPGP_signature Description: OpenPGP digital signature
