Re: pytest results for 2.4.59
On 4/5/24 12:59 AM, Rainer Jung wrote: > I think I fixed all test failures, hopefully in the correct way. More eyes > welcome. > > I have a few additional sporadic ERRORS: > > A] ERROR during teardown check for log file errors or warnings (twice): > > 04.04.2024 21:14:42.205465 ___ ERROR at teardown of > TestStatus.test_md_920_020 > 04.04.2024 21:14:42.205465 ERROR > modules/md/test_920_status.py::TestStatus::test_md_920_020 - AssertionE... > > 04.04.2024 21:14:42.205465 E AssertionError: apache logged 1 errors and > 0 warnings: > 04.04.2024 21:14:42.205465 E [Thu Apr 04 21:12:29.381511 2024] > [md:error] [pid 4169] (22)Invalid argument: no certificates > in non-empty chain > /path/to/gen/apache/md/staging/one.test.test-md-702-070-1712257797.org/pubcert.pem > > > 04.04.2024 21:03:26.382051 ___ ERROR at teardown of > TestStatus.test_md_920_020 > 04.04.2024 21:03:26.382360 ERROR > modules/md/test_920_status.py::TestStatus::test_md_920_020 - AssertionE... > > 04.04.2024 21:03:26.382051 E AssertionError: apache logged 1 errors and > 1 warnings: > 04.04.2024 21:03:26.382051 E [Thu Apr 04 21:00:48.924286 2024] > [md:error] [pid 8717:tid 139629962274560] (20014)Internal > error (specific information not available): test-md-702-041-1712256790.org: > asked to retrieve chain, but no order in context > 04.04.2024 21:03:26.382051 E [Thu Apr 04 21:00:48.924229 2024] > [md:warn] [pid 8717:tid 139629962274560] error generate > pkey RSA 3072 > > B] Hanging httpd child processes > > This happens only on RHEL 9 with worker MPM and can be notices by a dramatic > slowdown of the tests. There's a lot of messages > > AH00045: child process 1067703 still did not exit, sending a SIGTERM > > and > > AH00276: the listener thread didn't exit > > It happened in > > modules/core/test_001_encoding.py::TestEncoding::test_core_001_20[test2-/10%25abnormal.txt-200] > > modules/md/test_920_status.py::TestStatus::test_md_920_020 > > modules/proxy/test_02_unix.py::TestProxyUds::test_proxy_02_003[mixed-500] > > but I don't know, whether it might happen elsewhere also, because it is > sporadic. > > What I see in the error logs for one hanging child process: > > - most threads terminate with > > [Thu Apr 04 22:42:59.617953 2024] [ssl:trace3] [pid 1067703:tid > 140619680433728] ssl_engine_kernel.c(2223): [client > 127.0.0.1:40686] OpenSSL: Write: SSL negotiation finished successfully > [Thu Apr 04 22:42:59.617972 2024] [ssl:trace6] [pid 1067703:tid > 140619680433728] ssl_engine_io.c(154): [client 127.0.0.1:40686] > bio_filter_out_write: flush > [Thu Apr 04 22:42:59.617981 2024] [ssl:debug] [pid 1067703:tid > 140619680433728] ssl_engine_io.c(1146): [client 127.0.0.1:40686] > AH02001: Connection closed to child 0 with standard shutdown (server > test1.tests.httpd.apache.org:443) > > - watchdog thread terminates (?) with > > [Thu Apr 04 22:43:00.902666 2024] [md:debug] [pid 1067703:tid > 140619697219136] md_reg.c(1163): test-md-810-003a-1712260944.org: > staging done > [Thu Apr 04 22:43:00.903951 2024] [md:notice] [pid 1067703:tid > 140619697219136] AH10059: The Managed Domain > test-md-810-003a-1712260944.org has been setup and changes will be activated > on next (graceful) server restart. > [Thu Apr 04 22:43:00.904418 2024] [md:debug] [pid 1067703:tid > 140619697219136] mod_md_drive.c(229): AH10107: next run in 11 hours > 59 minutes 58 seconds > [Thu Apr 04 22:43:01.204981 2024] [md:debug] [pid 1067703:tid > 140619697219136] mod_md_drive.c(236): AH10058: md watchdog stopping > [Thu Apr 04 22:43:01.205094 2024] [watchdog:debug] [pid 1067703:tid > 140619697219136] mod_watchdog.c(257): AH02973: Singleton > Watchdog (_md_renew_) stopping > > - one worker thread seems not to stop: > > [Thu Apr 04 22:42:59.768569 2024] [core:trace5] [pid 1067703:tid > 140619672041024] protocol.c(714): [client 127.0.0.1:48748] > Request received from client: GET > /.well-known/acme-challenge/3VAiCadJ5do2TuwIbbh3w2foMGfnCspnm0eYejBSC9E > HTTP/1.1 > [Thu Apr 04 22:42:59.768667 2024] [md:debug] [pid 1067703:tid > 140619672041024] mod_md.c(1385): [client 127.0.0.1:48748] loading > challenge for test-md-810-003a-1712260944.org > (/.well-known/acme-challenge/3VAiCadJ5do2TuwIbbh3w2foMGfnCspnm0eYejBSC9E) > [Thu Apr 04 22:42:59.768698 2024] [http:trace3] [pid 1067703:tid > 140619672041024] http_filters.c(1141): [client 127.0.0.1:48748] > Response sent with status 200, headers: > [Thu Apr 04 22:42:59.768706 2024] [http:trace5] [pid 1067703:tid > 140619672041024] http_filters.c(1150): [client 127.0.0.1:48748] > Date: Thu, 04 Apr 2024 20:42:59 GMT > [Thu Apr 04 22:42:59.768712 2024] [http:trace5] [pid 1067703:tid > 140619672041024] http_filters.c(1153): [client 127.0.0.1:48748] > Server: Apache/2.4.59 (Unix) OpenSSL/3.1.5 > [Thu Apr 04 22:42:59.768718 2024] [http:trace4] [pid 1067703:tid > 140619672041024] http_filters.c(971):
Re: pytest results for 2.4.59
I think I fixed all test failures, hopefully in the correct way. More eyes welcome. I have a few additional sporadic ERRORS: A] ERROR during teardown check for log file errors or warnings (twice): 04.04.2024 21:14:42.205465 ___ ERROR at teardown of TestStatus.test_md_920_020 04.04.2024 21:14:42.205465 ERROR modules/md/test_920_status.py::TestStatus::test_md_920_020 - AssertionE... 04.04.2024 21:14:42.205465 E AssertionError: apache logged 1 errors and 0 warnings: 04.04.2024 21:14:42.205465 E [Thu Apr 04 21:12:29.381511 2024] [md:error] [pid 4169] (22)Invalid argument: no certificates in non-empty chain /path/to/gen/apache/md/staging/one.test.test-md-702-070-1712257797.org/pubcert.pem 04.04.2024 21:03:26.382051 ___ ERROR at teardown of TestStatus.test_md_920_020 04.04.2024 21:03:26.382360 ERROR modules/md/test_920_status.py::TestStatus::test_md_920_020 - AssertionE... 04.04.2024 21:03:26.382051 E AssertionError: apache logged 1 errors and 1 warnings: 04.04.2024 21:03:26.382051 E [Thu Apr 04 21:00:48.924286 2024] [md:error] [pid 8717:tid 139629962274560] (20014)Internal error (specific information not available): test-md-702-041-1712256790.org: asked to retrieve chain, but no order in context 04.04.2024 21:03:26.382051 E [Thu Apr 04 21:00:48.924229 2024] [md:warn] [pid 8717:tid 139629962274560] error generate pkey RSA 3072 B] Hanging httpd child processes This happens only on RHEL 9 with worker MPM and can be notices by a dramatic slowdown of the tests. There's a lot of messages AH00045: child process 1067703 still did not exit, sending a SIGTERM and AH00276: the listener thread didn't exit It happened in modules/core/test_001_encoding.py::TestEncoding::test_core_001_20[test2-/10%25abnormal.txt-200] modules/md/test_920_status.py::TestStatus::test_md_920_020 modules/proxy/test_02_unix.py::TestProxyUds::test_proxy_02_003[mixed-500] but I don't know, whether it might happen elsewhere also, because it is sporadic. What I see in the error logs for one hanging child process: - most threads terminate with [Thu Apr 04 22:42:59.617953 2024] [ssl:trace3] [pid 1067703:tid 140619680433728] ssl_engine_kernel.c(2223): [client 127.0.0.1:40686] OpenSSL: Write: SSL negotiation finished successfully [Thu Apr 04 22:42:59.617972 2024] [ssl:trace6] [pid 1067703:tid 140619680433728] ssl_engine_io.c(154): [client 127.0.0.1:40686] bio_filter_out_write: flush [Thu Apr 04 22:42:59.617981 2024] [ssl:debug] [pid 1067703:tid 140619680433728] ssl_engine_io.c(1146): [client 127.0.0.1:40686] AH02001: Connection closed to child 0 with standard shutdown (server test1.tests.httpd.apache.org:443) - watchdog thread terminates (?) with [Thu Apr 04 22:43:00.902666 2024] [md:debug] [pid 1067703:tid 140619697219136] md_reg.c(1163): test-md-810-003a-1712260944.org: staging done [Thu Apr 04 22:43:00.903951 2024] [md:notice] [pid 1067703:tid 140619697219136] AH10059: The Managed Domain test-md-810-003a-1712260944.org has been setup and changes will be activated on next (graceful) server restart. [Thu Apr 04 22:43:00.904418 2024] [md:debug] [pid 1067703:tid 140619697219136] mod_md_drive.c(229): AH10107: next run in 11 hours 59 minutes 58 seconds [Thu Apr 04 22:43:01.204981 2024] [md:debug] [pid 1067703:tid 140619697219136] mod_md_drive.c(236): AH10058: md watchdog stopping [Thu Apr 04 22:43:01.205094 2024] [watchdog:debug] [pid 1067703:tid 140619697219136] mod_watchdog.c(257): AH02973: Singleton Watchdog (_md_renew_) stopping - one worker thread seems not to stop: [Thu Apr 04 22:42:59.768569 2024] [core:trace5] [pid 1067703:tid 140619672041024] protocol.c(714): [client 127.0.0.1:48748] Request received from client: GET /.well-known/acme-challenge/3VAiCadJ5do2TuwIbbh3w2foMGfnCspnm0eYejBSC9E HTTP/1.1 [Thu Apr 04 22:42:59.768667 2024] [md:debug] [pid 1067703:tid 140619672041024] mod_md.c(1385): [client 127.0.0.1:48748] loading challenge for test-md-810-003a-1712260944.org (/.well-known/acme-challenge/3VAiCadJ5do2TuwIbbh3w2foMGfnCspnm0eYejBSC9E) [Thu Apr 04 22:42:59.768698 2024] [http:trace3] [pid 1067703:tid 140619672041024] http_filters.c(1141): [client 127.0.0.1:48748] Response sent with status 200, headers: [Thu Apr 04 22:42:59.768706 2024] [http:trace5] [pid 1067703:tid 140619672041024] http_filters.c(1150): [client 127.0.0.1:48748] Date: Thu, 04 Apr 2024 20:42:59 GMT [Thu Apr 04 22:42:59.768712 2024] [http:trace5] [pid 1067703:tid 140619672041024] http_filters.c(1153): [client 127.0.0.1:48748] Server: Apache/2.4.59 (Unix) OpenSSL/3.1.5 [Thu Apr 04 22:42:59.768718 2024] [http:trace4] [pid 1067703:tid 140619672041024] http_filters.c(971): [client 127.0.0.1:48748] Content-Length: 88 [Thu Apr 04 22:42:59.768724 2024] [http:trace4] [pid 1067703:tid 140619672041024] http_filters.c(971): [client 127.0.0.1:48748] Connection: close [Thu Apr 04 22:42:59.769616 2024] [core:trace6]
pytest results for 2.4.59
Hi there,
first although I saw very few pytest failures, I think the results are
overall fine and good enough for release.
I first had to find out, that I need to build the h2ws websocket client
during httpd build (for websocket tests) and use the right multipart
python module ("python-multipart" instead of "multipart").
I see 4 failures:
A] two with "AssertionError: request not found in
/tmp/esupport-testdir/pytest-event-310/gen/apache/logs/test_...":
__ TestTiming.test_h2_009_01
___
self =
env =
def test_h2_009_01(self, env):
...
> assert found, f'request not found in {TestTiming.LOGFILE}'
E AssertionError: request not found in
/tmp/esupport-testdir/pytest-event-310/gen/apache/logs/test_009
E assert False
modules/http2/test_009_timing.py:46: AssertionError
and
__ TestTiming.test_h2_009_02
___
self =
env =
def test_h2_009_02(self, env):
...
> assert found, f'request not found in {TestTiming.LOGFILE}'
E AssertionError: request not found in
/tmp/esupport-testdir/pytest-event-310/gen/apache/logs/test_009
E assert False
modules/http2/test_009_timing.py:74: AssertionError
I need to further investigate, whether the log file is missing, or does
not have the right contents. The failure should not be critical in itself.
B] buffer test failure TestBuffering.test_h2_712_02
self =
env =
def test_h2_712_02(self, env):
...
> piper.stutter_check(chunks, stutter)
modules/http2/test_712_buffering.py:48:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _
self = CurlPiper[exitcode=0, stderr=['14:46:27.261890 == Info: Added
cgi.tests.httpd.apache.org:5001:127.0.0.1 to DNS
cache\ntests.httpd.apache.org left intact\n'],
stdout=['chunk-000-0123456789\nchunk-001-0123456789\nchunk-002-0123456789\n']]
chunks = ['chunk-000-0123456789\n', 'chunk-001-0123456789\n',
'chunk-002-0123456789\n']
stutter = datetime.timedelta(seconds=1)
def stutter_check(self, chunks: [str], stutter: datetime.timedelta):
...
# received as many chunks as we sent
> assert len(chunks) == len(recv_times), "received response not
in {0} chunks, but {1}".format(
len(chunks), len(recv_times))
E AssertionError: received response not in 3 chunks, but 4
pyhttpd/curl.py:118: AssertionError
- Captured stderr call
-
starting: ['curl', '-s', '--path-as-is', '-D',
'/tmp/esupport-testdir/pytest-event-310/gen/curl.headers.438',
'--cacert',
'/tmp/esupport-testdir/pytest-event-310/gen/apache/ca/ca.rsa4096.cert.pem',
'--resolve', 'cgi.tests.httpd.apache.org:5001:127.0.0.1', '-H',
'AP-Test-Name: test_h2_712_02', '--connect-timeout', '5', '-T', '-',
'-X', 'POST', '--trace-ascii', '%', '--trace-time',
'https://cgi.tests.httpd.apache.org:5001/h2proxy/h2test/echo']
Here I have no idea where the difference in the chunk numbers come from.
Maybe the test assumptions are to strict?
C] a single websocket test failure
TestWebSockets.test_h2_800_04_non_ws_resource
self =
env = , ws_server = None
def test_h2_800_04_non_ws_resource(self, env: H2TestEnv, ws_server):
r, infos, frames = ws_run(env, path='/alive.json')
assert r.exit_code == 0, f'{r}'
> assert infos == ['[1] :status: 502', '[1] EOF'], f'{r}'
E AssertionError: ExecResult[code=0, args=['/path/to/h2ws', '-vv',
'-c', 'localhost:5002',
'ws://cgi.tests.httpd.apache.org:5002/alive.json', 'ws-stdin']
E stdout---
E stderr---
E
E assert ['[1] :status...F', '[1] RST'] == ['[1] :status...2',
'[1] EOF']
E Left contains one more item: '[1] RST'
E Full diff:
E - ['[1] :status: 502', '[1] EOF']
E + ['[1] :status: 502', '[1] EOF', '[1] RST']
E ? + ++
modules/http2/test_800_websockets.py:178: AssertionError
All in all the results are mich better than what I achieved for the
previous releases!
Best regards,
Rainer
Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
Resolved now, took a todo to make sure we don't get this far in the
process if the site cannot be re-built.
On Thu, Apr 4, 2024 at 11:33 AM Eric Covener wrote:
>
> Thanks/Sorry, working on it now.
>
> On Thu, Apr 4, 2024 at 11:23 AM BUSH Steve via dev
> wrote:
> >
> > Hi Eric,
> >
> >
> >
> > Just an FYI: The https://httpd.apache.org/security/vulnerabilities_24.html
> > file is missing.
> >
> >
> >
> > https://httpd.apache.org/security/
> >
> >
> >
> > Thanks,
> >
> > Steve Bush
> >
> >
> >
> > From: covener
> > Sent: Thursday, April 4, 2024 6:54 AM
> > To: annou...@httpd.apache.org
> > Subject: [ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
> >
> >
> >
> > Apache HTTP Server 2. 4. 59 Released April 04, 2024 The Apache Software
> > Foundation and the Apache HTTP Server Project are pleased to announce the
> > release of version 2. 4. 59 of the Apache HTTP Server ("Apache"). This
> > version of Apache is our latest
> >
> > Apache HTTP Server 2.4.59 Released
> >
> >
> >
> >April 04, 2024
> >
> >
> >
> >The Apache Software Foundation and the Apache HTTP Server Project
> >
> >are pleased to announce the release of version 2.4.59 of the Apache
> >
> >HTTP Server ("Apache"). This version of Apache is our latest GA
> >
> >release of the new generation 2.4.x branch of Apache HTTPD and
> >
> >represents fifteen years of innovation by the project, and is
> >
> >recommended over all previous releases. This release of Apache is
> >
> >a security, feature and bug fix release.
> >
> >
> >
> >We consider this release to be the best version of Apache available, and
> >
> >encourage users of all prior versions to upgrade.
> >
> >
> >
> >Apache HTTP Server 2.4.59 is available for download from:
> >
> >
> >
> >
> > https://urldefense.com/v3/__https://httpd.apache.org/download.cgi__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr_qL2qM7$[httpd[.]apache[.]org]
> >
> >
> >
> >Apache 2.4 offers numerous enhancements, improvements, and performance
> >
> >boosts over the 2.2 codebase. For an overview of new features
> >
> >introduced since 2.4 please see:
> >
> >
> >
> >
> > https://urldefense.com/v3/__https://httpd.apache.org/docs/trunk/new_features_2_4.html__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr48c1jIZ$[httpd[.]apache[.]org]
> >
> >
> >
> >Please see the CHANGES_2.4 file, linked from the download page, for a
> >
> >full list of changes. A condensed list, CHANGES_2.4.59 includes only
> >
> >those changes introduced since the prior 2.4 release. A summary of all
> >
> >of the security vulnerabilities addressed in this and earlier releases
> >
> >is available:
> >
> >
> >
> >
> > https://urldefense.com/v3/__https://httpd.apache.org/security/vulnerabilities_24.html__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXrxf1GEXG$[httpd[.]apache[.]org]
> >
> >
> >
> >This release requires the Apache Portable Runtime (APR), minimum
> >
> >version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
> >
> >require the 1.6.x version of both APR and APR-Util. The APR libraries
> >
> >must be upgraded for all features of httpd to operate correctly.
> >
> >
> >
> >This release builds on and extends the Apache 2.2 API. Modules written
> >
> >for Apache 2.2 will need to be recompiled in order to run with Apache
> >
> >2.4, and require minimal or no source code changes.
> >
> >
> >
> >
> > https://urldefense.com/v3/__https://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr6mT32m1$[svn[.]apache[.]org]
> >
> >
> >
> >When upgrading or installing this version of Apache, please bear in mind
> >
> >that if you intend to use Apache with one of the threaded MPMs (other
> >
> >than the Prefork MPM), you must ensure that any modules you will be
> >
> >using (and the libraries they depend on) are thread-safe.
> >
> >
> >
> >Please note the 2.2.x branch has now passed the end of life at the Apache
> >
> >HTTP Server project and no further activity will occur including security
> >
> >patches. Users must promptly complete their transitions to this 2.4.x
> >
> >release of httpd to benefit from further bug fixes or new features.
> >
> >
> >
> >
> >
> > This email and any attachments are intended solely for the use of the
> > individual or entity to whom it is addressed and may be confidential and/or
> > privileged.
> >
> > If you are not one of the named recipients or have received this email in
> > error,
> >
> > (i) you should not read, disclose, or copy it,
> >
> > (ii) please notify sender of your receipt by reply email and delete this
> > email and all attachments,
> >
> > (iii) Dassault Systèmes does not accept or
Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
Thanks/Sorry, working on it now.
On Thu, Apr 4, 2024 at 11:23 AM BUSH Steve via dev wrote:
>
> Hi Eric,
>
>
>
> Just an FYI: The https://httpd.apache.org/security/vulnerabilities_24.html
> file is missing.
>
>
>
> https://httpd.apache.org/security/
>
>
>
> Thanks,
>
> Steve Bush
>
>
>
> From: covener
> Sent: Thursday, April 4, 2024 6:54 AM
> To: annou...@httpd.apache.org
> Subject: [ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
>
>
>
> Apache HTTP Server 2. 4. 59 Released April 04, 2024 The Apache Software
> Foundation and the Apache HTTP Server Project are pleased to announce the
> release of version 2. 4. 59 of the Apache HTTP Server ("Apache"). This
> version of Apache is our latest
>
> Apache HTTP Server 2.4.59 Released
>
>
>
>April 04, 2024
>
>
>
>The Apache Software Foundation and the Apache HTTP Server Project
>
>are pleased to announce the release of version 2.4.59 of the Apache
>
>HTTP Server ("Apache"). This version of Apache is our latest GA
>
>release of the new generation 2.4.x branch of Apache HTTPD and
>
>represents fifteen years of innovation by the project, and is
>
>recommended over all previous releases. This release of Apache is
>
>a security, feature and bug fix release.
>
>
>
>We consider this release to be the best version of Apache available, and
>
>encourage users of all prior versions to upgrade.
>
>
>
>Apache HTTP Server 2.4.59 is available for download from:
>
>
>
>
> https://urldefense.com/v3/__https://httpd.apache.org/download.cgi__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr_qL2qM7$[httpd[.]apache[.]org]
>
>
>
>Apache 2.4 offers numerous enhancements, improvements, and performance
>
>boosts over the 2.2 codebase. For an overview of new features
>
>introduced since 2.4 please see:
>
>
>
>
> https://urldefense.com/v3/__https://httpd.apache.org/docs/trunk/new_features_2_4.html__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr48c1jIZ$[httpd[.]apache[.]org]
>
>
>
>Please see the CHANGES_2.4 file, linked from the download page, for a
>
>full list of changes. A condensed list, CHANGES_2.4.59 includes only
>
>those changes introduced since the prior 2.4 release. A summary of all
>
>of the security vulnerabilities addressed in this and earlier releases
>
>is available:
>
>
>
>
> https://urldefense.com/v3/__https://httpd.apache.org/security/vulnerabilities_24.html__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXrxf1GEXG$[httpd[.]apache[.]org]
>
>
>
>This release requires the Apache Portable Runtime (APR), minimum
>
>version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
>
>require the 1.6.x version of both APR and APR-Util. The APR libraries
>
>must be upgraded for all features of httpd to operate correctly.
>
>
>
>This release builds on and extends the Apache 2.2 API. Modules written
>
>for Apache 2.2 will need to be recompiled in order to run with Apache
>
>2.4, and require minimal or no source code changes.
>
>
>
>
> https://urldefense.com/v3/__https://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr6mT32m1$[svn[.]apache[.]org]
>
>
>
>When upgrading or installing this version of Apache, please bear in mind
>
>that if you intend to use Apache with one of the threaded MPMs (other
>
>than the Prefork MPM), you must ensure that any modules you will be
>
>using (and the libraries they depend on) are thread-safe.
>
>
>
>Please note the 2.2.x branch has now passed the end of life at the Apache
>
>HTTP Server project and no further activity will occur including security
>
>patches. Users must promptly complete their transitions to this 2.4.x
>
>release of httpd to benefit from further bug fixes or new features.
>
>
>
>
>
> This email and any attachments are intended solely for the use of the
> individual or entity to whom it is addressed and may be confidential and/or
> privileged.
>
> If you are not one of the named recipients or have received this email in
> error,
>
> (i) you should not read, disclose, or copy it,
>
> (ii) please notify sender of your receipt by reply email and delete this
> email and all attachments,
>
> (iii) Dassault Systèmes does not accept or assume any liability or
> responsibility for any use of or reliance on this email.
>
>
> Please be informed that your personal data are processed according to our
> data privacy policy as described on our website. Should you have any
> questions related to personal data protection, please contact 3DS Data
> Protection Officer https://www.3ds.com/privacy-policy/contact/
>
>
--
Eric Covener
cove...@gmail.com
RE: [ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
Hi Eric,
Just an FYI: The https://httpd.apache.org/security/vulnerabilities_24.html file
is missing.
https://httpd.apache.org/security/
Thanks,
Steve Bush
From: covener
Sent: Thursday, April 4, 2024 6:54 AM
To: annou...@httpd.apache.org
Subject: [ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
Apache HTTP Server 2. 4. 59 Released April 04, 2024 The Apache Software
Foundation and the Apache HTTP Server Project are pleased to announce the
release of version 2. 4. 59 of the Apache HTTP Server ("Apache"). This version
of Apache is our latest
Apache HTTP Server 2.4.59 Released
April 04, 2024
The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.59 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
a security, feature and bug fix release.
We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
Apache HTTP Server 2.4.59 is available for download from:
https://urldefense.com/v3/__https://httpd.apache.org/download.cgi__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr_qL2qM7$[httpd[.]apache[.]org]
Apache 2.4 offers numerous enhancements, improvements, and performance
boosts over the 2.2 codebase. For an overview of new features
introduced since 2.4 please see:
https://urldefense.com/v3/__https://httpd.apache.org/docs/trunk/new_features_2_4.html__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr48c1jIZ$[httpd[.]apache[.]org]
Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.4.59 includes only
those changes introduced since the prior 2.4 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:
https://urldefense.com/v3/__https://httpd.apache.org/security/vulnerabilities_24.html__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXrxf1GEXG$[httpd[.]apache[.]org]
This release requires the Apache Portable Runtime (APR), minimum
version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
require the 1.6.x version of both APR and APR-Util. The APR libraries
must be upgraded for all features of httpd to operate correctly.
This release builds on and extends the Apache 2.2 API. Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and require minimal or no source code changes.
https://urldefense.com/v3/__https://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING__;!!FbCVDoc3r24SyHFW!90aLZxJz8v9h9Kjw6c8g56Tx2CK_uJ2yN4oR-keptUBiTXodK5IUaXv6ObxDT0ah-kYLWQpXr6mT32m1$[svn[.]apache[.]org]
When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.
Please note the 2.2.x branch has now passed the end of life at the Apache
HTTP Server project and no further activity will occur including security
patches. Users must promptly complete their transitions to this 2.4.x
release of httpd to benefit from further bug fixes or new features.
This email and any attachments are intended solely for the use of the
individual or entity to whom it is addressed and may be confidential and/or
privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email
and all attachments,
(iii) Dassault Systèmes does not accept or assume any liability or
responsibility for any use of or reliance on this email.
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
> Am 04.04.2024 um 16:22 schrieb jean-frederic clere : > > On 4/4/24 13:59, SteffenAL wrote: >> Thanks for the hint. >> Yep, needed an extra include. Not using cmake. >> mod_http2 shows still version 2.0.22 (h2_version.h). >> Should it be 2.0.26 ? > > or better 2.0.27? ;-) > > We picked the fixes but not version... Yeah, saw that too late. But with the secret code whisking around...we'll fix it in the next version. No harm done really. > >> Steffen >> On Thursday 04/04/2024 at 13:25, jean-frederic clere wrote: >>> On 4/4/24 12:49, Steffen Land wrote: -1 Get an error: ErrorC2065'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fsC:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c1599 >>> >>> I didn't see any problem while building on windows (using cmake and VS19). >>> >>> +++ >>> ModeLastWriteTime Length Name >>> - -- >>> -a 4/3/2024 7:56 AM 101376 mod_dav.so >>> -a 4/3/2024 7:56 AM 51200 mod_dav_fs.so >>> -a 4/3/2024 7:56 AM 23552 mod_dav_lock.so >>> +++ >>> >>> DAV_WALKTYPE_TOLERANT is in ./modules/dav/main/mod_dav.h line 1826 >>> Steffen On 2024/04/03 12:26:09 Eric Covener wrote: > > Hi all, > > (After only minor embarrassment of patching tags/2.4.55 instead of > 2.4.x...) > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a SHORTENED VOTE to release > this candidate tarball httpd-2.4.59-rc1 as 2.4.59: > [ ] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f > = > baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 > > The SVN candidate source is found at tags/2.4.59-rc1-candidate. > >>> >>> -- >>> Cheers >>> >>> Jean-Frederic >>> > > -- > Cheers > > Jean-Frederic >
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
On 4/4/24 13:59, SteffenAL wrote: Thanks for the hint. Yep, needed an extra include. Not using cmake. mod_http2 shows still version 2.0.22 (h2_version.h). Should it be 2.0.26 ? or better 2.0.27? ;-) We picked the fixes but not version... Steffen On Thursday 04/04/2024 at 13:25, jean-frederic clere wrote: On 4/4/24 12:49, Steffen Land wrote: -1 Get an error: Error C2065 'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fs C:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c 1599 I didn't see any problem while building on windows (using cmake and VS19). +++ Mode LastWriteTime Length Name - -- -a 4/3/2024 7:56 AM 101376 mod_dav.so -a 4/3/2024 7:56 AM 51200 mod_dav_fs.so -a 4/3/2024 7:56 AM 23552 mod_dav_lock.so +++ DAV_WALKTYPE_TOLERANT is in ./modules/dav/main/mod_dav.h line 1826 Steffen On 2024/04/03 12:26:09 Eric Covener wrote: Hi all, (After only minor embarrassment of patching tags/2.4.55 instead of 2.4.x...) Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a SHORTENED VOTE to release this candidate tarball httpd-2.4.59-rc1 as 2.4.59: [ ] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f = baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 The SVN candidate source is found at tags/2.4.59-rc1-candidate. -- Cheers Jean-Frederic -- Cheers Jean-Frederic
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
+1: macOS 14.4.1/Xcode 15.3, CentOS8, Ubuntu 18.04LTS, 20.04LTS, 22.04LTS > On Apr 3, 2024, at 8:26 AM, Eric Covener wrote: > > Hi all, > > (After only minor embarrassment of patching tags/2.4.55 instead of 2.4.x...) > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a SHORTENED VOTE to release > this candidate tarball httpd-2.4.59-rc1 as 2.4.59: > [ ] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f > = > baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 > > The SVN candidate source is found at tags/2.4.59-rc1-candidate.
Re: mod_systemd: refactor to get rid of libsystemd dependency?
+1 > On Apr 4, 2024, at 5:43 AM, Ruediger Pluem wrote: > > > > On 4/3/24 4:32 PM, Joe Orton wrote: >> On Tue, Apr 02, 2024 at 12:25:40PM +0200, Rainer Jung wrote: >>> Hi there, >>> >>> in the light of the recent xz attack I was wondering, whether we should also >>> reduce our library dependencies by no longer using sd_notify() in >>> mod_systemd (thus loading libsystemd and all of its dependencies), but >>> instead taking the approach to hard code sd_notify functionality. >>> >>> I guess the Linux distributors who patched sshd to use libsystemd for >>> notification are on their way to do the same for their sshd patches, so we >>> might soon get an idea how to do that properly. >>> >>> This is not meant to become part of out next release (this week), but >>> hopefully we can manage to code it for the next one. >>> >>> WDYT: does this make sense? >> >> The trunk mod_systemd has got slightly wider library use than just >> sd_notify - so it is not quite that simple. If there was an alternative >> minimal library implementing the sd_* API parts required, that would >> definitely make sense. I'm not sure that reimplementing them all from >> scratch makes sense (especially multiplied by N projects doing this). >> > > +1 > >> It looks like systemd folks have also changed the library implementation >> to dlopen() the various dependant libraries on demand now rather than >> directly linking to them, which removes the specific attack vector used >> here IIUC. > +1. Unless the systemd folks show that they are unwilling to address issues > I would stay with libsystemd. > > Regards > > Rüdiger
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
On Thu, Apr 4, 2024 at 8:12 AM Eric Covener wrote: Proceeding with release now, thanks everyone for testing. > FYI I plan to call this in about an hour with the following binding +1: > covener, icing, jorton, thumbs, gbechis, jfclere, ylavic, minfrin -- Eric Covener cove...@gmail.com
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
FYI I plan to call this in about an hour with the following binding +1: covener, icing, jorton, thumbs, gbechis, jfclere, ylavic, minfrin -- Eric Covener cove...@gmail.com
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
Thanks for the hint. Yep, needed an extra include. Not using cmake. mod_http2 shows still version 2.0.22 (h2_version.h). Should it be 2.0.26 ? Steffen On Thursday 04/04/2024 at 13:25, jean-frederic clere wrote: On 4/4/24 12:49, Steffen Land wrote: -1 Get an error: Error C2065 'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fs C:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c 1599 I didn't see any problem while building on windows (using cmake and VS19). +++ ModeLastWriteTime Length Name - -- -a 4/3/2024 7:56 AM 101376 mod_dav.so -a 4/3/2024 7:56 AM 51200 mod_dav_fs.so -a 4/3/2024 7:56 AM 23552 mod_dav_lock.so +++ DAV_WALKTYPE_TOLERANT is in ./modules/dav/main/mod_dav.h line 1826 Steffen On 2024/04/03 12:26:09 Eric Covener wrote: Hi all, (After only minor embarrassment of patching tags/2.4.55 instead of 2.4.x...) Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a SHORTENED VOTE to release this candidate tarball httpd-2.4.59-rc1 as 2.4.59: [ ] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f = baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 The SVN candidate source is found at tags/2.4.59-rc1-candidate. -- Cheers Jean-Frederic
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
On 4/4/24 12:49, Steffen Land wrote: -1 Get an error: Error C2065 'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fs C:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c 1599 I didn't see any problem while building on windows (using cmake and VS19). +++ ModeLastWriteTime Length Name - -- -a 4/3/2024 7:56 AM 101376 mod_dav.so -a 4/3/2024 7:56 AM 51200 mod_dav_fs.so -a 4/3/2024 7:56 AM 23552 mod_dav_lock.so +++ DAV_WALKTYPE_TOLERANT is in ./modules/dav/main/mod_dav.h line 1826 Steffen On 2024/04/03 12:26:09 Eric Covener wrote: Hi all, (After only minor embarrassment of patching tags/2.4.55 instead of 2.4.x...) Please find below the proposed release tarball and signatures: https://dist.apache.org/repos/dist/dev/httpd/ I would like to call a SHORTENED VOTE to release this candidate tarball httpd-2.4.59-rc1 as 2.4.59: [ ] +1: It's not just good, it's good enough! [ ] +0: Let's have a talk. [ ] -1: There's trouble in paradise. Here's what's wrong. The computed digests of the tarball up for vote are: = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f = baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 The SVN candidate source is found at tags/2.4.59-rc1-candidate. -- Cheers Jean-Frederic
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
On Thu, Apr 4, 2024 at 12:52 PM Steffen Land wrote: > > -1 > Get an error: > > Error C2065 'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fs > C:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c 1599 Are you compiling with an old "mod_dav.h" somewhere in the -I[nclude] path? Because DAV_WALKTYPE_TOLERANT is well defined in the new "mod_dav.h" (of 2.4.59) which is also correctly #include'd in "modules\dav\fs\repos.c".. Regards; Yann.
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
Are you sure that you did not use outdated headers somehow? DAV_WALKTYPE_TOLERANT is defined in modules/dav/main/mod_dav.h Regards Rüdiger On 4/4/24 12:49 PM, Steffen Land wrote: > -1 > Get an error: > > Error C2065 'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fs > C:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c 1599 > > Steffen > > On 2024/04/03 12:26:09 Eric Covener wrote: >> Hi all, >> >> (After only minor embarrassment of patching tags/2.4.55 instead of 2.4.x...) >> >> Please find below the proposed release tarball and signatures: >> >> https://dist.apache.org/repos/dist/dev/httpd/ >> >> I would like to call a SHORTENED VOTE to release >> this candidate tarball httpd-2.4.59-rc1 as 2.4.59: >> [ ] +1: It's not just good, it's good enough! >> [ ] +0: Let's have a talk. >> [ ] -1: There's trouble in paradise. Here's what's wrong. >> >> The computed digests of the tarball up for vote are: >> = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f >> = >> baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 >> >> The SVN candidate source is found at tags/2.4.59-rc1-candidate. >> >
Re: [VOTE] Release httpd-2.4.59-rc1 as httpd-2.4.59
-1 Get an error: Error C2065 'DAV_WALKTYPE_TOLERANT': undeclared identifier mod_dav_fs C:\VS17\Win32\httpd-2.4\modules\dav\fs\repos.c 1599 Steffen On 2024/04/03 12:26:09 Eric Covener wrote: > Hi all, > > (After only minor embarrassment of patching tags/2.4.55 instead of 2.4.x...) > > Please find below the proposed release tarball and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > I would like to call a SHORTENED VOTE to release > this candidate tarball httpd-2.4.59-rc1 as 2.4.59: > [ ] +1: It's not just good, it's good enough! > [ ] +0: Let's have a talk. > [ ] -1: There's trouble in paradise. Here's what's wrong. > > The computed digests of the tarball up for vote are: > = e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f > = > baa96a7c9bba48f758ca9b3e3d63f0c65db960653618109d4d7bcbf3d4776d1d51453beb65e5af57655f0b1cfb88913842bc3a117fe7acc754ddb43d4524bc82 > > The SVN candidate source is found at tags/2.4.59-rc1-candidate. >
Re: mod_systemd: refactor to get rid of libsystemd dependency?
On 4/3/24 4:32 PM, Joe Orton wrote: > On Tue, Apr 02, 2024 at 12:25:40PM +0200, Rainer Jung wrote: >> Hi there, >> >> in the light of the recent xz attack I was wondering, whether we should also >> reduce our library dependencies by no longer using sd_notify() in >> mod_systemd (thus loading libsystemd and all of its dependencies), but >> instead taking the approach to hard code sd_notify functionality. >> >> I guess the Linux distributors who patched sshd to use libsystemd for >> notification are on their way to do the same for their sshd patches, so we >> might soon get an idea how to do that properly. >> >> This is not meant to become part of out next release (this week), but >> hopefully we can manage to code it for the next one. >> >> WDYT: does this make sense? > > The trunk mod_systemd has got slightly wider library use than just > sd_notify - so it is not quite that simple. If there was an alternative > minimal library implementing the sd_* API parts required, that would > definitely make sense. I'm not sure that reimplementing them all from > scratch makes sense (especially multiplied by N projects doing this). > +1 > It looks like systemd folks have also changed the library implementation > to dlopen() the various dependant libraries on demand now rather than > directly linking to them, which removes the specific attack vector used > here IIUC. +1. Unless the systemd folks show that they are unwilling to address issues I would stay with libsystemd. Regards Rüdiger
