Mailing List Archive

[VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55
Hi all,

Please find below the proposed release tarball and signatures:

https://dist.apache.org/repos/dist/dev/httpd/

I would like to call a VOTE over the next few days to release
this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
[ ] +1: It's not just good, it's good enough!
[ ] +0: Let's have a talk.
[ ] -1: There's trouble in paradise. Here's what's wrong.

The computed digests of the tarball up for vote are:
sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
*httpd-2.4.55-rc1.tar.gz
sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
*httpd-2.4.55-rc1.tar.gz

The SVN candidate source is found at tags/2.4.55-rc1-candidate.

--
Eric Covener
covener@gmail.com
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Tue, Jan 10, 2023 at 8:40 AM Eric Covener <covener@apache.org> wrote:
>
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [x] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.

+1 AIX/xlc/ppc64 with just some familiar failures below.

Test Summary Report
-------------------
t/ab/base.t (Wstat: 0 Tests: 5 Failed: 4)
Failed tests: 1-4 (libpath stuff)
t/security/CVE-2009-3555.t (Wstat: 2048 Tests: 0 Failed: 0)
Non-zero exit status: 8 (perl SSLEAY stuff)
Parse errors: Bad plan. You planned 4 tests but ran 0.
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Tue, Jan 10, 2023 at 08:40:52AM -0500, Eric Covener wrote:
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [X] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> *httpd-2.4.55-rc1.tar.gz
> sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> *httpd-2.4.55-rc1.tar.gz

+1 for release, thank you for RMing!

Test suite passes on RHEL 8 and 9 (x86_64).

Regards, Joe
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Tue, Jan 10, 2023 at 08:40:52AM -0500, Eric Covener wrote:
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [ ] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> *httpd-2.4.55-rc1.tar.gz
> sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> *httpd-2.4.55-rc1.tar.gz
>
> The SVN candidate source is found at tags/2.4.55-rc1-candidate.
>
on Fedora 37 (gcc 12.2.1 or clang 15.0.6) build fails with:
-------------------------------------------------------------------------------------------------------------------------------------
/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -std=c89 -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wpointer-arith -Wformat -Wformat-security -Wunused -DLINUX -D_REENTRANT -D_GNU_SOURCE -DAP_DEBUG \
-I. -I [...]/httpd/httpd-2.4/modules/mappers -prefer-non-pic -static -c ab.c && touch ab.lo
ab.c: In function 'ssl_proceed_handshake':
ab.c:769:25: error: 'EVP_PKEY_get1_EC_KEY' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
769 | EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
| ^~~~~~
In file included from /usr/include/openssl/x509.h:29,
from ab.c:171:
/usr/include/openssl/evp.h:1374:19: note: declared here
1374 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
| ^~~~~~~~~~~~~~~~~~~~
ab.c:770:25: error: 'EC_KEY_get0_group' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
770 | int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
| ^~~
In file included from /usr/include/openssl/x509.h:33:
/usr/include/openssl/ec.h:1034:39: note: declared here
1034 | OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
| ^~~~~~~~~~~~~~~~~
ab.c:771:25: error: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
771 | EC_KEY_free(ec);
| ^~~~~~~~~~~
/usr/include/openssl/ec.h:1003:28: note: declared here
1003 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
| ^~~~~~~~~~~
ab.c: In function 'start_connect':
ab.c:1431:13: error: 'BIO_set_callback' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
1431 | BIO_set_callback(bio, ssl_print_cb);
| ^~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/asn1.h:27,
from /usr/include/openssl/rsa.h:21,
from ab.c:169:
/usr/include/openssl/bio.h:279:28: note: declared here
279 | OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback);
| ^~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
-------------------------------------------------------------------------------------------------------------------------------------

Is this considered a blocker ?
This can be workarounded by building with different "-Werror" options.
Giovanni
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Tue, Jan 10, 2023 at 10:17 AM Giovanni Bechis <giovanni@paclan.it> wrote:
>
> On Tue, Jan 10, 2023 at 08:40:52AM -0500, Eric Covener wrote:
> > Hi all,
> >
> > Please find below the proposed release tarball and signatures:
> >
> > https://dist.apache.org/repos/dist/dev/httpd/
> >
> > I would like to call a VOTE over the next few days to release
> > this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> > [ ] +1: It's not just good, it's good enough!
> > [ ] +0: Let's have a talk.
> > [ ] -1: There's trouble in paradise. Here's what's wrong.
> >
> > The computed digests of the tarball up for vote are:
> > sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> > *httpd-2.4.55-rc1.tar.gz
> > sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> > *httpd-2.4.55-rc1.tar.gz
> >
> > The SVN candidate source is found at tags/2.4.55-rc1-candidate.
> >
> on Fedora 37 (gcc 12.2.1 or clang 15.0.6) build fails with:
> -------------------------------------------------------------------------------------------------------------------------------------
> /usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -std=c89 -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wpointer-arith -Wformat -Wformat-security -Wunused -DLINUX -D_REENTRANT -D_GNU_SOURCE -DAP_DEBUG \
> -I. -I [...]/httpd/httpd-2.4/modules/mappers -prefer-non-pic -static -c ab.c && touch ab.lo
> ab.c: In function 'ssl_proceed_handshake':
> ab.c:769:25: error: 'EVP_PKEY_get1_EC_KEY' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
> 769 | EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
> | ^~~~~~
> In file included from /usr/include/openssl/x509.h:29,
> from ab.c:171:
> /usr/include/openssl/evp.h:1374:19: note: declared here
> 1374 | struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
> | ^~~~~~~~~~~~~~~~~~~~
> ab.c:770:25: error: 'EC_KEY_get0_group' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
> 770 | int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
> | ^~~
> In file included from /usr/include/openssl/x509.h:33:
> /usr/include/openssl/ec.h:1034:39: note: declared here
> 1034 | OSSL_DEPRECATEDIN_3_0 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
> | ^~~~~~~~~~~~~~~~~
> ab.c:771:25: error: 'EC_KEY_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
> 771 | EC_KEY_free(ec);
> | ^~~~~~~~~~~
> /usr/include/openssl/ec.h:1003:28: note: declared here
> 1003 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
> | ^~~~~~~~~~~
> ab.c: In function 'start_connect':
> ab.c:1431:13: error: 'BIO_set_callback' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
> 1431 | BIO_set_callback(bio, ssl_print_cb);
> | ^~~~~~~~~~~~~~~~
> In file included from /usr/include/openssl/asn1.h:27,
> from /usr/include/openssl/rsa.h:21,
> from ab.c:169:
> /usr/include/openssl/bio.h:279:28: note: declared here
> 279 | OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback);
> | ^~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
> -------------------------------------------------------------------------------------------------------------------------------------
>
> Is this considered a blocker ?
> This can be workarounded by building with different "-Werror" options.
> Giovanni

I think it's a known issue in ab.c and openssl 3.0
I think no regression, no veto -- but everyones vote (beyond veto) is
their own. AFAIK it has been there since 3.0 toleration was added.

I was going to send an email on this one, reminded by the recent
Actions CI activity. I think we could drop the -wno-error-deprecated
from CI if ab.c was either fixed or maybe had something in its build
to set this itself. That way deprecated stuff sneaking in elsewhere
would not be supresed in maintainer mode.

--
Eric Covener
covener@gmail.com
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Tue, Jan 10, 2023 at 10:21:55AM -0500, Eric Covener wrote:
> On Tue, Jan 10, 2023 at 10:17 AM Giovanni Bechis <giovanni@paclan.it> wrote:
...
> > In file included from /usr/include/openssl/asn1.h:27,
> > from /usr/include/openssl/rsa.h:21,
> > from ab.c:169:
> > /usr/include/openssl/bio.h:279:28: note: declared here
> > 279 | OSSL_DEPRECATEDIN_3_0 void BIO_set_callback(BIO *b, BIO_callback_fn callback);
> > | ^~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
> > -------------------------------------------------------------------------------------------------------------------------------------
> >
> > Is this considered a blocker ?
> > This can be workarounded by building with different "-Werror" options.
> > Giovanni
>
> I think it's a known issue in ab.c and openssl 3.0
> I think no regression, no veto -- but everyones vote (beyond veto) is
> their own. AFAIK it has been there since 3.0 toleration was added.

Yup - there are many more deprecation warnings in mod_ssl itself too
when building against OpenSSL 3.x. Some of them are worthwhile fixing
but IIRC some looked quite involved to fix.

> I was going to send an email on this one, reminded by the recent
> Actions CI activity. I think we could drop the -wno-error-deprecated
> from CI if ab.c was either fixed or maybe had something in its build
> to set this itself. That way deprecated stuff sneaking in elsewhere
> would not be supresed in maintainer mode.

Adding -Wno-deprecated-declarations or -Wno-error-etc is probably a good
idea for all OpenSSL 3 builds, yeah.

Regards, Joe
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
So far ok.

Made build available for the Windows Community for testing
at https://www.apachelounge.com/viewtopic.php?p=41617

Little thing noticed:

in changes mod_http2 v 2.0.10 , but log says 2.0.11.

http2-status not working anymore:
<Location /xxxx>

SetHandler http2-status
Require all granted
</Location>

Steffen



On Tuesday 10/01/2023 at 14:41, Eric Covener wrote:
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [ ] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256:
> 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> *httpd-2.4.55-rc1.tar.gz
> sha512:
> ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> *httpd-2.4.55-rc1.tar.gz
>
> The SVN candidate source is found at tags/2.4.55-rc1-candidate.
>
> --
> Eric Covener
> covener@gmail.com
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
Le 10/01/2023 à 14:40, Eric Covener a écrit :
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [ ] +1: It's not just good, it's good enough!
> [X] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> *httpd-2.4.55-rc1.tar.gz
> sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> *httpd-2.4.55-rc1.tar.gz
>
> The SVN candidate source is found at tags/2.4.55-rc1-candidate.
>

+0


Tested only with event.

All good, as usual with the perl framework


1 issue with pytest:
test/modules/http2/test_600_h2proxy.py .....F....
(details at the end of the mail)

Don't know if expected or not. Some pytest commits are only in trunk and
have not been backported to 2.4.x. I don't know if it is linked to this
failing test.

Most of mod_md tests skippep (likely something missing in my conf)
Nearly all mod_tls in error (likely something missing in my conf)

I won't have time to investigate further, but only the failure in
test_600_h2proxy looks odd to me.
So I just report it and vote +0.



Tested with:
Linux pop-os 6.0.6
gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
libssl-dev 3.0.2
libbrotli-dev 1.0.9
libjansson-dev 2.13.1
libnghttp2-dev 1.43.0
libpcre2-dev 10.39
liblua5.3-dev 5.3.6
libsystemd-dev 249.11
libldap-dev 2.5.13+dfsg
libldap2-dev 2.5.13+dfsg
libxml2-dev 2.9.13+dfsg
libcurl4-openssl-dev 7.81.0



__________________________________________________________
TestH2Proxy.test_h2_600_05[on]
___________________________________________________________

self = <http2.test_600_h2proxy.TestH2Proxy object at 0x7f399ed99e70>,
env = <http2.env.H2TestEnv object at 0x7f399e913df0>, enable_reuse = 'on'

@pytest.mark.parametrize("enable_reuse", [ "on", "off" ])
def test_h2_600_05(self, env, enable_reuse):
conf = H2Conf(env, extras={
f'cgi.{env.http_tld}': [
f"ProxyPassMatch ^/h2proxy/([0-9]+)/(.*)$ "
f" h2c://127.0.0.1:$1/$2 enablereuse={enable_reuse}
keepalive=on",
]
})
conf.add_vhost_cgi()
conf.add([
f'Listen {env.http_port2}',
'UseCanonicalName On',
'UseCanonicalPhysicalPort On'
])
conf.start_vhost(domains=[f'cgi.{env.http_tld}'],
port=5004, doc_root="htdocs/cgi")
conf.add("AddHandler cgi-script .py")
conf.end_vhost()
conf.install()
assert env.apache_restart() == 0
url = env.mkurl("https", "cgi",
f"/h2proxy/{env.http_port}/hello.py")
r = env.curl_get(url, 5)
assert r.response["status"] == 200
assert int(r.json["port"]) == env.http_port
# going to another backend port must create a new connection and
# we should see stream id one again
url = env.mkurl("https", "cgi",
f"/h2proxy/{env.http_port2}/hello.py")
r = env.curl_get(url, 5)
assert r.response["status"] == 200
exp_port = env.http_port if enable_reuse == "on" else
env.http_port2
> assert int(r.json["port"]) == exp_port
E AssertionError: assert 5004 == 5002
E + where 5004 = int('5004')
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
I am +1 on my macOS testing of the candidate.


Addressing the findings from Christophe:

> Am 10.01.2023 um 22:39 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
>
> Le 10/01/2023 à 14:40, Eric Covener a écrit :
>> Hi all,
>> Please find below the proposed release tarball and signatures:
>> https://dist.apache.org/repos/dist/dev/httpd/
>> I would like to call a VOTE over the next few days to release
>> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
>> [ ] +1: It's not just good, it's good enough!
>> [X] +0: Let's have a talk.
>> [ ] -1: There's trouble in paradise. Here's what's wrong.
>> The computed digests of the tarball up for vote are:
>> sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
>> *httpd-2.4.55-rc1.tar.gz
>> sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
>> *httpd-2.4.55-rc1.tar.gz
>> The SVN candidate source is found at tags/2.4.55-rc1-candidate.
>
> +0
>
>
> Tested only with event.
>
> All good, as usual with the perl framework
>
>
> 1 issue with pytest:
> test/modules/http2/test_600_h2proxy.py .....F....
> (details at the end of the mail)
>
> Don't know if expected or not. Some pytest commits are only in trunk and have not been backported to 2.4.x. I don't know if it is linked to this failing test.

This one works on my machine(tm). Odd indeed. This tries to verify proxy behaviour in regard to "enable_reuse" and var substitution in the urls authority. See <https://github.com/icing/mod_h2/issues/235>, discussed further in <https://lists.apache.org/thread/tlzfbvopg5k61nz8mhjq518oowkmm43f>.

The test has a flexible proxypass using a part of the path to construct the backend url. Accessing first one path and then the other creates backend urls with different port numbers. Those backend resources produce a JSON response carrying the port number used.

With "enable_reuse=on" the test expects the backend connection from the first request to be reused on the second, therefore producing a JSON that carries to first port number and not the second.

> Most of mod_md tests skippep (likely something missing in my conf)
There are test cases in mod_md that work with the a2md executable, not build via httpd. Maybe I should just remove them to avoid this confusion. The other skipped test cases are related to the ACME test server one has. The default one (pebble) has no OCSP support and skips therefore those tests.


> Nearly all mod_tls in error (likely something missing in my conf)

Not here. Do you have any more information on those failures?

> I won't have time to investigate further, but only the failure in test_600_h2proxy looks odd to me.
> So I just report it and vote +0.
>
>
>
> Tested with:
> Linux pop-os 6.0.6
> gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0
> OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
> libssl-dev 3.0.2
> libbrotli-dev 1.0.9
> libjansson-dev 2.13.1
> libnghttp2-dev 1.43.0
> libpcre2-dev 10.39
> liblua5.3-dev 5.3.6
> libsystemd-dev 249.11
> libldap-dev 2.5.13+dfsg
> libldap2-dev 2.5.13+dfsg
> libxml2-dev 2.9.13+dfsg
> libcurl4-openssl-dev 7.81.0
>
>
>
> __________________________________________________________ TestH2Proxy.test_h2_600_05[on] ___________________________________________________________
>
> self = <http2.test_600_h2proxy.TestH2Proxy object at 0x7f399ed99e70>, env = <http2.env.H2TestEnv object at 0x7f399e913df0>, enable_reuse = 'on'
>
> @pytest.mark.parametrize("enable_reuse", [ "on", "off" ])
> def test_h2_600_05(self, env, enable_reuse):
> conf = H2Conf(env, extras={
> f'cgi.{env.http_tld}': [
> f"ProxyPassMatch ^/h2proxy/([0-9]+)/(.*)$ "
> f" h2c://127.0.0.1:$1/$2 enablereuse={enable_reuse} keepalive=on",
> ]
> })
> conf.add_vhost_cgi()
> conf.add([
> f'Listen {env.http_port2}',
> 'UseCanonicalName On',
> 'UseCanonicalPhysicalPort On'
> ])
> conf.start_vhost(domains=[f'cgi.{env.http_tld}'],
> port=5004, doc_root="htdocs/cgi")
> conf.add("AddHandler cgi-script .py")
> conf.end_vhost()
> conf.install()
> assert env.apache_restart() == 0
> url = env.mkurl("https", "cgi", f"/h2proxy/{env.http_port}/hello.py")
> r = env.curl_get(url, 5)
> assert r.response["status"] == 200
> assert int(r.json["port"]) == env.http_port
> # going to another backend port must create a new connection and
> # we should see stream id one again
> url = env.mkurl("https", "cgi", f"/h2proxy/{env.http_port2}/hello.py")
> r = env.curl_get(url, 5)
> assert r.response["status"] == 200
> exp_port = env.http_port if enable_reuse == "on" else env.http_port2
> > assert int(r.json["port"]) == exp_port
> E AssertionError: assert 5004 == 5002
> E + where 5004 = int('5004')
>
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Wed, Jan 11, 2023 at 10:10 AM Stefan Eissing via dev
<dev@httpd.apache.org> wrote:
>
> > Am 10.01.2023 um 22:39 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
> >
> > 1 issue with pytest:
> > test/modules/http2/test_600_h2proxy.py .....F....
> > (details at the end of the mail)
> >
> > Don't know if expected or not. Some pytest commits are only in trunk and have not been backported to 2.4.x. I don't know if it is linked to this failing test.
>
> This one works on my machine(tm). Odd indeed. This tries to verify proxy behaviour in regard to "enable_reuse" and var substitution in the urls authority. See <https://github.com/icing/mod_h2/issues/235>, discussed further in <https://lists.apache.org/thread/tlzfbvopg5k61nz8mhjq518oowkmm43f>.
>
> The test has a flexible proxypass using a part of the path to construct the backend url. Accessing first one path and then the other creates backend urls with different port numbers. Those backend resources produce a JSON response carrying the port number used.
>
> With "enable_reuse=on" the test expects the backend connection from the first request to be reused on the second, therefore producing a JSON that carries to first port number and not the second.

Does curl reuse the same connection (keepalive) for the two requests?
Otherwise I think we need "ServerLimit 1" or something for the test to
be reliable, because the two requests could be handled by two
different child processes due to TCP queuing/scheduling (and the
backend connection would not be reused obviously).
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Tue, Jan 10, 2023 at 2:41 PM Eric Covener <covener@apache.org> wrote:
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:

+1 on Debian 11 & 12, thanks Eric for RMing.

Regards;
Yann.
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On Wed, Jan 11, 2023 at 9:51 AM Yann Ylavic <ylavic.dev@gmail.com> wrote:
>
> On Wed, Jan 11, 2023 at 10:10 AM Stefan Eissing via dev
> <dev@httpd.apache.org> wrote:
> >
> > > Am 10.01.2023 um 22:39 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
> > >
> > > 1 issue with pytest:
> > > test/modules/http2/test_600_h2proxy.py .....F....
> > > (details at the end of the mail)
> > >
> > > Don't know if expected or not. Some pytest commits are only in trunk and have not been backported to 2.4.x. I don't know if it is linked to this failing test.
> >
> > This one works on my machine(tm). Odd indeed. This tries to verify proxy behaviour in regard to "enable_reuse" and var substitution in the urls authority. See <https://github.com/icing/mod_h2/issues/235>, discussed further in <https://lists.apache.org/thread/tlzfbvopg5k61nz8mhjq518oowkmm43f>.
> >
> > The test has a flexible proxypass using a part of the path to construct the backend url. Accessing first one path and then the other creates backend urls with different port numbers. Those backend resources produce a JSON response carrying the port number used.
> >
> > With "enable_reuse=on" the test expects the backend connection from the first request to be reused on the second, therefore producing a JSON that carries to first port number and not the second.
>
> Does curl reuse the same connection (keepalive) for the two requests?
> Otherwise I think we need "ServerLimit 1" or something for the test to
> be reliable, because the two requests could be handled by two
> different child processes due to TCP queuing/scheduling (and the
> backend connection would not be reused obviously).

Looks like no as they are two one-shot curl executable calls, but
from grepping around the framework does have the easy ability to
append to the config and restart for a test.

--
Eric Covener
covener@gmail.com
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
> Am 11.01.2023 um 15:50 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
>
> On Wed, Jan 11, 2023 at 10:10 AM Stefan Eissing via dev
> <dev@httpd.apache.org> wrote:
>>
>>> Am 10.01.2023 um 22:39 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
>>>
>>> 1 issue with pytest:
>>> test/modules/http2/test_600_h2proxy.py .....F....
>>> (details at the end of the mail)
>>>
>>> Don't know if expected or not. Some pytest commits are only in trunk and have not been backported to 2.4.x. I don't know if it is linked to this failing test.
>>
>> This one works on my machine(tm). Odd indeed. This tries to verify proxy behaviour in regard to "enable_reuse" and var substitution in the urls authority. See <https://github.com/icing/mod_h2/issues/235>, discussed further in <https://lists.apache.org/thread/tlzfbvopg5k61nz8mhjq518oowkmm43f>.
>>
>> The test has a flexible proxypass using a part of the path to construct the backend url. Accessing first one path and then the other creates backend urls with different port numbers. Those backend resources produce a JSON response carrying the port number used.
>>
>> With "enable_reuse=on" the test expects the backend connection from the first request to be reused on the second, therefore producing a JSON that carries to first port number and not the second.
>
> Does curl reuse the same connection (keepalive) for the two requests?
> Otherwise I think we need "ServerLimit 1" or something for the test to
> be reliable, because the two requests could be handled by two
> different child processes due to TCP queuing/scheduling (and the
> backend connection would not be reused obviously).

Good point. We could limit the server count in this test to avoid contacting the "other" instance.

For the vote: I see no impact here. Code is behaving as it should, the test is not reliable.

Cheers,
Stefan
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
On 1/10/23 14:40, Eric Covener wrote:
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55
+1 for release
looks fine on OpenBSD 7.2 and CentOS8-Stream (x86_64),
thank you for RMing.
Giovanni
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
> On Jan 10, 2023, at 8:40 AM, Eric Covener <covener@apache.org> wrote:
>
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [X] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>

+1!

Tested:

macOS 12.6.2 / Xcode 14.2
Ubuntu 20.04LTS
CentOS 7

Thanks for RMing.

Cheers!
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
Le 11/01/2023 à 10:05, Stefan Eissing via dev a écrit :
>> Nearly all mod_tls in error (likely something missing in my conf)
>
> Not here. Do you have any more information on those failures?
>

Still don't have time to spend some minutes on it, but:
configure:35461: checking whether to enable mod_tls
configure:35521: result: checking dependencies
configure:35526: checking for rustls
configure:35538: checking for user-provided rustls base directory
configure:35552: result: none

looks a good starting point for: (likely something missing in my conf*)

CJ

(* conf being whatever from *.conf, --configure, apt install
<something>, ...)
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
Not a showstopper, but: srclib/apr/configure was again generated with
autoconf 2.70+ (2.71). This triggers a bug which is fixed in APR 1.7.x
head, but the fix has not been released as there was not APR release vor
almost 4 years now.

Since the bundled APR/APU are not actually part of the release, for me
this is not a show stopper. I just wanted to note the defect in case
others are wondering, why the bundled APR can not be build using configure.

Technical details:

configure: error: could not determine the string function for int64_t

It comes from defining some things once in conftest.c and again in the
included confdefs.h.

Some pointers:

https://github.com/apache/apr/pull/25
https://github.com/apache/apr/commit/a15958a37a06f71c42c690278f9c958b93b7ee20
https://github.com/apache/apr/commit/e0197912a5438b3836ce2e76371f01e289d82931

https://www.mail-archive.com/bug-autoconf@gnu.org/msg04695.html

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=97998

Best regards,

Rainer

Am 10.01.23 um 14:40 schrieb Eric Covener:
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [ ] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> *httpd-2.4.55-rc1.tar.gz
> sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> *httpd-2.4.55-rc1.tar.gz
>
> The SVN candidate source is found at tags/2.4.55-rc1-candidate.
Re: [VOTE] Release httpd-2.4.55-rc1 as httpd-2.4.55 [ In reply to ]
Vote, passes w/ 6 binding +1 and no -1:

+1 covener, jorton, icing, ylavic, jim, gbechis

I will continue the release process tomorrow.

On Tue, Jan 10, 2023 at 8:40 AM Eric Covener <covener@apache.org> wrote:
>
> Hi all,
>
> Please find below the proposed release tarball and signatures:
>
> https://dist.apache.org/repos/dist/dev/httpd/
>
> I would like to call a VOTE over the next few days to release
> this candidate tarball httpd-2.4.55-rc1 as 2.4.55:
> [ ] +1: It's not just good, it's good enough!
> [ ] +0: Let's have a talk.
> [ ] -1: There's trouble in paradise. Here's what's wrong.
>
> The computed digests of the tarball up for vote are:
> sha256: 5276ea8bc6fff31eed5c82132ae51a0b2ee05f9e6b61a00fa877f6cadab3b638
> *httpd-2.4.55-rc1.tar.gz
> sha512: ca0d03b5e74078977378fe711ca3ed8cf63c109b7dbe73f2c43f7f30f7e522bbe46f93189a183b7675394d57fffb0c2526facd8d40508be984a7a8f64d18f8d6
> *httpd-2.4.55-rc1.tar.gz
>
> The SVN candidate source is found at tags/2.4.55-rc1-candidate.
>
> --
> Eric Covener
> covener@gmail.com



--
Eric Covener
covener@gmail.com