Apache2 modules version compatibility

[Benoît Desmeules <bd...@eurekium.com>]

Hi there

Last week, I sent this email to users@httpd.apache.org but I didn't get any 
response. I may have addressed to the wrong mailing list. I hope that you 
guys can help me out.


The product I'm working on at my company uses a web module as input, and, 
of course, we have modules for Apache1 and Apache2 and both works very fine.

However, today, I just upgraded my machine to 2.0.39 and noticed that my 
old module does not work. I had to recompile the module (I got a message 
"module msip_apr2.cpp is not compatible with this version of Apache. Please 
contact the vendor for the correct version.").

Up to now, it's ok. I thought I'd have to recompile the module and then it 
would work for any previous version of Aapche2. However, it's not the case. 
When the module was recompiled with Apache 2.0.39, I could not make it run 
on a 2.0.35 server (same error message as previous one).

My question is the following: does it always work like that? I mean, having 
to recompile your Apache2 modules when using a new version of Apache2? Is 
it specific to 2.0.39? I know some major security issue was resolved in 
2.0.39. What does someone that needs to deliver a commercial module should 
do? Download all versions of Apache2 and compile his module with all of 
them, having the binaries ready depending on what the client's version of 
Apache2 is? Or force the client to use 2.0.39 since it has a big security 
fix? What if the client refuses (remember, the client usually does not take 
the decision you expect him to take :P)?

Here's some info about our development environment :
M$ Windows 2000 Service Pack 2
Visual Studio 6 Service Pack 5

If you need more info to answer my question, please ask. I really need some 
feedback on this.

	Thanks in advance

		Ben

Re: Apache2 modules version compatibility

[Benoît Desmeules <bd...@eurekium.com>]

Hey Cliff

Thanks again for your quick response.
I wanted to ask you (and the community) a few other quick questions.

Is it possible that 2.0.35 and 2.0.36 are compatible in terms of 
dynamically loadable modules? I've compiled my module with both and both 
modules can be loaded on both versions. Would it be safer to distribute 
distinct module version for those two versions?

Is there a way in the httpd.conf file to check for server version before 
loading a module? Haven't found anything like it in the directives...

         Ben



At 12:04 7/15/2002 -0400, Cliff Woolley wrote:
>On Mon, 15 Jul 2002, [iso-8859-1] Benoît Desmeules wrote:
>
> > My question is the following: does it always work like that? I mean, having
> > to recompile your Apache2 modules when using a new version of Apache2? Is
> > it specific to 2.0.39? I know some major security issue was resolved in
> > 2.0.39. What does someone that needs to deliver a commercial module should
> > do? Download all versions of Apache2 and compile his module with all of
> > them, having the binaries ready depending on what the client's version of
> > Apache2 is? Or force the client to use 2.0.39 since it has a big security
> > fix? What if the client refuses (remember, the client usually does not take
> > the decision you expect him to take :P)?
>
>The reason for this is that due to API changes between the two versions,
>we were forced to bump the Module Magic Number since modules would not
>necessarily retain binary compatibility with the new API.
>
>Look in ap_mmn.h for the full revision history of the MMN.  Then go look
>at ap_mmn.h from Apache 1.3 ... as you can see, it's common to have MMN
>bumps for the first few sub-revisions, though things tend to settle down
>after that.
>
>In other words, if all you distribute is binaries, then yes, you'll have
>to have separate binaries for 2.0.35, 2.0.36, and 2.0.39.  And another for
>2.0.40 when it comes out, most likely.  Hopefully we'll soon settle the
>API down and *perhaps* 2.0.40 will see the last or next-to-last 2.0.x
>major number bump.  Perhaps.
>
>--Cliff

Re: Apache2 modules version compatibility

[Cliff Woolley <jw...@virginia.edu>]

On Mon, 15 Jul 2002, [iso-8859-1] Beno�t Desmeules wrote:

> My question is the following: does it always work like that? I mean, having
> to recompile your Apache2 modules when using a new version of Apache2? Is
> it specific to 2.0.39? I know some major security issue was resolved in
> 2.0.39. What does someone that needs to deliver a commercial module should
> do? Download all versions of Apache2 and compile his module with all of
> them, having the binaries ready depending on what the client's version of
> Apache2 is? Or force the client to use 2.0.39 since it has a big security
> fix? What if the client refuses (remember, the client usually does not take
> the decision you expect him to take :P)?

The reason for this is that due to API changes between the two versions,
we were forced to bump the Module Magic Number since modules would not
necessarily retain binary compatibility with the new API.

Look in ap_mmn.h for the full revision history of the MMN.  Then go look
at ap_mmn.h from Apache 1.3 ... as you can see, it's common to have MMN
bumps for the first few sub-revisions, though things tend to settle down
after that.

In other words, if all you distribute is binaries, then yes, you'll have
to have separate binaries for 2.0.35, 2.0.36, and 2.0.39.  And another for
2.0.40 when it comes out, most likely.  Hopefully we'll soon settle the
API down and *perhaps* 2.0.40 will see the last or next-to-last 2.0.x
major number bump.  Perhaps.

--Cliff