You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2013/02/01 15:15:46 UTC
Time for 2.4.4
I think it's about time for 2.4.4... just a handful
of proposed backports are still open. I propose we
do a T&R the end of next week with a release the
week after that. I'll be RM.
Comments?
Re: Time for 2.4.4
Posted by Rainer Jung <ra...@kippdata.de>.
On 01.02.2013 16:24, Eric Covener wrote:
>> +1, and thanks for offering to RM :)
>
> +1 on both counts!
+1
Re: Time for 2.4.4
Posted by Eric Covener <co...@gmail.com>.
> +1, and thanks for offering to RM :)
+1 on both counts!
Re: Time for 2.4.4
Posted by Graham Leggett <mi...@sharp.fm>.
On 01 Feb 2013, at 4:15 PM, Jim Jagielski <ji...@jaguNET.com> wrote:
> I think it's about time for 2.4.4... just a handful
> of proposed backports are still open. I propose we
> do a T&R the end of next week with a release the
> week after that. I'll be RM.
>
> Comments?
+1, and thanks for offering to RM :)
Regards,
Graham
--
Re: Time for 2.4.4
Posted by Rainer Jung <ra...@kippdata.de>.
On 16.02.2013 15:50, Jim Jagielski wrote:
> I plan to T&R on Monday (Feb 18) afternoon (eastern time)...
>
> On Feb 1, 2013, at 9:15 AM, Jim Jagielski <ji...@jaguNET.com> wrote:
>
>> I think it's about time for 2.4.4... just a handful
>> of proposed backports are still open. I propose we
>> do a T&R the end of next week with a release the
>> week after that. I'll be RM.
Info: I ran the test suite and got no failures.
Tested configuration:
- current 2.4.4 HEAD with APR/APU 1.4.6/1.5.1
- using shared modules "reallyall"
and --enable-load-all-modules
- tested for prefork, worker and event
- each MPM tested with log level info, debug and trace8
- platform Solaris 10 Sparc 32 Bit build
- Libraries Expat 2.1.0, PCRE 8.32,
OpenSSL 1.0.1e with a few patches,
Lua 5.2.1, LibXML2 2.9.0.
- Tool chain: gcc 4.7.2,
CFLAGS -O2 -g -Wall -fno-strict-aliasing -mpcu=v9
Regards,
Rainer
Re: Time for 2.4.4
Posted by Jim Jagielski <ji...@jaguNET.com>.
I plan to T&R on Monday (Feb 18) afternoon (eastern time)...
On Feb 1, 2013, at 9:15 AM, Jim Jagielski <ji...@jaguNET.com> wrote:
> I think it's about time for 2.4.4... just a handful
> of proposed backports are still open. I propose we
> do a T&R the end of next week with a release the
> week after that. I'll be RM.
>
> Comments?
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 19.02.2013 18:26, Jim Jagielski wrote:
> Hmmm.... I'm not seeing crashes, ...
Concerning the crashes using prefork on Solaris 10. I have a
reproduction scenario, but I need to load lots of modules. But then the
stacks look very similar to the problem described in
http://mail-archives.apache.org/mod_mbox/httpd-dev/200912.mbox/%3C4B16C969.60909@kippdata.de%3E
I start the web server, access one static page, gracefully restart and
access the same page. I do get the response, but the process after that
crashes.
The frame
#2 0x00045b48 in eor_bucket_cleanup (data=<optimized out>) at
eor_bucket.c:37
calls ap_increment_counts() in the scoreboard, and it seems the
pfn_ap_logio_get_last_bytes function pointer points to invalid memory. I
get a variety of crashes, segfault, illegal instruction etc.
It look like again after the restart it uses an old function pointer but
the load order of the modules has changed, so the function pointer
points to an invalid address.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Feb 19, 2013, at 2:08 PM, Rainer Jung <ra...@kippdata.de> wrote:
> On 19.02.2013 18:40, Jim Jagielski wrote:
>> Never mind... this is expected. It's been awhile since I looked
>> at that codepath.
>>
>> FWIW, not seeing crashes on any MPM yet on OSX.
>
> And after a graceful restart with two listeners the old processes (apart
> from the parent) are no longer in the process table?
Nope....
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 19.02.2013 18:40, Jim Jagielski wrote:
> Never mind... this is expected. It's been awhile since I looked
> at that codepath.
>
> FWIW, not seeing crashes on any MPM yet on OSX.
And after a graceful restart with two listeners the old processes (apart
from the parent) are no longer in the process table?
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
Never mind... this is expected. It's been awhile since I looked
at that codepath.
FWIW, not seeing crashes on any MPM yet on OSX.
On Feb 19, 2013, at 12:26 PM, Jim Jagielski <ji...@jagunet.com> wrote:
> Hmmm.... I'm not seeing crashes, but I'm seeing weird output
> from server-status. When I do a graceful, all of a sudden
> there are entries in 'Request' ("OPTIONS * HTTP/1.0") when
> there shouldn't be. This is with Prefork.
>
> Looks like some scoreboard issue...
>
> On Feb 19, 2013, at 12:03 PM, Rainer Jung <ra...@kippdata.de> wrote:
>
>> On 18.02.2013 21:34, Jim Jagielski wrote:
>>> The pre-release test tarballs for Apache httpd 2.4.4 can be found
>>> at the usual place:
>>>
>>> http://httpd.apache.org/dev/dist/
>>>
>>> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
>>> NOTE: The -deps tarballs are included here *only* to make life
>>> easier for the tester. They will not be, and are not, part
>>> of the official release.
>>>
>>> [ ] +1: Good to go
>>> [ ] +0: meh
>>> [ ] -1: Danger Will Robinson. And why.
>>
>> Currently unfortunately -1:
>>
>> I see a graceful restart problem using prefork or worker MPM when
>> configuring two listeners. SSL not needed, just two http ports.
>>
>> It is most easily seen using prefork and activating the server-status:
>> each graceful restarts adds hanging "G" processes, even if there's no
>> load and the only requests are looking at server-status after each
>> graceful restart. Processes hang in the accept mutex. Process table also
>> shows the old hanging processes.
>>
>> With worker the server-status does not show the "G" states, but in the
>> process table one can see some of the old processes not being terminated
>> and hanging in the accept mutex.
>>
>> With event or only one listener I could not yet reproduce.
>>
>> I also see crashes during restarts, but currently no easy reproduction
>> scenario, maybe related. We'll see.
>>
>> Plattform is Solaris 10 Sparc. I would be interested in hearing if
>> anyone else can reproduce. Will try myself on Linux later.
>>
>> Modules loaded (will try to strip it further down):
>>
>> LoadModule authn_anon_module modules/mod_authn_anon.so
>> LoadModule authn_socache_module modules/mod_authn_socache.so
>> LoadModule authn_core_module modules/mod_authn_core.so
>> LoadModule authz_host_module modules/mod_authz_host.so
>> LoadModule authz_user_module modules/mod_authz_user.so
>> LoadModule authz_core_module modules/mod_authz_core.so
>> LoadModule auth_basic_module modules/mod_auth_basic.so
>> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
>> LoadModule mime_module modules/mod_mime.so
>> LoadModule log_config_module modules/mod_log_config.so
>> LoadModule env_module modules/mod_env.so
>> LoadModule mime_magic_module modules/mod_mime_magic.so
>> LoadModule unique_id_module modules/mod_unique_id.so
>> LoadModule setenvif_module modules/mod_setenvif.so
>> LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
>> LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
>> LoadModule unixd_module modules/mod_unixd.so
>> LoadModule status_module modules/mod_status.so
>> LoadModule dir_module modules/mod_dir.so
>> LoadModule alias_module modules/mod_alias.so
>>
>> anything else apart from second Listen and activation of server-status
>> is default.
>>
>> Regards,
>>
>> Rainer
>>
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
Hmmm.... I'm not seeing crashes, but I'm seeing weird output
from server-status. When I do a graceful, all of a sudden
there are entries in 'Request' ("OPTIONS * HTTP/1.0") when
there shouldn't be. This is with Prefork.
Looks like some scoreboard issue...
On Feb 19, 2013, at 12:03 PM, Rainer Jung <ra...@kippdata.de> wrote:
> On 18.02.2013 21:34, Jim Jagielski wrote:
>> The pre-release test tarballs for Apache httpd 2.4.4 can be found
>> at the usual place:
>>
>> http://httpd.apache.org/dev/dist/
>>
>> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
>> NOTE: The -deps tarballs are included here *only* to make life
>> easier for the tester. They will not be, and are not, part
>> of the official release.
>>
>> [ ] +1: Good to go
>> [ ] +0: meh
>> [ ] -1: Danger Will Robinson. And why.
>
> Currently unfortunately -1:
>
> I see a graceful restart problem using prefork or worker MPM when
> configuring two listeners. SSL not needed, just two http ports.
>
> It is most easily seen using prefork and activating the server-status:
> each graceful restarts adds hanging "G" processes, even if there's no
> load and the only requests are looking at server-status after each
> graceful restart. Processes hang in the accept mutex. Process table also
> shows the old hanging processes.
>
> With worker the server-status does not show the "G" states, but in the
> process table one can see some of the old processes not being terminated
> and hanging in the accept mutex.
>
> With event or only one listener I could not yet reproduce.
>
> I also see crashes during restarts, but currently no easy reproduction
> scenario, maybe related. We'll see.
>
> Plattform is Solaris 10 Sparc. I would be interested in hearing if
> anyone else can reproduce. Will try myself on Linux later.
>
> Modules loaded (will try to strip it further down):
>
> LoadModule authn_anon_module modules/mod_authn_anon.so
> LoadModule authn_socache_module modules/mod_authn_socache.so
> LoadModule authn_core_module modules/mod_authn_core.so
> LoadModule authz_host_module modules/mod_authz_host.so
> LoadModule authz_user_module modules/mod_authz_user.so
> LoadModule authz_core_module modules/mod_authz_core.so
> LoadModule auth_basic_module modules/mod_auth_basic.so
> LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
> LoadModule mime_module modules/mod_mime.so
> LoadModule log_config_module modules/mod_log_config.so
> LoadModule env_module modules/mod_env.so
> LoadModule mime_magic_module modules/mod_mime_magic.so
> LoadModule unique_id_module modules/mod_unique_id.so
> LoadModule setenvif_module modules/mod_setenvif.so
> LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
> LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
> LoadModule unixd_module modules/mod_unixd.so
> LoadModule status_module modules/mod_status.so
> LoadModule dir_module modules/mod_dir.so
> LoadModule alias_module modules/mod_alias.so
>
> anything else apart from second Listen and activation of server-status
> is default.
>
> Regards,
>
> Rainer
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 01:05, Rainer Jung wrote:
> Here's what I see concerning the graceful restart problem on Solaris.
> Setup using the prefork MPM with two http listeners. Accept mutex is
> pthread.
>
> Short version: child processes that do not manage to acquire the accept
> mutex during graceful restart and before the next generation child
> processes get started will stay hanging in acquiring the accept mutex.
>
> Long version of what happens when a graceful restart is issued:
>
> 1) parent calls ap_mpm_pod_killpg for all (here: 6) children
> This quickly produces 6 "OPTIONS *" requests.
> 2) First child accepts and processes one "OPTIONS *" request
> and then exits
> 3) Second child gets the accept mutex and calls accept
> 4) Parent calls ap_mpm_safe_kill with AP_SIG_GRACEFUL for all
> children pids. All children execute signal handler,
> close the listening sockets and set die_now=1
> 5) Second child accepts and processes one
> "OPTIONS *" and exits
> 6) Third child gets the accept mutex lock, sees die_now=1
> unlocks the lock and exits
> 7) Three more children still wait for the accept mutex
> 8) parent starts next generation child processes
> 9) These new children wait for the accept mutex.
> The mutex is now always acquired by one of the new children.
> First thing they do is work on the remaining 4 "OPTIONS *"
> requests. The remaining old children never get the accept mutex
> and keep hanging.
>
> What is strange to me: why isn't the GRACEFUL signal effective in
> interrupting the waiting for the accept mutex? Is that expected?
Aha: POSIX states: "If a signal is delivered to a thread waiting for a
mutex, upon return from the signal handler the thread shall resume
waiting for the mutex as if it was not interrupted."
So it is expected, that the signal does not interrupt waiting for the
accept mutex. Then I don't understand, how the above procedure can
reliably end the child processes.
> If I add a short delay between the "OPTIONS *" requests and the
> ap_mpm_safe_kill all old children process one of those requests and then
> set die_now to 1 because they see that there's a new generation. Then
> they actually exit.
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Reindl Harald <h....@thelounge.net>.
Am 25.02.2013 08:54, schrieb Justin Erenkrantz:
> On Thu, Feb 21, 2013 at 5:27 AM, Justin Erenkrantz <justin@erenkrantz.com <ma...@erenkrantz.com>> wrote:
>
> Anybody know if it still exists in Illumos? This sounds like a fun thing to tackle next week in Portland. =)
> (I'll be there all week.) -- justin
>
> As far as I can tell, multiple listeners and graceful are fine with event MPM on SmartOS, but I'll take a look at
> prefork tomorrow. If it's just prefork-related, then it's probably reasonable to just disable prefork on Solaris.
> =) (Oh, heck, let's remove it everywhere!) *duck* -- justin
sorry there are many environments where mod_php makes
pretty much sense and you need to comfigure PHP vhost
specific inside <Directory>
yes, i know it was only a joke, but i have seen way
to often coming bad jokes reality sooner or later :-)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On Thu, Feb 21, 2013 at 5:27 AM, Justin Erenkrantz <ju...@erenkrantz.com>wrote:
> Anybody know if it still exists in Illumos? This sounds like a fun thing
> to tackle next week in Portland. =) (I'll be there all week.) -- justin
As far as I can tell, multiple listeners and graceful are fine with event
MPM on SmartOS, but I'll take a look at prefork tomorrow. If it's just
prefork-related, then it's probably reasonable to just disable prefork on
Solaris. =) (Oh, heck, let's remove it everywhere!) *duck* -- justin
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 21.02.2013 21:32, Jim Jagielski wrote:
> So far, I just see one -1 from rjung due to the weird Solaris
> bug he's hitting, but it also seems Sol10 specific. The
> -deps "bug" appears more (only) an APR issue and not something
> with httpd itself, so ... ;)
I see two issues on Solaris:
- PR 49504, children hang after graceful restart
That is not a regression, and since I normally don't test with
multiple listeners (required for the problem) I can't say whether
it is easier to reproduce with 2.4.4 or unchanged.
IMHO no showstopper.
- Crashes during graceful restart in scoreboard ap_increment_counts().
A workaround should be to set "ExtendedStatus Off". Can't investigate
further right now whether it's a regression, since I'm soon heading
of to Portland.
IMHO again not a showstopper.
Due to these two problems I didn't have enough time to run my usual
tests, but the formal release checks are OK and the builds and test
suite runs so far look good.
So:
+1 to release.
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
Yes.
On Feb 21, 2013, at 3:47 PM, Steffen <in...@apachelounge.com> wrote:
> Like with 2.2.24, is it advised on Windows to use apr-util 1.4.1 with 2.4.4 ?
>
> Steffen
>
> -----Original Message----- From: Jim Jagielski
> Sent: Thursday, February 21, 2013 9:32 PM
> To: dev@httpd.apache.org
> Subject: ******* Re: [VOTE] Release Apache httpd 2.4.4 as GA
>
> So far, I just see one -1 from rjung due to the weird Solaris
> bug he's hitting, but it also seems Sol10 specific. The
> -deps "bug" appears more (only) an APR issue and not something
> with httpd itself, so ... ;)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Steffen <in...@apachelounge.com>.
Like with 2.2.24, is it advised on Windows to use apr-util 1.4.1 with 2.4.4
?
Steffen
-----Original Message-----
From: Jim Jagielski
Sent: Thursday, February 21, 2013 9:32 PM
To: dev@httpd.apache.org
Subject: ******* Re: [VOTE] Release Apache httpd 2.4.4 as GA
So far, I just see one -1 from rjung due to the weird Solaris
bug he's hitting, but it also seems Sol10 specific. The
-deps "bug" appears more (only) an APR issue and not something
with httpd itself, so ... ;)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
So far, I just see one -1 from rjung due to the weird Solaris
bug he's hitting, but it also seems Sol10 specific. The
-deps "bug" appears more (only) an APR issue and not something
with httpd itself, so ... ;)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Eric Covener <co...@gmail.com>.
+1 notwithstanding other investigations into e.g. -deps
AIX/XLC/PPC64:
For posterity (on a reinstalled AIX 7.1 system)
Test Summary Report
-------------------
t/modules/proxy.t (Wstat: 0 Tests: 17 Failed: 2)
Failed tests: 9-10
t/ssl/proxy.t (Wstat: 0 Tests: 172 Failed: 59)
Failed tests: 114-172
t/modules/proxy.t: I think this is the previosuly discused LWP 102
interim response issue
t/ssl/proxy.t: some framework or SSL trust issue blocking the failing
tests, not investigated.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
Anybody know if it still exists in Illumos? This sounds like a fun thing
to tackle next week in Portland. =) (I'll be there all week.) -- justin
On Tue, Feb 19, 2013 at 8:01 PM, Jim Jagielski <ji...@jagunet.com> wrote:
> That is one ugly bug...
>
> On Feb 19, 2013, at 7:50 PM, Rainer Jung <ra...@kippdata.de> wrote:
>
> > On 20.02.2013 01:20, Eric Covener wrote:
> >> On Tue, Feb 19, 2013 at 7:05 PM, Rainer Jung <ra...@kippdata.de>
> wrote:
> >>> Here's what I see concerning the graceful restart problem on Solaris.
> >>> Setup using the prefork MPM with two http listeners. Accept mutex is
> >>> pthread.
> >>
> >> maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=49504 ?
> >
> > Yep, that's it, thanks!
> >
> > As described in the ticket the mutex is no longer initialized. So old
> > problem and for some reason I haven't experienced it before.
> >
> > So on to the next problem (crashes etc).
> >
> > Regards,
> >
> > Rainer
> >
>
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
That is one ugly bug...
On Feb 19, 2013, at 7:50 PM, Rainer Jung <ra...@kippdata.de> wrote:
> On 20.02.2013 01:20, Eric Covener wrote:
>> On Tue, Feb 19, 2013 at 7:05 PM, Rainer Jung <ra...@kippdata.de> wrote:
>>> Here's what I see concerning the graceful restart problem on Solaris.
>>> Setup using the prefork MPM with two http listeners. Accept mutex is
>>> pthread.
>>
>> maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=49504 ?
>
> Yep, that's it, thanks!
>
> As described in the ticket the mutex is no longer initialized. So old
> problem and for some reason I haven't experienced it before.
>
> So on to the next problem (crashes etc).
>
> Regards,
>
> Rainer
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 01:20, Eric Covener wrote:
> On Tue, Feb 19, 2013 at 7:05 PM, Rainer Jung <ra...@kippdata.de> wrote:
>> Here's what I see concerning the graceful restart problem on Solaris.
>> Setup using the prefork MPM with two http listeners. Accept mutex is
>> pthread.
>
> maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=49504 ?
Yep, that's it, thanks!
As described in the ticket the mutex is no longer initialized. So old
problem and for some reason I haven't experienced it before.
So on to the next problem (crashes etc).
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Eric Covener <co...@gmail.com>.
On Tue, Feb 19, 2013 at 7:05 PM, Rainer Jung <ra...@kippdata.de> wrote:
> Here's what I see concerning the graceful restart problem on Solaris.
> Setup using the prefork MPM with two http listeners. Accept mutex is
> pthread.
maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=49504 ?
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
Here's what I see concerning the graceful restart problem on Solaris.
Setup using the prefork MPM with two http listeners. Accept mutex is
pthread.
Short version: child processes that do not manage to acquire the accept
mutex during graceful restart and before the next generation child
processes get started will stay hanging in acquiring the accept mutex.
Long version of what happens when a graceful restart is issued:
1) parent calls ap_mpm_pod_killpg for all (here: 6) children
This quickly produces 6 "OPTIONS *" requests.
2) First child accepts and processes one "OPTIONS *" request
and then exits
3) Second child gets the accept mutex and calls accept
4) Parent calls ap_mpm_safe_kill with AP_SIG_GRACEFUL for all
children pids. All children execute signal handler,
close the listening sockets and set die_now=1
5) Second child accepts and processes one
"OPTIONS *" and exits
6) Third child gets the accept mutex lock, sees die_now=1
unlocks the lock and exits
7) Three more children still wait for the accept mutex
8) parent starts next generation child processes
9) These new children wait for the accept mutex.
The mutex is now always acquired by one of the new children.
First thing they do is work on the remaining 4 "OPTIONS *"
requests. The remaining old children never get the accept mutex
and keep hanging.
What is strange to me: why isn't the GRACEFUL signal effective in
interrupting the waiting for the accept mutex? Is that expected?
The children that hang sit inside accept_mutex_on() and there in
apr_proc_mutex_lock(). This call does not return. The impl of it looks
like it should return in case of a signal since we are using a pthread
mutex here.
Truss shows:
23759: lwp_mutex_timedlock(0xFF0F0000, 0x00000000) (sleeping...)
23759: mutex type: USYNC_PROCESS|LOCK_PRIO_INHERIT|LOCK_ROBUST
23759: Received signal #16, SIGUSR1, in lwp_mutex_timedlock() [caught]
23759: lwp_mutex_timedlock(0xFF0F0000, 0x00000000) Err#4 EINTR
23759: mutex type: USYNC_THREAD
23759: lwp_sigmask(SIG_SETMASK, 0x00008000, 0x00000000) = 0xFFBFFEFF
[0x0000FFFF]
23759: close(5) = 0
23759: close(3) = 0
23759: setcontext(0xFFBFEF40)
23759: lwp_mutex_timedlock(0xFF0F0000, 0x00000000) (sleeping...)
23759: mutex type: USYNC_THREAD
So we see that the syscall returns with EINTR but after closing the
listeners it calls again lwp_mutex_timedlock(). The upper level
apr_proc_mutex_lock() call does not return.
Any info, what in the above steps 1)-9) looks broken is appreciated.
If I add a short delay between the "OPTIONS *" requests and the
ap_mpm_safe_kill all old children process one of those requests and then
set die_now to 1 because they see that there's a new generation. Then
they actually exit.
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 19.02.2013 19:25, Jim Jagielski wrote:
>
> On Feb 19, 2013, at 12:15 PM, Reindl Harald <h....@thelounge.net> wrote:
>
>>
>> Am 19.02.2013 18:03, schrieb Rainer Jung:
>>>
>>> Plattform is Solaris 10 Sparc. I would be interested in hearing if
>>> anyone else can reproduce. Will try myself on Linux later
>>
>> at least not on Fedora 18 with my custom build which
>> is a nearly vanilla-one without of the most patches
>> and i have attached the SPEC-file
>> ______________________________________________________
>
> I'm not seeing with Fed18 or Fed16. Will try with CentOS6.
Tried RHEL 6 here, no problem. So seems to be Solaris specific.
I will try to investigate.
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Feb 19, 2013, at 12:15 PM, Reindl Harald <h....@thelounge.net> wrote:
>
> Am 19.02.2013 18:03, schrieb Rainer Jung:
>>
>> Plattform is Solaris 10 Sparc. I would be interested in hearing if
>> anyone else can reproduce. Will try myself on Linux later
>
> at least not on Fedora 18 with my custom build which
> is a nearly vanilla-one without of the most patches
> and i have attached the SPEC-file
> ______________________________________________________
I'm not seeing with Fed18 or Fed16. Will try with CentOS6.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Reindl Harald <h....@thelounge.net>.
Am 19.02.2013 18:03, schrieb Rainer Jung:
> On 18.02.2013 21:34, Jim Jagielski wrote:
>> The pre-release test tarballs for Apache httpd 2.4.4 can be found
>> at the usual place:
>>
>> http://httpd.apache.org/dev/dist/
>>
>> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
>> NOTE: The -deps tarballs are included here *only* to make life
>> easier for the tester. They will not be, and are not, part
>> of the official release.
>>
>> [ ] +1: Good to go
>> [ ] +0: meh
>> [ ] -1: Danger Will Robinson. And why.
>
> Currently unfortunately -1:
>
> I see a graceful restart problem using prefork or worker MPM when
> configuring two listeners. SSL not needed, just two http ports.
>
> It is most easily seen using prefork and activating the server-status:
> each graceful restarts adds hanging "G" processes, even if there's no
> load and the only requests are looking at server-status after each
> graceful restart. Processes hang in the accept mutex. Process table also
> shows the old hanging processes.
>
> With worker the server-status does not show the "G" states, but in the
> process table one can see some of the old processes not being terminated
> and hanging in the accept mutex.
>
> With event or only one listener I could not yet reproduce.
>
> I also see crashes during restarts, but currently no easy reproduction
> scenario, maybe related. We'll see.
>
> Plattform is Solaris 10 Sparc. I would be interested in hearing if
> anyone else can reproduce. Will try myself on Linux later
at least not on Fedora 18 with my custom build which
is a nearly vanilla-one without of the most patches
and i have attached the SPEC-file
______________________________________________________
[root@testserver:~]$ cat /home/builduser/config.sh
#!/usr/bin/bash
if ([ "$HOSTTYPE" == "x86_64" ])
then
RH_ARCH='corei7'
RH_TUNE='corei7'
RH_SSE4="-msse4.1 -msse4.2"
RH_TARGET="x86_64-redhat-linux"
fi
source /home/builduser/config.sh
export CFLAGS="-O3 -march=$RH_TUNE -mtune=$RH_TUNE -mmmx -msse2 -msse3 $RH_SSE4 -maes -fopenmp -mfpmath=sse -pipe
-fno-strict-aliasing -fstack-protector --param=ssp-buffer-size=4 -Wno-pointer-sign -D_FORTIFY_SOURCE=2"
export CXXFLAGS="-O3 -march=$RH_TUNE -mtune=$RH_TUNE -mmmx -msse2 -msse3 $RH_SSE4 -maes -fopenmp -mfpmath=sse
-fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"
SH_LDFLAGS="-Wl,-z,relro"
export CFLAGS SH_LDFLAGS
______________________________________________________
[root@rh:~]$ netstat -l | grep httpd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 25387/httpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 25387/httpd
______________________________________________________
[root@rh:~]$ cat apache_error.log
[Tue Feb 19 18:07:40.984507 2013] [mpm_prefork:notice] [pid 32321] AH00171: Graceful restart requested, doing restart
[Tue Feb 19 18:07:41.039834 2013] [auth_digest:notice] [pid 32321] AH01757: generating secret for digest
authentication ...
[Tue Feb 19 18:07:41.040447 2013] [ssl:notice] [pid 32321] AH01886: SSL FIPS mode disabled
[Tue Feb 19 18:07:42.000219 2013] [:notice] [pid 32321] mod_bw : Memory Allocated 160 bytes (each conf takes 32 bytes)
[Tue Feb 19 18:07:42.000254 2013] [:notice] [pid 32321] mod_bw : Version 0.8 - Initialized [5 Confs]
[Tue Feb 19 18:07:42.059291 2013] [mpm_prefork:notice] [pid 32321] AH00163: Apache/2.4.4 (Fedora)
OpenSSL/1.0.1c-fips SVN/1.7.8 sffe configured -- resuming normal operations
[Tue Feb 19 18:07:42.059303 2013] [core:notice] [pid 32321] AH00094: Command line: '/usr/sbin/httpd -D workstation'
______________________________________________________
modules from phpinfo():
core mod_so http_core mod_version mod_unixd prefork mod_filter mod_authz_core mod_authn_core mod_socache_shmcb
mod_auth_basic mod_auth_digest mod_authn_file mod_authz_host mod_authz_user mod_authz_groupfile mod_log_config
mod_env mod_setenvif mod_mime mod_autoindex mod_dir mod_alias mod_headers mod_deflate mod_rewrite mod_expires
mod_ssl mod_security2 mod_unique_id mod_remoteip mod_dav mod_dav_svn mod_authz_svn mod_h264_streaming mod_proxy
mod_proxy_http mod_status mod_bw mod_cgi mod_php5
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.02.2013 21:34, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
Currently unfortunately -1:
I see a graceful restart problem using prefork or worker MPM when
configuring two listeners. SSL not needed, just two http ports.
It is most easily seen using prefork and activating the server-status:
each graceful restarts adds hanging "G" processes, even if there's no
load and the only requests are looking at server-status after each
graceful restart. Processes hang in the accept mutex. Process table also
shows the old hanging processes.
With worker the server-status does not show the "G" states, but in the
process table one can see some of the old processes not being terminated
and hanging in the accept mutex.
With event or only one listener I could not yet reproduce.
I also see crashes during restarts, but currently no easy reproduction
scenario, maybe related. We'll see.
Plattform is Solaris 10 Sparc. I would be interested in hearing if
anyone else can reproduce. Will try myself on Linux later.
Modules loaded (will try to strip it further down):
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
anything else apart from second Listen and activation of server-status
is default.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Joe Orton <jo...@redhat.com>.
On Mon, Feb 18, 2013 at 03:34:15PM -0500, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [X] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
+1 here.
CHANGES, checksums, sigs good.
Test suite passes, dummy install works fine on F17/x86_64.
Thanks Jim for RMing.
Regards, Joe
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 24.02.2013 09:33, Jie Gao wrote:
> I have tested it on Solaris 11 on sparc hardware with gcc, and the build succeeded.
...
> httpd started OK.
>
> Is there a test suite available for testing all functions?
For starters there's a README at:
http://svn.apache.org/viewvc/httpd/test/framework/trunk/README?view=co
You'll need Perl plus the Perl module bundle
Apache-Test/lib/Bundle/ApacheTest.pm as explained in the README. If your
Perl is old, the bundle might install more dependency modules.
The modules also require some libraries installed, especially openssl.
Then you'll need an installed httpd and make sure the you load all
modules you want to test in the httpd.conf via LoadModule.
Finally you check out
http://svn.apache.org/repos/asf/httpd/test/framework/trunk/ and run the
Perl test framework from there as described in the README.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jie Gao <J....@sydney.edu.au>.
Hi
I have tested it on Solaris 11 on sparc hardware with gcc, and the build succeeded.
Build info:
SunOS xxx 5.11 11.0 sun4v sparc SUNW,SPARC-Enterprise-T2000
- gcc version 4.5.2 (GCC)
- expat 2.1.0
- pcre 8.32
- openssl:
# pkg info openssl
Name: library/security/openssl
Summary: OpenSSL - a Toolkit for Secure Sockets Layer (SSL v2/v3) and Transport Layer (TLS v1) protocols and general purpose cryptographic library
Description: OpenSSL is a full-featured toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose
cryptography library.
Category: System/Security
State: Installed
Publisher: solaris
Version: 1.0.0.5
Build Release: 5.11
Branch: 0.175.0.0.0.2.537
Packaging Date: October 19, 2011 10:55:34 AM
Size: 12.95 MB
FMRI: pkg://solaris/library/security/openssl@1.0.0.5,5.11-0.175.0.0.0.2.537:20111019T105534Z
- libxml2
# pkg info libxml2
Name: library/libxml2
Summary: The XML library
Category: System/Libraries
State: Installed
Publisher: solaris
Version: 2.7.6
Build Release: 5.11
Branch: 0.175.0.0.0.2.537
Packaging Date: October 19, 2011 10:42:08 AM
Size: 5.24 MB
FMRI: pkg://solaris/library/libxml2@2.7.6,5.11-0.175.0.0.0.2.537:20111019T104208Z
- apr-1.4.6 (in srclib)
- apr-util-1.5.1 (in srclib)
CC="gcc"; export CC
CFLAGS="-O2 -g -Wall -fno-strict-aliasing -mcpu=v9"; export CFLAGS
./configure \
--prefix=/usr/local/httpd-2.4.4_test \
--enable-load-all-modules \
--with-pcre=/usr/local \
--with-included-apr \
--enable-modules=reallyall \
--enable-load-all-modules
httpd started OK.
Is there a test suite available for testing all functions?
Regards,
Jie Gao
* Rainer Jung <ra...@kippdata.de> wrote:
> Date: Sat, 23 Feb 2013 20:57:24 +0100
> From: Rainer Jung <ra...@kippdata.de>
> To: dev@httpd.apache.org
> Subject: Re: [VOTE] Release Apache httpd 2.4.4 as GA
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130215
> Thunderbird/17.0.3
>
> On 18.02.2013 21:34, Jim Jagielski wrote:
> > The pre-release test tarballs for Apache httpd 2.4.4 can be found
> > at the usual place:
> >
> > http://httpd.apache.org/dev/dist/
> >
> > I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> > NOTE: The -deps tarballs are included here *only* to make life
> > easier for the tester. They will not be, and are not, part
> > of the official release.
> >
> > [ ] +1: Good to go
> > [ ] +0: meh
> > [ ] -1: Danger Will Robinson. And why.
> >
> > Vote will last the normal 72 hrs.
>
> For the sake of completeness, my tests have finished:
>
> - Sigs and hashes OK
> - contents of tarballs identical
> - contents of tag and tarballs identical
> except for expected deltas
> (we could cleanup some m4 files in apr-util/xml/expat/conftools
> at the end of buildconf, no regression)
>
> Built on
>
> - Solaris 8+10 Sparc as 32 Bit Binaries
> - SLES 10 (32/64 Bits)
> - SLES 11 (64 Bits)
> - RHEL 5 and 6 (64 Bits)
>
> - with default (shared) and static modules
> - with module sets none, few, most, all, reallyall and default
> (always mod_privileges disabled)
> - using --enable-load-all-modules
> - against "included" APR/APU from later removed deps tarball,
> external APR/APU 1.4.6/1.4.1 and external external APR/APU 1.4.6/1.5.1
>
> - using external libraries
> - expat 2.1.0
> - pcre 8.32
> - openssl 1.0.1e (plus a few patches)
> - lua 5.2.1
> - distcache 1.5.1
> - libxml2 2.9.0
>
> - Tool chain:
> - platform gcc except for Solaris
> (gcc 4.1.2 for Solaris 8 and 4.7.2 for Solaris 10)
> - CFLAGS: -O2 -g -Wall -fno-strict-aliasing
> (and -mpcu=v9 on Solaris)
>
> All builds succeeded except for
>
> - RHEL 6 64 Bits one of 42 builds crashed with a segfault in ksh.
>
> Tested for
>
> - Solaris 8+10 (32), SLES 10 (32/64), SLES 11 (64), RHEL 5+6 (64)
> - MPMs prefork, worker, event (except for Solaris 8 - no event)
> - default (shared) and static modules
> - log levels info, debug and trace8
> - module set reallyall (117 modules excl. MPMs)
>
> All Tests passed with the following exceptions:
>
> a Test 5 in t/modules/dav.t:
> 8 out of 360 runs had the "created" time after
> the "modified" time.
> This seems to be a system issue, all tests done on NFS,
> many tested on virtualized guests.
> Not a regression.
>
> b Test 8 in t/ssl/pr12355.t:
> 3 out of 360 runs failed this test,
> (2 RHEL 5, 1 on SLES 10, alls 3 static builds).
> 60000 bytes were posted, but only between 40KB and 45KB bytes
> received.
> Not reproducible, very rare.
> PR 12355 is: POST incompatible w/ renegotiate https: connection
> Not a regression.
>
> c Various tests in t/apache/expr_string.t:
> 105 out of 360 runs failed this test, (all on Linux).
> The failure is always on line 68 of the tests, where
> the error_log contents are checked.
> Inspecting the file after the test shows all needed lines are there
> but again it seems to be an NFS problem, that the test script
> can not see the contents quickly enough.
> Adding a 0.1 seconds sleep before reading the file fixes the problem.
>
> Regards,
>
> Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.02.2013 21:34, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
For the sake of completeness, my tests have finished:
- Sigs and hashes OK
- contents of tarballs identical
- contents of tag and tarballs identical
except for expected deltas
(we could cleanup some m4 files in apr-util/xml/expat/conftools
at the end of buildconf, no regression)
Built on
- Solaris 8+10 Sparc as 32 Bit Binaries
- SLES 10 (32/64 Bits)
- SLES 11 (64 Bits)
- RHEL 5 and 6 (64 Bits)
- with default (shared) and static modules
- with module sets none, few, most, all, reallyall and default
(always mod_privileges disabled)
- using --enable-load-all-modules
- against "included" APR/APU from later removed deps tarball,
external APR/APU 1.4.6/1.4.1 and external external APR/APU 1.4.6/1.5.1
- using external libraries
- expat 2.1.0
- pcre 8.32
- openssl 1.0.1e (plus a few patches)
- lua 5.2.1
- distcache 1.5.1
- libxml2 2.9.0
- Tool chain:
- platform gcc except for Solaris
(gcc 4.1.2 for Solaris 8 and 4.7.2 for Solaris 10)
- CFLAGS: -O2 -g -Wall -fno-strict-aliasing
(and -mpcu=v9 on Solaris)
All builds succeeded except for
- RHEL 6 64 Bits one of 42 builds crashed with a segfault in ksh.
Tested for
- Solaris 8+10 (32), SLES 10 (32/64), SLES 11 (64), RHEL 5+6 (64)
- MPMs prefork, worker, event (except for Solaris 8 - no event)
- default (shared) and static modules
- log levels info, debug and trace8
- module set reallyall (117 modules excl. MPMs)
All Tests passed with the following exceptions:
a Test 5 in t/modules/dav.t:
8 out of 360 runs had the "created" time after
the "modified" time.
This seems to be a system issue, all tests done on NFS,
many tested on virtualized guests.
Not a regression.
b Test 8 in t/ssl/pr12355.t:
3 out of 360 runs failed this test,
(2 RHEL 5, 1 on SLES 10, alls 3 static builds).
60000 bytes were posted, but only between 40KB and 45KB bytes
received.
Not reproducible, very rare.
PR 12355 is: POST incompatible w/ renegotiate https: connection
Not a regression.
c Various tests in t/apache/expr_string.t:
105 out of 360 runs failed this test, (all on Linux).
The failure is always on line 68 of the tests, where
the error_log contents are checked.
Inspecting the file after the test shows all needed lines are there
but again it seems to be an NFS problem, that the test script
can not see the contents quickly enough.
Adding a 0.1 seconds sleep before reading the file fixes the problem.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 15:06 -0500, Jim Jagielski wrote:
> -deps for 2.4.4 are not released, so it's a non-issue for 2.4.x.
> I can't recall if we bundle apr/apu with 2.2.x but if we do, then
I ran a test for Bill to check if it suffers same fate, yes it is
included, and yes, it does.
> I say simply rerolling with apu-1.4 instead of apu-1.5 is fine.
>
>
If that's the case Jim, and I know from previous discussions the reality
is -deps *will* soon vanish completely, you should now stop pushing
-deps onto ftp mirrors, as you can not seriously push something out for
GA that is known to be broken :)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
-deps for 2.4.4 are not released, so it's a non-issue for 2.4.x.
I can't recall if we bundle apr/apu with 2.2.x but if we do, then
I say simply rerolling with apu-1.4 instead of apu-1.5 is fine.
On Feb 20, 2013, at 1:10 PM, William A. Rowe Jr. <wr...@rowe-clan.net> wrote:
> On Wed, 20 Feb 2013 12:58:07 -0500
> Jim Jagielski <ji...@jaguNET.com> wrote:
>
>> +1: OSX 10.8.2, Fedora 16 and 18 (x86_64) and CentOS 6 (x86_64)
>
> So what is your thinking on the apr-util 1.5.1 crypt mess?
>
> Should we re-roll 2.4.4 deps and either re-roll 2.2.24 with a
> corrected roll-release script to pull in 1.4.1? Or roll on to
> 2.2.25? IMHO this doesn't warrant a new version number since
> there is no delta to the svn sources.
>
> Based on reports so far, I'm -1 to moving the current 2.4.4-deps
> or 2.2.24 from /dev/dist into /dist/httpd because we would be
> releasing, or endorsing 1.5.1 and it doesn't seem ready.
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Wed, 20 Feb 2013 12:58:07 -0500
Jim Jagielski <ji...@jaguNET.com> wrote:
> +1: OSX 10.8.2, Fedora 16 and 18 (x86_64) and CentOS 6 (x86_64)
So what is your thinking on the apr-util 1.5.1 crypt mess?
Should we re-roll 2.4.4 deps and either re-roll 2.2.24 with a
corrected roll-release script to pull in 1.4.1? Or roll on to
2.2.25? IMHO this doesn't warrant a new version number since
there is no delta to the svn sources.
Based on reports so far, I'm -1 to moving the current 2.4.4-deps
or 2.2.24 from /dev/dist into /dist/httpd because we would be
releasing, or endorsing 1.5.1 and it doesn't seem ready.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
+1: OSX 10.8.2, Fedora 16 and 18 (x86_64) and CentOS 6 (x86_64)
On Feb 18, 2013, at 3:34 PM, Jim Jagielski <ji...@jaguNET.com> wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
>
REMINDER: Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
Don't forget to VOTE!
On Feb 18, 2013, at 3:34 PM, Jim Jagielski <ji...@jaguNET.com> wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Mon, 18 Feb 2013 15:34:15 -0500
Jim Jagielski <ji...@jaguNET.com> wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
> [X] +1: Good to go
Glad for no bundled apr-util, this will make things so much easier
if we are only evaluating one cog at a time :)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Steffen <in...@apachelounge.com>.
For thorough testing Windows 32 and 64 Release Candidates binaries are
available, see www.apachelounge.com/viewtopic.php?p=23851
Running for a few days on AL, no issues seen.
Steffen
-----Original Message-----
From: Jim Jagielski
Sent: Monday, February 18, 2013 9:34 PM Newsgroups: gmane.comp.apache.devel
To: dev@httpd.apache.org
Subject: [VOTE] Release Apache httpd 2.4.4 as GA
The pre-release test tarballs for Apache httpd 2.4.4 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
NOTE: The -deps tarballs are included here *only* to make life
easier for the tester. They will not be, and are not, part
of the official release.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.
Vote will last the normal 72 hrs.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Daniel Gruno <ru...@cord.dk>.
On 02/18/2013 09:34 PM, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
>
+1 on FreeBSD 9.0 with maintainer mode and Lua enabled.
configured fine, built fine, worked out of the box.
I have also been running 2.4.4 on modules.apache.org for some time now
(albeit a few revisions short of the hopefully official 2.4.4), and so
far no problems have arisen.
I got a few failures with the test framework, but that seems to mostly
be failures with the framework itself, notably IP expression/access
tests failed because I apparently wasn't connecting from 127.0.0.1 in
the tests.
With regards,
Daniel.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Feb 19, 2013, at 7:21 PM, Noel Butler <no...@ausics.net> wrote:
>
> On Tue, 2013-02-19 at 07:34 -0500, Jim Jagielski wrote:
>>
>> A simple check would be to rebuild 2.4.3 but using the -deps
>> from 2.4.4...
>>
>
> Close... 2.4.3 with 2.4.4 -deps fail *but* 2.4.4 with -deps from 2.4.3 *works*
>
> So as I suspected it is something in 2.4.4. APR/ APR-util as the cause
>
> About to run Rainer's patch on 2.4.4 with 2.4.4 -deps to see if it sheds any more light
iirc, -deps for both 2.4.3 and 2.4.4 used apr-1.4.6 but apr-util 1.4.x
for 2.4.3 deps and 1.5.x for 2.4.4... so I'm guessing it's something
in apr-util 1.4->1.5
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Feb 19, 2013, at 7:21 PM, Noel Butler <no...@ausics.net> wrote:
>
> On Tue, 2013-02-19 at 07:34 -0500, Jim Jagielski wrote:
>>
>> A simple check would be to rebuild 2.4.3 but using the -deps
>> from 2.4.4...
>>
>
> Close... 2.4.3 with 2.4.4 -deps fail *but* 2.4.4 with -deps from 2.4.3 *works*
>
> So as I suspected it is something in 2.4.4. APR/ APR-util as the cause
>
From what I see, it's something in APR/APU and not in 2.4.4...
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Tue, 2013-02-19 at 07:34 -0500, Jim Jagielski wrote:
> A simple check would be to rebuild 2.4.3 but using the -deps
> from 2.4.4...
>
Close... 2.4.3 with 2.4.4 -deps fail *but* 2.4.4 with
-deps from 2.4.3 *works*
So as I suspected it is something in 2.4.4. APR/ APR-util as the
cause
About to run Rainer's patch on 2.4.4 with 2.4.4 -deps to see if it
sheds any more light
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
A simple check would be to rebuild 2.4.3 but using the -deps
from 2.4.4...
On Feb 19, 2013, at 2:57 AM, Noel Butler <no...@ausics.net> wrote:
> Hi Bill,
>
> On Mon, 2013-02-18 at 23:23 -0600, William A. Rowe Jr. wrote:
>>
>> in -deps is only 1.4.6, but APR-utils is 1.5.1
>> > have tested overwrites, and clearing of all bin/ build/ lib/ and fresh
>> > installs no change.
>>
>> You cleaned lib/ of all *subdirectories*?
>>
>
> I install httpd under /usr/local/apache, so its all safe as clearing it out simulates as a fresh install, fresh with 2.4.4 fails mysql based auths, fresh install 2.4.3 (like all others since 2.18 when it got incorporated) succeed happily.
>
>> Does an older lib/apr-util-1/apr_dbd_mysql-1.so appear in that tree?
> I also build everything in, not as DSO's, I always found that horribly messy, what I do have is libapr stuff in there, and yes, fresh copies.
>
>> Or in your LD_LIBRARY_PATH? Or did apr-util fail to detect mysql? You
>> will need to review your ./configure output to work out what apr-util
>> thinks it found.
>>
> configure:19751: checking for mysql_config
> configure:19769: found /usr/bin/mysql_config
> configure:19781: result: /usr/bin/mysql_config
> configure:19841: checking for mysql.h
> configure:19841: gcc -c -g -O2 -pthread -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -I/usr/include/mysql conftest.c >&5In file included from /usr/include/mysql/my_global.h:77,
> from conftest.c:20:
> configure:19872: gcc -o conftest -g -O2 -pthread -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -I/usr/include/mysql conftest.c -lmysqlclient_r -L/usr/lib/mysql -lmysqlclient_r -lpthread -lz -lm -lrt -lssl -lcrypto -ldl >&5
> configure:19872: $? = 0
> configure:19881: result: yes
>
>
> seems it found it and is mostly happy, I am only assuming its APR related, it might not be.
>
>
>> Maybe you are simply missing a mysql-devel package?
>
> We only use sources, and even the official Slackware mysql packages is "as designed" IOW, none of this -dev or -devel or splitting something up into 150 different packages like a certain distro takes delight in, type of rubbish <face-smile.png>
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
Hi Bill,
On Mon, 2013-02-18 at 23:23 -0600, William A. Rowe Jr. wrote:
> in -deps is only 1.4.6, but APR-utils is 1.5.1
> > have tested overwrites, and clearing of all bin/ build/ lib/ and fresh
> > installs no change.
>
> You cleaned lib/ of all *subdirectories*?
>
I install httpd under /usr/local/apache, so its all safe as clearing it
out simulates as a fresh install, fresh with 2.4.4 fails mysql based
auths, fresh install 2.4.3 (like all others since 2.18 when it got
incorporated) succeed happily.
> Does an older lib/apr-util-1/apr_dbd_mysql-1.so appear in that tree?
I also build everything in, not as DSO's, I always found that horribly
messy, what I do have is libapr stuff in there, and yes, fresh copies.
> Or in your LD_LIBRARY_PATH? Or did apr-util fail to detect mysql? You
> will need to review your ./configure output to work out what apr-util
> thinks it found.
>
configure:19751: checking for mysql_config
configure:19769: found /usr/bin/mysql_config
configure:19781: result: /usr/bin/mysql_config
configure:19841: checking for mysql.h
configure:19841: gcc -c -g -O2 -pthread -D_REENTRANT -D_GNU_SOURCE
-D_LARGEFILE64_SOURCE -I/usr/include/mysql conftest.c >&5In file
included from /usr/include/mysql/my_global.h:77,
from conftest.c:20:
configure:19872: gcc -o conftest -g -O2 -pthread -D_REENTRANT
-D_GNU_SOURCE -D_LARGEFILE64_SOURCE -I/usr/include/mysql conftest.c
-lmysqlclient_r -L/usr/lib/mysql -lmysqlclient_r -lpthread -lz -lm -lrt
-lssl -lcrypto -ldl >&5
configure:19872: $? = 0
configure:19881: result: yes
seems it found it and is mostly happy, I am only assuming its APR
related, it might not be.
> Maybe you are simply missing a mysql-devel package?
We only use sources, and even the official Slackware mysql packages is
"as designed" IOW, none of this -dev or -devel or splitting something up
into 150 different packages like a certain distro takes delight in, type
of rubbish :)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Tue, 19 Feb 2013 14:11:59 +1000
Noel Butler <no...@ausics.net> wrote:
> On Tue, 2013-02-19 at 13:35 +1000, Noel Butler wrote:
>
>
> > reports: APR-util Version: 1.5.1
>
>
> I note the APR version in -deps is only 1.4.6, but APR-utils is 1.5.1
> could this be the issue?
No. APR doesn't care about the APR-util version at all. APR-util
should not compile if it is missing an APR feature. Their version
numbers do not correspond (except at the version major level).
> Builds fine but operation now fails on all mysql auths (included APR
> problem from -deps ??)
> reports: APR-util Version: 1.5.1
>
> [Tue Feb 19 13:16:33.487932 2013] [auth_basic:error] [pid 24811:tid
> 2996689776] [client xxxxxxxxxxx] AH01617: user noel: authentication
> failure for "/": Password Mismatch
>
> This is browser stored password , cleared, entered still fails,
> different browser, same, fails
> make install back in 2.4.3, and all mysql auths once again succeed
>
> have tested overwrites, and clearing of all bin/ build/ lib/ and fresh
> installs no change.
You cleaned lib/ of all *subdirectories*?
Does an older lib/apr-util-1/apr_dbd_mysql-1.so appear in that tree?
Or in your LD_LIBRARY_PATH? Or did apr-util fail to detect mysql? You
will need to review your ./configure output to work out what apr-util
thinks it found.
Maybe you are simply missing a mysql-devel package?
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Tue, 2013-02-19 at 13:35 +1000, Noel Butler wrote:
> reports: APR-util Version: 1.5.1
I note the APR version in -deps is only 1.4.6, but APR-utils is 1.5.1
could this be the issue?
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 11:50 +1000, Noel Butler wrote:
> On Wed, 2013-02-20 at 02:20 +0100, Rainer Jung wrote:
>
> > grep CRYPT build/apache/srclib/apr-util/config.status
>
>
>
> D["HAVE_CRYPT_R"]=" 1"
> D["CRYPT_R_STRUCT_CRYPT_DATA"]=" 1"
>
> | I'd like to check, whether your platform has CRYPT_R_CRYPTD or
> CRYPT_R_STRUCT_CRYPT_DATA defined. If it is the latter, then what OS
> | is it and which glibs version
>
> So has the later, its Slackware 13.1 w/ glibc-2.11.1
>
oops, my bad, forgot also includes glib2-2.22.5
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 02:20 +0100, Rainer Jung wrote:
> grep CRYPT build/apache/srclib/apr-util/config.status
D["HAVE_CRYPT_R"]=" 1"
D["CRYPT_R_STRUCT_CRYPT_DATA"]=" 1"
| I'd like to check, whether your platform has CRYPT_R_CRYPTD or
CRYPT_R_STRUCT_CRYPT_DATA defined. If it is the latter, then what OS |
is it and which glibs version
So has the later, its Slackware 13.1 w/ glibc-2.11.1
Re: apr_password_validate (was: [VOTE] Release Apache httpd 2.4.4
as GA)
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 22:28 +0100, Stefan Fritsch wrote:
> [moving to dev@apr, please remove dev@httpd when replying]
>
> On Wednesday 20 February 2013, Noel Butler wrote:
> > On Wed, 2013-02-20 at 01:07 -0600, William A. Rowe Jr. wrote:
> > > Which remains my point... our current 2.4 and 2.2 candidates
> > > should suffer the same flaw.
> >
> > Confirmed, 2.2 candidate suffers same problem
>
>
> I hope I did not miss this somewhere in the thread, but have you tried
> running the apr-util 1.5.1 test suite (i.e. make check)? It has some
> checks for apr_password_validate
>
it reports success but...
<snip>
crypt_r returned 'nHZA1rViSldQk'
SUCCESS
testmd4 : SUCCESS
testmd5 : SUCCESS
testcrypto : SUCCESS
testdbd : SUCCESS
testdate : SUCCESS
testmemcache : SUCCESS
testxml : SUCCESS
testxlate : SUCCESS
testrmm : SUCCESS
testdbm : SUCCESS
testqueue : SUCCESS
testreslist : SUCCESS
All tests passed.
it doesn't seem to test for salted md5, let alone shaxxx
NOTE: replying here since I'm not on dev@apr I'll fix that in a minute
though.
apr_password_validate (was: [VOTE] Release Apache httpd 2.4.4 as GA)
Posted by Stefan Fritsch <sf...@sfritsch.de>.
[moving to dev@apr, please remove dev@httpd when replying]
On Wednesday 20 February 2013, Noel Butler wrote:
> On Wed, 2013-02-20 at 01:07 -0600, William A. Rowe Jr. wrote:
> > Which remains my point... our current 2.4 and 2.2 candidates
> > should suffer the same flaw.
>
> Confirmed, 2.2 candidate suffers same problem
I hope I did not miss this somewhere in the thread, but have you tried
running the apr-util 1.5.1 test suite (i.e. make check)? It has some
checks for apr_password_validate
apr_password_validate (was: [VOTE] Release Apache httpd 2.4.4 as GA)
Posted by Stefan Fritsch <sf...@sfritsch.de>.
[moving to dev@apr, please remove dev@httpd when replying]
On Wednesday 20 February 2013, Noel Butler wrote:
> On Wed, 2013-02-20 at 01:07 -0600, William A. Rowe Jr. wrote:
> > Which remains my point... our current 2.4 and 2.2 candidates
> > should suffer the same flaw.
>
> Confirmed, 2.2 candidate suffers same problem
I hope I did not miss this somewhere in the thread, but have you tried
running the apr-util 1.5.1 test suite (i.e. make check)? It has some
checks for apr_password_validate
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 01:07 -0600, William A. Rowe Jr. wrote:
>
> Which remains my point... our current 2.4 and 2.2 candidates should
> suffer the same flaw.
>
Confirmed, 2.2 candidate suffers same problem
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 13:06, Jim Jagielski wrote:
> Should we be including/moving this discussion to dev@apr ?
I guess so. Strong evidence that the problem sits in
apr_password_validate as part of apu 1.5.1.
Regards,
Rainer
> On Feb 20, 2013, at 3:07 AM, Rainer Jung <ra...@kippdata.de> wrote:
>
>> On 20.02.2013 08:07, William A. Rowe Jr. wrote:
>>> On Wed, 20 Feb 2013 16:42:56 +1000
>>> Noel Butler <no...@ausics.net> wrote:
>>>
>>>> On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote:
>>>>
>>>>
>>>>
>>>>>
>>>>> Note he mentioned SHA512, not crypt(). I don't know that this makes
>>>>> a difference on that architecture.
>>>>>
>>>>
>>>>
>>>> But isn't it just a hand off to system crypt() (modern crypt(), not
>>>> the ancient 8 char one), since httpd is limited in native options,
>>>> what it doesn't understand is passes to system crypt() to handle.
>>
>> Yes.
>>
>>> Which remains my point... our current 2.4 and 2.2 candidates should
>>> suffer the same flaw.
>>
>> Indeed, that's likely. Note that Noel uses SHA512, which is supported in
>> apr_password_validate(), but for instance not wired in htpasswd. So it
>> might not be the most often used password hash in combination with
>> httpd. Nevertheless we need to fix.
>>
>> I prepared another round of patches t check, what's wrong in
>> apr_password_validate. All patches can be applied in srclib/apr-util.
>> They are *not* cumulative:
>>
>> 1) Undo one change in the password validation function and check whether
>> it works then:
>>
>> http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc.patch
>>
>> 2) Keep original validation code but ad some debug output to STDERR:
>>
>> http://people.apache.org/~rjung/patches/apr-util-password_validate-debug.patch
>>
>> 3) Combination of 1) and 2):
>>
>> http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc-debug.patch
>>
>> All patches only change one file, so if you apply on top of your build
>> tree, make will only compile one file and you only need to copy over the
>> new .libs/libaprutil-1.so to your httpd installation lib.
>>
>> Regards,
>>
>> Rainer
>>
>
>
--
kippdata
informationstechnologie GmbH Tel: 0228 98549 -0
Bornheimer Str. 33a Fax: 0228 98549 -50
53111 Bonn www.kippdata.de
HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
Should we be including/moving this discussion to dev@apr ?
On Feb 20, 2013, at 3:07 AM, Rainer Jung <ra...@kippdata.de> wrote:
> On 20.02.2013 08:07, William A. Rowe Jr. wrote:
>> On Wed, 20 Feb 2013 16:42:56 +1000
>> Noel Butler <no...@ausics.net> wrote:
>>
>>> On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote:
>>>
>>>
>>>
>>>>
>>>> Note he mentioned SHA512, not crypt(). I don't know that this makes
>>>> a difference on that architecture.
>>>>
>>>
>>>
>>> But isn't it just a hand off to system crypt() (modern crypt(), not
>>> the ancient 8 char one), since httpd is limited in native options,
>>> what it doesn't understand is passes to system crypt() to handle.
>
> Yes.
>
>> Which remains my point... our current 2.4 and 2.2 candidates should
>> suffer the same flaw.
>
> Indeed, that's likely. Note that Noel uses SHA512, which is supported in
> apr_password_validate(), but for instance not wired in htpasswd. So it
> might not be the most often used password hash in combination with
> httpd. Nevertheless we need to fix.
>
> I prepared another round of patches t check, what's wrong in
> apr_password_validate. All patches can be applied in srclib/apr-util.
> They are *not* cumulative:
>
> 1) Undo one change in the password validation function and check whether
> it works then:
>
> http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc.patch
>
> 2) Keep original validation code but ad some debug output to STDERR:
>
> http://people.apache.org/~rjung/patches/apr-util-password_validate-debug.patch
>
> 3) Combination of 1) and 2):
>
> http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc-debug.patch
>
> All patches only change one file, so if you apply on top of your build
> tree, make will only compile one file and you only need to copy over the
> new .libs/libaprutil-1.so to your httpd installation lib.
>
> Regards,
>
> Rainer
>
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Sat, 2013-02-23 at 13:29 +0100, Rainer Jung wrote:
> Concerning the apr_password_validate() problem in APU 1.5.1 and related
> httpd release testing failures:
>
> The bug was fixed in
>
> http://svn.apache.org/viewvc?view=revision&revision=1449309
>
> Don't know how I could stare so long at the code without seeing the
> obvious bug. Thanks to the reporter of PR 54603 for the correct patch.
>
> Regards,
>
> Rainer
Confirmed fixed in 2.4.4 (and 2.2.24) thanks for your time Rainer, much
appreciated.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Sat, 2013-02-23 at 13:29 +0100, Rainer Jung wrote:
> Concerning the apr_password_validate() problem in APU 1.5.1 and related
> httpd release testing failures:
>
> The bug was fixed in
>
> http://svn.apache.org/viewvc?view=revision&revision=1449309
>
> Don't know how I could stare so long at the code without seeing the
> obvious bug. Thanks to the reporter of PR 54603 for the correct patch.
>
> Regards,
>
> Rainer
Confirmed fixed in 2.4.4 (and 2.2.24) thanks for your time Rainer, much
appreciated.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
Concerning the apr_password_validate() problem in APU 1.5.1 and related
httpd release testing failures:
The bug was fixed in
http://svn.apache.org/viewvc?view=revision&revision=1449309
Don't know how I could stare so long at the code without seeing the
obvious bug. Thanks to the reporter of PR 54603 for the correct patch.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
Concerning the apr_password_validate() problem in APU 1.5.1 and related
httpd release testing failures:
The bug was fixed in
http://svn.apache.org/viewvc?view=revision&revision=1449309
Don't know how I could stare so long at the code without seeing the
obvious bug. Thanks to the reporter of PR 54603 for the correct patch.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Thu, 2013-02-21 at 10:24 +1000, Noel Butler wrote:
> On Wed, 2013-02-20 at 23:56 +0100, Rainer Jung wrote:
>
>
> >
> > That's strange, the additional stderr output
> >
> > "crypt_r returned NULL"
> >
> > or
> >
> > "crypt_r returned '%s'"
> >
> > is not shown here.
> >
>
>
> Indeed, I'm running :
> LogLevel debug auth_basic:trace8 authn_dbd:trace8
>
> Briefly ran trace8 globally, but only briefly for obvious reasons, my
> eyes were starting to bleed :)
>
>
> > As an alternative one could use strace to check the call to crypt_r and
>
>
> strace only shows...
>
> 29311 gettimeofday({1361405772, 894610}, NULL) = 0
> 29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
> 29311 write(17, "*\0\0\0\26SELECT Password FROM users WHERE User
> = ?"..., 46) = 46
> 29311 read(17, "\f\0\0\1\0\1\0\0\0\1\0\1\0\0\0\0\27\0\0\2\3def\0\0\0
> \1?\0\f?\0\0\0\0\0\375\200\0\0\0\0\5\0\0\3\376\0\0\2\0007\0\0\4\3def
> \7members\5users\5users\10Password\10Password\f\10\0\0\1\0\0\375\201
> \20\0\0\0\5\0\0\5\376\0\0\2\0"..., 16384) = 120
> 29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
> 29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
> 29311 write(17, "\23\0\0\0\27\1\0\0\0\0\1\0\0\0\0\1\375\0\4noel"...,
> 23) = 23
> 29311 read(17, "\1\0\0\1\0017\0\0\2\3def\7members\5users\5users
> \10Password\10Password\f\10\0\0\1\0\0\375\201\20\0\0\0\5\0\0\3\376\0\0
> \2\0m\0\0\4\0\0j$6$xxxxxxxxxxxx\5\0\0\5\376\0\0\2\0"..., 16384) = 195
> 29311 gettimeofday({1361405772, 895721}, NULL) = 0
> 29311 write(8, "[Thu Feb 21 10:16:12.895721 2013] [authn_dbd:trace2]
> [pid 29307:tid 3046349680] mod_authn_dbd.c(178): [client
> fd1d:c01d:1ce::145:59592] Got hashed password '$6$xxxxxxxxxxxxx' for
> user 'noel'\n"..., 281) = 281
> 29311 gettimeofday({1361405772, 895975}, NULL) = 0
> 29311 write(8, "[Thu Feb 21 10:16:12.895975 2013] [authn_dbd:debug]
> [pid 29307:tid 3046349680] mod_authn_dbd.c(199): (70024)passwords do
> not match: [client fd1d:c01d:1ce::145:59592] Call to
> apr_password_validate for user 'noel' and hashed password '$6
> $xxxxxxxxxxx"..., 368) = 368
> 29311 gettimeofday({1361405772, 896212}, NULL) = 0
> 29311 write(8, "[Thu Feb 21 10:16:12.896212 2013] [auth_basic:trace1]
> [pid 29307:tid 3046349680] mod_auth_basic.c(246): [client
> fd1d:c01d:1ce::145:59592] Checking password for user 'noel' using
> provider 'dbd', result: 0\n"..., 204) = 204
> 29311 gettimeofday({1361405772, 896399}, NULL) = 0
> 29311 write(8, "[Thu Feb 21 10:16:12.896399 2013] [auth_basic:error]
> [pid 29307:tid 3046349680] [client fd1d:c01d:1ce::145:59592] AH01617:
> user noel: authentication failure for \"/\": Password Mismatch\n"...,
> 184) = 184
> 29311 gettimeofday({1361405772, 896750}, NULL) = 0
> 29311 read(16, 0x8537248, 8000) = -1 EAGAIN (Resource
> temporarily unavailable)
> 29311 gettimeofday({1361405772, 896880}, NULL) = 0
> 29311 gettimeofday({1361405772, 896933}, NULL) = 0
>
>
I don't know if it offers any insight, but running the same strace
command tonight on 2.4.3 with apru1.4.1
prior to, and what I do not see in apru 1.5.1 output (as per above), but
do see in 2.4.3 and apru1.4.1, is talking to mysql
8526 close(17) = 0
8526 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 17
8526 connect(17, {sa_family=AF_INET, sin_port=htons(3306),
sin_addr=inet_addr("guilty.IP.removed")}, 16) = 0
8526 fcntl64(17, F_SETFL, O_RDONLY) = 0
8526 fcntl64(17, F_GETFL) = 0x2 (flags O_RDWR)
8526 setsockopt(17, SOL_SOCKET, SO_RCVTIMEO, "\2003\341\1\0\0\0\0"...,
8) = 0
8526 setsockopt(17, SOL_SOCKET, SO_SNDTIMEO, "\2003\341\1\0\0\0\0"...,
8) = 0
8526 setsockopt(17, SOL_IP, IP_TOS, [8], 4) = 0
8526 setsockopt(17, SOL_TCP, TCP_NODELAY, [1], 4) = 0
8526 setsockopt(17, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
8526 read(17, "N\0\0\0\n5.5.30-log\0!\v\0\0x'SNlXQl\0\377\367\10\2\0\17
\200\25\0\0\0\0\0\0\0\0\0\0M|J:$B
\0mysql_native_password\0"..., 16384) = 82
8526 brk(0x856e000) = 0x856e000
8526 stat64("/usr/share/charsets/Index.xml", {st_dev=makedev(8, 1),
st_ino=1359901, st_mode=S_IFREG|0644, st_n
link=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=40,
st_size=18312, st_atime=2013/02/22-11:56:39, st_mtim
e=2013/01/16-17:35:18, st_ctime=2013/02/06-11:28:28}) = 0
8526 open("/usr/share/charsets/Index.xml", O_RDONLY|O_LARGEFILE) = 18
8526 read(18, "<?xml version='1.0' encoding=\"utf-8\"?>\n\n<charsets
max-id=\"99\">\n\n<copyright>\n Copyright (c) 2003, 2012, Oracle
and/or its affiliates. All rights reserved.\n\n This program is free
software; you can redistribute it and/or modify\n it under the terms of
the GNU General Public License as published by\n "..., 18312) = 18312
8526 close(18) = 0
8526 futex(0xb73c7c80, FUTEX_WAKE_PRIVATE, 2147483647) = 0
8526 write(17, "Z\0\0\1\r\242\16\0\0\0\0@\10\0\0\0\0\0\0\0\0\0\0\0\0\0
\0\0\0\0\0\0\0\0\0\0DBASEUSERRME\0\24d\234ssg\272=\2i(\t\to\336\351\332
\17\314\261fmembers\0mysql_native_password\0"..., 94) = 94
8526 read(17, "\7\0\0\2\0\0\0\2\0\0\0"..., 16384) = 11
8526 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
8526 write(17, "\1\0\0\0\16"..., 5) = 5
8526 read(17, "\7\0\0\1\0\0\0\2\0\0\0"..., 16384) = 11
8526 gettimeofday({1361528535, 599942}, NULL) = 0
8526 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
8526 write(17, "*\0\0\0\26SELECT Password FROM users WHERE User
= ?"..., 46) = 46
its almost like 1.5.1 is not talking passing off to the system crypt,
but I'm only guessing. I did -Nau diff on 1.4.1 to 1.5.1 and seems a
mammoth amount of apr_password changes, so I wouldn't have the first
clue where to start looking further, hope that helps.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 23:56 +0100, Rainer Jung wrote:
>
> That's strange, the additional stderr output
>
> "crypt_r returned NULL"
>
> or
>
> "crypt_r returned '%s'"
>
> is not shown here.
>
Indeed, I'm running :
LogLevel debug auth_basic:trace8 authn_dbd:trace8
Briefly ran trace8 globally, but only briefly for obvious reasons, my
eyes were starting to bleed :)
> As an alternative one could use strace to check the call to crypt_r and
strace only shows...
29311 gettimeofday({1361405772, 894610}, NULL) = 0
29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
29311 write(17, "*\0\0\0\26SELECT Password FROM users WHERE User
= ?"..., 46) = 46
29311 read(17, "\f\0\0\1\0\1\0\0\0\1\0\1\0\0\0\0\27\0\0\2\3def\0\0\0
\1?\0\f?\0\0\0\0\0\375\200\0\0\0\0\5\0\0\3\376\0\0\2\0007\0\0\4\3def
\7members\5users\5users\10Password\10Password\f\10\0\0\1\0\0\375\201\20
\0\0\0\5\0\0\5\376\0\0\2\0"..., 16384) = 120
29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
29311 write(17, "\23\0\0\0\27\1\0\0\0\0\1\0\0\0\0\1\375\0\4noel"..., 23)
= 23
29311 read(17, "\1\0\0\1\0017\0\0\2\3def\7members\5users\5users
\10Password\10Password\f\10\0\0\1\0\0\375\201\20\0\0\0\5\0\0\3\376\0\0\2
\0m\0\0\4\0\0j$6$xxxxxxxxxxxx\5\0\0\5\376\0\0\2\0"..., 16384) = 195
29311 gettimeofday({1361405772, 895721}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.895721 2013] [authn_dbd:trace2]
[pid 29307:tid 3046349680] mod_authn_dbd.c(178): [client
fd1d:c01d:1ce::145:59592] Got hashed password '$6$xxxxxxxxxxxxx' for
user 'noel'\n"..., 281) = 281
29311 gettimeofday({1361405772, 895975}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.895975 2013] [authn_dbd:debug] [pid
29307:tid 3046349680] mod_authn_dbd.c(199): (70024)passwords do not
match: [client fd1d:c01d:1ce::145:59592] Call to apr_password_validate
for user 'noel' and hashed password '$6$xxxxxxxxxxx"..., 368) = 368
29311 gettimeofday({1361405772, 896212}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.896212 2013] [auth_basic:trace1]
[pid 29307:tid 3046349680] mod_auth_basic.c(246): [client
fd1d:c01d:1ce::145:59592] Checking password for user 'noel' using
provider 'dbd', result: 0\n"..., 204) = 204
29311 gettimeofday({1361405772, 896399}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.896399 2013] [auth_basic:error]
[pid 29307:tid 3046349680] [client fd1d:c01d:1ce::145:59592] AH01617:
user noel: authentication failure for \"/\": Password Mismatch\n"...,
184) = 184
29311 gettimeofday({1361405772, 896750}, NULL) = 0
29311 read(16, 0x8537248, 8000) = -1 EAGAIN (Resource
temporarily unavailable)
29311 gettimeofday({1361405772, 896880}, NULL) = 0
29311 gettimeofday({1361405772, 896933}, NULL) = 0
BTW I am now on dev@apr, I'll leave it to you Rainer if you want this
continued on both or either lists.
Cheers
Noel
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 23:56 +0100, Rainer Jung wrote:
>
> That's strange, the additional stderr output
>
> "crypt_r returned NULL"
>
> or
>
> "crypt_r returned '%s'"
>
> is not shown here.
>
Indeed, I'm running :
LogLevel debug auth_basic:trace8 authn_dbd:trace8
Briefly ran trace8 globally, but only briefly for obvious reasons, my
eyes were starting to bleed :)
> As an alternative one could use strace to check the call to crypt_r and
strace only shows...
29311 gettimeofday({1361405772, 894610}, NULL) = 0
29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
29311 write(17, "*\0\0\0\26SELECT Password FROM users WHERE User
= ?"..., 46) = 46
29311 read(17, "\f\0\0\1\0\1\0\0\0\1\0\1\0\0\0\0\27\0\0\2\3def\0\0\0
\1?\0\f?\0\0\0\0\0\375\200\0\0\0\0\5\0\0\3\376\0\0\2\0007\0\0\4\3def
\7members\5users\5users\10Password\10Password\f\10\0\0\1\0\0\375\201\20
\0\0\0\5\0\0\5\376\0\0\2\0"..., 16384) = 120
29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
29311 poll([{fd=17, events=POLLIN|POLLPRI}], 1, 0) = 0 (Timeout)
29311 write(17, "\23\0\0\0\27\1\0\0\0\0\1\0\0\0\0\1\375\0\4noel"..., 23)
= 23
29311 read(17, "\1\0\0\1\0017\0\0\2\3def\7members\5users\5users
\10Password\10Password\f\10\0\0\1\0\0\375\201\20\0\0\0\5\0\0\3\376\0\0\2
\0m\0\0\4\0\0j$6$xxxxxxxxxxxx\5\0\0\5\376\0\0\2\0"..., 16384) = 195
29311 gettimeofday({1361405772, 895721}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.895721 2013] [authn_dbd:trace2]
[pid 29307:tid 3046349680] mod_authn_dbd.c(178): [client
fd1d:c01d:1ce::145:59592] Got hashed password '$6$xxxxxxxxxxxxx' for
user 'noel'\n"..., 281) = 281
29311 gettimeofday({1361405772, 895975}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.895975 2013] [authn_dbd:debug] [pid
29307:tid 3046349680] mod_authn_dbd.c(199): (70024)passwords do not
match: [client fd1d:c01d:1ce::145:59592] Call to apr_password_validate
for user 'noel' and hashed password '$6$xxxxxxxxxxx"..., 368) = 368
29311 gettimeofday({1361405772, 896212}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.896212 2013] [auth_basic:trace1]
[pid 29307:tid 3046349680] mod_auth_basic.c(246): [client
fd1d:c01d:1ce::145:59592] Checking password for user 'noel' using
provider 'dbd', result: 0\n"..., 204) = 204
29311 gettimeofday({1361405772, 896399}, NULL) = 0
29311 write(8, "[Thu Feb 21 10:16:12.896399 2013] [auth_basic:error]
[pid 29307:tid 3046349680] [client fd1d:c01d:1ce::145:59592] AH01617:
user noel: authentication failure for \"/\": Password Mismatch\n"...,
184) = 184
29311 gettimeofday({1361405772, 896750}, NULL) = 0
29311 read(16, 0x8537248, 8000) = -1 EAGAIN (Resource
temporarily unavailable)
29311 gettimeofday({1361405772, 896880}, NULL) = 0
29311 gettimeofday({1361405772, 896933}, NULL) = 0
BTW I am now on dev@apr, I'll leave it to you Rainer if you want this
continued on both or either lists.
Cheers
Noel
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 22:33, Noel Butler wrote:
> On Wed, 2013-02-20 at 09:07 +0100, Rainer Jung wrote:
>> 2) Keep original validation code but ad some debug output to STDERR:
>>
>> http://people.apache.org/~rjung/patches/apr-util-password_validate-debug.patch <http://people.apache.org/%7Erjung/patches/apr-util-password_validate-debug.patch>
>>
> Fails
>
> [Thu Feb 21 07:18:27.549401 2013] [auth_basic:trace1] [pid 31295:tid
> 3012647792] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58603]
> Checking password for user '' using provider 'dbd', result: 3
>
> [Thu Feb 21 07:18:27.549593 2013] [auth_basic:error] [pid 31295:tid
> 3012647792] [client fd1d:c01d:1ce::145:58603] AH01618: user not found: /
>
> [Thu Feb 21 07:18:29.308367 2013] [authn_dbd:trace2] [pid 31295:tid
> 3004259184] mod_authn_dbd.c(178): [client fd1d:c01d:1ce::145:58603] Got
> hashed password '$6$xxxxxxxxx' for user 'noel'
>
> [Thu Feb 21 07:18:29.308437 2013] [authn_dbd:debug] [pid 31295:tid
> 3004259184] mod_authn_dbd.c(199): (70024)passwords do not match: [client
> fd1d:c01d:1ce::145:58603] Call to apr_password_validate for user 'noel'
> and hashed password '$6$xxxx' validate returned an error
>
> [Thu Feb 21 07:18:29.308471 2013] [auth_basic:trace1] [pid 31295:tid
> 3004259184] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58603]
> Checking password for user 'noel' using provider 'dbd', result: 0
>
> [Thu Feb 21 07:18:29.308505 2013] [auth_basic:error] [pid 31295:tid
> 3004259184] [client fd1d:c01d:1ce::145:58603] AH01617: user noel:
> authentication failure for "/": Password Mismatch
That's strange, the additional stderr output
"crypt_r returned NULL"
or
"crypt_r returned '%s'"
is not shown here.
As an alternative one could use strace to check the call to crypt_r and
the return value.
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 22:33, Noel Butler wrote:
> On Wed, 2013-02-20 at 09:07 +0100, Rainer Jung wrote:
>> 2) Keep original validation code but ad some debug output to STDERR:
>>
>> http://people.apache.org/~rjung/patches/apr-util-password_validate-debug.patch <http://people.apache.org/%7Erjung/patches/apr-util-password_validate-debug.patch>
>>
> Fails
>
> [Thu Feb 21 07:18:27.549401 2013] [auth_basic:trace1] [pid 31295:tid
> 3012647792] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58603]
> Checking password for user '' using provider 'dbd', result: 3
>
> [Thu Feb 21 07:18:27.549593 2013] [auth_basic:error] [pid 31295:tid
> 3012647792] [client fd1d:c01d:1ce::145:58603] AH01618: user not found: /
>
> [Thu Feb 21 07:18:29.308367 2013] [authn_dbd:trace2] [pid 31295:tid
> 3004259184] mod_authn_dbd.c(178): [client fd1d:c01d:1ce::145:58603] Got
> hashed password '$6$xxxxxxxxx' for user 'noel'
>
> [Thu Feb 21 07:18:29.308437 2013] [authn_dbd:debug] [pid 31295:tid
> 3004259184] mod_authn_dbd.c(199): (70024)passwords do not match: [client
> fd1d:c01d:1ce::145:58603] Call to apr_password_validate for user 'noel'
> and hashed password '$6$xxxx' validate returned an error
>
> [Thu Feb 21 07:18:29.308471 2013] [auth_basic:trace1] [pid 31295:tid
> 3004259184] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58603]
> Checking password for user 'noel' using provider 'dbd', result: 0
>
> [Thu Feb 21 07:18:29.308505 2013] [auth_basic:error] [pid 31295:tid
> 3004259184] [client fd1d:c01d:1ce::145:58603] AH01617: user noel:
> authentication failure for "/": Password Mismatch
That's strange, the additional stderr output
"crypt_r returned NULL"
or
"crypt_r returned '%s'"
is not shown here.
As an alternative one could use strace to check the call to crypt_r and
the return value.
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
Hi Rainer,
On Wed, 2013-02-20 at 09:07 +0100, Rainer Jung wrote:
> I prepared another round of patches t check, what's wrong in
> apr_password_validate. All patches can be applied in srclib/apr-util.
> They are *not* cumulative:
>
> 1) Undo one change in the password validation function and check whether
> it works then:
>
> http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc.patch
>
Still fails
> 2) Keep original validation code but ad some debug output to STDERR:
>
> http://people.apache.org/~rjung/patches/apr-util-password_validate-debug.patch
>
Fails
[Thu Feb 21 07:18:27.549401 2013] [auth_basic:trace1] [pid 31295:tid
3012647792] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58603]
Checking password for user '' using provider 'dbd', result: 3
[Thu Feb 21 07:18:27.549593 2013] [auth_basic:error] [pid 31295:tid
3012647792] [client fd1d:c01d:1ce::145:58603] AH01618: user not
found: /
[Thu Feb 21 07:18:29.308367 2013] [authn_dbd:trace2] [pid 31295:tid
3004259184] mod_authn_dbd.c(178): [client fd1d:c01d:1ce::145:58603] Got
hashed password '$6$xxxxxxxxx' for user 'noel'
[Thu Feb 21 07:18:29.308437 2013] [authn_dbd:debug] [pid 31295:tid
3004259184] mod_authn_dbd.c(199): (70024)passwords do not match: [client
fd1d:c01d:1ce::145:58603] Call to apr_password_validate for user 'noel'
and hashed password '$6$xxxx' validate returned an error
[Thu Feb 21 07:18:29.308471 2013] [auth_basic:trace1] [pid 31295:tid
3004259184] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58603]
Checking password for user 'noel' using provider 'dbd', result: 0
[Thu Feb 21 07:18:29.308505 2013] [auth_basic:error] [pid 31295:tid
3004259184] [client fd1d:c01d:1ce::145:58603] AH01617: user noel:
authentication failure for "/": Password Mismatch
> 3) Combination of 1) and 2):
>
> http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc-debug.patch
>
Fails with:
[Thu Feb 21 07:27:26.761557 2013] [authn_dbd:trace2] [pid 14586:tid
3038497648] mod_authn_dbd.c(178): [client fd1d:c01d:1ce::145:58640] Got
hashed password '$6xxxxxxxxxxx' for user 'noel'
[Thu Feb 21 07:27:26.761737 2013] [authn_dbd:debug] [pid 14586:tid
3038497648] mod_authn_dbd.c(199): (70024)passwords do not match: [client
fd1d:c01d:1ce::145:58640] Call to apr_password_validate for user 'noel'
and hashed password '$6$xxxx' validate returned an error
[Thu Feb 21 07:27:26.761804 2013] [auth_basic:trace1] [pid 14586:tid
3038497648] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:58640]
Checking password for user 'noel' using provider 'dbd', result: 0
[Thu Feb 21 07:27:26.761848 2013] [auth_basic:error] [pid 14586:tid
3038497648] [client fd1d:c01d:1ce::145:58640] AH01617: user noel:
authentication failure for "/": Password Mismatch
Cheers
N
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 08:07, William A. Rowe Jr. wrote:
> On Wed, 20 Feb 2013 16:42:56 +1000
> Noel Butler <no...@ausics.net> wrote:
>
>> On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote:
>>
>>
>>
>>>
>>> Note he mentioned SHA512, not crypt(). I don't know that this makes
>>> a difference on that architecture.
>>>
>>
>>
>> But isn't it just a hand off to system crypt() (modern crypt(), not
>> the ancient 8 char one), since httpd is limited in native options,
>> what it doesn't understand is passes to system crypt() to handle.
Yes.
> Which remains my point... our current 2.4 and 2.2 candidates should
> suffer the same flaw.
Indeed, that's likely. Note that Noel uses SHA512, which is supported in
apr_password_validate(), but for instance not wired in htpasswd. So it
might not be the most often used password hash in combination with
httpd. Nevertheless we need to fix.
I prepared another round of patches t check, what's wrong in
apr_password_validate. All patches can be applied in srclib/apr-util.
They are *not* cumulative:
1) Undo one change in the password validation function and check whether
it works then:
http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc.patch
2) Keep original validation code but ad some debug output to STDERR:
http://people.apache.org/~rjung/patches/apr-util-password_validate-debug.patch
3) Combination of 1) and 2):
http://people.apache.org/~rjung/patches/apr-util-password_validate-glibc-debug.patch
All patches only change one file, so if you apply on top of your build
tree, make will only compile one file and you only need to copy over the
new .libs/libaprutil-1.so to your httpd installation lib.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Wed, 2013-02-20 at 01:07 -0600, William A. Rowe Jr. wrote:
> On Wed, 20 Feb 2013 16:42:56 +1000
> Noel Butler <no...@ausics.net> wrote:
>
> > On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote:
> >
> >
> >
> > >
> > > Note he mentioned SHA512, not crypt(). I don't know that this makes
> > > a difference on that architecture.
> > >
> >
> >
> > But isn't it just a hand off to system crypt() (modern crypt(), not
> > the ancient 8 char one), since httpd is limited in native options,
> > what it doesn't understand is passes to system crypt() to handle.
>
> Which remains my point... our current 2.4 and 2.2 candidates should
> suffer the same flaw.
>
If I get time later I'll put 2.2 on dev box (got a 2.2 config round here
somewhere still) and try it for you, heading off to dinner now for a few
hours.
It certainly appears related to passing to system crypt() though ... If
I regenerate my password using old md5crypt - $1$foobaretc it still
fails, however, when I change to use the native apache md5 variant -
$apr1$foobaretc auth succeeds.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Wed, 20 Feb 2013 16:42:56 +1000
Noel Butler <no...@ausics.net> wrote:
> On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote:
>
>
>
> >
> > Note he mentioned SHA512, not crypt(). I don't know that this makes
> > a difference on that architecture.
> >
>
>
> But isn't it just a hand off to system crypt() (modern crypt(), not
> the ancient 8 char one), since httpd is limited in native options,
> what it doesn't understand is passes to system crypt() to handle.
Which remains my point... our current 2.4 and 2.2 candidates should
suffer the same flaw.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Tue, 2013-02-19 at 23:31 -0600, William A. Rowe Jr. wrote:
>
> Note he mentioned SHA512, not crypt(). I don't know that this makes
> a difference on that architecture.
>
But isn't it just a hand off to system crypt() (modern crypt(), not the
ancient 8 char one), since httpd is limited in native options, what it
doesn't understand is passes to system crypt() to handle.
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Wed, 20 Feb 2013 02:20:55 +0100
Rainer Jung <ra...@kippdata.de> wrote:
> On 20.02.2013 01:39, Noel Butler wrote:
> > On Tue, 2013-02-19 at 12:03 +0100, Rainer Jung wrote:
>
> OK, so we know it is correctly retrieving the hash and the aces
> control really fails in the apu password_validate.
>
> Next: Could you please
>
> grep CRYPT /path/to/build/apache/srclib/apr-util/config.status
>
> I'd like to check, whether your platform has CRYPT_R_CRYPTD or
> CRYPT_R_STRUCT_CRYPT_DATA defined. If it is the latter, then what OS
> is it and which glibs version?
>
> It might be the following change:
>
> http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?r1=998533&r2=998532&pathrev=998533
>
> which was ported to 1.5 (file crypto/apr_passwd.c) but not to 1.4. All
> other differences between the source of password_validate() in 1.4 and
> 1.5 seem to be unrelated to your problem.
Note he mentioned SHA512, not crypt(). I don't know that this makes
a difference on that architecture.
This would apply to 2.2.24 then? (Moreso, given that 2.4.x -deps
tarballs seem to disclaim being part of the release.)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 20.02.2013 01:39, Noel Butler wrote:
> On Tue, 2013-02-19 at 12:03 +0100, Rainer Jung wrote:
OK, so we know it is correctly retrieving the hash and the aces control
really fails in the apu password_validate.
Next: Could you please
grep CRYPT /path/to/build/apache/srclib/apr-util/config.status
I'd like to check, whether your platform has CRYPT_R_CRYPTD or
CRYPT_R_STRUCT_CRYPT_DATA defined. If it is the latter, then what OS is
it and which glibs version?
It might be the following change:
http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?r1=998533&r2=998532&pathrev=998533
which was ported to 1.5 (file crypto/apr_passwd.c) but not to 1.4. All
other differences between the source of password_validate() in 1.4 and
1.5 seem to be unrelated to your problem.
Regards,
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Tue, 2013-02-19 at 12:03 +0100, Rainer Jung wrote:
> LogLevel info auth_basic:trace8 authn_dbd:trace8
Thanks
> I checked whether the patch compiles fine, but haven't tested it, so
> careful if applying to production.
no problem this is only on dev at present.
NOTE: passwords returned in below fields were complete, and match the DB
correctly, so I removed all after the sha512 indicator.
[Wed Feb 20 10:32:09.846242 2013] [authn_dbd:trace2] [pid 6877:tid
3004689264] mod_authn_dbd.c(178): [client fd1d:c01d:1ce::145:35101] Got
hashed password '$6$ for user 'noel'
[Wed Feb 20 10:32:09.846360 2013] [authn_dbd:debug] [pid 6877:tid
3004689264] mod_authn_dbd.c(199): (70024)passwords do not match: [client
fd1d:c01d:1ce::145:35101] Call to apr_password_validate for user 'noel'
and hashed password '$6$' validate returned an error
[Wed Feb 20 10:32:09.846388 2013] [auth_basic:trace1] [pid 6877:tid
3004689264] mod_auth_basic.c(246): [client fd1d:c01d:1ce::145:35101]
Checking password for user 'noel' using provider 'dbd', result: 0
[Wed Feb 20 10:32:09.846402 2013] [auth_basic:error] [pid 6877:tid
3004689264] [client fd1d:c01d:1ce::145:35101] AH01617: user noel:
authentication failure for "/": Password Mismatch
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Rainer Jung <ra...@kippdata.de>.
On 19.02.2013 04:35, Noel Butler wrote:
> Builds fine but operation now fails on all mysql auths (included APR
> problem from -deps ??)
> reports: APR-util Version: 1.5.1
>
> [Tue Feb 19 13:16:33.487932 2013] [auth_basic:error] [pid 24811:tid
> 2996689776] [client xxxxxxxxxxx] AH01617: user noel: authentication
> failure for "/": Password Mismatch
>
> This is browser stored password , cleared, entered still fails,
> different browser, same, fails
Could you please apply the following patch:
http://people.apache.org/~rjung/patches/aaa_debug_2_4_4.patch
The patch adds debug output to mod_auth_basic and mod_authn_dbd.
Note that the output will contain the hashed password retrieved form the
database, but not the password send from the browser.
To activate the output, you would have to increase the log level for
those two modules, e.g. if you are usually using LogLevel info, you
would now use:
LogLevel info auth_basic:trace8 authn_dbd:trace8
The output should allow us to clarify, whether the denied actually came
from authn_dbd and what the return code of the apu password check was.
I checked whether the patch compiles fine, but haven't tested it, so
careful if applying to production.
Thanks!
Rainer
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Noel Butler <no...@ausics.net>.
On Mon, 2013-02-18 at 15:34 -0500, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
-1
Slackware 13.1 and 13.37
Builds fine but operation now fails on all mysql auths (included APR
problem from -deps ??)
reports: APR-util Version: 1.5.1
[Tue Feb 19 13:16:33.487932 2013] [auth_basic:error] [pid 24811:tid
2996689776] [client xxxxxxxxxxx] AH01617: user noel: authentication
failure for "/": Password Mismatch
This is browser stored password , cleared, entered still fails,
different browser, same, fails
make install back in 2.4.3, and all mysql auths once again succeed
have tested overwrites, and clearing of all bin/ build/ lib/ and fresh
installs no change.
SQL:
29 Prepare SELECT Password FROM users WHERE User = ?
29 Close stmt
29 Quit
Built as (no change since 2.4.0):
./configure --prefix=/usr/local/apache --enable-so --enable-modules=all
--enable-mods-static=all --disable-dav --enable-suexec
--with-suexec-docroot=/var/www --with-suexec-caller=apache
--with-suexec-logfile=/var/log/apache/suexec_log --with-included-apr
--with-mysql --disable-util-dso --enable-ssl
ldd /usr/local/apache/bin/httpd
<snip>
libmysqlclient.so.18 => /usr/lib/mysql/libmysqlclient.so.18
(0xb7159000)
libaprutil-1.so.0 => /usr/local/apache/lib/libaprutil-1.so.0
(0xb742a000)
/usr/local/apache/bin/httpd -t
Syntax OK
-t -D DUMP_MODULES |grep dbd
authn_dbd_module (static)
authz_dbd_module (static)
dbd_module (static)
session_dbd_module (static)
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Graham Leggett <mi...@sharp.fm>.
On 18 Feb 2013, at 10:34 PM, Jim Jagielski <ji...@jaguNET.com> wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
Built as an RPM on CentOS6 and FC17, and built on MacOSX 10.8.
+1
Regards,
Graham
--
Re: [VOTE] Release Apache httpd 2.4.4 as GA
Posted by Gregg Smith <gl...@gknw.net>.
On 2/18/2013 12:34 PM, Jim Jagielski wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
+1 Win32/64
Sorry for the duplicate 2.2.24 vote, that was supposed to be for this.
Gregg
RESULTS: (Was: [VOTE] Release Apache httpd 2.4.4 as GA )
Posted by Jim Jagielski <ji...@jaguNET.com>.
After 72+ hours, I call the vote closed. results are:
+1: rjung(*), steffen, humbedooh(*), covener(*), jim(*), gls,
jorton(*), wrowe(*)
+0: NULL
-1: rjung (but only Solaris)
With the final tally APPROVING release.
Thx to all voters and testers!
I will move the release artifacts to dist and allow the
weekend for mirrors to sync, and will announce on Monday.
On Feb 18, 2013, at 3:34 PM, Jim Jagielski <ji...@jaguNET.com> wrote:
> The pre-release test tarballs for Apache httpd 2.4.4 can be found
> at the usual place:
>
> http://httpd.apache.org/dev/dist/
>
> I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
> NOTE: The -deps tarballs are included here *only* to make life
> easier for the tester. They will not be, and are not, part
> of the official release.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
>
> Vote will last the normal 72 hrs.
>
[VOTE] Release Apache httpd 2.4.4 as GA
Posted by Jim Jagielski <ji...@jaguNET.com>.
The pre-release test tarballs for Apache httpd 2.4.4 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.4 GA.
NOTE: The -deps tarballs are included here *only* to make life
easier for the tester. They will not be, and are not, part
of the official release.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.
Vote will last the normal 72 hrs.
Re: Time [also] for 2.2.24
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.02.2013 19:45, Michael Felt wrote:
> It will wait til 2.2.25 if it must, but I have some scripts to
> autostart/stop httpd on AIX - must load a system to see if they are
> already in 2.2.X. If not, who can I send the changes to?
You should start with a script for 2.4.x. Example is the file
build/rpm/httpd.init in the source tree which gets installed via the
SPEC file ./build/rpm/httpd.spec.in.
Patches or additions can always be attached to a new Bugzilla entry. If
needed you can send a heads-up to this list here.
Unrelated note: please do start a separate mail thread with a subject
that reflects the discussion topic. Following long mail threads that
completely change their topic is hard.
Regards,
Rainer
Re: Time [also] for 2.2.24
Posted by Rainer Jung <ra...@kippdata.de>.
On 18.02.2013 19:45, Michael Felt wrote:
> I really need to learn how to do the tests you guys do. iirc it is not
> as simple as "make check" or "make test".
For starters there's a README at:
http://svn.apache.org/viewvc/httpd/test/framework/trunk/README?view=co
You'll need Perl plus the Perl module bundle
Apache-Test/lib/Bundle/ApacheTest.pm as explained in the README. If your
Perl is old, the bundle might install more dependency modules.
The modules also require some libraries installed, especially openssl.
Then you'll need an installed httpd and make sure the you load all
modules you want to test in the httpd.conf.
Finally you check out
http://svn.apache.org/repos/asf/httpd/test/framework/trunk/ and run the
Perl test framework from there as described in the README.
Regards,
Rainer
Re: Time [also] for 2.2.24
Posted by Michael Felt <ma...@gmail.com>.
I really need to learn how to do the tests you guys do. iirc it is not as
simple as "make check" or "make test".
It will wait til 2.2.25 if it must, but I have some scripts to
autostart/stop httpd on AIX - must load a system to see if they are already
in 2.2.X. If not, who can I send the changes to?
Congratulations on the new release btw!
Michael
On Mon, Feb 18, 2013 at 4:47 PM, Rainer Jung <ra...@kippdata.de>wrote:
> On 16.02.2013 19:07, William A. Rowe Jr. wrote:
> > On Fri, 15 Feb 2013 04:48:42 -0600
> > "William A. Rowe Jr." <wr...@rowe-clan.net> wrote:
> >>
> >> I plan to tag between late Friday 15 Feb eve, and Saturday. The
> >> remaining STATUS items only have a vote or two, or are contested
> >> and can't really be expected to hit this tag. It might be a bit
> >> late to add more to STATUS for consideration, but if you were
> >> going to evalute any of these patches, now is your opportunity.
> >
> > Shifting this to Mon 18 Feb afternoon to be in sync with 2.4.4, so
> > feel free to work on late additions this weekend through STATUS.
>
> Info: I ran the test suite and got no unknown or unexpected failures
> (details see below).
>
> Tested configuration:
>
> - current 2.2.x HEAD with APR/APU 1.4.6/1.5.1
> - using shared modules "all"
> - tested for prefork, worker and event
> - each MPM tested with log level info and debug
> - platform Solaris 10 Sparc 32 Bit build
> - Libraries Expat 2.1.0 and PCRE 8.32 (or both bundled),
> OpenSSL 1.0.1e with a few patches
> - Tool chain: gcc 4.7.2,
> CFLAGS -O2 -g -Wall -fno-strict-aliasing -mpcu=v9
>
> Known or expected failures:
>
> t/security/CVE-2005-3352.t (Wstat: 0 Tests: 2 Failed: 1)
> Failed test: 2
> It fails, because the test is already adjusted for a 2.4 backport that's
> waiting for the third vote in 2.2 STATUS (last item in the proposed
> backports list).
>
> t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2)
> Failed tests: 2-3
> Perl problem, no regression.
>
> t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1)
> Failed test: 2
> t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1)
> Failed test: 9
> Both fail at least since 2.2.16, so no regression.
>
> Regards,
>
> Rainer
>
Re: Time [also] for 2.2.24
Posted by Rainer Jung <ra...@kippdata.de>.
On 16.02.2013 19:07, William A. Rowe Jr. wrote:
> On Fri, 15 Feb 2013 04:48:42 -0600
> "William A. Rowe Jr." <wr...@rowe-clan.net> wrote:
>>
>> I plan to tag between late Friday 15 Feb eve, and Saturday. The
>> remaining STATUS items only have a vote or two, or are contested
>> and can't really be expected to hit this tag. It might be a bit
>> late to add more to STATUS for consideration, but if you were
>> going to evalute any of these patches, now is your opportunity.
>
> Shifting this to Mon 18 Feb afternoon to be in sync with 2.4.4, so
> feel free to work on late additions this weekend through STATUS.
Info: I ran the test suite and got no unknown or unexpected failures
(details see below).
Tested configuration:
- current 2.2.x HEAD with APR/APU 1.4.6/1.5.1
- using shared modules "all"
- tested for prefork, worker and event
- each MPM tested with log level info and debug
- platform Solaris 10 Sparc 32 Bit build
- Libraries Expat 2.1.0 and PCRE 8.32 (or both bundled),
OpenSSL 1.0.1e with a few patches
- Tool chain: gcc 4.7.2,
CFLAGS -O2 -g -Wall -fno-strict-aliasing -mpcu=v9
Known or expected failures:
t/security/CVE-2005-3352.t (Wstat: 0 Tests: 2 Failed: 1)
Failed test: 2
It fails, because the test is already adjusted for a 2.4 backport that's
waiting for the third vote in 2.2 STATUS (last item in the proposed
backports list).
t/security/CVE-2008-2364.t (Wstat: 0 Tests: 3 Failed: 2)
Failed tests: 2-3
Perl problem, no regression.
t/ssl/extlookup.t (Wstat: 0 Tests: 4 Failed: 1)
Failed test: 2
t/ssl/require.t (Wstat: 0 Tests: 10 Failed: 1)
Failed test: 9
Both fail at least since 2.2.16, so no regression.
Regards,
Rainer
Re: Time [also] for 2.2.24
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Fri, 15 Feb 2013 04:48:42 -0600
"William A. Rowe Jr." <wr...@rowe-clan.net> wrote:
>
> I plan to tag between late Friday 15 Feb eve, and Saturday. The
> remaining STATUS items only have a vote or two, or are contested
> and can't really be expected to hit this tag. It might be a bit
> late to add more to STATUS for consideration, but if you were
> going to evalute any of these patches, now is your opportunity.
Shifting this to Mon 18 Feb afternoon to be in sync with 2.4.4, so
feel free to work on late additions this weekend through STATUS.
Re: Time [also] for 2.2.24
Posted by Rainer Jung <ra...@kippdata.de>.
On 15.02.2013 12:38, Rainer Jung wrote:
> Some propaganda: the STATUS item "mod_proxy_ajp: Support unknown HTTP
> methods. PR54416." has two votes (mine and wrowe). The situation was
> worsened in 2.2.21 due to a fix for CVE-2011-3348. It would be nice to
> fix it in 2.2.24, fix is very similar to the 2.4 one. Of course it is
> not a show stopper.
rpluem gave a 3rd vote (thanks), so this one is done.
Rainer
Re: Time [also] for 2.2.24
Posted by Rainer Jung <ra...@kippdata.de>.
On 15.02.2013 11:48, William A. Rowe Jr. wrote:
> I plan to tag between late Friday 15 Feb eve, and Saturday. The
> remaining STATUS items only have a vote or two, or are contested
> and can't really be expected to hit this tag. It might be a bit
> late to add more to STATUS for consideration, but if you were
> going to evalute any of these patches, now is your opportunity.
>
> Where there are valid grounds for debate, we should elevate those
> from the status file to dev@ for wider visibility.
Some propaganda: the STATUS item "mod_proxy_ajp: Support unknown HTTP
methods. PR54416." has two votes (mine and wrowe). The situation was
worsened in 2.2.21 due to a fix for CVE-2011-3348. It would be nice to
fix it in 2.2.24, fix is very similar to the 2.4 one. Of course it is
not a show stopper.
Regards,
Rainer
Re: Time [also] for 2.2.24
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Tue, 5 Feb 2013 11:46:55 -0600
"William A. Rowe Jr." <wr...@rowe-clan.net> wrote:
> On Fri, 1 Feb 2013 09:15:46 -0500
> Jim Jagielski <ji...@jaguNET.com> wrote:
>
> > I think it's about time for 2.4.4... just a handful
> > of proposed backports are still open. I propose we
> > do a T&R the end of next week with a release the
> > week after that. I'll be RM.
> >
> > Comments?
>
> +1, it's been a while, thanks for RM'ing!
>
> I'd be happy to go ahead and tag 2.2.24 while we are at it,
> and will look through STATUS for all the low hanging fruit,
> vote up some backports, apply accepted backports, etc.
STATUS and backports are looking great. As noted in another thread,
this is the version that the world is actually using.
I plan to tag between late Friday 15 Feb eve, and Saturday. The
remaining STATUS items only have a vote or two, or are contested
and can't really be expected to hit this tag. It might be a bit
late to add more to STATUS for consideration, but if you were
going to evalute any of these patches, now is your opportunity.
Where there are valid grounds for debate, we should elevate those
from the status file to dev@ for wider visibility.
The tag and tarballs will be on the same box as 2.2.23 (that VM
didn't have to be rebuilt :) We should embrace the newest, latest
and greatest autogunk, but only on head. It doesn't do users much
good if the prior tar.gz built just fine, but this tarball doesn't
build on their platform.
I think the Win 2003/VC 6 machine is finished - I was pulled off
to a convention of another color last weekend, and didn't have the
chance to put that to the test. I'll follow with win32 binaries
for both 2.2.23 and 2.2.24 [for users who encounter .24 specific
bugs] based on VC 6, and next week, try to catch up on progress
the community has made on a 2.4 build.
Any concerns, please shout out.
Bill
Re: Time for 2.4.4
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On Fri, 1 Feb 2013 09:15:46 -0500
Jim Jagielski <ji...@jaguNET.com> wrote:
> I think it's about time for 2.4.4... just a handful
> of proposed backports are still open. I propose we
> do a T&R the end of next week with a release the
> week after that. I'll be RM.
>
> Comments?
+1, it's been a while, thanks for RM'ing!
I've only just recovered from a really ugly mail data mess
that started back in September, but I'm essentially back.
[I have Claws email client to thank for untangling this whole
mess, thunderbird has been relegated to the trash bin.]
I'd be happy to go ahead and tag 2.2.24 while we are at it,
and will look through STATUS for all the low hanging fruit,
vote up some backports, apply accepted backports, etc.
Re: STATUS vote! (Was: Re: Time for 2.4.4)
Posted by Jim Jagielski <ji...@jaguNET.com>.
Just a FYI: I'll be traveling a bit next week so I'll do
the T&R by Monday and leave the vote open until I get
back on Friday.
On Feb 6, 2013, at 7:43 AM, Jim Jagielski <ji...@jaguNET.com> wrote:
> Just a handful of backports in STATUS which appear viable for
> 2.4.4... look, review and vote if possible! :)
>
> On Feb 1, 2013, at 9:15 AM, Jim Jagielski <ji...@jaguNET.com> wrote:
>
>> I think it's about time for 2.4.4... just a handful
>> of proposed backports are still open. I propose we
>> do a T&R the end of next week with a release the
>> week after that. I'll be RM.
>>
>> Comments?
>>
>
STATUS vote! (Was: Re: Time for 2.4.4)
Posted by Jim Jagielski <ji...@jaguNET.com>.
Just a handful of backports in STATUS which appear viable for
2.4.4... look, review and vote if possible! :)
On Feb 1, 2013, at 9:15 AM, Jim Jagielski <ji...@jaguNET.com> wrote:
> I think it's about time for 2.4.4... just a handful
> of proposed backports are still open. I propose we
> do a T&R the end of next week with a release the
> week after that. I'll be RM.
>
> Comments?
>