You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by Evgeny Kotkov <ev...@visualsvn.com.INVALID> on 2023/05/03 15:41:30 UTC
Intent to release serf 1.3.10
Hi everyone,
I'd like to propose that we release serf 1.3.10 with OpenSSL 3 support.
All currently released versions of serf don't build or work with OpenSSL 3.
OpenSSL 1.1.1 series will reach EOL starting from 11th September 2023 [1],
leaving OpenSSL 3 as the only supported version, so this seems to be an
urgent issue.
The current state is as follows:
- I prepared a set of nominated fixes in ^/serf/branches/1.3.x/STATUS.
- Most of them are required for OpenSSL 3 support, but there are some
general improvements as well.
- Below you'll find a detailed list of these nominations, which I think
should be included in the new release.
- All of these nominations are currently in a pending state, requiring
*one more vote* to be backported.
I can RM if needed, but before that, it would be nice if someone could
provide the remaining votes for these nominations.
The shortlog of currently pending nominations:
---------------------------------------------------------
* r1712131, r1807594, r1811088, r1861036, r1909315, r1909316
Add support for building with VS2017-VS2022, assuming a new enough scons.
* r1901040
Fix test_ssl_handshake() failure with OpenSSL 1.1.1i+.
Justification:
Serf should test cleanly against upstreams.
* r1901937
Remove the use of ERR_GET_FUNC() to allow building against OpenSSL 3.
Justification:
Serf should work with OpenSSL 3.
* r1902208, r1902304
Rework BIO control handlers to support BIO_CTRL_EOF and to properly respond
to unknown control values.
Justification:
- Fixes "unexpected eof while reading" errors with OpenSSL 3, also
observed in the test suite.
- Fixes a user-reported issue with OpenSSL 3 where serf BIOs are
incorrectly assumed to support KTLS:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
* r1909252, r1909385, r1909406, r1909413, r1909433
Do not use OpenSSL functions that operate with FILE to avoid potential CRT
versions mismatch. Use BIO based functions instead.
Justification:
Avoids a potential source of CRT versions mismatch. Removes a dependency
on openssl/applink.c.
---------------------------------------------------------
Also, below is a list of changes that have already been backported to the
1.3.x branch and will be included in the new release. Some of those, such
as r1805301, seem to be important enough to justify the new release as well:
* Fix error handling that can cause invalid or undefined behavior when
reading the outgoing request's body (r1804534, r1804543, r1804553)
* Properly handle invalid chunk lengths in the dechunk bucket (r1804005,
r1804008, r1804016)
* Fix an endless loop in the deflate bucket with truncated input (r1805301)
* Build changes to support Python 3.x (r1875933)
[1] https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
Thanks,
Evgeny Kotkov
Re: Intent to release serf 1.3.10
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
Hi Evgeny,
Thanks so much for picking this up! I will aim to do a sweep of STATUS
this weekend and provide votes/reviews for any backports.
And, I will try to carve out some time to help test releases on a few
platforms once we have tarballs ready to go.
Cheers. -- justin
On Wed, May 3, 2023, 11:42 AM Evgeny Kotkov
<ev...@visualsvn.com.invalid> wrote:
> Hi everyone,
>
> I'd like to propose that we release serf 1.3.10 with OpenSSL 3 support.
>
> All currently released versions of serf don't build or work with OpenSSL 3.
> OpenSSL 1.1.1 series will reach EOL starting from 11th September 2023 [1],
> leaving OpenSSL 3 as the only supported version, so this seems to be an
> urgent issue.
>
> The current state is as follows:
>
> - I prepared a set of nominated fixes in ^/serf/branches/1.3.x/STATUS.
> - Most of them are required for OpenSSL 3 support, but there are some
> general improvements as well.
> - Below you'll find a detailed list of these nominations, which I think
> should be included in the new release.
> - All of these nominations are currently in a pending state, requiring
> *one more vote* to be backported.
>
> I can RM if needed, but before that, it would be nice if someone could
> provide the remaining votes for these nominations.
>
> The shortlog of currently pending nominations:
> ---------------------------------------------------------
>
> * r1712131, r1807594, r1811088, r1861036, r1909315, r1909316
> Add support for building with VS2017-VS2022, assuming a new enough scons.
>
> * r1901040
> Fix test_ssl_handshake() failure with OpenSSL 1.1.1i+.
> Justification:
> Serf should test cleanly against upstreams.
>
> * r1901937
> Remove the use of ERR_GET_FUNC() to allow building against OpenSSL 3.
> Justification:
> Serf should work with OpenSSL 3.
>
> * r1902208, r1902304
> Rework BIO control handlers to support BIO_CTRL_EOF and to properly
> respond
> to unknown control values.
> Justification:
> - Fixes "unexpected eof while reading" errors with OpenSSL 3, also
> observed in the test suite.
> - Fixes a user-reported issue with OpenSSL 3 where serf BIOs are
> incorrectly assumed to support KTLS:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
>
> * r1909252, r1909385, r1909406, r1909413, r1909433
> Do not use OpenSSL functions that operate with FILE to avoid potential
> CRT
> versions mismatch. Use BIO based functions instead.
> Justification:
> Avoids a potential source of CRT versions mismatch. Removes a
> dependency
> on openssl/applink.c.
>
> ---------------------------------------------------------
>
> Also, below is a list of changes that have already been backported to the
> 1.3.x branch and will be included in the new release. Some of those, such
> as r1805301, seem to be important enough to justify the new release as
> well:
>
> * Fix error handling that can cause invalid or undefined behavior when
> reading the outgoing request's body (r1804534, r1804543, r1804553)
>
> * Properly handle invalid chunk lengths in the dechunk bucket (r1804005,
> r1804008, r1804016)
>
> * Fix an endless loop in the deflate bucket with truncated input (r1805301)
>
> * Build changes to support Python 3.x (r1875933)
>
>
> [1] https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
>
>
> Thanks,
> Evgeny Kotkov
>
Re: Intent to release serf 1.3.10
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On Fri, May 12, 2023 at 7:43 AM Ivan Zhakov <iv...@apache.org> wrote:
> On 2023/05/10 11:33:40 Evgeny Kotkov wrote:
> > Evgeny Kotkov <ev...@visualsvn.com> writes:
> >
> > > The current state is as follows:
> > >
> > > - I prepared a set of nominated fixes in ^/serf/branches/1.3.x/STATUS.
> > > - Most of them are required for OpenSSL 3 support, but there are some
> > > general improvements as well.
> > > - Below you'll find a detailed list of these nominations, which I think
> > > should be included in the new release.
> > > - All of these nominations are currently in a pending state, requiring
> > > *one more vote* to be backported.
> >
> > I'm currently planning to backport these nominations with two binding +1
> > votes (and additional non-binding votes, where applicable) and proceed
> with
> > preparing the 1.3.10 release tarballs.
> >
> > Hope there won't be objections to this plan, but please speak up if
> otherwise.
> >
> >
> Makes sense for me. +1.
>
As long as the release itself has 3 +1s, that’s fine. I still plan to do a
sweep of STATUS soon.
Cheers. — justin
Re: Intent to release serf 1.3.10
Posted by Ivan Zhakov <iv...@apache.org>.
On 2023/05/10 11:33:40 Evgeny Kotkov wrote:
> Evgeny Kotkov <ev...@visualsvn.com> writes:
>
> > The current state is as follows:
> >
> > - I prepared a set of nominated fixes in ^/serf/branches/1.3.x/STATUS.
> > - Most of them are required for OpenSSL 3 support, but there are some
> > general improvements as well.
> > - Below you'll find a detailed list of these nominations, which I think
> > should be included in the new release.
> > - All of these nominations are currently in a pending state, requiring
> > *one more vote* to be backported.
>
> I'm currently planning to backport these nominations with two binding +1
> votes (and additional non-binding votes, where applicable) and proceed with
> preparing the 1.3.10 release tarballs.
>
> Hope there won't be objections to this plan, but please speak up if otherwise.
>
>
Makes sense for me. +1.
Re: Intent to release serf 1.3.10
Posted by Evgeny Kotkov <ev...@visualsvn.com.INVALID>.
Evgeny Kotkov <ev...@visualsvn.com> writes:
> The current state is as follows:
>
> - I prepared a set of nominated fixes in ^/serf/branches/1.3.x/STATUS.
> - Most of them are required for OpenSSL 3 support, but there are some
> general improvements as well.
> - Below you'll find a detailed list of these nominations, which I think
> should be included in the new release.
> - All of these nominations are currently in a pending state, requiring
> *one more vote* to be backported.
I'm currently planning to backport these nominations with two binding +1
votes (and additional non-binding votes, where applicable) and proceed with
preparing the 1.3.10 release tarballs.
Hope there won't be objections to this plan, but please speak up if otherwise.
Thanks,
Evgeny Kotkov