You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Rainer Jung <ra...@kippdata.de> on 2021/08/31 08:09:43 UTC
APR 1.7.1 release?
Hi there,
any chance we find an RM for a APR 1.7.1 release? At least there was the
fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
platform specific or build improvements). Last release 1.7.0 was in
April 2019.
For APR-util I don't know the current state and release needs for the
1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
has never been released. CHANGES for 1.6.x only contains one
apr_dbm_gdbm fix plus a minor libtool use improvement.
Apache httpd is planing to start a release cycle soon and it would be
nice to have a clean APR 1.7.1 and maybe APR-util also.
Thanks and regards,
Rainer
Re: APR 1.7.1 release?
Posted by Noel Butler <no...@ausics.net>.
On 31/08/2021 18:09, Rainer Jung wrote:
> Hi there,
>
> any chance we find an RM for a APR 1.7.1 release? At least there was
> the fix for CVE-2021-35940 and CHANGES contains 15 more items (many of
> them platform specific or build improvements). Last release 1.7.0 was
> in April 2019.
>
> For APR-util I don't know the current state and release needs for the
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> has never been released. CHANGES for 1.6.x only contains one
> apr_dbm_gdbm fix plus a minor libtool use improvement.
>
> Apache httpd is planing to start a release cycle soon and it would be
> nice to have a clean APR 1.7.1 and maybe APR-util also.
>
> Thanks and regards,
>
> Rainer
+1
Alsoo, apr-util needs to be run out as well, I asked about this November
last year to resolve issues with later mariadb versions that still today
need manual patch
--
Regards,
Noel Butler
This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message.
Re: APR 1.7.1 release?
Posted by Michael Osipov <mi...@apache.org>.
Am 2021-08-31 um 10:09 schrieb Rainer Jung:
> Hi there,
>
> any chance we find an RM for a APR 1.7.1 release? At least there was the
> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> platform specific or build improvements). Last release 1.7.0 was in
> April 2019.
>
> For APR-util I don't know the current state and release needs for the
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> has never been released. CHANGES for 1.6.x only contains one
> apr_dbm_gdbm fix plus a minor libtool use improvement.
>
> Apache httpd is planing to start a release cycle soon and it would be
> nice to have a clean APR 1.7.1 and maybe APR-util also.
Oh yes please. I have done a few backports in APR 1.7.x which affect
Tomcat on Windows as well as the libtool stuff for HP-UX.
;
Re: APR 1.7.1 release?
Posted by Rainer Jung <ra...@kippdata.de>.
Am 03.09.2021 um 03:44 schrieb William A Rowe Jr:
> I'm willing to RM APR and APR-util 1.7 releases.
That would be great.
> Would propose we set a date out 2 weeks, anything lingering needs
> to be finalized with the usual oversight no later than the 8th, and
> we tag on the 14th, announce on the 15th when the mirrors have
> caught up. That gives enough days for committers to review the
> last changes to these release branches.
Sounds like a plan, though I can't judge on which important things need
to be fixed. Hopefully nothing.
> But I'd be happier co-RM'ing this with a newer committer/PMC
> participant who wants to learn the ropes. Any volunteers?
> Other thoughts or observations?
Regards,
Rainer
Re: APR 1.7.1 release?
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Fri, Sep 10, 2021 at 3:34 AM Ruediger Pluem <rp...@apache.org> wrote:
>
> On 9/10/21 10:28 AM, Steffen Land wrote:
> > Please be sure that the following two are included in 1.7.1 :
> >
> > PR 63491 regression in 1.7, see https://www.apachelounge.com/viewtopic.php?p=39558
>
> r1882155 brought this already to 1.7.
>
> > PR 61165 CPU deadlock under load, see https://github.com/SpiderLabs/ModSecurity/issues/2181
>
> Looks like to me that r1860057 is not backported yet to 1.7.
I agree with the fix and will pick this up shortly.
Re: APR 1.7.1 release?
Posted by Ruediger Pluem <rp...@apache.org>.
On 9/10/21 10:28 AM, Steffen Land wrote:
> Please be sure that the following two are included in 1.7.1 :
>
> PR 63491 regression in 1.7, see https://www.apachelounge.com/viewtopic.php?p=39558
r1882155 brought this already to 1.7.
> PR 61165 CPU deadlock under load, see https://github.com/SpiderLabs/ModSecurity/issues/2181
Looks like to me that r1860057 is not backported yet to 1.7.
Thanks for the heads up.
Regards
Rüdiger
Re: APR 1.7.1 release?
Posted by Steffen Land <in...@apachelounge.com>.
Please be sure that the following two are included in 1.7.1 :
PR 63491 regression in 1.7, see
https://www.apachelounge.com/viewtopic.php?p=39558
PR 61165 CPU deadlock under load, see
https://github.com/SpiderLabs/ModSecurity/issues/2181
Steffen
On Friday 10/09/2021 at 00:00, William A Rowe Jr wrote:
> Just as a reminder, with the goal to drop 1.7 apr and 1.7 apr-util
> releases in one week,
> please observe the practices in other projects and ask for 2 more sets
> of eyeballs for
> 3 validated +1's on patches before backporting to these trees for the
> next week. TIA!
>
> I've had some success tweaking the abts framework to accomplish some
> win32 fileinfo
> validation of my proposed patch, so I should land that for willing
> reviewers by CoB
> tomorrow. I know we have several associated with the Subversion PMC
> willing to
> lend a review, but I'll be following the same process with these fixes
> to cure, and
> further solve the apr 1.6.0 original and 1.7.1 release quirks with
> mount symlinks.
>
> Bill
>
> On Thu, Sep 2, 2021 at 8:44 PM William A Rowe Jr <wr...@rowe-clan.net>
> wrote:
>>
>>
>> I'm willing to RM APR and APR-util 1.7 releases.
>>
>> Would propose we set a date out 2 weeks, anything lingering needs
>> to be finalized with the usual oversight no later than the 8th, and
>> we tag on the 14th, announce on the 15th when the mirrors have
>> caught up. That gives enough days for committers to review the
>> last changes to these release branches.
>>
>> But I'd be happier co-RM'ing this with a newer committer/PMC
>> participant who wants to learn the ropes. Any volunteers?
>> Other thoughts or observations?
>>
>> On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de>
>> wrote:
>>>
>>>
>>> Hi there,
>>>
>>> any chance we find an RM for a APR 1.7.1 release? At least there was
>>> the
>>> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of
>>> them
>>> platform specific or build improvements). Last release 1.7.0 was in
>>> April 2019.
>>>
>>> For APR-util I don't know the current state and release needs for the
>>> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017,
>>> 1.7.x
>>> has never been released. CHANGES for 1.6.x only contains one
>>> apr_dbm_gdbm fix plus a minor libtool use improvement.
>>>
>>> Apache httpd is planing to start a release cycle soon and it would be
>>> nice to have a clean APR 1.7.1 and maybe APR-util also.
>>>
>>> Thanks and regards,
>>>
>>> Rainer
Re: APR 1.7.1 release?
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
Just as a reminder, with the goal to drop 1.7 apr and 1.7 apr-util
releases in one week,
please observe the practices in other projects and ask for 2 more sets
of eyeballs for
3 validated +1's on patches before backporting to these trees for the
next week. TIA!
I've had some success tweaking the abts framework to accomplish some
win32 fileinfo
validation of my proposed patch, so I should land that for willing
reviewers by CoB
tomorrow. I know we have several associated with the Subversion PMC willing to
lend a review, but I'll be following the same process with these fixes
to cure, and
further solve the apr 1.6.0 original and 1.7.1 release quirks with
mount symlinks.
Bill
On Thu, Sep 2, 2021 at 8:44 PM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> I'm willing to RM APR and APR-util 1.7 releases.
>
> Would propose we set a date out 2 weeks, anything lingering needs
> to be finalized with the usual oversight no later than the 8th, and
> we tag on the 14th, announce on the 15th when the mirrors have
> caught up. That gives enough days for committers to review the
> last changes to these release branches.
>
> But I'd be happier co-RM'ing this with a newer committer/PMC
> participant who wants to learn the ropes. Any volunteers?
> Other thoughts or observations?
>
> On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> wrote:
> >
> > Hi there,
> >
> > any chance we find an RM for a APR 1.7.1 release? At least there was the
> > fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> > platform specific or build improvements). Last release 1.7.0 was in
> > April 2019.
> >
> > For APR-util I don't know the current state and release needs for the
> > 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> > has never been released. CHANGES for 1.6.x only contains one
> > apr_dbm_gdbm fix plus a minor libtool use improvement.
> >
> > Apache httpd is planing to start a release cycle soon and it would be
> > nice to have a clean APR 1.7.1 and maybe APR-util also.
> >
> > Thanks and regards,
> >
> > Rainer
Re: APR 1.7.1 release?
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Dec 23, 2021 at 7:37 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> On Fri, Dec 17, 2021 at 10:09 AM Yann Ylavic <yl...@gmail.com> wrote:
> >
> > On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
> > >
> > > But I'd be happier co-RM'ing this with a newer committer/PMC
> > > participant who wants to learn the ropes. Any volunteers?
> >
> > \o_ thanks for helping! Anytime for, maybe in early 2022 days?
>
> 1. Is that an offer?
Sure it is :) I'm happy to assist you in the release process and learn about it.
I looked at the release.sh script which is quite simple and the
preliminar tagging process from the previous release, but following
someone who knows is always better..
>
> In any case I see us shipping a minimal APR 1.7.x with the fixes at hand and for
> Windows FS that frustrated some svn users. The scope of the unix domain socket
> enablement are probably late into January/early Feb. Unsure what other folks are
> working on that fit into the 1.8 bump.
I already backported the unix socket changes to 1.7.x, though Ivan
objected already given the non trivial changes.
I'd like it to be in 1.7.1 (mainly because of the new atomic/once
wakeup which is useful for httpd's mpm_event usage), but not a strong
opinion either so I could revert it's an uncomfortable change.
Besides, current 1.7.x is not a minimal change already w.r.t. 1.7.0,
some not-so-trivial backports are to address issues raised by running
ASAN built APR and httpd through their test suites (namely apr_pool's
r1884100, apr_thread's r1884103, apr_thread_pool's r1884110).
Those have landed for quite some time now, but more eyes are always welcome.
>
> We all need to review APR-util 1.7.0-dev, to ensure it's ready. That
> could happen
> before year end, or early next year, depending on how stable it is.
+1
>
> So yes, I'd be grateful for your help, and more than happy to help you :)
Great, let's go whenever you have the time for it ;)
Cheers;
Yann.
Re: APR 1.7.1 release?
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Fri, Dec 17, 2021 at 10:09 AM Yann Ylavic <yl...@gmail.com> wrote:
>
> Hi Bill,
>
> On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
> >
> > I'm willing to RM APR and APR-util 1.7 releases.
>
> Any news on this?
I have the holidays, after the weekend, before that other end of year weekend to
my own home and affairs and loose ends, so I can go forward, and with any luck,
kick off both sets of filesystem problems in win32 (junction/symlink
along with the
brand new non-FS pseudo-domain-socket entities which are also nightmares.)
> > But I'd be happier co-RM'ing this with a newer committer/PMC
> > participant who wants to learn the ropes. Any volunteers?
>
> \o_ thanks for helping! Anytime for, maybe in early 2022 days?
1. Is that an offer?
In any case I see us shipping a minimal APR 1.7.x with the fixes at hand and for
Windows FS that frustrated some svn users. The scope of the unix domain socket
enablement are probably late into January/early Feb. Unsure what other folks are
working on that fit into the 1.8 bump.
We all need to review APR-util 1.7.0-dev, to ensure it's ready. That
could happen
before year end, or early next year, depending on how stable it is.
So yes, I'd be grateful for your help, and more than happy to help you :)
Re: APR 1.7.1 release?
Posted by Jan Ehrhardt <ph...@ehrhardt.nl>.
Yann Ylavic in gmane.comp.apache.apr.devel (Fri, 17 Dec 2021 17:08:45
+0100):
>Hi Bill,
>
>On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>>
>> I'm willing to RM APR and APR-util 1.7 releases.
>
>Any news on this?
Somebody on Apachelounge was asking about this:
https://www.apachelounge.com/viewtopic.php?p=40872
--
Jan
Re: APR 1.7.1 release?
Posted by Yann Ylavic <yl...@gmail.com>.
Hi Bill,
On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> I'm willing to RM APR and APR-util 1.7 releases.
Any news on this?
>
> But I'd be happier co-RM'ing this with a newer committer/PMC
> participant who wants to learn the ropes. Any volunteers?
\o_ thanks for helping! Anytime for, maybe in early 2022 days?
Cheers;
Yann.
Re: APR 1.7.1 release?
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
I'm willing to RM APR and APR-util 1.7 releases.
Would propose we set a date out 2 weeks, anything lingering needs
to be finalized with the usual oversight no later than the 8th, and
we tag on the 14th, announce on the 15th when the mirrors have
caught up. That gives enough days for committers to review the
last changes to these release branches.
But I'd be happier co-RM'ing this with a newer committer/PMC
participant who wants to learn the ropes. Any volunteers?
Other thoughts or observations?
On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> Hi there,
>
> any chance we find an RM for a APR 1.7.1 release? At least there was the
> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> platform specific or build improvements). Last release 1.7.0 was in
> April 2019.
>
> For APR-util I don't know the current state and release needs for the
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> has never been released. CHANGES for 1.6.x only contains one
> apr_dbm_gdbm fix plus a minor libtool use improvement.
>
> Apache httpd is planing to start a release cycle soon and it would be
> nice to have a clean APR 1.7.1 and maybe APR-util also.
>
> Thanks and regards,
>
> Rainer
Re: APR 1.7.1 release?
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
I'm willing to RM APR and APR-util 1.7 releases.
Would propose we set a date out 2 weeks, anything lingering needs
to be finalized with the usual oversight no later than the 8th, and
we tag on the 14th, announce on the 15th when the mirrors have
caught up. That gives enough days for committers to review the
last changes to these release branches.
But I'd be happier co-RM'ing this with a newer committer/PMC
participant who wants to learn the ropes. Any volunteers?
Other thoughts or observations?
On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> Hi there,
>
> any chance we find an RM for a APR 1.7.1 release? At least there was the
> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> platform specific or build improvements). Last release 1.7.0 was in
> April 2019.
>
> For APR-util I don't know the current state and release needs for the
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> has never been released. CHANGES for 1.6.x only contains one
> apr_dbm_gdbm fix plus a minor libtool use improvement.
>
> Apache httpd is planing to start a release cycle soon and it would be
> nice to have a clean APR 1.7.1 and maybe APR-util also.
>
> Thanks and regards,
>
> Rainer