APR 1.7.1 release?

[Rainer Jung <ra...@kippdata.de>]

Hi there,

any chance we find an RM for a APR 1.7.1 release? At least there was the 
fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them 
platform specific or build improvements). Last release 1.7.0 was in 
April 2019.

For APR-util I don't know the current state and release needs for the 
1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x 
has never been released. CHANGES for 1.6.x only contains one 
apr_dbm_gdbm fix plus a minor libtool use improvement.

Apache httpd is planing to start a release cycle soon and it would be 
nice to have a clean APR 1.7.1 and maybe APR-util also.

Thanks and regards,

Rainer

Re: APR 1.7.1 release?

[Noel Butler <no...@ausics.net>]

On 31/08/2021 18:09, Rainer Jung wrote:

> Hi there,
> 
> any chance we find an RM for a APR 1.7.1 release? At least there was 
> the fix for CVE-2021-35940 and CHANGES contains 15 more items (many of 
> them platform specific or build improvements). Last release 1.7.0 was 
> in April 2019.
> 
> For APR-util I don't know the current state and release needs for the 
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x 
> has never been released. CHANGES for 1.6.x only contains one 
> apr_dbm_gdbm fix plus a minor libtool use improvement.
> 
> Apache httpd is planing to start a release cycle soon and it would be 
> nice to have a clean APR 1.7.1 and maybe APR-util also.
> 
> Thanks and regards,
> 
> Rainer

+1

Alsoo, apr-util needs to be run out as well, I asked about this November 
last year to resolve issues with later mariadb versions that still today 
need manual patch

-- 
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.

Re: APR 1.7.1 release?

[Michael Osipov <mi...@apache.org>]

Am 2021-08-31 um 10:09 schrieb Rainer Jung:
> Hi there,
> 
> any chance we find an RM for a APR 1.7.1 release? At least there was the 
> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them 
> platform specific or build improvements). Last release 1.7.0 was in 
> April 2019.
> 
> For APR-util I don't know the current state and release needs for the 
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x 
> has never been released. CHANGES for 1.6.x only contains one 
> apr_dbm_gdbm fix plus a minor libtool use improvement.
> 
> Apache httpd is planing to start a release cycle soon and it would be 
> nice to have a clean APR 1.7.1 and maybe APR-util also.

Oh yes please. I have done a few backports in APR 1.7.x which affect 
Tomcat on Windows as well as the libtool stuff for HP-UX.

;

Re: APR 1.7.1 release?

[Rainer Jung <ra...@kippdata.de>]

Am 03.09.2021 um 03:44 schrieb William A Rowe Jr:
> I'm willing to RM APR and APR-util 1.7 releases.

That would be great.

> Would propose we set a date out 2 weeks, anything lingering needs
> to be finalized with the usual oversight no later than the 8th, and
> we tag on the 14th, announce on the 15th when the mirrors have
> caught up. That gives enough days for committers to review the
> last changes to these release branches.

Sounds like a plan, though I can't judge on which important things need 
to be fixed. Hopefully nothing.

> But I'd be happier co-RM'ing this with a newer committer/PMC
> participant who wants to learn the ropes. Any volunteers?
> Other thoughts or observations?

Regards,

Rainer

Re: APR 1.7.1 release?

[William A Rowe Jr <wr...@rowe-clan.net>]

On Fri, Sep 10, 2021 at 3:34 AM Ruediger Pluem <rp...@apache.org> wrote:
>
> On 9/10/21 10:28 AM, Steffen Land wrote:
> > Please be sure that the following two are included in 1.7.1 :
> >
> > PR 63491 regression in 1.7, see https://www.apachelounge.com/viewtopic.php?p=39558
>
> r1882155 brought this already to 1.7.
>
> > PR 61165 CPU deadlock under load, see  https://github.com/SpiderLabs/ModSecurity/issues/2181
>
> Looks like to me that r1860057 is not backported yet to 1.7.

I agree with the fix and will pick this up shortly.

Re: APR 1.7.1 release?

[Ruediger Pluem <rp...@apache.org>]

On 9/10/21 10:28 AM, Steffen Land wrote:
> Please be sure that the following two are included in 1.7.1 :
> 
> PR 63491 regression in 1.7, see https://www.apachelounge.com/viewtopic.php?p=39558

r1882155 brought this already to 1.7.

> PR 61165 CPU deadlock under load, see  https://github.com/SpiderLabs/ModSecurity/issues/2181

Looks like to me that r1860057 is not backported yet to 1.7.

Thanks for the heads up.

Regards

Rüdiger

Re: APR 1.7.1 release?

[Steffen Land <in...@apachelounge.com>]

Please be sure that the following two are included in 1.7.1 :

PR 63491 regression in 1.7, see 
https://www.apachelounge.com/viewtopic.php?p=39558
PR 61165 CPU deadlock under load, see  
https://github.com/SpiderLabs/ModSecurity/issues/2181


Steffen



On Friday 10/09/2021 at 00:00, William A Rowe Jr  wrote:
> Just as a reminder, with the goal to drop 1.7 apr and 1.7 apr-util
> releases in one week,
> please observe the practices in other projects and ask for 2 more sets
> of eyeballs for
> 3 validated +1's on patches before backporting to these trees for the
> next week. TIA!
>
> I've had some success tweaking the abts framework to accomplish some
> win32 fileinfo
> validation of my proposed patch, so I should land that for willing
> reviewers by CoB
> tomorrow. I know we have several associated with the Subversion PMC 
> willing to
> lend a review, but I'll be following the same process with these fixes
> to cure, and
> further solve the apr 1.6.0 original and 1.7.1 release quirks with
> mount symlinks.
>
> Bill
>
> On Thu, Sep 2, 2021 at 8:44 PM William A Rowe Jr <wr...@rowe-clan.net> 
> wrote:
>>
>>
>> I'm willing to RM APR and APR-util 1.7 releases.
>>
>> Would propose we set a date out 2 weeks, anything lingering needs
>> to be finalized with the usual oversight no later than the 8th, and
>> we tag on the 14th, announce on the 15th when the mirrors have
>> caught up. That gives enough days for committers to review the
>> last changes to these release branches.
>>
>> But I'd be happier co-RM'ing this with a newer committer/PMC
>> participant who wants to learn the ropes. Any volunteers?
>> Other thoughts or observations?
>>
>> On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> 
>> wrote:
>>>
>>>
>>> Hi there,
>>>
>>> any chance we find an RM for a APR 1.7.1 release? At least there was 
>>> the
>>> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of 
>>> them
>>> platform specific or build improvements). Last release 1.7.0 was in
>>> April 2019.
>>>
>>> For APR-util I don't know the current state and release needs for the
>>> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 
>>> 1.7.x
>>> has never been released. CHANGES for 1.6.x only contains one
>>> apr_dbm_gdbm fix plus a minor libtool use improvement.
>>>
>>> Apache httpd is planing to start a release cycle soon and it would be
>>> nice to have a clean APR 1.7.1 and maybe APR-util also.
>>>
>>> Thanks and regards,
>>>
>>> Rainer

Re: APR 1.7.1 release?

[William A Rowe Jr <wr...@rowe-clan.net>]

Just as a reminder, with the goal to drop 1.7 apr and 1.7 apr-util
releases in one week,
please observe the practices in other projects and ask for 2 more sets
of eyeballs for
3 validated +1's on patches before backporting to these trees for the
next week. TIA!

I've had some success tweaking the abts framework to accomplish some
win32 fileinfo
validation of my proposed patch, so I should land that for willing
reviewers by CoB
tomorrow. I know we have several associated with the Subversion PMC willing to
lend a review, but I'll be following the same process with these fixes
to cure, and
further solve the apr 1.6.0 original and 1.7.1 release quirks with
mount symlinks.

Bill

On Thu, Sep 2, 2021 at 8:44 PM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> I'm willing to RM APR and APR-util 1.7 releases.
>
> Would propose we set a date out 2 weeks, anything lingering needs
> to be finalized with the usual oversight no later than the 8th, and
> we tag on the 14th, announce on the 15th when the mirrors have
> caught up. That gives enough days for committers to review the
> last changes to these release branches.
>
> But I'd be happier co-RM'ing this with a newer committer/PMC
> participant who wants to learn the ropes. Any volunteers?
> Other thoughts or observations?
>
> On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> wrote:
> >
> > Hi there,
> >
> > any chance we find an RM for a APR 1.7.1 release? At least there was the
> > fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> > platform specific or build improvements). Last release 1.7.0 was in
> > April 2019.
> >
> > For APR-util I don't know the current state and release needs for the
> > 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> > has never been released. CHANGES for 1.6.x only contains one
> > apr_dbm_gdbm fix plus a minor libtool use improvement.
> >
> > Apache httpd is planing to start a release cycle soon and it would be
> > nice to have a clean APR 1.7.1 and maybe APR-util also.
> >
> > Thanks and regards,
> >
> > Rainer

Re: APR 1.7.1 release?

[Yann Ylavic <yl...@gmail.com>]

On Thu, Dec 23, 2021 at 7:37 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> On Fri, Dec 17, 2021 at 10:09 AM Yann Ylavic <yl...@gmail.com> wrote:
> >
> > On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
> > >
> > > But I'd be happier co-RM'ing this with a newer committer/PMC
> > > participant who wants to learn the ropes. Any volunteers?
> >
> > \o_ thanks for helping! Anytime for, maybe in early 2022 days?
>
> 1. Is that an offer?

Sure it is :) I'm happy to assist you in the release process and learn about it.
I looked at the release.sh script which is quite simple and the
preliminar tagging process from the previous release, but following
someone who knows is always better..

>
> In any case I see us shipping a minimal APR 1.7.x with the fixes at hand and for
> Windows FS that frustrated some svn users. The scope of the unix domain socket
> enablement are probably late into January/early Feb. Unsure what other folks are
> working on that fit into the 1.8 bump.

I already backported the unix socket changes to 1.7.x, though Ivan
objected already given the non trivial changes.
I'd like it to be in 1.7.1 (mainly because of the new atomic/once
wakeup which is useful for httpd's mpm_event usage), but not a strong
opinion either so I could revert it's an uncomfortable change.

Besides, current 1.7.x is not a minimal change already w.r.t. 1.7.0,
some not-so-trivial backports are to address issues raised by running
ASAN built APR and httpd through their test suites (namely apr_pool's
r1884100, apr_thread's r1884103, apr_thread_pool's r1884110).
Those have landed for quite some time now, but more eyes are always welcome.

>
> We all need to review APR-util 1.7.0-dev, to ensure it's ready. That
> could happen
> before year end, or early next year, depending on how stable it is.

+1

>
> So yes, I'd be grateful for your help, and more than happy to help you :)

Great, let's go whenever you have the time for it ;)


Cheers;
Yann.

Re: APR 1.7.1 release?

[William A Rowe Jr <wr...@rowe-clan.net>]

On Fri, Dec 17, 2021 at 10:09 AM Yann Ylavic <yl...@gmail.com> wrote:
>
> Hi Bill,
>
> On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
> >
> > I'm willing to RM APR and APR-util 1.7 releases.
>
> Any news on this?

I have the holidays, after the weekend, before that other end of year weekend to
my own home and affairs and loose ends, so I can go forward, and with any luck,
kick off both sets of filesystem problems in win32 (junction/symlink
along with the
brand new non-FS pseudo-domain-socket entities which are also nightmares.)

> > But I'd be happier co-RM'ing this with a newer committer/PMC
> > participant who wants to learn the ropes. Any volunteers?
>
> \o_ thanks for helping! Anytime for, maybe in early 2022 days?

1. Is that an offer?

In any case I see us shipping a minimal APR 1.7.x with the fixes at hand and for
Windows FS that frustrated some svn users. The scope of the unix domain socket
enablement are probably late into January/early Feb. Unsure what other folks are
working on that fit into the 1.8 bump.

We all need to review APR-util 1.7.0-dev, to ensure it's ready. That
could happen
before year end, or early next year, depending on how stable it is.

So yes, I'd be grateful for your help, and more than happy to help you :)

Re: APR 1.7.1 release?

[Jan Ehrhardt <ph...@ehrhardt.nl>]

Yann Ylavic in gmane.comp.apache.apr.devel (Fri, 17 Dec 2021 17:08:45
+0100):
>Hi Bill,
>
>On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>>
>> I'm willing to RM APR and APR-util 1.7 releases.
>
>Any news on this?

Somebody on Apachelounge was asking about this:
https://www.apachelounge.com/viewtopic.php?p=40872
-- 
Jan

Re: APR 1.7.1 release?

[Yann Ylavic <yl...@gmail.com>]

Hi Bill,

On Fri, Sep 3, 2021 at 3:44 AM William A Rowe Jr <wr...@rowe-clan.net> wrote:
>
> I'm willing to RM APR and APR-util 1.7 releases.

Any news on this?

>
> But I'd be happier co-RM'ing this with a newer committer/PMC
> participant who wants to learn the ropes. Any volunteers?

\o_ thanks for helping! Anytime for, maybe in early 2022 days?


Cheers;
Yann.

Re: APR 1.7.1 release?

[William A Rowe Jr <wr...@rowe-clan.net>]

I'm willing to RM APR and APR-util 1.7 releases.

Would propose we set a date out 2 weeks, anything lingering needs
to be finalized with the usual oversight no later than the 8th, and
we tag on the 14th, announce on the 15th when the mirrors have
caught up. That gives enough days for committers to review the
last changes to these release branches.

But I'd be happier co-RM'ing this with a newer committer/PMC
participant who wants to learn the ropes. Any volunteers?
Other thoughts or observations?

On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> Hi there,
>
> any chance we find an RM for a APR 1.7.1 release? At least there was the
> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> platform specific or build improvements). Last release 1.7.0 was in
> April 2019.
>
> For APR-util I don't know the current state and release needs for the
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> has never been released. CHANGES for 1.6.x only contains one
> apr_dbm_gdbm fix plus a minor libtool use improvement.
>
> Apache httpd is planing to start a release cycle soon and it would be
> nice to have a clean APR 1.7.1 and maybe APR-util also.
>
> Thanks and regards,
>
> Rainer

Re: APR 1.7.1 release?

[William A Rowe Jr <wr...@rowe-clan.net>]

I'm willing to RM APR and APR-util 1.7 releases.

Would propose we set a date out 2 weeks, anything lingering needs
to be finalized with the usual oversight no later than the 8th, and
we tag on the 14th, announce on the 15th when the mirrors have
caught up. That gives enough days for committers to review the
last changes to these release branches.

But I'd be happier co-RM'ing this with a newer committer/PMC
participant who wants to learn the ropes. Any volunteers?
Other thoughts or observations?

On Tue, Aug 31, 2021 at 3:09 AM Rainer Jung <ra...@kippdata.de> wrote:
>
> Hi there,
>
> any chance we find an RM for a APR 1.7.1 release? At least there was the
> fix for CVE-2021-35940 and CHANGES contains 15 more items (many of them
> platform specific or build improvements). Last release 1.7.0 was in
> April 2019.
>
> For APR-util I don't know the current state and release needs for the
> 1.6.x and 1.7.x branches. Last 1.6.x release was in October 2017, 1.7.x
> has never been released. CHANGES for 1.6.x only contains one
> apr_dbm_gdbm fix plus a minor libtool use improvement.
>
> Apache httpd is planing to start a release cycle soon and it would be
> nice to have a clean APR 1.7.1 and maybe APR-util also.
>
> Thanks and regards,
>
> Rainer