You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by William A Rowe Jr <wr...@rowe-clan.net> on 2017/03/07 18:45:54 UTC

Status of 2.4.x-openssl-1.1.0-compat/ ?

Six months ago, rjung forked 2.4.x and began to backport our
compatibility fixes for OpenSSL 1.1.0. Today, from the state of
trunk, it seems the compatibility efforts look very good and are
nearly ready to apply to 2.4.x.  That branch-point was here;

http://svn.apache.org/viewvc?view=revision&revision=1755809

Since that time, there are two patches to this work branch
by jorton that I just don't understand...

http://svn.apache.org/viewvc?view=revision&revision=1769588
http://svn.apache.org/viewvc?view=revision&revision=1781045

Joe, would you explain the purpose of these patches, and/or the
intended way we are expected to test and evaluate the cumulative
backport effort? I would have expected to simply apply the following
to httpd/2.4.x branch...

svn merge -r1755809:HEAD
https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/

... but I don't think I really understand how you intended this compat
branch to be merged, since that merge command would seem to
double-apply the interim changes to 2.4.x that were part of these
commits.

Any insight on how to interpret this branch and apply to 2.4.x branch
is appreciated.

TIA,

Bill

Re: Status of 2.4.x-openssl-1.1.0-compat/ ?

Posted by William A Rowe Jr <wr...@rowe-clan.net>.

On Wed, Mar 8, 2017 at 3:30 AM, Joe Orton <jo...@redhat.com> wrote:
>
> Simply doing:
>
> $ svn merge https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat
>
> ... into a 2.4.x wc should DTRT, no?  It seems to work fine here.

Indeed, it does, thanks.

> (I got distracted since the test suite was crashing for this branch,
> which turned out to be CVE-2017-3733, and haven't had time to follow
> this up.)

Retested, things are looking satisfactory here except for headaches
from the need_min_apache_fix() fn in the test framework. Certainly
ready for consideration.

Proposed to STATUS for adoption.

Re: Status of 2.4.x-openssl-1.1.0-compat/ ?

Posted by Joe Orton <jo...@redhat.com>.

On Tue, Mar 07, 2017 at 12:45:54PM -0600, William A Rowe Jr wrote:
> Six months ago, rjung forked 2.4.x and began to backport our
> compatibility fixes for OpenSSL 1.1.0. Today, from the state of
> trunk, it seems the compatibility efforts look very good and are
> nearly ready to apply to 2.4.x.  That branch-point was here;
> 
> http://svn.apache.org/viewvc?view=revision&revision=1755809
> 
> Since that time, there are two patches to this work branch
> by jorton that I just don't understand...
> 
> http://svn.apache.org/viewvc?view=revision&revision=1769588
> http://svn.apache.org/viewvc?view=revision&revision=1781045
> 
> Joe, would you explain the purpose of these patches, and/or the
> intended way we are expected to test and evaluate the cumulative
> backport effort? I would have expected to simply apply the following
> to httpd/2.4.x branch...
>
> svn merge -r1755809:HEAD
> https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/

The divergence of 2.4 since the branch was created meant that ^ produced 
merge conflicts, so the branch needed to rebased to current 2.4.x.  How 
else would you resolve the conflicts if not that?

Simply doing:

$ svn merge https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat

... into a 2.4.x wc should DTRT, no?  It seems to work fine here.

(I got distracted since the test suite was crashing for this branch, 
which turned out to be CVE-2017-3733, and haven't had time to follow 
this up.)

$ svn merge https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat
--- Merging differences between repository URLs into '.':
 G   docs/manual
 G   modules/http2
C    CHANGES
U    modules/ssl/ssl_scache.c
U    modules/ssl/ssl_engine_init.c
U    modules/ssl/ssl_engine_ocsp.c
U    modules/ssl/ssl_engine_io.c
U    modules/ssl/ssl_util_ssl.c
U    modules/ssl/ssl_engine_vars.c
U    modules/ssl/ssl_util_ssl.h
U    modules/ssl/ssl_engine_kernel.c
U    modules/ssl/ssl_util.c
U    modules/ssl/ssl_util_stapling.c
U    modules/ssl/mod_ssl.c
U    modules/ssl/ssl_private.h
U    acinclude.m4
U    support/ab.c
 G   .
Summary of conflicts:
  Text conflicts: 1
Conflict discovered in file 'CHANGES'.
Select: (p) postpone, (df) show diff, (e) edit file, (m) merge,
        (mc) my side of conflict, (tc) their side of conflict,
        (s) show all options: p
--- Recording mergeinfo for merge between repository URLs into '.':
 G   .
 G   docs/manual
 G   modules/http2

... seems about right.

> ... but I don't think I really understand how you intended this compat
> branch to be merged, since that merge command would seem to
> double-apply the interim changes to 2.4.x that were part of these
> commits.