[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NOTICE] Intent to T&R 2.4.37 - about 12:00 GMT tomorrow

Am 17.10.2018 um 13:41 schrieb Daniel Ruggeri:
Hi, all;
With the fix for detected OpenSSL 1.1.1 issues now backported to 2.4.x, I would like to tag the next version of our venerable server soon.

I have already successfully completed the test suite against my "latest sources" docker environment and am watching for any smoke detected in [1]. Feeling good about this one :-)

How about roughly 24 hours from now?

[1] https://lists.apache.org/thread.html/48de97bd66ceabcf84a3719b36cd69274cb8c4b64d68c46696beb906@<dev.httpd.apache.org>

There's a new crash report from Michael Kaufmann about one (small) missing mod_ssl backport that leads to crashes under certain conditions during renegotiation. That case seems to be not covered by the test suite. I proposed the backport a few minutes ago. This one is probably a show-stopper.

And there's another (small) backport candidate (r1844002) that I added to STATUS now. No crash, but missing config merging leading to unexpected behavior for some configurations. This one is not a regression but was introduced this year in 2.4.32.

Finally I observed during my tests for the current 2.4 head some crashes but only on Solaris and only for statically linked httpd when the event MPM is used (MPM still dynamically loaded). The crashes always happen during shutdown and it looks to me as all or most of them happen during OpenSSL deinit. I vaguely remember there was some discussion about how to sync OpenSSL unloading between the various consumers we have, eg. apr-util and mod_ssl. So probably there's currently no easy solution for this. I don't know whether this is new and it does not happen always. Not a show-stopper for me, since the crashes only happen when a child process ends. Still an annoyance, but IMHO not critical.