Re: [BUG 2.41.0] t/lib-httpd/apache.conf incompatible with RHEL/CentOS 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, May 18, 2023 at 02:28:22PM -0700, Junio C Hamano wrote:

> > Commit 988aad99b4 (t5563: add tests for basic and anoymous HTTP access,
> > 2023-02-27) added tests that require Apache to support the CGIPassAuth
> > directive, which was added in Apache 2.4.13. This is fairly old (~8
> > years), but recent enough that we still encounter it in the wild (e.g.,
> > RHEL/CentOS 7, which is not EOL until June 2024).
> 
> nitpick: we are fine to encountering 2.4.13 in the wild---encountering
> something a bit older than that is problematic.  A quick internet
> search tells me that CentOS 7 ships Apache 2.4.6, so if we trust that...
> 
>     ... fairly old (~8 years), but recent enough that we still
>     encounter versions older than that in the wild (e.g.  CentOS 7,
>     which is not EOL until June 2024, comes with Apache 2.4.6 from
>     2014 plus security fixes).
> 
> or something?

Yeah, I agree what I wrote is a bit unclear. I think what I meant was
"..recent enough that we'll still encounter older versions in the wild".

But yours is even better, since you dug up the actual version it ships.
Do you want to squash that into the commit message, or do you prefer a
re-send?

> > +enable_cgipassauth () {
> > +	# We are looking for 2.4.13 or more recent. Since we only support
> > +	# 2.4 and up, no need to check for older major/minor.
> > +	if test "$HTTPD_VERSION_MAJOR" = 2 &&
> > +	   test "$HTTPD_VERSION_MINOR" = 4 &&
> > +	   test "$(echo $HTTPD_VERSION | cut -d. -f3)" -lt 13
> 
> As HTTPD_VERSION comes from 
> 
> 	$LIB_HTTPD_PATH -v | sed -n 's|^Server version: Apache/\([0-9.]*\).*|p'
> 
> and parses a line like "Server version: Apache/2.4.6 (CentOS)",
> unless somebody ships 2.4 without any digit after it, the above
> should be safe ;-)

Yep. I wondered about trying to be more paranoid here, but I think
there's not much point until we see a real world example. The most
likely outcome of a mis-parse is that we'd claim "this looks too old"
and skip the t5536 tests, which seems OK (at least nobody gets an
unexpected test failure, though it may mean that they simply gloss over
the problem).

-Peff
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux