Bug 2143176

+++ This bug was initially created as a clone of Bug #2095650 +++

I upgraded packages explicitly not (yet) updating httpd and its module mod_ssl:
dnf update --exclude=httpd\*,mod_ssl --skip-broken

That also triggered an update for mod_http2 (which went unnoticed, between many other updates). No automatic reload of httpd happened and everything still worked afterwards.
Upon logfile-rotation httpd was reloaded - and then a problem because of the updated mod_http2 showed, with a failing httpd and a downtime for websites.
After also updating httpd* and mod_ssl another httpd-restart went fine.

I wonder why it was possible to update mod_http2 if it somehow depended on httpd. And why a "reload" (to trigger logfile-reopening) didn't simply continue to use httpd and mod_http2. (Well, the latter might be explainable since that's actually a "graceful-restart".)

mod_http2   x86_64 1.15.7-5.module+el8.6.0+823+f143cee1   appstream
and worked after also updating httpd with dependent packages:
httpd   x86_64   2.4.37-47.module+el8.6.0+823+f143cee1.1   appstream

--- Additional comment from Luboš Uhliarik on 2022-11-03 19:48:15 UTC ---

Hello Stefan, 

Do you know, what version mod_http2 had before and after the update?

--- Additional comment from Stefan Neufeind on 2022-11-04 09:35:40 UTC ---

Can't say anymore, sorry. Not easy to retest this in the environment I had around that time.
I only see the versions that I logged in this issue. So that seems to have been *after* the update mod_http2 1.15.7-5.module+el8.6.0+823+f143cee1 - which does seem to have some dependency to httpd and failed a reload with the old httpd/mod_ssl-version I had ... but worked fine after updating to httpd 2.4.37-47.module+el8.6.0+823+f143cee1.1
(I bet the httpd-release before was just one minor patch-level update before that - it's usually alway kept up-to-date.)

--- Additional comment from Luboš Uhliarik on 2022-11-10 23:47:35 UTC ---

Hi Stefan,

I found out what is the problem - when I was backporting the CVE fix for httpd, there was a change in API [0]. As a part of that CVE fix, new function ap_post_read_request has been introduced. Therefore, if you try to run a new mod_http2 containing the fix of that CVE, with the older httpd which does not include ap_post_read_request function, httpd startup will end up with the following error:


Nov 10 06:14:21 ci-vm-10-0-137-130.hosted.upshift.rdu2.redhat.com systemd[1]: Starting The Apache HTTP Server...
Nov 10 06:14:21 ci-vm-10-0-137-130.hosted.upshift.rdu2.redhat.com httpd[6922]: httpd: Syntax error on line 59 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /etc/httpd/…ead_request
Nov 10 06:14:21 ci-vm-10-0-137-130.hosted.upshift.rdu2.redhat.com systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Nov 10 06:14:21 ci-vm-10-0-137-130.hosted.upshift.rdu2.redhat.com systemd[1]: httpd.service: Failed with result 'exit-code'.
Nov 10 06:14:21 ci-vm-10-0-137-130.hosted.upshift.rdu2.redhat.com systemd[1]: Failed to start The Apache HTTP Server.


Unfortunately I forgot to add correct dependency of mod_http2 to the httpd. I will fix this in the next mod_http2 release and I will try to come up with some tests so it will be less likely to this issue to happen again.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=2035030

--- Additional comment from Stefan Neufeind on 2022-11-11 07:18:31 UTC ---

Wow, thanks a bunch for digging this deep into it. Sounds logical and promising. Thanks for the update.