Bug 157701
Summary: | CAN-2005-1268,1344,2088 Apache issues | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | John Dalbec <jpdalbec> |
Component: | apache | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | pekkas, sheltren |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/advisories/8539 | ||
Whiteboard: | LEGACY, rh73, rh90, 1, 2 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-08-10 23:50:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John Dalbec
2005-05-13 21:11:26 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 7.3: a1d0d55a090a2bd2bf9fe9be28431d0582004eab apache-1.3.27-7.legacy.i386.rpm bb59178e84e097cd8032b00dcb752c3b996d7be5 apache-1.3.27-7.legacy.src.rpm 00054168bef20f7c213eb85093a64282c7b9f675 apache-devel-1.3.27-7.legacy.i386.rpm 2ade5bfb6407d13ea5ca2530e537f3585de5650d apache-manual-1.3.27-7.legacy.i386.rpm Changelog: * Sun Jul 31 2005 Marc Deslauriers <marcdeslauriers> 1.3.27-7.legacy - - Added security patch for CAN-2005-1344 9: c15d60f36709930fdc58f02a3a18d6516967e4ef httpd-2.0.40-21.18.legacy.i386.rpm 8b892301d6ffb959b9d8534ed9bd1eca7d765815 httpd-2.0.40-21.18.legacy.src.rpm a138a96af8e42e5669a160a5ea3861dfc344b113 httpd-devel-2.0.40-21.18.legacy.i386.rpm b3a187b1f33bc662e5efcaec8b34ddcc394f259c httpd-manual-2.0.40-21.18.legacy.i386.rpm 40b565df6443e633e298cd033ed8b92ce8bd3f27 mod_ssl-2.0.40-21.18.legacy.i386.rpm Changelog: * Sun Jul 31 2005 Marc Deslauriers <marcdeslauriers> 2.0.40-21.18.legacy - - Added security patches for CAN-2005-1268, CAN-2005-1344 and CAN-2005-2088 fc1: cb3f528ee8fcf9d542bf49e6f666bf8cc5dca48a httpd-2.0.51-1.7.legacy.i386.rpm 29246dca5624ad5bfbaf4db544d4e2139c2e51b4 httpd-2.0.51-1.7.legacy.src.rpm 0213cf17caef9680bdcd69d44302fd74840abe4c httpd-devel-2.0.51-1.7.legacy.i386.rpm a0839076de099dcede954e38a8d6ff52c428b427 httpd-manual-2.0.51-1.7.legacy.i386.rpm 418ccfd71df20a30c1033444d51ca926ee4137bd mod_ssl-2.0.51-1.7.legacy.i386.rpm Changelog: * Sat Jul 30 2005 Marc Deslauriers <marcdeslauriers> 2.0.51-1.7.legacy - - Added security patches for CAN-2005-1268, CAN-2005-1344 and CAN-2005-2088 fc2: cc5a520d6242884643f93ac545cae744b7e5f338 httpd-2.0.51-2.9.1.legacy.i386.rpm 2d9e9302ebb88bf034af8ec46a441863148fc045 httpd-2.0.51-2.9.1.legacy.src.rpm 99955bfc7a45a78dcb2c461741ad3d103c785f71 httpd-devel-2.0.51-2.9.1.legacy.i386.rpm 42cb140dee9088de9e1f91048d0306a05487b873 httpd-manual-2.0.51-2.9.1.legacy.i386.rpm f70e06ec6b93280803b334706fed3ebec88c3479 mod_ssl-2.0.51-2.9.1.legacy.i386.rpm Changelog: * Sat Jul 30 2005 Marc Deslauriers <marcdeslauriers> 2.0.51-2.9.1.legacy - - Added security patches for CAN-2005-1268, CAN-2005-1344 and CAN-2005-2088 http://www.infostrategique.com/linuxrpms/legacy/7.3/apache-1.3.27-7.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/httpd-2.0.40-21.18.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/httpd-2.0.51-1.7.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/httpd-2.0.51-2.9.1.legacy.src.rpm Binaries available at same location. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC7Pa7LMAs/0C4zNoRAtrSAJ0WtY9dbZbAcfbtaERyDdiDK75acwCgpqTD oCVMogZKUvRlsAzNE8Z9m+8= =3wZ5 -----END PGP SIGNATURE----- Note: there was a problem #152884 on apache startup initscript issues. Do we want to include it or not? (Personally, I don't have much preference one way or the other.) If not... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - two patches from RHEL, one from Debian. Note: I didn't make careful analysis whether CAN-2005-2088 applies to 1.3.27; it does to 1.3.29, but as RHEL21 hasn't been patched, I guess it's OK.. +PUBLISH RHL73, RHL9, FC1, FC2 bb59178e84e097cd8032b00dcb752c3b996d7be5 apache-1.3.27-7.legacy.src.rpm 8b892301d6ffb959b9d8534ed9bd1eca7d765815 httpd-2.0.40-21.18.legacy.src.rpm 29246dca5624ad5bfbaf4db544d4e2139c2e51b4 httpd-2.0.51-1.7.legacy.src.rpm 2d9e9302ebb88bf034af8ec46a441863148fc045 httpd-2.0.51-2.9.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFC7c0UGHbTkzxSL7QRAmYnAKDWS0MIr4cm2bdBrTY55LtmdREWVgCg1rUU J7QR8NZAP6tvpuUeHr6bfDA= =54Cj -----END PGP SIGNATURE----- I closed 152884, the changes were not appropriate for FL. Looks like there is a CAN-2005-2088 for 1.3...thanks for noticing. http://mail-archives.apache.org/mod_mbox/httpd-cvs/200507.mbox/%3C20050714051918.97561.qmail@minotaur.apache.org%3E -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages for rh73 that contain a CAN-2005-2088 fix: 92944856d6460f7be0d3ed5db67e82aff08c9916 apache-1.3.27-8.legacy.i386.rpm 66f36c4a37f0becc0c523199f0b77dc1f4ed3a68 apache-1.3.27-8.legacy.src.rpm 4c35effd7678c59c3759dacf3800018c1fc5174e apache-devel-1.3.27-8.legacy.i386.rpm d917cdd2768046691abf0e1e0958642d6fce70ae apache-manual-1.3.27-8.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/apache-1.3.27-8.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC7ofqLMAs/0C4zNoRAlTHAJ9bEMUNDDeLrrjwdWFxZ+9yJs/+8wCgsgKE 9EmzS0qRzqRfpyi/oKEG1LQ= =OQo9 -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - spec file changes minimal - source integrity good - patch verified to come from the upstream svn +PUBLISH RHL73 66f36c4a37f0becc0c523199f0b77dc1f4ed3a68 apache-1.3.27-8.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFC7xLBGHbTkzxSL7QRAuEeAKCIQEyjMMfSHvLhZLPPtEDZPlMxPgCfW92C uNv2iJSZuRxc9bSpmCjgQgs= =Gx6I -----END PGP SIGNATURE----- Packages were built for updates-testing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL73: signature OK, upgrades OK, seems to work OK. +VERIFY RHL73 Note: apache doesn't seem to do condrestart on update, but the latest Fedora CVS doesn't do that either so I guess that's intentional. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFC8OEyGHbTkzxSL7QRAuymAJkBuWP6o3gIW7ix5tADrUw37z7m+QCeMfAE aW7S37nJqBwb2BDcYii+IwM= =iQD9 -----END PGP SIGNATURE----- +VERIFY for FC1 on my end. I don't know how to do a Gnu GPG signature, but I hope this helps. +PUBLISH for FC1. :-) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 cb1ae0ad7739bf0cd3eb7c56a8ba96a5bc7825e3 httpd-2.0.40-21.18.legacy.i386.rpm f34762e151a8cbbe4dcf926c66dce6392dbac970 mod_ssl-2.0.40-21.18.legacy.i386.rpm installed. httpd restarts OK, main server works ok, namevirtualhost servers work OK, https works OK (with self-signed certificate). php works OK. i don't use htdigest so i'm afraid i can't test the chunk of code that's actually been changed. sorry. that given: +VERIFY RH9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC8I0SePtvKV31zw4RAprJAKCFxdZ37eZYDwXlU76BFc40i9JS+gCg222Z cEC8lqHwUjJOhyFSUx06Ir4= =13XU -----END PGP SIGNATURE----- I'll count Gilbert's unsigned message as a VERIFY, as we'd get to the same timeout in any case.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Verify for FC2 rpms: 6cf82576642dbb991a3253f4c2ef4ca485d7eea4 httpd-2.0.51-2.9.2.legacy.i386.rpm e8ff1c406b0dd81c2e8f987df5b33dd6e56111e9 httpd-devel-2.0.51-2.9.2.legacy.i386.rpm d432195a04f5423c0ca82c4fb99eff2a4efa04ee httpd-manual-2.0.51-2.9.2.legacy.i386.rpm Signatures OK Packages install OK httpd runs like normal, htdigest works as well FC2 VERIFY++ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFC9E8JKe7MLJjUbNMRAj/NAJ9Lkgypo33ktFI/xrCBg1eWNdb3hgCcCC38 1m9nasYLdy8ug2Vhkk0D2QU= =UMoJ -----END PGP SIGNATURE----- Packages were released. |