Bug 274181 - RHEL5 ships with mod_perl/Apache combination that doesn't work with Bugzilla (a mod_perl bug)
RHEL5 ships with mod_perl/Apache combination that doesn't work with Bugzilla ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: mod_perl (Show other bugs)
5.1
All All
medium Severity high
: ---
: ---
Assigned To: Joe Orton
:
: 281291 (view as bug list)
Depends On:
Blocks: RHEL5u3_relnotes
  Show dependency treegraph
 
Reported: 2007-09-01 19:18 EDT by Max Kanat-Alexander
Modified: 2009-01-20 15:44 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
mod_perl is now re-based to version 2.0.4, the latest upstream release. This update applies several updates, which include a bug fix that now allows mod_perl to work properly with Bugzilla 3.0.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 15:44:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Max Kanat-Alexander 2007-09-01 19:18:04 EDT
Description of problem:
mod_perl 2.0.2, when working with Apache 2.2.x, has a bug where it doesn't allow
"Options ExecCGI" to be set in a PerlConfigRequires handler.

Bugzilla 3.0 does this.

This is fixed in mod_perl 2.0.3.

So, RHEL5 users can't use mod_perl with their Bugzilla. (Right now they have to
rebuild the FC7 RPM to get Bugzilla 3.0 working with mod_perl on RHEL5.)

There may be other applications affected by this, but Bugzilla's the only one
that I know for certain.
Comment 1 Joe Orton 2007-09-25 12:28:14 EDT
*** Bug 281291 has been marked as a duplicate of this bug. ***
Comment 2 Joe Orton 2007-09-25 12:31:46 EDT
Thanks for the reports.
Comment 4 RHEL Product and Program Management 2007-12-03 15:45:52 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release.  This request will
be reviewed for a future Red Hat Enterprise Linux release.
Comment 5 Dave Miller 2007-12-04 03:45:35 EST
In case you didn't realize it, this isn't an enhancement request.  The mod_perl
you ship is broken (ExecCGI doesn't work inside PerlConfig blocks, which breaks
a lot of mod_perl apps, not just Bugzilla).  If you're not going to update to
2.0.3, at least backport the fix for that bug.  Otherwise you're going to have a
ton of people installing the RPM from Fedora and missing out on security updates.

The specific patch that fixes this appears to be:
http://svn.apache.org/viewvc?view=rev&revision=384596
Comment 6 Dave Miller 2007-12-04 03:49:02 EST
There's additional discussion of the issue (which resulted in the above patch)
at http://www.gossamer-threads.com/lists/modperl/modperl/87487
Comment 7 Max Kanat-Alexander 2008-03-07 01:30:05 EST
I'd say this is fairly high severity because of comment 5. With the number of
people who install Bugzilla, and the number of people who install it on RHEL5
machines, the number of people missing out on security updates for mod_perl
could be a few thousand.
Comment 13 Joe Orton 2008-09-19 08:25:28 EDT
2.0.4 updates are available for testing purposes only at this location:

http://people.redhat.com/jorton/Tikanga-mod_perl/

I've done minimal sanity testing to verify that these work with the bugzilla 3.0.x package from EPEL5 (unlike the current RHEL5 mod_perl).

Note that these packages have NOT gone through Red Hat QA and are NOT supported.  Nevertheless, feedback from any testing is very welcome!
Comment 14 Max Kanat-Alexander 2008-10-25 23:33:39 EDT
I'm running the updated package on my RHEL5 server that runs Bugzilla under mod_perl, and everything is fine. :-)
Comment 15 Don Domingo 2008-11-11 22:06:33 EST
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
mod_perl is now re-based to version 2.0.4, the latest upstream release. This update applies several updates, which include a bug fix that now allows mod_perl to work properly with Bugzilla 3.0.
Comment 19 errata-xmlrpc 2009-01-20 15:44:28 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0068.html

Note You need to log in before you can comment on or make changes to this bug.