Description of problem:
mod_perl 2.0.2, when working with Apache 2.2.x, has a bug where it doesn't allow
"Options ExecCGI" to be set in a PerlConfigRequires handler.
Bugzilla 3.0 does this.
This is fixed in mod_perl 2.0.3.
So, RHEL5 users can't use mod_perl with their Bugzilla. (Right now they have to
rebuild the FC7 RPM to get Bugzilla 3.0 working with mod_perl on RHEL5.)
There may be other applications affected by this, but Bugzilla's the only one
that I know for certain.
*** Bug 281291 has been marked as a duplicate of this bug. ***
Thanks for the reports.
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. This request will
be reviewed for a future Red Hat Enterprise Linux release.
In case you didn't realize it, this isn't an enhancement request. The mod_perl
you ship is broken (ExecCGI doesn't work inside PerlConfig blocks, which breaks
a lot of mod_perl apps, not just Bugzilla). If you're not going to update to
2.0.3, at least backport the fix for that bug. Otherwise you're going to have a
ton of people installing the RPM from Fedora and missing out on security updates.
The specific patch that fixes this appears to be:
There's additional discussion of the issue (which resulted in the above patch)
I'd say this is fairly high severity because of comment 5. With the number of
people who install Bugzilla, and the number of people who install it on RHEL5
machines, the number of people missing out on security updates for mod_perl
could be a few thousand.
2.0.4 updates are available for testing purposes only at this location:
I've done minimal sanity testing to verify that these work with the bugzilla 3.0.x package from EPEL5 (unlike the current RHEL5 mod_perl).
Note that these packages have NOT gone through Red Hat QA and are NOT supported. Nevertheless, feedback from any testing is very welcome!
I'm running the updated package on my RHEL5 server that runs Bugzilla under mod_perl, and everything is fine. :-)
Release note added. If any revisions are required, please set the
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.
mod_perl is now re-based to version 2.0.4, the latest upstream release. This update applies several updates, which include a bug fix that now allows mod_perl to work properly with Bugzilla 3.0.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.