Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 280648 - >=dev-libs/apr-1.3.6 built on a CLOEXEC-providing kernel will break on older kernels
Summary: >=dev-libs/apr-1.3.6 built on a CLOEXEC-providing kernel will break on older ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Apache Team - Bugzilla Reports
URL: https://issues.apache.org/bugzilla/sh...
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2009-2412
  Show dependency tree
 
Reported: 2009-08-07 11:50 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2009-08-24 17:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2009-08-07 11:50:02 UTC
I guess I'll have to submit this upstream too, but since I'm a) swamped b) going on vacation c) pretty angry with apr right now, I'll wait for that.

The autoconf check in apr for CLOEXEC compatibility checks against the running kernel; if the running kernel for CBUILD is newer than the one from CHOST, and CHOST lacks CLOEXEC support, Apache will fail to start 'cause it cannot bind the socket.

Obviously, it should retry if it failed with CLOEXEC, so that it falls back without breaking older kernels.

On the other hand, it won't support CLOEXEC if it's not build on a kernel that supports it, also pretty stupid.

Have fun because this just went stable thanks to a security issue.
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2009-08-07 13:39:57 UTC
apr_cv_sock_cloexec=no
apr_cv_epoll_create1=no

setting these in the environment let apr cross-build decently.
Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-08-10 03:31:15 UTC
I added "cloexec" USE flag, whose disabling allows to disable support for SOCK_CLOEXEC.
Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-08-10 16:47:38 UTC
I renamed "cloexec" USE flag to "older-kernels-compatibility", which better explains the meaning of this USE flag.
Comment 4 Joakim 2009-08-15 12:31:27 UTC
Well although the use flag is more "plain text" readable, at the same time it doesn't really say anything, or rather the comment with '#equery u apr' doesn't, as exactly what _is_ an 'older-kernel'? It's a relative term so need something to be relative to or it could as well say bla-bla-bla. Although 'cloexec' certainly give a hint to the initiated one, but what about something as '=< 2.6.26' or where ever that line is crossed? I don't know and probably many with me... Sure I can probably spend an hour or two on digging it up... but what a waste of time as someone probably already knows and there is a proper place to write it down... so please?
Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-08-15 16:06:00 UTC
(In reply to comment #4)

"older-kernels-compatibility" USE flag can mean enabling of compatibility with different versions of kernels in case of different versions of APR.
Comment 6 Joakim 2009-08-16 11:56:09 UTC
(In reply to comment #5)
> (In reply to comment #4)
> 
> "older-kernels-compatibility" USE flag can mean enabling of compatibility with
> different versions of kernels in case of different versions of APR.
> 

Yes I get that, but exactly what deem a kernel as 'old'? there is a specific build drawing the line or? I suspected my linux-2.6.24-openvz-008.1 would be old, but testing on 1 VE I haven't noticed any problems yet with apr-1.3.8 (-older-kernels-compatibility) and latest apache, but still testing. I know upgrading kernel would be the best, but the box is co-located and I just don't have the time to deal with it right now.
Comment 7 Luke-Jr 2009-08-24 17:14:25 UTC
I think "cloexec" was a better name.