Fixed in Apache httpd 2.0.49 listening socket starvation CAN-2004-0174 A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux. Affects: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35 mod_ssl memory leak CAN-2004-0113 A memory leak in mod_ssl allows a remote denial of service attack against an SSL-enabled server by sending plain HTTP requests to the SSL port. Affects: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35 Error log escape filtering CAN-2003-0020 Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Affects: 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35
Would someone in this herd put together an ebuild for 2.0.49? Thanks.
Would someone give either some sort of status or acknowledgment of this bug?
If >=48 hrs we can bump it. tseng@g.o said he will test/see if apache-2.0.48-r4.ebuild can be bumped cleanly to 2.0.49 I'll ask him to post his comments to this bug #
There are distro specific patches here .... apache-2.0.48-export.diff does not apply. apache-2.0.48-r3.ebuild, files/apache-2.0.48-export.diff: Added export patch to fix compilation on some boxes. #32588. Reported by marco@md2.ath.cx. Pointer from Chris Nott. The second patch, apache-2.0.48-gentoo.diff applies w/ some offsets and likely needs cleaned up. Where is the webapps herd?
Apache otherwise builds with this ebuild, but the patches definately need cleaned up.
Sorry. Been laid up this last weekend. Bug wouldn't have made it through my bugzilla filter anyway, sorry. I'm doing the version bump as we speak, and I'll update this bug once it's done. Best regards, Stu
Okay, apache-2.0.49 is now in the tree. Over to you guys to do whatever it is you need to do ;-) Best regards, Stu
Arch-Maintainers: Can you please test out net-www/apache-2.0.49 and mark it stable so this is ready for a GLSA release. Thanks in advance; and thanks for updating this Stuart.
Stable on sparc.
And amd64.
Thank you for testing and marking stable on sparc & amd64. How about the rest of you arch maintainers. Whats going on here? Current status is. KEYWORDS="~x86 ~ppc ~alpha ~hppa ~mips sparc amd64"
building on ppc right now.
There is no stable apache on mips, so surely .49 can remain ~mips'ed?
all set on alpha and ia64. remaining are x86, hppa and mips (though it sounds like mips might not matter since there's no stable version in portage)
Stable on x86, KEYWORDS updated.
Hrm ... if you take a look at 45418, you'll see that at least one user is unable to compile apache-2.0.49 on x86. Best regards, Stu
Re #16 Do you think that should hold us up from sending out the GLSA today?
Having thought about it ... send out the GLSA. Best regards, Stu
I think there's a mistake in the GLSA (at least in the copy sent to gentoo-account and posted to the forums - http://forums.gentoo.org/viewtopic.php?t=153486). [begin quote] # If you are migrating from Apache 2.0.48-r1 or earlier versions, # it is important that the following directories are removed. # The following commands should cause no data loss since these # are symbolic links. # rm /etc/apache2/lib /etc/apache2/logs /etc/apache2/modules # rm /etc/apache2/modules [end quote] Shouldn't that last line be "rm /etc/apache2/extramodules" instead?
sorry, meant to type "gentoo-announce" - not "gentoo-account" (I have the same problem trying to type "myself" - somehow it always comes out as "mysql"!)
portage updated, GLSA sent, Closing bug. If you have problems with apache or any of it's runtime behaviors and or install problems please search and file a new bug if needed.