Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 45418 - Apache HTTP Server 2.0.49 Released 2004.03.19
Summary: Apache HTTP Server 2.0.49 Released 2004.03.19
Status: VERIFIED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Apache Team - Bugzilla Reports
URL: http://www.apache.org/dist/httpd/Anno...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-22 11:17 UTC by Mogens Meier Christensen
Modified: 2005-04-23 19:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mogens Meier Christensen 2004-03-22 11:17:04 UTC
Apache 2.0.49 has been released to deal with exploits and DoS bugs 
- should IMHO be available in portage ASAP.

Copy & paste of the announcement:

Apache HTTP Server 2.0.49 Released
The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.49 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.49 as compared to 2.0.48.

This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.49 addresses three security vulnerabilities:

When using multiple listening sockets, a denial of service attack is possible on some platforms due to a race condition in the handling of short-lived connections. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.
[CAN-2004-0174]

Arbitrary client-supplied strings can be written to the error log which can allow exploits of certain terminal emulators.
[CAN-2003-0020]

A remotely triggered memory leak in mod_ssl can allow a denial of service attack due to excessive memory consumption.
[CAN-2004-0113]

This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade.

Apache 2.0.49 is available for download from

http://httpd.apache.org/download.cgi 
Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes.

Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see

http://httpd.apache.org/docs-2.0/new_features_2_0.html
When upgrading or installing this version of Apache, please keep in mind the following:

If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please contact the vendors of these modules to obtain this information.

Apache 2.0.49 Major changes
Security vulnerabilities closed since Apache 2.0.48
SECURITY: CAN-2004-0174 (cve.mitre.org) Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. With Apache 2.x there is no performance concern about enabling the logic for platforms which don't need it, so it is enabled everywhere except for Win32. [Jeff Trawick] 
SECURITY: CAN-2004-0113 (cve.mitre.org) mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling. PR 27106. [Joe Orton] 
SECURITY: CAN-2003-0020 (cve.mitre.org) Escape arbitrary data before writing into the errorlog. Unescaped errorlogs are still possible using the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr
Comment 1 Mogens Meier Christensen 2004-03-22 11:17:04 UTC
Apache 2.0.49 has been released to deal with exploits and DoS bugs 
- should IMHO be available in portage ASAP.

Copy & paste of the announcement:

Apache HTTP Server 2.0.49 Released
The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.49 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.49 as compared to 2.0.48.

This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.49 addresses three security vulnerabilities:

When using multiple listening sockets, a denial of service attack is possible on some platforms due to a race condition in the handling of short-lived connections. This issue is known to affect some versions of AIX, Solaris, and Tru64; it is known to not affect FreeBSD or Linux.
[CAN-2004-0174]

Arbitrary client-supplied strings can be written to the error log which can allow exploits of certain terminal emulators.
[CAN-2003-0020]

A remotely triggered memory leak in mod_ssl can allow a denial of service attack due to excessive memory consumption.
[CAN-2004-0113]

This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade.

Apache 2.0.49 is available for download from

http://httpd.apache.org/download.cgi 
Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes.

Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see

http://httpd.apache.org/docs-2.0/new_features_2_0.html
When upgrading or installing this version of Apache, please keep in mind the following:

If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please contact the vendors of these modules to obtain this information.

Apache 2.0.49 Major changes
Security vulnerabilities closed since Apache 2.0.48
SECURITY: CAN-2004-0174 (cve.mitre.org) Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. With Apache 2.x there is no performance concern about enabling the logic for platforms which don't need it, so it is enabled everywhere except for Win32. [Jeff Trawick] 
SECURITY: CAN-2004-0113 (cve.mitre.org) mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling. PR 27106. [Joe Orton] 
SECURITY: CAN-2003-0020 (cve.mitre.org) Escape arbitrary data before writing into the errorlog. Unescaped errorlogs are still possible using the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo] 
Bugs fixed and features added since Apache 2.0.47
mod_cgid: Fix storage corruption caused by use of incorrect pool. [Jeff Trawick] 
Win32: find_read_listeners was not correctly handling multiple listeners on the Win32DisableAcceptEx path. [Bill Stoddard] 
Fix bug in mod_usertrack when no CookieName is set. PR 24483. [Manni Wood <manniwood planet-save.com>] 
Fix some piped log problems: bogus "piped log program '(null)' failed" messages during restart and problem with the logger respawning again after Apache is stopped. PR 21648, PR 24805. [Jeff Trawick] 
Fixed file extensions for real media files and removed rpm extension from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>] 
Remove compile-time length limit on request strings. Length is now enforced solely with the LimitRequestLine config directive. [Paul J. Reder] 
mod_ssl: Send the Close Alert message to the peer before closing the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton] 
mod_ssl: Fix bug in passphrase handling which could cause spurious failures in SSL functions later. PR 21160. [Joe Orton] 
mod_log_config: Fix corruption of buffered logs with threaded MPMs. PR 25520. [Jeff Trawick] 
Fix mod_include's expression parser to recognize strings correctly even if they start with an escaped token. [André Malo] 
Add fatal exception hook for use by diagnostic modules. The hook is only available if the --enable-exception-hook configure parm is used and the EnableExceptionHook directive has been set to "on". [Jeff Trawick] 
Allow mod_auth_digest to work with sub-requests with different methods than the original request. PR 25040. [Josh Dady <jpd indecisive.com>] 
fix "Expected </Foo>> but saw </Foo>" errors in nested, argumentless containers. ["Philippe M. Chiasson" <gozer cpan.org>] 
mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756. [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes] 
mod_cgid: Restart the cgid daemon if it crashes. PR 19849 [Glenn Nielsen <glenn apache.org>] 
The whole codebase was relicensed and is now available under the Apache License, Version 2.0 (http://www.apache.org/licenses). [Apache Software Foundation] 
Fixed cache-removal order in mod_mem_cache. [Jean-Jacques Clar, Cliff Woolley] 
mod_setenvif: Fix the regex optimizer, which under circumstances treated the supplied regex as literal string. PR 24219. [André Malo] 
ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm instead of mmn. [André Malo] 
mod_rewrite: Catch an edge case, where strange subsequent RewriteRules could lead to a 400 (Bad Request) response. [André Malo] 
Keep focus of ITERATE and ITERATE2 on the current module when the module chooses to return DECLINE_CMD for the directive. PR 22299. [Geoffrey Young <geoff apache.org>] 
Add support for IMT minor-type wildcards (e.g., text/*) to ExpiresByType. PR#7991 [Ken Coar] 
Fix segfault in mod_mem_cache cache_insert() due to cache size becoming negative. PR: 21285, 21287 [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar] 
core.c: If large file support is enabled, allow any file that is greater than AP_MAX_SENDFILE to be split into multiple buckets. This allows Apache to send files that are greater than 2gig. Otherwise we run into 32/64 bit type mismatches in the file size. [Brad Nicholes] 
proxy_http fix: mod_proxy hangs when both KeepAlive and ProxyErrorOverride are enabled, and a non-200 response without a body is generated by the backend server. (e.g.: a client makes a request containing the "If-Modified-Since" and "If-None-Match" headers, to which the backend server respond with status 304.) [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner] 
mod_dav: Reject requests which include an unescaped fragment in the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>] 
Build array of allowed methods with proper dimensions, fixing possible memory corruption. [Jeff Trawick] 
mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID. PR 15057. [Otmar Lendl <lendl nic.at>] 
mod_ssl: Fix streaming output from an nph- CGI script. PR 21944 [Joe Orton] 
mod_usertrack no longer inspects the Cookie2 header for the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>] 
mod_usertrack no longer overwrites other cookies. PR 26002. [Scott Moore <apache nopdesign.com>] 
worker MPM: fix stack overlay bug that could cause the parent process to crash. [Jeff Trawick] 
Win32: Add Win32DisableAcceptEx directive. This Windows NT/2000/XP directive is useful to work around bugs in some third party layered service providers like virus scanners, VPN and firewall products, that do not properly handle WinSock 2 APIs. Use this directive if your server is issuing AcceptEx failed messages. [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick] 
Make REMOTE_PORT variable available in mod_rewrite. PR 25772. [André Malo] 
Fix a long delay with CGI requests and keepalive connections on AIX. [Jeff Trawick] 
mod_autoindex: Add 'XHTML' option in order to allow switching between HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo] 
Add XHTML Document Type Definitions to httpd.h (minor MMN bump). [André Malo] 
mod_ssl: Advertise SSL library version as determined at run-time rather than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>] 
mod_ssl: Fix segfault on a non-SSL request if the 'c' log format code is used. PR 22741. [Gary E. Miller <gem rellim.com>] 
Fix build with parallel make. PR 24643. [Joe Orton] 
mod_rewrite: In external rewrite maps lookup keys containing a newline now cause a lookup failure. PR 14453. [Cedric Gavage <cedric.gavage unixtech.be>, André Malo] 
Backport major overhaul of mod_include's filter parser from 2.1. The new parser code is expected to be more robust and should catch all of the edge cases that were not handled by the previous one. The 2.1 external API changes were hidden by a wrapper which is expected to keep the API backwards compatible. [André Malo] 
Add a hook (insert_error_filter) to allow filters to re-insert themselves during processing of error responses. Enable mod_expires to use the new hook to include Expires headers in valid error responses. This addresses an RFC violation. It fixes PRs 19794, 24884, and 25123. [Paul J. Reder] 
Add Polish translation of error messages. PR 25101. [Tomasz Kepczynski <tomek jot23.org>] 
Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes, Bill Stoddard] 
Add mod_status hook to allow modules to add to the mod_status report. [Joe Orton] 
Fix htdbm to generate comment fields in DBM files correctly. [Justin Erenkrantz] 
mod_dav: Use bucket brigades when reading PUT data. This avoids problems if the data stream is modified by an input filter. PR 22104. [Tim Robbins <tim robbins.dropbear.id.au>, André Malo] 
Fix RewriteBase directive to not add double slashes. [André Malo] 
Improve 'configure --help' output for some modules. [Astrid Keßler] 
Correct UseCanonicalName Off to properly check incoming port number. [Jim Jagielski] 
Fix slow graceful restarts with prefork MPM. [Joe Orton] 
Fix a problem with namespace mappings being dropped in mod_dav_fs; if any property values were set which defined namespaces these came out mangled in the PROPFIND response. PR 11637. [Amit Athavale <amit_athavale persistent.co.in>] 
mod_dav: Return a WWW-auth header for MOVE/COPY requests where the destination resource gives a 401. PR 15571. [Joe Orton] 
mod_autoindex / core: Don't fail to show filenames containing special characters like '%'. PR 13598. [André Malo] 
mod_status: Report total CPU time accurately when using a threaded MPM. PR 23795. [Jeff Trawick] 
Fix memory leak in handling of request bodies during reverse proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>] 
Win32 MPM: Implement MaxMemFree to enable setting an upper limit on the amount of storage used by the bucket brigades in each server thread. [Bill Stoddard] 
Modified the cache code to be header-location agnostic. Also fixed a number of other cache code bugs related to PR 15852. Includes a patch submitted by Sushma Rai <rsushma novell.com>. This fixes mod_mem_cache but not mod_disk_cache yet so I'm not closing the PR since that is what they are using. [Paul J. Reder] 
complain via error_log when mod_include's INCLUDES filter is enabled, but the relevant Options flag allowing the filter to run for the specific resource wasn't set, so that the filter won't silently get skipped. next remove itself, so the warning will be logged only once [Stas Bekman, Jeff Trawick, Bill Rowe] 
mod_info: HTML escape configuration information so it displays correctly. PR 24232. [Thom May] 
Restore the ability to add a description for directories that don't contain an index file. (Broken in 2.0.48) [André Malo] 
Fix a problem with the display of empty variables ("SetEnv foo") in mod_include. PR 24734 [Markus Julen <mj zermatt.net>] 
mod_log_config: Log the minutes component of the timezone correctly. PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>] 
mod_proxy: Fix cases where an invalid status-line could be sent to the client. PR 23998. [Joe Orton] 
mod_ssl: Fix segfaults at startup if other modules which use OpenSSL are also loaded. [Joe Orton] 
mod_ssl: Use human-readable OpenSSL error strings in logs; use thread-safe interface for retrieving error strings. [Joe Orton] 
mod_expires: Initialize ExpiresDefault to NULL instead of "" to avoid reporting an Internal Server error if it is used without having been set in the httpd.conf file. PR: 23748, 24459 [Andre Malo, Liam Quinn <liam htmlhelp.com>] 
mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>] 
mod_include no longer allows an ETag header on 304 responses. PR 19355. [Geoffrey Young <geoff apache.org>, André Malo] 
EBCDIC: Convert header fields to ASCII before sending (broken since 2.0.44). [Martin Kraemer] 
Fix the inability to log errors like exec failure in mod_ext_filter/mod_cgi script children. This was broken after such children stopped inheriting the error log handle. [Jeff Trawick] 
Fix mod_info to use the real config file name, not the default config file name. [Aryeh Katz <aryeh secured-services.com>] 
Set the scoreboard state to indicate logging prior to running logging hooks so that server

Reproducible: Always
Steps to Reproduce:
root # etcat -v apache

Actual Results:  
(as pr. 2004.03.22:)

[ Results for search key           : apache ]
[ Candidate applications found : 14 ]

 Only printing found installed programs.

*  net-www/apache :
        [   ] 1.3.27-r3 (1)
        [   ] 1.3.27-r4 (1)
        [   ] 1.3.28 (1)
        [M~ ] 1.3.28-r1 (1)
        [M~ ] 1.3.29 (1)
        [   ] 1.3.29-r1 (1)
        [   ] 2.0.46 (2)
        [   ] 2.0.47 (2)
        [M~ ] 2.0.47-r1 (2)
        [   ] 2.0.48 (2)
        [  I] 2.0.48-r1 (2)
        [M~ ] 2.0.48-r2 (2)
        [M~ ] 2.0.48-r3 (2)
        [M~ ] 2.0.48-r4 (2)


Expected Results:  
2.0.49 ebuild being available
Comment 2 Stuart Herbert (RETIRED) gentoo-dev 2004-03-22 13:05:14 UTC
Ebuild for apache-2.0.49 committed to CVS, should be showing up on a mirror near you in about an hour or so.

Could you please test it, and let me know whether it also works for you or not?  Thanks.

Best regards,
Stu
Comment 3 Mogens Meier Christensen 2004-03-22 16:16:30 UTC
Thanks for the very fast response! :)

I have tried the committed ebuild, but sadly it fails on my server. Here is the output:

root # nice -n 19 emerge /usr/portage/net-www/apache/apache-2.0.49.ebuild -av

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild     U ] net-www/apache-2.0.49 [2.0.48-r1] -berkdb +gdbm -ldap  0 kB

Total size of downloads: 0 kB

Do you want me to merge these packages? [Yes/No]
>>> emerge (1 of 1) net-www/apache-2.0.49 to /
>>> md5 src_uri ;-) httpd-2.0.49.tar.gz
>>> Unpacking source...
>>> Unpacking httpd-2.0.49.tar.gz to /var/tmp/portage/apache-2.0.49/work
patching file include/httpd.h
patching file modules/ssl/ssl_engine_mutex.c
patching file modules/ssl/ssl_scache_shmcb.c
patching file modules/ssl/ssl_util.c
patching file os/unix/unixd.c
patching file server/Makefile.in
patching file support/apachectl.in
patching file support/apxs.in
rebuilding srclib/apr/configure
buildconf: checking installation...
buildconf: autoconf version 2.58 (ok)
buildconf: libtool version 1.4.3 (ok)
Copying libtool helper files ...
buildconf: Using libtool.m4 at /usr/share/aclocal/libtool.m4.
Creating include/arch/unix/apr_private.h.in ...
autoheader-2.58: WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot'
autoheader-2.58: WARNING: and `config.h.top', to define templates for `config.h.in'
autoheader-2.58: WARNING: is deprecated and discouraged.
autoheader-2.58:
autoheader-2.58: WARNING: Using the third argument of `AC_DEFINE' and
autoheader-2.58: WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without
autoheader-2.58: WARNING: `acconfig.h':
autoheader-2.58:
autoheader-2.58: WARNING:   AC_DEFINE([NEED_FUNC_MAIN], 1,
autoheader-2.58:                [Define if a function `main' is needed.])
autoheader-2.58:
autoheader-2.58: WARNING: More sophisticated templates can also be produced, see the
autoheader-2.58: WARNING: documentation.
Creating configure ...
rebuilding srclib/apr-util/configure

Looking for apr source in ../apr
Creating include/private/apu_config.h ...
Creating configure ...
Invoking xml/expat/buildconf.sh ...
Incorporating /usr/share/aclocal/libtool.m4 into aclocal.m4 ...
Copying libtool helper files ...
Creating config.h.in ...
autoheader-2.58: WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot'
autoheader-2.58: WARNING: and `config.h.top', to define templates for `config.h.in'
autoheader-2.58: WARNING: is deprecated and discouraged.
autoheader-2.58:
autoheader-2.58: WARNING: Using the third argument of `AC_DEFINE' and
autoheader-2.58: WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without
autoheader-2.58: WARNING: `acconfig.h':
autoheader-2.58:
autoheader-2.58: WARNING:   AC_DEFINE([NEED_FUNC_MAIN], 1,
autoheader-2.58:                [Define if a function `main' is needed.])
autoheader-2.58:
autoheader-2.58: WARNING: More sophisticated templates can also be produced, see the
autoheader-2.58: WARNING: documentation.
Creating configure ...
copying build files
rebuilding srclib/pcre/configure
rebuilding include/ap_config_auto.h.in
autoheader-2.58: WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot'
autoheader-2.58: WARNING: and `config.h.top', to define templates for `config.h.in'
autoheader-2.58: WARNING: is deprecated and discouraged.
autoheader-2.58:
autoheader-2.58: WARNING: Using the third argument of `AC_DEFINE' and
autoheader-2.58: WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without
autoheader-2.58: WARNING: `acconfig.h':
autoheader-2.58:
autoheader-2.58: WARNING:   AC_DEFINE([NEED_FUNC_MAIN], 1,
autoheader-2.58:                [Define if a function `main' is needed.])
autoheader-2.58:
autoheader-2.58: WARNING: More sophisticated templates can also be produced, see the
autoheader-2.58: WARNING: documentation.
rebuilding configure
rebuilding rpm spec file
>>> Source unpacked.
 * /etc/apache2/apache2-builtin-mods options:
 --disable-example --enable-access=shared --enable-auth=shared --enable-auth_dbm=shared --enable-auth_anon=shared --enable-auth_digest=shared --enable-alias=shared --enable-file-cache=shared --enable-echo=shared --enable-charset-lite=shared --enable-cache=shared --enable-disk-cache=shared --enable-mem-cache=shared --enable-ext-filter=shared --enable-case_filter=shared --enable-case-filter-in=shared --enable-deflate=shared --enable-mime-magic=shared --enable-cern-meta=shared --enable-expires=shared --enable-headers=shared --enable-usertrack=shared --enable-unique-id=shared --enable-proxy=shared --enable-proxy-connect=shared --enable-proxy-ftp=shared --enable-proxy-http=shared --enable-ssl=shared --disable-optional-hook-export --disable-optional-hook-import --disable-optional-fn-import --disable-optional-fn-export --disable-bucketeer --enable-info=shared --enable-include=shared --enable-cgi=shared --enable-cgid=shared --enable-dav=shared --enable-dav-fs=shared --enable-vhost-alias=shared --enable-speling=shared --enable-rewrite=shared --enable-log_config=shared --enable-logio=shared --enable-env=shared --enable-setenvif=shared --enable-mime=shared --enable-status=shared --enable-autoindex=shared --enable-asis=shared --enable-negotiation=shared --enable-dir=shared --enable-imap=shared --enable-actions=shared --enable-userdir=shared --enable-so=yes
configure: WARNING: If you wanted to set the --build type, don't use --host.
    If a cross compiler is detected then cross compile mode will be used.
configure: loading cache /var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/config.cache
checking for chosen layout... Gentoo
checking for working mkdir -p... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu

Configuring Apache Portable Runtime library ...

checking for APR... reconfig
updating cache /var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/config.cache
configuring package in srclib/apr now
configure: WARNING: If you wanted to set the --build type, don't use --host.
    If a cross compiler is detected then cross compile mode will be used.
configure: loading cache /var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/config.cache
configure: error: `CFLAGS' has changed since the previous run:
configure:   former value:    -g0 -march=pentium2 -mmmx -O3 -fforce-addr -falign-functions=4
configure:   current value:  -g0 -march=pentium2 -mmmx -O3 -fforce-addr -falign-functions=4
configure: error: changes in the environment can compromise the build
configure: error: run `make distclean' and/or `rm /var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/config.cache' and start over
configure failed for srclib/apr

!!! ERROR: net-www/apache-2.0.49 failed.
!!! Function src_compile, Line 185, Exitcode 1
!!! bad ./configure




I tried to "cd /var/tmp/portage ; rm -Rf *" but with the exact same failure being generated.
Comment 4 Mogens Meier Christensen 2004-03-22 16:18:27 UTC
Forgot to change status, sorry
Comment 5 Stuart Herbert (RETIRED) gentoo-dev 2004-03-23 14:36:22 UTC
Okay, I'm looking into it.  This seems a bit weird, and no-one else so far seems to have had the same problem.  autoconf problems aren't my strong point, but let's see what we can do for you.

Could you post the output from 'emerge info' into this bug please?

Thanks,
Stu
Comment 6 Mogens Meier Christensen 2004-03-23 16:49:14 UTC
Thanks for looking into it! :) Here is the info:

root # nice -n 19 emerge info
Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.25_pre7-gss-r2)
=================================================================
System uname: 2.4.25_pre7-gss-r2 i686 Celeron (Mendocino)
Gentoo Base System version 1.4.3.13
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="  -g0 -march=pentium2 -mmmx -O3 -fforce-addr -falign-functions=4  "
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="  -g0 -march=pentium2 -mmmx -O3 -fforce-addr -falign-functions=4  "
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache fixpackages notitles sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.inode.at/ ftp://trumpetti.atm.tut.fi/gentoo/ http://trumpetti.atm.tut.fi/gentoo/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ rsync://trumpetti.atm.tut.fi/gentoo/ rsync://ftp.snt.utwente.nl/gentoo http://212.219.56.152/sites/www.ibiblio.org/gentoo/ ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo http://212.219.56.162/sites/www.ibiblio.org/gentoo/ http://212.219.56.146/sites/www.ibiblio.org/gentoo/ rsync://linux.rz.ruhr-uni-bochum.de/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://194.83.57.2/sites/www.ibiblio.org/gentoo/ http://212.219.56.131/sites/www.ibiblio.org/gentoo/ http://194.83.57.15/sites/www.ibiblio.org/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://ftp.easynet.nl/mirror/gentoo/ http://ftp.easynet.nl/mirror/gentoo/ ftp://gentoo.linux.no/pub/gentoo/ http://gentoo.linux.no/ http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X aalib acl acpi acpi4linux apache2 apm bindist crypt cups curl emacs fbcon flash foomaticdb gd gdbm gif gtk gtk2 imagemagick imap imlib innodb java jpeg libg++ libwww mad mbox mcal mmx motif mpeg mysql ncurses nls oav oci8 odbc pam pdflib perl php plotutils png postgres prebuilt python readline samba sdl slang spell ssl svga tcpd tetex tiff truetype usb wmf x86 xml xml2 zlib"

Comment 7 Davin Boling 2004-03-24 08:37:28 UTC
I also had trouble with the commited build, though the problem was different:

/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/srclib/apr/libtool --silent --mode=compile gcc  -pthread  -march=pentium3 -O3 -pipe  -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER   -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/srclib/apr/include -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/srclib/apr-util/include -I. -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/os/unix -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/server/mpm/prefork -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/http -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/filters -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/proxy -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/include -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/generators -I/usr/include/openssl -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/dav/main -prefer-pic -c ssl_expr_eval.c && touch ssl_expr_eval.slo
yacc -d /var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/ssl/ssl_expr_parse.y
yacc -d /var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/ssl/ssl_expr_parse.y
sed -e 's;yy;ssl_expr_yy;g' \
    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
    <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
sed -e 's;yy;ssl_expr_yy;g' \
    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
    <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
sed -e 's;yy;ssl_expr_yy;g' \
    <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
sed -e 's;yy;ssl_expr_yy;g' \
    <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/srclib/apr/libtool --silent --mode=compile gcc  -pthread  -march=pentium3 -O3 -pipe  -DLINUX=2 -D_REENTRANT -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -D_SVID_SOURCE -D_GNU_SOURCE -DAP_HAVE_DESIGNATED_INITIALIZER   -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/srclib/apr/include -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/srclib/apr-util/include -I. -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/os/unix -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/server/mpm/prefork -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/http -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/filters -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/proxy -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/include -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/generators -I/usr/include/openssl -I/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/dav/main -prefer-pic -c ssl_scache.c && touch ssl_scache.slo
/bin/sh: line 1: y.tab.h: No such file or directory
make[4]: *** [ssl_expr_parse.c] Error 1
make[4]: *** Waiting for unfinished jobs....
make[4]: Leaving directory `/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/ssl'
make[3]: *** [shared-build-recursive] Error 1
make[3]: Leaving directory `/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules/ssl'
make[2]: *** [shared-build-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49/modules'
make[1]: *** [shared-build-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/apache-2.0.49/work/httpd-2.0.49'
make: *** [all-recursive] Error 1

!!! ERROR: net-www/apache-2.0.49 failed.
!!! Function src_compile, Line 188, Exitcode 2
!!! problem compiling Apache2 :(
Comment 8 Stuart Herbert (RETIRED) gentoo-dev 2004-03-24 12:46:39 UTC
Davin - please post the output from emerge info into this bug.  If you're running distcc or cccache, please take those out of your FEATURES list and retry, just in case.

Thanks,
Stu
Comment 9 Mogens Meier Christensen 2004-03-25 06:11:27 UTC
I'm not Davin, but my problem (the first in this bug report) does NOT go away with disabling ccache (I removed the ccache in FEATURES and the ccache from the PATH, and renamed /usr/lib/ccache/bin to be sure - 'which gcc' says /usr/bin/gcc ).

I see that the e-build is declared stable, so I actually hope people will start filing bug reports on the issue, because then I am not the only one; I really don't know how to solve the problem myself, but I would really like to be able to install the update! ;)
Comment 10 Martin Wilke 2004-03-25 07:35:45 UTC
we have found the bug. the bugfix for the error is here
configure:   former value:    -g0 -march=pentium2 -mmmx -O3 -fforce-addr -falign-functions=4
configure:   current value:  -g0 -march=pentium2 -mmmx -O3 -fforce-addr -falign-functions=4 

just edit your make.conf to suit the formaer value and emerge once more ...

have fun ..
Comment 11 Mogens Meier Christensen 2004-03-25 08:40:38 UTC
OK this is extremely weird:

It seems that this ebuild will fail if your CFLAGS start and/or end with space(s)!!!

The long story:
I tried inserting and deleting varies numbers of spaces before and after my CFLAGS, but each time I was wrong with the same number of spaces! So I started deleting some of the unimportant CFLAGS to see that my changes were getting through at all, and change was indeed made but even the first time the ebuild with the new CFLAGS the ebuild complained that my current and former values were different, even though the changes I just made made were seen in both!
And I have many times done a complete 'rm -Rf /var/tmp/portage' so how would the ebuild know the former value???

I then tried deleting all spaces in the start and the end - and now my server is busy building apache!
I think you must be a developer to understand what is going on... ;)

Comment 12 Stuart Herbert (RETIRED) gentoo-dev 2004-03-25 09:17:49 UTC
Heh - I am a developer, but when it comes to the apache build process, I don't know what's going on either :)

I'll update the ebuild script to strip spaces from the start and the end of the CFLAGS.  I'm glad you were able to find the cause.

Best regards,
Stu
Comment 13 Wolfram Schlich (RETIRED) gentoo-dev 2004-03-25 23:13:39 UTC
After upgrading to 2.0.49 from 2.0.48-r1, apache2 fails to start.
Last entry in the error_log is
--8<--
[Fri Mar 26 08:07:35 2004] [notice] Digest: generating secret for digest authentication ...
--8<--
and an strace of the running apache process shows
--8<--
read(33, 
--8<--
so it's trying to read from somewhere, but nothing happens.
And yes, I *have* deleted the old symlinks in /etc/apache2.

--8<--[ $ emerge info ]--8<--
Portage 2.0.50-r1 (default-x86-1.4, gcc-3.3.2, glibc-2.3.2-r9, 2.4.22-grsec-1.9.12)
=================================================================
System uname: 2.4.22-grsec-1.9.12 i686 
Gentoo Base System version 1.4.3.13
distcc 2.12.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]
Autoconf: sys-devel/autoconf-2.58-r1
Automake: sys-devel/automake-1.7.7
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-mp -O3 -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /lib/modules /opt/glftpd/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/AntiVir/hbedv.key /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/afs/C /etc/afs/afsws /etc/gconf /etc/env.d"
CXXFLAGS="-march=athlon-mp -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs buildpkg ccache digest notitles sandbox userpriv usersandbox"
GENTOO_MIRRORS="http://gentoo.bla.fasel.org 
        http://ftp.snt.utwente.nl/pub/os/linux/gentoo 
        http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror 
        http://sunsite.cnlab-switch.ch/ftp/mirror/gentoo 
        http://gentoo.inode.at 
        http://ftp.ussg.iu.edu/linux/gentoo 
        http://gentoo.oregonstate.edu 
        http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://localhost/gentoo-portage"
USE="3dnow X509 aalib acl afs alsa apache2 apm async autofs avi berkdb cdr chroot crypt cups curl dedicated dvd encode etdyn evms2 expat faad fastcgi fbcon flash foomaticdb gd gd-external gdbm geoip gif gpm idea imagemagick imap innodb ipv6 jabber java javascript jikes jpeg kerberos lcd ldap libwww ltsp mad maildir mbox mcal memlimit mikmod mmx mpeg mysql ncurses nls nntp nocardbus odbc oggvorbis oss pam pcap pdflib perl php pic png pnp postgres ppds prelude python quicktime readline regexp ruby samba sasl sdl skey slp smartcard socks5 spell sqlite sse ssl svga tcpd tetex tiff transcode truetype trusted usb v4l vda wmf x86 xml xml2 zlib"
--8<--
Comment 14 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-25 23:30:09 UTC
Wolfram: that indicates that you've run out of entropy on your machine
Comment 15 Wolfram Schlich (RETIRED) gentoo-dev 2004-03-25 23:36:02 UTC
ok, where do I gather new entropy? :>
I mean, it's a quite busy machine...
anyway, apache should be more verbose about the problems it's experiencing.
maybe I should tell the apache devs...
Comment 16 Wolfram Schlich (RETIRED) gentoo-dev 2004-03-25 23:38:47 UTC
btw, you're right, commenting out the line loading mod_auth_digest makes apache start again, so I consider it a temporary workaround :>
Comment 17 Wolfram Schlich (RETIRED) gentoo-dev 2004-03-25 23:44:53 UTC
hmm, /dev/random seems to be "dead", no output at all. I'm curious how to feed it... I've tried network and disk i/o, but nothing changed. I don't want to reboot  :>
Comment 18 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-03-26 00:29:37 UTC
in that case you'll be hitting many problems with entropy starvation again. the apache devs really really hate gentoo for this single case of apache appearing to hang while gathering entropy.
Comment 19 Chuck Short (RETIRED) gentoo-dev 2004-05-07 06:27:01 UTC
Can you try 2.0.49-r1 please.

chuck
Comment 20 Mogens Meier Christensen 2004-05-07 09:07:24 UTC
Chuck, I guess you're 2.0.49-r1 request was to Wolfram Schlich?
If not, 2.0.49-r1 is already up and running with no trouble here! :)
Comment 21 Chuck Short (RETIRED) gentoo-dev 2004-05-10 12:18:46 UTC
Quite correct. Wolfram could you pleaes test 2.0.49-r1. It uses /dev/urandom. 

Thanks.
chuck
Comment 22 Chuck Short (RETIRED) gentoo-dev 2004-05-14 07:41:04 UTC
No response, closing bug.
Comment 23 Wolfram Schlich (RETIRED) gentoo-dev 2004-05-14 08:29:51 UTC
sorry, I'm compiling it now. the machine hasn't been rebooted, so I guess it'll be fairly easy to see whether -r1 fixes my problem ;)
Comment 24 Wolfram Schlich (RETIRED) gentoo-dev 2004-05-14 10:06:17 UTC
ok, compiled, tested, works. thanks!
Comment 25 Elfyn McBratney (beu) (RETIRED) gentoo-dev 2005-04-23 19:49:18 UTC
Closing.