See: http://seclists.org/oss-sec/2018/q1/271 http://seclists.org/oss-sec/2018/q1/270 http://seclists.org/oss-sec/2018/q1/269 http://seclists.org/oss-sec/2018/q1/268 http://seclists.org/oss-sec/2018/q1/267 http://seclists.org/oss-sec/2018/q1/266 http://seclists.org/oss-sec/2018/q1/265 A large number of vulns have been fixed in the apache http server 2.4.30, CVEs: CVE-2018-1301, CVE-2018-1303, CVE-2018-1283, CVE-2018-1302, CVE-2017-15715, CVE-2018-1312, CVE-2017-15710 They did a bunch of smaller subsequent releases, we already have 2.4.33 in the tree. Can this be stabilized yet?
Hey Lars, this seems reasonably important, can you please sign off on whether stabilization for 2.4.33 can go ahead?
x86 stable
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2c236fc79a99de3f4a2898a0e1248996b6babb4 commit a2c236fc79a99de3f4a2898a0e1248996b6babb4 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-30 21:01:54 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-31 07:50:30 +0000 app-admin/apache-tools: stable 2.4.33 for sparc Bug: https://bugs.gentoo.org/651406 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" app-admin/apache-tools/apache-tools-2.4.33.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22908c0e6c4ff955b67d225f62e45f7273811c8c commit 22908c0e6c4ff955b67d225f62e45f7273811c8c Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-30 21:01:11 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-31 07:50:29 +0000 www-servers/apache: stable 2.4.33-r1 for sparc Bug: https://bugs.gentoo.org/651406 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" www-servers/apache/apache-2.4.33-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4f2297f0da0bbfb37c4f67f71a8cc8f87efa845 commit a4f2297f0da0bbfb37c4f67f71a8cc8f87efa845 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-31 08:11:54 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-31 08:11:54 +0000 www-servers/apache: stable 2.4.33-r1 for ia64, bug #651406 Bug: https://bugs.gentoo.org/651406 Package-Manager: Portage-2.3.38, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" www-servers/apache/apache-2.4.33-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3d20cdf1acefff02007d4c930e1ffb1b22b8b16 commit f3d20cdf1acefff02007d4c930e1ffb1b22b8b16 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-31 08:11:49 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-31 08:11:49 +0000 app-admin/apache-tools: stable 2.4.33 for ia64, bug #651406 Bug: https://bugs.gentoo.org/651406 Package-Manager: Portage-2.3.38, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" app-admin/apache-tools/apache-tools-2.4.33.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
arm stable
Stable on alpha.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=832684b6aa6e490f9b59ae1531c623f804d1e792 commit 832684b6aa6e490f9b59ae1531c623f804d1e792 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 19:47:35 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:20:21 +0000 www-servers/apache: stable 2.4.33-r1 for ppc64, bug #651406 Bug: https://bugs.gentoo.org/651406 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" www-servers/apache/apache-2.4.33-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6cd4839c508b08a217e95b46c5fd459a65f8af8 commit b6cd4839c508b08a217e95b46c5fd459a65f8af8 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 19:47:30 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:20:20 +0000 app-admin/apache-tools: stable 2.4.33 for ppc64, bug #651406 Bug: https://bugs.gentoo.org/651406 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" app-admin/apache-tools/apache-tools-2.4.33.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Created attachment 542222 [details] ppc build.log (all USE-flags enabled) ppc tatt was having a hard time with alle the USE-flag and modules combinations so I only built apache with all USE-flags enabled/disabled, tests were successful. rdeps built fine, apart from www-apache/mod_perl (see bug #662692). # cat apache-tools-651406.report revdep tests started on Fr 3. Aug 08:50:53 CEST 2018 FEATURES=' test' USE='' succeeded for www-apache/mod_ldap_userdir FEATURES=' test' USE='' succeeded for www-apache/mod_wsgi FEATURES=' test' USE='' succeeded for dev-perl/Apache-Test FEATURES=' test' USE='apache2' succeeded for net-analyzer/pnp4nagios FEATURES=' test' USE='' succeeded for www-apache/libapreq2 FEATURES=' test' USE='' succeeded for www-apache/mod_limitipconn FEATURES=' test' USE='' succeeded for www-apache/mod_fcgid merging test dependencies of www-apache/mod_perl failed FEATURES=' test' USE='' succeeded for www-apache/mod_bw FEATURES=' test' USE='' succeeded for www-apps/lxr
Created attachment 542224 [details] ppc build.log (all USE-flags disabled)
ppc stable all arches done
This was lost, it is no longer in tree. Cleaning Up