PDA

View Full Version : apache 2.2.21 rpm - anytime soon ?



mail2sekh
05-Dec-2011, 12:26
Hi,
I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
running the default apache installed from
apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my project
has a requirement to upgrade it to 2.2.21 which fixes the CVES security
issues. I cannot find the .21 version of the apache rpm for SLES 11
anywhere. Can someone tell me what and when is the likelyhood of the rpm
being released by SUSE ?
Parallely I am trying to build from source and then use rpmbuild to
create an rpm - but so far it is a horror show. Specifically with some
libapr util and devel dependencies. I should be able to do it somehow or
the other but I am not a pro and will never know if I miss out on some
files.For our server installations we pack the rpms and create an iso
which gets distributed at customer sites. That is why I need rpms
specifically and cannot do an upgrade.

Thanks.


--
mail2sekh
------------------------------------------------------------------------
mail2sekh's Profile: http://forums.novell.com/member.php?userid=110461
View this thread: http://forums.novell.com/showthread.php?t=449116

Automatic Reply
09-Dec-2011, 18:42
mail2sekh,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

malcolmlewis
09-Dec-2011, 19:09
On Mon, 05 Dec 2011 11:26:02 GMT
mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

>
> Hi,
> I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
> running the default apache installed from
> apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my
> project has a requirement to upgrade it to 2.2.21 which fixes the
> CVES security issues. I cannot find the .21 version of the apache rpm
> for SLES 11 anywhere. Can someone tell me what and when is the
> likelyhood of the rpm being released by SUSE ?
> Parallely I am trying to build from source and then use rpmbuild to
> create an rpm - but so far it is a horror show. Specifically with some
> libapr util and devel dependencies. I should be able to do it somehow
> or the other but I am not a pro and will never know if I miss out on
> some files.For our server installations we pack the rpms and create
> an iso which gets distributed at customer sites. That is why I need
> rpms specifically and cannot do an upgrade.
>
> Thanks.
>
>
Hi
I have 2.2.12-1.28.1 any CVES and security updates get backported, you
need to look at the changelog entries, so version numbers are somewhat
of a misnomer.


rpm -qa apache2 --changelog |less

Here is a copy of the current changelog;
http://paste.opensuse.org/80711475

You can check the CVE numbers here and the references for fixes;
http://support.novell.com/security/cve/

To build, either look and using the Open Build Service along with Suse
Studio and you can create rpms and iso images to your hearts desire ;)
https://build.opensuse.org/
http://susestudio.com/

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 2:15, 3 users, load average: 0.01, 0.04, 0.05
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

mail2sekh
10-Dec-2011, 07:06
Wow ! Every line you mentioned has a wealth of information.
I got this('Index of /repositories/Apache/SLE_11_SP1/x86_64'
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/))
from the links you mentioned above which has apache2-2.2.21 rpms already
built from the OBS.Let me work on this and see if I can get it running.
Thanks a bunch Malcolm !


--
mail2sekh
------------------------------------------------------------------------
mail2sekh's Profile: http://forums.novell.com/member.php?userid=110461
View this thread: http://forums.novell.com/showthread.php?t=449116

malcolmlewis
10-Dec-2011, 13:36
On Sat, 10 Dec 2011 06:06:01 GMT
mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

>
> Wow ! Every line you mentioned has a wealth of information.
> I got this('Index of /repositories/Apache/SLE_11_SP1/x86_64'
> (http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/))
> from the links you mentioned above which has apache2-2.2.21 rpms
> already built from the OBS.Let me work on this and see if I can get
> it running. Thanks a bunch Malcolm !
>
>
Hi
Just remember the rpms from external sources (Open Build Service)
aren't supported as such. If you can stick to the 'official' ones it's
better ;)

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 20:50, 3 users, load average: 0.33, 0.20, 0.16
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

mail2sekh
15-Dec-2011, 08:56
Hi,
Some stupid questions follow.
1) I am specifically looking at the security update CVE-2011-3348. I
found this link 'NOVELL: Downloads - Apache2 5344'
(http://download.novell.com/Download?buildid=wANc3xGRZJY~)
which is a security update to apache 2.2.12(patch-5344) for CVE-3192
but it also includes what I want ie 3348. However the access is
restricted. So is this the 'official' release that you meant ? And I
would need a paid account to download this patch ?

2) This link 'CVE-2011-3348'
(http://support.novell.com/security/cve/CVE-2011-3348.html) says any
version of apache >=2.2.12 will include the security fix I need. So I go
and download the apache2-2.2.21-54.1.x86_64.rpm from 'Index of
/repositories/Apache/SLE_11_SP1/x86_64'
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/)
(last updated on 12-Dec-11) and install it. When I check the changelog I
do not see the cve-3348 udpate. So what am I missing here ? Also I
suppose this is an unofficial release as this is created out of the OBS
project.

malcolmlewis;2160120 Wrote:
> On Sat, 10 Dec 2011 06:06:01 GMT
> Hi
> Just remember the rpms from external sources (Open Build Service)
> aren't supported as such. If you can stick to the 'official' ones it's
> better ;)
>
> --
> Cheers Malcolm °¿° (Linux Counter #276890)
> openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
> up 20:50, 3 users, load average: 0.33, 0.20, 0.16
> GPU GeForce 8600 GTS Silent - Driver Version: 290.10


--
mail2sekh
------------------------------------------------------------------------
mail2sekh's Profile: http://forums.novell.com/member.php?userid=110461
View this thread: http://forums.novell.com/showthread.php?t=449116

malcolmlewis
15-Dec-2011, 12:05
On Thu, 15 Dec 2011 07:56:06 GMT
mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

>
> Hi,
> Some stupid questions follow.
> 1) I am specifically looking at the security update CVE-2011-3348. I
> found this link 'NOVELL: Downloads - Apache2 5344'
> (http://download.novell.com/Download?buildid=wANc3xGRZJY~)
> which is a security update to apache 2.2.12(patch-5344) for CVE-3192
> but it also includes what I want ie 3348. However the access is
> restricted. So is this the 'official' release that you meant ? And I
> would need a paid account to download this patch ?

Yes, this is correct

>
> 2) This link 'CVE-2011-3348'
> (http://support.novell.com/security/cve/CVE-2011-3348.html) says any
> version of apache >=2.2.12 will include the security fix I need. So I
> go and download the apache2-2.2.21-54.1.x86_64.rpm from 'Index of
> /repositories/Apache/SLE_11_SP1/x86_64'
> (http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/)
> (last updated on 12-Dec-11) and install it. When I check the
> changelog I do not see the cve-3348 udpate. So what am I missing
> here ? Also I suppose this is an unofficial release as this is
> created out of the OBS project.
>
Two different paths, the fixes from the one above are backported to
version X.X.XX into the SP1 'released' version. By virtue of the
release being >=2.2.12 it will be there, but not all are necessarily
mentioned.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 1 day 15:19, 3 users, load average: 0.06, 0.09, 0.09
GPU GeForce 8600 GTS Silent - Driver Version: 290.10