Results 1 to 7 of 7

Thread: apache 2.2.21 rpm - anytime soon ?

  1. #1
    mail2sekh NNTP User

    apache 2.2.21 rpm - anytime soon ?


    Hi,
    I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
    running the default apache installed from
    apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my project
    has a requirement to upgrade it to 2.2.21 which fixes the CVES security
    issues. I cannot find the .21 version of the apache rpm for SLES 11
    anywhere. Can someone tell me what and when is the likelyhood of the rpm
    being released by SUSE ?
    Parallely I am trying to build from source and then use rpmbuild to
    create an rpm - but so far it is a horror show. Specifically with some
    libapr util and devel dependencies. I should be able to do it somehow or
    the other but I am not a pro and will never know if I miss out on some
    files.For our server installations we pack the rpms and create an iso
    which gets distributed at customer sites. That is why I need rpms
    specifically and cannot do an upgrade.

    Thanks.


    --
    mail2sekh
    ------------------------------------------------------------------------
    mail2sekh's Profile: http://forums.novell.com/member.php?userid=110461
    View this thread: http://forums.novell.com/showthread.php?t=449116


  2. #2
    Automatic Reply NNTP User

    Re: apache 2.2.21 rpm - anytime soon ?

    mail2sekh,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    Has your problem been resolved? If not, you might try one of the following options:

    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php

    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.

    Good luck!

    Your Novell Product Support Forums Team
    http://forums.novell.com/


  3. #3
    malcolmlewis NNTP User

    Re: apache 2.2.21 rpm - anytime soon ?

    On Mon, 05 Dec 2011 11:26:02 GMT
    mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

    >
    > Hi,
    > I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
    > running the default apache installed from
    > apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my
    > project has a requirement to upgrade it to 2.2.21 which fixes the
    > CVES security issues. I cannot find the .21 version of the apache rpm
    > for SLES 11 anywhere. Can someone tell me what and when is the
    > likelyhood of the rpm being released by SUSE ?
    > Parallely I am trying to build from source and then use rpmbuild to
    > create an rpm - but so far it is a horror show. Specifically with some
    > libapr util and devel dependencies. I should be able to do it somehow
    > or the other but I am not a pro and will never know if I miss out on
    > some files.For our server installations we pack the rpms and create
    > an iso which gets distributed at customer sites. That is why I need
    > rpms specifically and cannot do an upgrade.
    >
    > Thanks.
    >
    >

    Hi
    I have 2.2.12-1.28.1 any CVES and security updates get backported, you
    need to look at the changelog entries, so version numbers are somewhat
    of a misnomer.
    Code:
    rpm -qa apache2 --changelog |less
    Here is a copy of the current changelog;
    http://paste.opensuse.org/80711475

    You can check the CVE numbers here and the references for fixes;
    http://support.novell.com/security/cve/

    To build, either look and using the Open Build Service along with Suse
    Studio and you can create rpms and iso images to your hearts desire
    https://build.opensuse.org/
    http://susestudio.com/

    --
    Cheers Malcolm °¿° (Linux Counter #276890)
    openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
    up 2:15, 3 users, load average: 0.01, 0.04, 0.05
    GPU GeForce 8600 GTS Silent - Driver Version: 290.10


  4. #4
    mail2sekh NNTP User

    Re: apache 2.2.21 rpm - anytime soon ?


    Wow ! Every line you mentioned has a wealth of information.
    I got this('Index of /repositories/Apache/SLE_11_SP1/x86_64'
    (http://download.opensuse.org/reposit...11_SP1/x86_64/))
    from the links you mentioned above which has apache2-2.2.21 rpms already
    built from the OBS.Let me work on this and see if I can get it running.
    Thanks a bunch Malcolm !


    --
    mail2sekh
    ------------------------------------------------------------------------
    mail2sekh's Profile: http://forums.novell.com/member.php?userid=110461
    View this thread: http://forums.novell.com/showthread.php?t=449116


  5. #5
    malcolmlewis NNTP User

    Re: apache 2.2.21 rpm - anytime soon ?

    On Sat, 10 Dec 2011 06:06:01 GMT
    mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

    >
    > Wow ! Every line you mentioned has a wealth of information.
    > I got this('Index of /repositories/Apache/SLE_11_SP1/x86_64'
    > (http://download.opensuse.org/reposit...11_SP1/x86_64/))
    > from the links you mentioned above which has apache2-2.2.21 rpms
    > already built from the OBS.Let me work on this and see if I can get
    > it running. Thanks a bunch Malcolm !
    >
    >

    Hi
    Just remember the rpms from external sources (Open Build Service)
    aren't supported as such. If you can stick to the 'official' ones it's
    better

    --
    Cheers Malcolm °¿° (Linux Counter #276890)
    openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
    up 20:50, 3 users, load average: 0.33, 0.20, 0.16
    GPU GeForce 8600 GTS Silent - Driver Version: 290.10


  6. #6
    mail2sekh NNTP User

    Re: apache 2.2.21 rpm - anytime soon ?


    Hi,
    Some stupid questions follow.
    1) I am specifically looking at the security update CVE-2011-3348. I
    found this link 'NOVELL: Downloads - Apache2 5344'
    (http://download.novell.com/Download?...d=wANc3xGRZJY~)
    which is a security update to apache 2.2.12(patch-5344) for CVE-3192
    but it also includes what I want ie 3348. However the access is
    restricted. So is this the 'official' release that you meant ? And I
    would need a paid account to download this patch ?

    2) This link 'CVE-2011-3348'
    (http://support.novell.com/security/c...2011-3348.html) says any
    version of apache >=2.2.12 will include the security fix I need. So I go
    and download the apache2-2.2.21-54.1.x86_64.rpm from 'Index of
    /repositories/Apache/SLE_11_SP1/x86_64'
    (http://download.opensuse.org/reposit...11_SP1/x86_64/)
    (last updated on 12-Dec-11) and install it. When I check the changelog I
    do not see the cve-3348 udpate. So what am I missing here ? Also I
    suppose this is an unofficial release as this is created out of the OBS
    project.

    malcolmlewis;2160120 Wrote:
    > On Sat, 10 Dec 2011 06:06:01 GMT
    > Hi
    > Just remember the rpms from external sources (Open Build Service)
    > aren't supported as such. If you can stick to the 'official' ones it's
    > better
    >
    > --
    > Cheers Malcolm °¿° (Linux Counter #276890)
    > openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
    > up 20:50, 3 users, load average: 0.33, 0.20, 0.16
    > GPU GeForce 8600 GTS Silent - Driver Version: 290.10



    --
    mail2sekh
    ------------------------------------------------------------------------
    mail2sekh's Profile: http://forums.novell.com/member.php?userid=110461
    View this thread: http://forums.novell.com/showthread.php?t=449116


  7. #7
    malcolmlewis NNTP User

    Re: apache 2.2.21 rpm - anytime soon ?

    On Thu, 15 Dec 2011 07:56:06 GMT
    mail2sekh <mail2sekh@no-mx.forums.novell.com> wrote:

    >
    > Hi,
    > Some stupid questions follow.
    > 1) I am specifically looking at the security update CVE-2011-3348. I
    > found this link 'NOVELL: Downloads - Apache2 5344'
    > (http://download.novell.com/Download?...d=wANc3xGRZJY~)
    > which is a security update to apache 2.2.12(patch-5344) for CVE-3192
    > but it also includes what I want ie 3348. However the access is
    > restricted. So is this the 'official' release that you meant ? And I
    > would need a paid account to download this patch ?


    Yes, this is correct

    >
    > 2) This link 'CVE-2011-3348'
    > (http://support.novell.com/security/c...2011-3348.html) says any
    > version of apache >=2.2.12 will include the security fix I need. So I
    > go and download the apache2-2.2.21-54.1.x86_64.rpm from 'Index of
    > /repositories/Apache/SLE_11_SP1/x86_64'
    > (http://download.opensuse.org/reposit...11_SP1/x86_64/)
    > (last updated on 12-Dec-11) and install it. When I check the
    > changelog I do not see the cve-3348 udpate. So what am I missing
    > here ? Also I suppose this is an unofficial release as this is
    > created out of the OBS project.
    >

    Two different paths, the fixes from the one above are backported to
    version X.X.XX into the SP1 'released' version. By virtue of the
    release being >=2.2.12 it will be there, but not all are necessarily
    mentioned.

    --
    Cheers Malcolm °¿° (Linux Counter #276890)
    openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
    up 1 day 15:19, 3 users, load average: 0.06, 0.09, 0.09
    GPU GeForce 8600 GTS Silent - Driver Version: 290.10


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •