Hey Guys! httpd-itk looks like it's based on an old FC spec for 2.2.22, or some such. httpd-itk requires httpd. The changes RedHat made in 2.2.15-31 (that is, RHSA-2014-0920) appear to have broken some symbols in the mod_status .so:
[scott@scott SPECS]$ sudo /etc/rc.d/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: httpd.itk: Syntax error on line 178 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_status.so into server: /etc/httpd/modules/mod_status.so: undefined symbol: ap_copy_scoreboard_worker [FAILED] [scott@scott SPECS]$
A few people have encountered this, see https://bugzilla.redhat.com/show_bug.cgi?id=1123504
I think I can fix this by taking the new patches out of 2.2.15-31 and rebuilding 2.2.22 with them (with the exception of one patch that's not coming cleanly, in that case I grabbed a patch for the same CVE from a JBoss src that belonged to a 2.2.22 httpd). So far, I've done this, and the RPM builds cleanly and httpd starts. I'll be doing some more testing tomorrow to make sure it leaves things in a good state.
Is this the best approach? Or would it be better to wait for someone else to handle this?
-scott
https://bugzilla.redhat.com/show_bug.cgi?id=1121148
On Aug 5, 2014, at 5:17 AM, Christopher Meng wrote:
This doesn't look like the same problem.
CentOS6 is having linking problems with mod_status.so as a result of changes made to rectify CVE-2014-0226. CentOS7 is having linking problem with mod_access_compat.so (and I bet others) because httpd is at version 2.4.6, but httpd-itk is at version 2.2.22.
I've never packaged anything for Fedora EPEL, I'm not sure what's good protocol here. I've got a good C6 spec file with all the CVE patches from 2.2.15 (and one from a JBoss 2.2.22) RPMs rolled into the httpd-itk RPM. It builds, installs, starts, and runs cleanly from what I can tell.
-scott
--
Yours sincerely, Christopher Meng
http://cicku.me _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel
Hi, Scott.
On Tuesday, 05 August 2014 at 23:27, Scott O'Neil wrote:
On Aug 5, 2014, at 5:17 AM, Christopher Meng wrote:
This doesn't look like the same problem.
CentOS6 is having linking problems with mod_status.so as a result of changes made to rectify CVE-2014-0226. CentOS7 is having linking problem with mod_access_compat.so (and I bet others) because httpd is at version 2.4.6, but httpd-itk is at version 2.2.22.
I've never packaged anything for Fedora EPEL, I'm not sure what's good protocol here. I've got a good C6 spec file with all the CVE patches from 2.2.15 (and one from a JBoss 2.2.22) RPMs rolled into the httpd-itk RPM. It builds, installs, starts, and runs cleanly from what I can tell.
Please see https://fedorahosted.org/fpc/ticket/310 before doing any further work on this. httpd-itk requires full Apache HTTPD source to build and so requires a bundling exception.
Regards, Dominik
epel-devel@lists.fedoraproject.org
-
Christopher Meng -
Dominik 'Rathann' Mierzejewski -
Scott O'Neil