Updates #608

Apache 2.2.27

Added by Anonymous about 3 years ago. Updated about 8 hours ago.

Status:In ProgressStart date:07/23/2014
Priority:NormalDue date:07/27/2014
Assignee:Danny Terweij% Done:

90%

Category:CentOS 5Estimated time:24.00 hours
Target version:Kloxo
Resolution:

Description

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Apache httpd has been the most popular web server on the Internet since April 1996, and celebrated its 15th birthday as a project this February.

The Apache HTTP Server ("httpd") is a project of The Apache Software Foundation.

History

#1 Updated by Danny Terweij about 3 years ago

  • Category set to Packages - RPM
  • Assignee set to Danny Terweij

#2 Updated by Danny Terweij almost 3 years ago

  • Target version set to Packages CentOS 5

#3 Updated by Danny Terweij almost 3 years ago

  • Subject changed from Apache 2.2.19 to Apache 2.2.20
  • Status changed from New to In Progress

Rebuilding the centalt 2.2.20

#4 Updated by Danny Terweij almost 3 years ago

  • % Done changed from 0 to 90

Status: Build 32 & 64
httpd-2.2.20-lxcenter.1
httpd-devel-2.2.20-lxcenter.1
httpd-manual-2.2.20-lxcenter.1
httpd-tools-2.2.20-lxcenter.1
mod_ssl-2.2.20-lxcenter.1

The packages are in the lxcenter-test repository for testing.

Source: centalt

#5 Updated by Danny Terweij almost 3 years ago

Release schedule: 10/11 September 2011

#6 Updated by Danny Terweij almost 3 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100
  • Resolution set to Resolved

Released.

yum update httpd

#7 Updated by Danny Terweij almost 3 years ago

  • Subject changed from Apache 2.2.20 to Apache 2.2.21
  • Status changed from Closed to In Progress
  • % Done changed from 100 to 0
  • Resolution deleted (Resolved)

#8 Updated by Danny Terweij almost 3 years ago

  • % Done changed from 0 to 50

#9 Updated by Danny Terweij almost 3 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 50 to 100

Build 32 & 64:

httpd-2.2.21-lxcenter.1
httpd-devel-2.2.21-lxcenter.1
httpd-manual-2.2.21-lxcenter.1
httpd-tools-2.2.21-lxcenter.1
mod_ssl-2.2.21-lxcenter.1

Released and tested.

yum update httpd

(mod_ruid2 is not related to this issue Mustafa).

#10 Updated by Danny Terweij almost 3 years ago

  • Subject changed from Apache 2.2.21 to Apache 2.2.21
  • Status changed from Closed to In Progress
  • % Done changed from 100 to 0

Add patch:

SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some reverse proxy configurations by strictly validating the request-URI.

#11 Updated by Danny Terweij almost 3 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

Build:

httpd-2.2.21-lxcenter.2
httpd-devel-2.2.21-lxcenter.2
httpd-manual-2.2.21-lxcenter.2
httpd-tools-2.2.21-lxcenter.2
mod_ssl-2.2.21-lxcenter.2

Released.

yum update httpd

#12 Updated by Danny Terweij over 2 years ago

  • Subject changed from Apache 2.2.21 to Apache 2.2.22
  • Status changed from Closed to In Progress
  • % Done changed from 100 to 0

Apache HTTP Server 2.2.22 Released
This version of Apache is principally a security and bug fix release, including the following significant security fixes:

  • SECURITY: CVE-2011-3368 (cve.mitre.org)
    Reject requests where the request-URI does not match the HTTP
    specification, preventing unexpected expansion of target URLs in
    some reverse proxy configurations.
  • SECURITY: CVE-2011-3607 (cve.mitre.org)
    Fix integer overflow in ap_pregsub() which, when the mod_setenvif module
    is enabled, could allow local users to gain privileges via a .htaccess
    file.
  • SECURITY: CVE-2011-4317 (cve.mitre.org)
    Resolve additional cases of URL rewriting with ProxyPassMatch or
    RewriteRule, where particular request-URIs could result in undesired
    backend network exposure in some configurations.
  • SECURITY: CVE-2012-0021 (cve.mitre.org)
    mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format
    string is in use and a client sends a nameless, valueless cookie, causing
    a denial of service. The issue existed since version 2.2.17.
  • SECURITY: CVE-2012-0031 (cve.mitre.org)
    Fix scoreboard issue which could allow an unprivileged child process
    could cause the parent to crash at shutdown rather than terminate
    cleanly.
  • SECURITY: CVE-2012-0053 (cve.mitre.org)
    Fixed an issue in error responses that could expose "httpOnly" cookies
    when no custom ErrorDocument is specified for status code 400.

#13 Updated by Danny Terweij over 2 years ago

  • % Done changed from 0 to 50

#14 Updated by Danny Terweij over 2 years ago

  • % Done changed from 50 to 90

Package: httpd 2.2.22
Build: 32/64Bit
Source: CentALT
Modified: No
Released: Yes, in test repository

How to get for testing:
yum update httpd --enablerepo=lxcenter-test

Using on production systems is at your own risc.

Let me know if something is not working well.

NOTE: This will be a fast test-release to public-release.

#15 Updated by Danny Terweij over 2 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100
  • Resolution set to Resolved

Released.

yum update httpd

#16 Updated by Danny Terweij over 2 years ago

  • Affected version set to All

#17 Updated by Danny Terweij over 1 year ago

  • Subject changed from Apache 2.2.22 to Apache 2.2.23
  • Due date set to 12/27/2012
  • Status changed from Closed to In Progress
  • Start date changed from 06/29/2011 to 12/20/2012
  • % Done changed from 100 to 0
  • Resolution deleted (Resolved)

Prepare for Apache 2.2.23

#18 Updated by Danny Terweij over 1 year ago

  • % Done changed from 0 to 90

Package: httpd 2.2.23-3
Build: 32/64Bit
Source: CentALT
Modified: No
Released: No, in test repository

How to get for testing:
yum update httpd apr apr-util --enablerepo=lxcenter-test

Using on production systems is at your own risc.

Let me know if something is not working well.

NOTE: check your yum line, so it is indeed httpd apr apr-util (apr also new versions, httpd compiled against them).

#19 Updated by Danny Terweij over 1 year ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100
  • Resolution set to Resolved

Released.

#20 Updated by Danny Terweij 10 months ago

  • Project changed from Kloxo to RPM and Thirdparty software
  • Category deleted (Packages - RPM)
  • Target version deleted (Packages CentOS 5)

#21 Updated by Danny Terweij 10 months ago

  • Category set to CentOS 5
  • Target version set to Kloxo

#22 Updated by Danny Terweij 7 months ago

  • Subject changed from Apache 2.2.23 to Apache 2.2.26
  • Due date changed from 12/27/2012 to 12/31/2013
  • Status changed from Closed to In Progress
  • Start date changed from 12/20/2012 to 12/18/2013
  • % Done changed from 100 to 30
  • Estimated time set to 24.00
  • Resolution deleted (Resolved)

Prepare update from 2.2.23 to 2.2.26 .

#23 Updated by Danny Terweij 7 months ago

  • % Done changed from 30 to 90

Package: httpd 2.2.26
Build: 32/64Bit
Source: CentALT
Modified: No
Released: No, in test repository

How to get for testing:
yum update httpd --enablerepo=lxcenter-test

Using on production systems is at your own risc.

Let me know if something is not working well.

#24 Updated by Danny Terweij 7 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100
  • Resolution set to Resolved

Released.

#25 Updated by Danny Terweij about 23 hours ago

  • Subject changed from Apache 2.2.26 to Apache 2.2.27
  • Due date changed from 12/31/2013 to 07/27/2014
  • Status changed from Closed to New
  • Start date changed from 12/18/2013 to 07/23/2014
  • % Done changed from 100 to 0
  • Resolution deleted (Resolved)

Prepare for update 2.2.27

#26 Updated by Danny Terweij about 10 hours ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

#27 Updated by Danny Terweij about 8 hours ago

  • % Done changed from 10 to 90

Package: httpd 2.2.27
Released: No

How to get for testing:
yum update httpd --enablerepo=lxcenter-test

Note: also updated (build) depency's: apr (1.5.1) apr-util (1.5.3) and distcache (1.5.2 dev)

  • mirrors are syncing. Give it some time. No new packages yet? do first yum clean all

Also available in: Atom PDF