OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Vincent Danen (vdanenmandrakesoft.com)
Date: Mon Sep 24 2001 - 17:44:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Mon Sep 24, 2001 at 10:51:18PM +0200, Oden Eriksson wrote:

    [...]
    > > What I do know is that the mod_ssl version has to match the apache version,
    > > these two packages has to be compiled against the 0.9.5a-3.1mdk devel
    > > package when apache has been patched with the right EAPI patch. It is also
    > > somewhat a good idea that the latest mm is installed too. (guess this is no
    > > news to you but...)
    > >
    > > I usally make this manually as suggested in the mod_ssl docs.
    >
    > Heys guys, I just checked the apache src rpm and it lacks the EAPI patch.
    > And, the security patch in there just fixes rarely used (?) userspace
    > programs (temp race fix) .

    May be rarely used, but is still a problem. The EAPI patch is (I
    believe) a part of the SGI patches which is no longer a part of Apache
    (SGI stopped doing their optimization patches quite a few versions
    ago).

    > My suggestion is that you rebuild mm (v1.13), OpenSSL, OpenSSH, Apache, and
    > mod_ssl from the 7.2 updates SRMPS repository. Quite simple.

    Not so simple. A rebuild of openssl requires other updates. I don't
    know what else may/may not depend on mm.

    If you want to try this (rebuild everything from 7.2) and test it, let
    me know how it works (if it works). The other thing is that 7.1 uses
    /home/httpd whereas 7.2+ use /var/www. This makes a direct rebuild
    from 7.2 not entirely compatible with what users may expect for 7.1
    (and indeed how 7.1 used to work).

    If this is the only option, we will rework the 7.2 specs to match 7.1
    and do what needs to be done (hopefully without requiring an openssl
    rebuild to save us from updating openssh). 

    -- 
vdanenmandrakesoft.com, OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
 - Danen Consulting Services    www.danen.net, www.freezer-burn.org
 - MandrakeSoft, Inc. Security  www.linux-mandrake.com

    Current Linux kernel 2.4.8-26mdk uptime: 15 hours 45 minutes.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

    iD8DBQE7r7dbIEPQ5f5vKv0RAlEbAJ0Xw3IhX9pwJA5EtV4ytTXJQUbnswCfdYvs IAS+O7pkdPHMHgy2TF6kSnU= =08LX -----END PGP SIGNATURE-----