|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] Problems with Security Update of Apache 1.3.31
From: Vincent Danen (vdanen
mandrakesoft.com)
Date: Tue May 18 2004 - 17:21:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On May 18, 2004, at 1:59 PM, KevinO wrote:
>>> I performed the update using MCC just now on MDK 9.2 and received the
>>> following error on httpd restart.
>>>
>>>
>>> [root######## root]# service httpd restart
>>> Shutting down httpd: [
>>> OK ]
>>> Starting httpd-perl: Syntax error on line 46 of
>>> /etc/httpd/conf/httpd-perl.conf:
>>> Cannot load /etc/httpd/modules/mod_digest.so into server:
>>> /etc/httpd/modules/mod_digest.so: undefined symbol: ap_auth_nonce
>>>
>>> [FAILED]
>>> Starting httpd: [
>>> OK ]
>>>
>>>
>>> Line 46 in httpd-perl.conf is -
>>>
>>> LoadModule digest_module modules/mod_digest.so
>>>
>>> The error seems to be in mod_digest.so.
>>>
>>> Can anyone advise a fix please.
>>
>>
>> I'm confused. Where did you get 1.3.31 from? 9.2 was updated to
>> 1.3.28-3.2.92mdk. Is that the version you're using? We had no issues
>> with it during testing.
>>
>> Also, are you sure you're using apache 1.x or are you using apache2?
>> 9.2 came with apache2 as the default.
>>
>> Oh, wait a second. This was during upgrade. Take a closer look
>> above... You see it failed, then you see it started ok. Did you
>> bother
>> doing a ps after the fact? Did you try to connect to your server?
>> More
>> importantly, did it work?
>>
>> Apache upgrades are messy because it insists on restarting apache
>> after
>> every package, so if it tries to restart before the new apache-modules
>> is installed, you'll get error messages like above, but once the
>> apache-modules package is installed, it starts fine.
>>
>> Can you double-check to make sure that apache is (or isn't) running?
>> It
>> should be running. And if you do a "service httpd restart" you should
>> have no problmes.
>>
> It still throws the error, every time you restart. Httpd will start
> and run
> but you see the error. I ended up commenting out the two lines in
> /etc/httpd/conf/httpd-perl.conf, as a temporary fix.
Ok, found the problem. The problem is in mod_perl, not apache itself,
which is why it looks to fail and then starts. The fail is httpd-perl
trying to start, the pass is httpd itself. The problem here is that if
you run any cgi scripts through the perl proxy they will not work,
because the proxy isn't running.
I've built new packages for CS2.1 and 9.2 to test this and the rebuilt
packages work fine (tested using the test.pl script (ie. "lynx
localhost/perl/test.pl")).
If you use mod_perl for perl scripts, you can either wait for new
packages (need to build the other plats and test them yet, so likely
won't be available until tomorrow), or you can rebuild the
apache-mod_perl source rpm against the updated
apache-source/apache-devel packages (you *must* rebuild them against
the new packages).
Sorry about this, and thanks for catching it. One of the patches added
a little something extra to mod_digest.so that mod_perl didn't know
about, thus the crapping out. I didn't expect mod_perl to give any
problems and since I never use it, I didn't even think to try it
because we weren't doing anything other than patching.
--
Mandrakesoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAqox1IEPQ5f5vKv0RAlD3AKDN4IEFxiaPgYMsp2d8FgCPlMVWIgCfcaX2
SGOh22TKcu6roTf+KNh2i9U=
=M53k
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]