Security release 2.4.43

[lidiexy]

Thanks for your hard work on this repo. Please, update Apache due Security Issues in the current 2.4.41. I can test this real quick if needed.

[sping1968]

We're also waiting for this update. We have over 20 Apache servers on Centos 7. Thank you!

[lidiexy]

Hi Sping1968. We are testing the repo provided by CodeIT for now and everything is going well. Anyway I would like IUS repo to avoid re-installing the services with a different repo.

[SteveSimpson]

Unless I'm missing something this should be an update to 2.4.42, as 2.4.43 is not yet released.

I really appreciate all that the IUS folks have done. Would love to know a timeline on this update to determine if I need to patch by hand.

[lidiexy]

Hi SteveSimpson: I got the info from https://httpd.apache.org/download.cgi Stable Release - Latest Version: 2.4.43 (released 2020-04-01)

Thanks, Lidiexy

[SteveSimpson]

lidiexy,

You are correct. I was looking at the security log when I wrote that. Looks like 2.4.43 did not have anything that touched that page.

Anyway, I just submitted a pull request with the 2.4.43 updates. I have gotten everything to build correctly but haven't done much other testing yet.

Anyway, If someone from the IUS team would let me know the timeframe of my changes being incorporated that would be great. I would rather not have to push out my changes by hand.

thanks, steve

[vtanjga]

@SteveSimpson your changes included systemd which is not in centos 6, which is why test failed.

[SteveSimpson]

Saw that - added an if in the config that should fix it. I don't have a RHEL6 / CentOS6 Build environment up any more. I'm running 7 and starting to look at 8.

[carlwgeorge]

@SteveSimpson Thanks for your work on that pull request. I'll review it as soon as I'm able, but I can't make any promises around a timeframe.

[lidiexy]

@SteveSimpson and @carlwgeorge Thank you for working on this. If you need me testing anything on my end, let me know. Awesome job.

[SteveSimpson]

@carlwgeorge Any idea of when you are going to get my change pulled into the baseline? I'm not trying to be impatient, but I am going to have to look at not using the IUS version if we can't get it up to date.

[carlwgeorge]

@SteveSimpson Sorry for the delay, thanks for the reminder. I'll do my best to review the PR this week.

[SteveSimpson]

@carlwgeorge I should be able to implement your comments later today or tomorrow.

[carlwgeorge]

httpd24u-2.4.43-1.el6.ius and httpd24u-2.4.43-1.el7.ius have been published to the testing repositories. I'll promote them to the main repositories in one week, or sooner if people can try them out and confirm they work as expected.

[lidiexy]

@carlwgeorge Thanks Carl. We will start some testing this week and let you know our findings. Also Thanks to @SteveSimpson for the fixes.

[SteveSimpson]

@carlwgeorge - I believe this one can be closed. I am creating a new ticket for 2.4.46 - which I am going to start on today, hopefully it is not as many changes as 2.4.43.

[carlwgeorge]

Thanks @SteveSimpson!