iusrepo / httpd24u

Apache HTTP Server
17 stars 14 forks source link

Security release 2.4.43 #34

Closed lidiexy closed 4 years ago

lidiexy commented 4 years ago

Thanks for your hard work on this repo. Please, update Apache due Security Issues in the current 2.4.41. I can test this real quick if needed.

sping1968 commented 4 years ago

We're also waiting for this update. We have over 20 Apache servers on Centos 7. Thank you!

lidiexy commented 4 years ago

Hi Sping1968. We are testing the repo provided by CodeIT for now and everything is going well. Anyway I would like IUS repo to avoid re-installing the services with a different repo.

SteveSimpson commented 4 years ago

Unless I'm missing something this should be an update to 2.4.42, as 2.4.43 is not yet released.

I really appreciate all that the IUS folks have done. Would love to know a timeline on this update to determine if I need to patch by hand.

lidiexy commented 4 years ago

Hi SteveSimpson: I got the info from https://httpd.apache.org/download.cgi Stable Release - Latest Version: 2.4.43 (released 2020-04-01)

Thanks, Lidiexy

SteveSimpson commented 4 years ago

lidiexy,

You are correct. I was looking at the security log when I wrote that. Looks like 2.4.43 did not have anything that touched that page.

Anyway, I just submitted a pull request with the 2.4.43 updates. I have gotten everything to build correctly but haven't done much other testing yet.

Anyway, If someone from the IUS team would let me know the timeframe of my changes being incorporated that would be great. I would rather not have to push out my changes by hand.

thanks, steve

vtanjga commented 4 years ago

@SteveSimpson your changes included systemd which is not in centos 6, which is why test failed.

SteveSimpson commented 4 years ago

Saw that - added an if in the config that should fix it. I don't have a RHEL6 / CentOS6 Build environment up any more. I'm running 7 and starting to look at 8.

carlwgeorge commented 4 years ago

@SteveSimpson Thanks for your work on that pull request. I'll review it as soon as I'm able, but I can't make any promises around a timeframe.

lidiexy commented 4 years ago

@SteveSimpson and @carlwgeorge Thank you for working on this. If you need me testing anything on my end, let me know. Awesome job.

SteveSimpson commented 4 years ago

@carlwgeorge Any idea of when you are going to get my change pulled into the baseline? I'm not trying to be impatient, but I am going to have to look at not using the IUS version if we can't get it up to date.

carlwgeorge commented 4 years ago

@SteveSimpson Sorry for the delay, thanks for the reminder. I'll do my best to review the PR this week.

SteveSimpson commented 4 years ago

@carlwgeorge I should be able to implement your comments later today or tomorrow.

carlwgeorge commented 4 years ago

httpd24u-2.4.43-1.el6.ius and httpd24u-2.4.43-1.el7.ius have been published to the testing repositories. I'll promote them to the main repositories in one week, or sooner if people can try them out and confirm they work as expected.

lidiexy commented 4 years ago

@carlwgeorge Thanks Carl. We will start some testing this week and let you know our findings. Also Thanks to @SteveSimpson for the fixes.

SteveSimpson commented 4 years ago

@carlwgeorge - I believe this one can be closed. I am creating a new ticket for 2.4.46 - which I am going to start on today, hopefully it is not as many changes as 2.4.43.

carlwgeorge commented 4 years ago

Thanks @SteveSimpson!