apache 2.2.21 rpm - anytime soon ?

Hi,
I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
running the default apache installed from
apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my project
has a requirement to upgrade it to 2.2.21 which fixes the CVES security
issues. I cannot find the .21 version of the apache rpm for SLES 11
anywhere. Can someone tell me what and when is the likelyhood of the rpm
being released by SUSE ?
Parallely I am trying to build from source and then use rpmbuild to
create an rpm - but so far it is a horror show. Specifically with some
libapr util and devel dependencies. I should be able to do it somehow or
the other but I am not a pro and will never know if I miss out on some
files.For our server installations we pack the rpms and create an iso
which gets distributed at customer sites. That is why I need rpms
specifically and cannot do an upgrade.

Thanks.


mail2sekh

mail2sekh’s Profile: http://forums.novell.com/member.php?userid=110461
View this thread: http://forums.novell.com/showthread.php?t=449116

mail2sekh,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

  • Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
  • You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

On Mon, 05 Dec 2011 11:26:02 GMT
mail2sekh mail2sekh@no-mx.forums.novell.com wrote:
[color=blue]

Hi,
I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
running the default apache installed from
apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my
project has a requirement to upgrade it to 2.2.21 which fixes the
CVES security issues. I cannot find the .21 version of the apache rpm
for SLES 11 anywhere. Can someone tell me what and when is the
likelyhood of the rpm being released by SUSE ?
Parallely I am trying to build from source and then use rpmbuild to
create an rpm - but so far it is a horror show. Specifically with some
libapr util and devel dependencies. I should be able to do it somehow
or the other but I am not a pro and will never know if I miss out on
some files.For our server installations we pack the rpms and create
an iso which gets distributed at customer sites. That is why I need
rpms specifically and cannot do an upgrade.

Thanks.

[/color]
Hi
I have 2.2.12-1.28.1 any CVES and security updates get backported, you
need to look at the changelog entries, so version numbers are somewhat
of a misnomer.

rpm -qa apache2 --changelog |less

Here is a copy of the current changelog;
http://paste.opensuse.org/80711475

You can check the CVE numbers here and the references for fixes;
http://support.novell.com/security/cve/

To build, either look and using the Open Build Service along with Suse
Studio and you can create rpms and iso images to your hearts desire :wink:
https://build.opensuse.org/
http://susestudio.com/


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 2:15, 3 users, load average: 0.01, 0.04, 0.05
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

Wow ! Every line you mentioned has a wealth of information.
I got this(‘Index of /repositories/Apache/SLE_11_SP1/x86_64’
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/))
from the links you mentioned above which has apache2-2.2.21 rpms already
built from the OBS.Let me work on this and see if I can get it running.
Thanks a bunch Malcolm !


mail2sekh

mail2sekh’s Profile: http://forums.novell.com/member.php?userid=110461
View this thread: http://forums.novell.com/showthread.php?t=449116

On Sat, 10 Dec 2011 06:06:01 GMT
mail2sekh mail2sekh@no-mx.forums.novell.com wrote:
[color=blue]

Wow ! Every line you mentioned has a wealth of information.
I got this(‘Index of /repositories/Apache/SLE_11_SP1/x86_64’
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/))
from the links you mentioned above which has apache2-2.2.21 rpms
already built from the OBS.Let me work on this and see if I can get
it running. Thanks a bunch Malcolm !

[/color]
Hi
Just remember the rpms from external sources (Open Build Service)
aren’t supported as such. If you can stick to the ‘official’ ones it’s
better :wink:


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 20:50, 3 users, load average: 0.33, 0.20, 0.16
GPU GeForce 8600 GTS Silent - Driver Version: 290.10

Hi,
Some stupid questions follow.

  1. I am specifically looking at the security update CVE-2011-3348. I
    found this link ‘NOVELL: Downloads - Apache2 5344’
    (http://download.novell.com/Download?buildid=wANc3xGRZJY~)
    which is a security update to apache 2.2.12(patch-5344) for CVE-3192
    but it also includes what I want ie 3348. However the access is
    restricted. So is this the ‘official’ release that you meant ? And I
    would need a paid account to download this patch ?

  2. This link ‘CVE-2011-3348’
    (http://support.novell.com/security/cve/CVE-2011-3348.html) says any
    version of apache >=2.2.12 will include the security fix I need. So I go
    and download the apache2-2.2.21-54.1.x86_64.rpm from ‘Index of
    /repositories/Apache/SLE_11_SP1/x86_64’
    (http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/)
    (last updated on 12-Dec-11) and install it. When I check the changelog I
    do not see the cve-3348 udpate. So what am I missing here ? Also I
    suppose this is an unofficial release as this is created out of the OBS
    project.

malcolmlewis;2160120 Wrote:[color=blue]

On Sat, 10 Dec 2011 06:06:01 GMT
Hi
Just remember the rpms from external sources (Open Build Service)
aren’t supported as such. If you can stick to the ‘official’ ones it’s
better :wink:


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 20:50, 3 users, load average: 0.33, 0.20, 0.16
GPU GeForce 8600 GTS Silent - Driver Version: 290.10[/color]


mail2sekh

mail2sekh’s Profile: http://forums.novell.com/member.php?userid=110461
View this thread: http://forums.novell.com/showthread.php?t=449116

On Thu, 15 Dec 2011 07:56:06 GMT
mail2sekh mail2sekh@no-mx.forums.novell.com wrote:
[color=blue]

Hi,
Some stupid questions follow.

  1. I am specifically looking at the security update CVE-2011-3348. I
    found this link ‘NOVELL: Downloads - Apache2 5344’
    (http://download.novell.com/Download?buildid=wANc3xGRZJY~)
    which is a security update to apache 2.2.12(patch-5344) for CVE-3192
    but it also includes what I want ie 3348. However the access is
    restricted. So is this the ‘official’ release that you meant ? And I
    would need a paid account to download this patch ?[/color]

Yes, this is correct
[color=blue]

  1. This link ‘CVE-2011-3348’
    (http://support.novell.com/security/cve/CVE-2011-3348.html) says any
    version of apache >=2.2.12 will include the security fix I need. So I
    go and download the apache2-2.2.21-54.1.x86_64.rpm from ‘Index of
    /repositories/Apache/SLE_11_SP1/x86_64’
    (http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/)
    (last updated on 12-Dec-11) and install it. When I check the
    changelog I do not see the cve-3348 udpate. So what am I missing
    here ? Also I suppose this is an unofficial release as this is
    created out of the OBS project.
    [/color]
    Two different paths, the fixes from the one above are backported to
    version X.X.XX into the SP1 ‘released’ version. By virtue of the
    release being >=2.2.12 it will be there, but not all are necessarily
    mentioned.


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.4 (x86_64) Kernel 2.6.37.6-0.9-desktop
up 1 day 15:19, 3 users, load average: 0.06, 0.09, 0.09
GPU GeForce 8600 GTS Silent - Driver Version: 290.10