From owner-freebsd-apache@FreeBSD.ORG Mon Sep 26 06:15:49 2011 Return-Path: Delivered-To: freebsd-apache@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id D6F2F1065670 for ; Mon, 26 Sep 2011 06:15:49 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 3E331150C9E; Mon, 26 Sep 2011 06:15:49 +0000 (UTC) Message-ID: <4E801894.6060907@FreeBSD.org> Date: Sun, 25 Sep 2011 23:15:48 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0.2) Gecko/20110912 Thunderbird/6.0.2 MIME-Version: 1.0 To: "Philip M. Gollucci" References: <4E621BDD.9000207@FreeBSD.org> <4E621D2C.2090204@FreeBSD.org> <4E6642E0.5050101@p6m7g8.com> In-Reply-To: <4E6642E0.5050101@p6m7g8.com> X-Enigmail-Version: undefined OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-apache@freebsd.org Subject: Re: FreeBSD port(s) you maintain which are currently vulnerable X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 06:15:49 -0000 On 09/06/2011 08:57, Philip M. Gollucci wrote: > On 09/03/11 12:27, Doug Barton wrote: >> /usr/ports/devel/apr0 >> /usr/ports/russian/apache13 >> /usr/ports/russian/apache13-modssl >> /usr/ports/www/apache13-ssl >> /usr/ports/www/apache20 > > We'll deal with these. Thanks! I see deprecated for: russian/apache13 russian/apache13-modssl www/apache13-ssl www/apache20 Nothing for: devel/apr0 Is that one going to be fixed? Affected package: apr-0.9.19.0.9.19_1 Type of problem: apr -- multiple vulnerabilities. Reference: http://portaudit.FreeBSD.org/eb9212f7-526b-11de-bbf2-001b77d09812.html Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ From owner-freebsd-apache@FreeBSD.ORG Mon Sep 26 11:06:13 2011 Return-Path: Delivered-To: apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91D451065670 for ; Mon, 26 Sep 2011 11:06:13 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 80EB48FC1E for ; Mon, 26 Sep 2011 11:06:13 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p8QB6DBR087463 for ; Mon, 26 Sep 2011 11:06:13 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p8QB6Cbx087461 for apache@FreeBSD.org; Mon, 26 Sep 2011 11:06:12 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 26 Sep 2011 11:06:12 GMT Message-Id: <201109261106.p8QB6Cbx087461@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: apache@FreeBSD.org Cc: Subject: Current problem reports assigned to apache@FreeBSD.org X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 11:06:13 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/160702 apache devel/apr1: CLANG build produces unusable library for o ports/159812 apache [PATCH] www/apache20,www/apache22 Strip Binaries o ports/159661 apache [maintainer] Minor cleanup to www/mod_macro22 o ports/159608 apache www/apache22: apache WITH_BDB_BASE settings described o ports/158565 apache www/apache22: Add rlimits based on login class for mpm f ports/158544 apache Port www/mod_perl2 fails to build o ports/157554 apache www/apache22: Apache RLimitNPROC does not work as inte o ports/156987 apache www/apache22: Harden SSL cipher suites strength and SS o ports/156787 apache www/mod_auth_kerb2 fails on undefined symbol with base f ports/156719 apache ab: apr_socket_recv: Connection reset by peer (54) o ports/156251 apache [PATCH] Enable module by default for www/mod_fastcgi o ports/153406 apache www/apache22's SUEXEC_RSRCLIMIT option does not take e o ports/153264 apache www/apache22 and apache13-modssl -- rc.d script improv o ports/147806 apache [PATCH] www/apache20: httpd doesn't start with WITH_LD o ports/147282 apache errors when starting www/apache22 after installation o o ports/146199 apache www/apache20: port does not use make config o ports/144010 apache devel/apr1 tries to use SYSVIPC even in jails o ports/130479 apache www/apache20 and www/apache22 configure_args busted o ports/125183 apache www/apache22 wrong SUEXEC_DOCROOT o ports/124375 apache security/heimdal: www/mod_auth_kerb doesn't compile ag s ports/108169 apache www/apache20 wrong AP_SAFE_PATH for suEXEC 21 problems total. From owner-freebsd-apache@FreeBSD.ORG Mon Sep 26 16:14:59 2011 Return-Path: Delivered-To: freebsd-apache@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B0E6106566B; Mon, 26 Sep 2011 16:14:59 +0000 (UTC) (envelope-from pgollucci@p6m7g8.com) Received: from exhub015-2.exch015.msoutlookonline.net (exhub015-2.exch015.msoutlookonline.net [207.5.72.94]) by mx1.freebsd.org (Postfix) with ESMTP id E99998FC14; Mon, 26 Sep 2011 16:14:55 +0000 (UTC) Received: from philip.hq.rws (174.79.184.239) by smtpx15.msoutlookonline.net (207.5.72.103) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 26 Sep 2011 09:14:55 -0700 Message-ID: <4E80A4FE.6000605@p6m7g8.com> Date: Mon, 26 Sep 2011 16:14:54 +0000 From: "Philip M. Gollucci" Organization: P6M7G8 Inc. User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.16) Gecko/20110507 Thunderbird/3.0.11 MIME-Version: 1.0 To: Doug Barton References: <4E621BDD.9000207@FreeBSD.org> <4E621D2C.2090204@FreeBSD.org> <4E6642E0.5050101@p6m7g8.com> <4E801894.6060907@FreeBSD.org> In-Reply-To: <4E801894.6060907@FreeBSD.org> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Cc: freebsd-apache@FreeBSD.org Subject: Re: FreeBSD port(s) you maintain which are currently vulnerable X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 16:14:59 -0000 AFAIK, we should whack it when we remove www/apache20. Feel free to match the dates, or one of us will get to it. On 09/26/11 06:15, Doug Barton wrote: > On 09/06/2011 08:57, Philip M. Gollucci wrote: >> On 09/03/11 12:27, Doug Barton wrote: >>> /usr/ports/devel/apr0 >>> /usr/ports/russian/apache13 >>> /usr/ports/russian/apache13-modssl >>> /usr/ports/www/apache13-ssl >>> /usr/ports/www/apache20 >> >> We'll deal with these. > > Thanks! > > I see deprecated for: > russian/apache13 > russian/apache13-modssl > www/apache13-ssl > www/apache20 > > Nothing for: > devel/apr0 > > Is that one going to be fixed? > Affected package: apr-0.9.19.0.9.19_1 > Type of problem: apr -- multiple vulnerabilities. > Reference: > http://portaudit.FreeBSD.org/eb9212f7-526b-11de-bbf2-001b77d09812.html > > > Doug > -- ------------------------------------------------------------------------ 1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 VP Infrastructure, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Director Operations, Ridecharge Inc. Work like you don't need the money, love like you'll never get hurt, and dance like nobody's watching. From owner-freebsd-apache@FreeBSD.ORG Mon Sep 26 17:52:25 2011 Return-Path: Delivered-To: freebsd-apache@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 3880E106566C for ; Mon, 26 Sep 2011 17:52:25 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id D22941510AD; Mon, 26 Sep 2011 17:52:24 +0000 (UTC) Message-ID: <4E80BBD8.8090009@FreeBSD.org> Date: Mon, 26 Sep 2011 10:52:24 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0.2) Gecko/20110912 Thunderbird/6.0.2 MIME-Version: 1.0 To: "Philip M. Gollucci" References: <4E621BDD.9000207@FreeBSD.org> <4E621D2C.2090204@FreeBSD.org> <4E6642E0.5050101@p6m7g8.com> <4E801894.6060907@FreeBSD.org> <4E80A4FE.6000605@p6m7g8.com> In-Reply-To: <4E80A4FE.6000605@p6m7g8.com> X-Enigmail-Version: undefined OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-apache@FreeBSD.org Subject: Re: FreeBSD port(s) you maintain which are currently vulnerable X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 17:52:25 -0000 Sounds good, thanks. :) On 09/26/2011 09:14, Philip M. Gollucci wrote: > AFAIK, we should whack it when we remove www/apache20. Feel free to > match the dates, or one of us will get to it. > > On 09/26/11 06:15, Doug Barton wrote: >> On 09/06/2011 08:57, Philip M. Gollucci wrote: >>> On 09/03/11 12:27, Doug Barton wrote: >>>> /usr/ports/devel/apr0 >>>> /usr/ports/russian/apache13 >>>> /usr/ports/russian/apache13-modssl >>>> /usr/ports/www/apache13-ssl >>>> /usr/ports/www/apache20 >>> >>> We'll deal with these. >> >> Thanks! >> >> I see deprecated for: >> russian/apache13 >> russian/apache13-modssl >> www/apache13-ssl >> www/apache20 >> >> Nothing for: >> devel/apr0 >> >> Is that one going to be fixed? >> Affected package: apr-0.9.19.0.9.19_1 >> Type of problem: apr -- multiple vulnerabilities. >> Reference: >> http://portaudit.FreeBSD.org/eb9212f7-526b-11de-bbf2-001b77d09812.html >> >> >> Doug >> > > -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/