Thursday, 29 July 2010

FreeBSD - APACHE: Remote DoS bug in mod_cache and mod_dav.

In this part:

- daily maintenance
- upgrade APACHE and related issues
- portmaster + ports upgrade

I'm monitoring web-server with FreeBSD 6.4-STABLE.
Today I found warning in my mailbox thanks to "portaudit":

Affected package: apache-2.2.14_6
Type of problem: apache -- Remote DoS bug in mod_cache and mod_dav.

APACHE warnings are important for all administrators.

Portmaster is good as it upgrading all related packages. Sometimes I wish to use portupgrade - as it upgrade only given port.

root@server:/root/> portmaster apache-2.2.14_6

It asking for some details:

 Firstly it checks for dependencies

=== Starting check for build dependencies
=== Gathering dependency list for ...
=== Starting dependency check
=== Dependency check complete for databases/db42
        apache-2.2.14_6 >> devel/apr1 >> databases/db42

secondly it creating new binaries
c++ -c -I. -I./../dist/.. -D_THREAD_SAFE -O2 -fno-strict-aliasing -pipe ./../dist/../cxx/cxx_db.cpp  -fPIC -DPIC -o .libs/cxx_db.o /bin/sh ./libtool --mode=compile c++ -c -I. -I./../dist/..  -D_THREAD_SAFE -O2 -fno-strict-aliasing -pipe ./../dist/../cxx/cxx_dbc.cpp  c++ -c -I. -I./../dist/.. -D_THREAD_SAFE -O2 -fno-strict-a

Perl + Python has been upgraded.
=== Upgrade of perl-5.10.1_1 to perl-5.10.1_2 succeeded
=== Upgrade of python26-2.6.2_3 to python26-2.6.5_1 succeeded

...and, faux-pax:

Stop in /usr/ports/www/apache22.
*** Error code 1
=== Installation of apache-2.2.16 (www/apache22) failed
=== Aborting update

I found that problems are: libtool + apr1
Finaly the APACHE upgrade by successful way:

# cd /usr/local/bin; ll lib*; rm libtool
# cd /var/db/pkg; pkg_delete auto* libtool*
# cd /usr/local/bin; rm -rf auto* libtool*
# cd /usr/ports/devel/libtool22; make install clean
# cd /usr/ports/devel/apr1/
# make deinstall reinstall clean

# cd /usr/ports/www/apache22
# nice -19 make install clean
# /usr/local/etc/rc.d/apache22 graceful

References here
+ here.

Time: 2h

0 komentářů:

Post a comment