Bug 29497

Summary: Apache Update crashes server!
Product: Mageia Reporter: Marc Krämer <mageia>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: Normal CC: nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: apache-2.4.49-1.mga8.src.rpm CVE:
Status comment:

Description Marc Krämer 2021-09-28 10:52:47 CEST 
in combination e.g. with php, the "old" configuration is not accepted:
AH10292: Invalid proxy UDS filename (proxy:unix:///var/run
/php-fpm/demo.sock|fcgi://127.0.0.1:9005//mnt/www/health.php)
Comment 2 Lewis Smith 2021-09-28 21:10:38 CEST 
Thanks for the report, especially the two Apache bug references. It looks like the culprit is apache (mod_rewrite).

The two apache bugs are marked as duplicates, and contain several patches to 'mod_rewrite':
of which "Patch 38043 is the mandatory patch":
 https://bz.apache.org/bugzilla/attachment.cgi?id=38043&action=diff
[plus 
 https://bz.apache.org/bugzilla/attachment.cgi?id=38045&action=diff
of which is said "patch 38045 ... does not make different, it does not work" and "Only one of the patches should be applied"; so I would go for 38043.]
PLUS
 https://bz.apache.org/bugzilla/attachment.cgi?id=37289&action=diff

Are both necessary? This is all rather confusing, but I think is summarised in both the Apache bugs by: "This is now fixed in trunk (r1893516)"

Apache has various committers, so assigning this globally.

Assignee: bugsquad => pkg-bugs
Summary: Update crashes server! => Apache Update crashes server!
Source RPM: apache-mod_proxy-2.4.49-1.mga8.x86_64 => apache-2.4.49-1.mga8.src.rpm, apache-mod_proxy-2.4.49-1.mga8.x86_64

Comment 3 David Walser 2021-09-29 00:39:14 CEST 
Ubuntu has issued an advisory for this today (September 28):
https://ubuntu.com/security/notices/USN-5090-3
Comment 4 Nicolas Salguero 2021-09-29 14:07:33 CEST 
Hi,

Could you try apache-2.4.49-1.1.mga8, which is in updates_testing, to see if it solves the problem, please?

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 5 Marc Krämer 2021-09-29 14:53:32 CEST 
yepp, that one looks good. No issue starting, serving data.
Comment 6 Nicolas Salguero 2021-09-29 14:59:27 CEST 
Suggested advisory:
========================

The updated packages fix a regression introduced in version 2.4.49.

References:
https://ubuntu.com/security/notices/USN-5090-3
========================

Updated packages in core/updates_testing:
========================
apache-mod_proxy-2.4.49-1.1.mga8
apache-devel-2.4.49-1.1.mga8
apache-mod_http2-2.4.49-1.1.mga8
apache-mod_dav-2.4.49-1.1.mga8
apache-mod_ssl-2.4.49-1.1.mga8
apache-mod_cache-2.4.49-1.1.mga8
apache-mod_session-2.4.49-1.1.mga8
apache-mod_ldap-2.4.49-1.1.mga8
apache-mod_proxy_html-2.4.49-1.1.mga8
apache-mod_dbd-2.4.49-1.1.mga8
apache-mod_suexec-2.4.49-1.1.mga8
apache-htcacheclean-2.4.49-1.1.mga8
apache-mod_brotli-2.4.49-1.1.mga8
apache-mod_userdir-2.4.49-1.1.mga8
apache-2.4.49-1.1.mga8
apache-doc-2.4.49-1.1.mga8

from SRPM:
apache-2.4.49-1.1.mga8.src.rpm

Source RPM: apache-2.4.49-1.mga8.src.rpm, apache-mod_proxy-2.4.49-1.mga8.x86_64 => apache-2.4.49-1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED

Comment 7 David Walser 2021-09-29 16:08:25 CEST 
Already confirmed working by Marc (assuming x86_64).

Whiteboard: (none) => MGA8-64-OK

Thomas Backlund 2021-09-29 18:45:54 CEST

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2021-09-29 19:23:53 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2021-0195.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED