RedHat has issued an advisory on December 3: https://rhn.redhat.com/errata/RHSA-2013-1779.html Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Status: NEW => ASSIGNED
solved in Cauldron
Thanks Thomas. Fixed in Cauldron in apache-mod_nss-1.0.8-26.mga4.
Version: Cauldron => 3Whiteboard: MGA3TOO => (none)
I see apache-mod_nss-1.0.8-16.4.mga3 was uploaded in updates_testing by Thomas. Is this ready for QA?
The policy says, I should do some preliminary test, so I will and let you know.
This package is now ready for QA. I upgraded a working VM with this fix. I used a reconfigured (using port 8443) roundcubemail and logged in, received and sent e-mail successfully. I also logged in as https://localhost:8443 and receive the nice default message "It works" I didn't do a fresh install. I am now going to reassign it to QA The update package are: apache-mod_nss-1.0.8-16.4.mga3.srpm apache-mod_nss-1.0.8-16.4.mga3.i586.rpm apache-mod_nss-1.0.8-16.4.mga3.x86_64.rpm
CC: (none) => thomasAssignee: thomas => qa-bugs
Thanks Thomas! Advisory: ======================== Updated apache-mod_nss package fixes security vulnerability: A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided (CVE-2013-4566). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566 https://rhn.redhat.com/errata/RHSA-2013-1779.html ======================== Updated packages in core/updates_testing: ======================== apache-mod_nss-1.0.8-16.4.mga3 from apache-mod_nss-1.0.8-16.4.mga3.src.rpm
Procedure: https://bugs.mageia.org/show_bug.cgi?id=11364#c3 Testing mga3 64 %post issues in this one Thomas. installing apache-mod_nss-1.0.8-16.4.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############################################### 1/1: apache-mod_nss ############################################### Failed to issue method call: Unit httpd-prefork.service failed to load: No such file or directory. See system logs and 'systemctl status httpd-prefork.service' for details. warning: %post(apache-mod_nss-1.0.8-16.4.mga3.x86_64) scriptlet failed, exit status 6 ERROR: 'script' failed for apache-mod_nss-1.0.8-16.4.mga3.x86_64: 1/1: removing apache-mod_nss-1.0.8-16.3.mga3.x86_64 ############################################### ---------------------------------------------------------------------- More information on package apache-mod_nss-1.0.8-16.4.mga3.x86_64 NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss ----------------------------------------------------------------------
Whiteboard: (none) => feedback
cleared any old certs to confirm but still the same # urpme apache-mod_nss removing apache-mod_nss-1.0.8-16.4.mga3.x86_64 Failed to issue method call: Unit httpd-prefork.service not loaded. Failed to issue method call: No such file or directory removing package apache-mod_nss-1.0.8-16.4.mga3.x86_64 1/1: removing apache-mod_nss-1.0.8-16.4.mga3.x86_64 ############################################### # rm -rf /etc/pki/nss/apache-mod_nss/
The apache-mod_nss %post scripts refer to the httpd service, not httpd-prefork, and the reason you're seeing this is you have a dangling symlink left over from a Mageia 2 upgrade: [david@mageia ~]$ ls -l /etc/systemd/system/httpd.service lrwxrwxrwx 1 root root 41 Mar 19 2013 /etc/systemd/system/httpd.service -> /lib/systemd/system/httpd-prefork.service Remove that symlink in /etc and you should be OK.
Whiteboard: feedback => (none)
That is indeed what it was David, thanks. With the dangling link removed it's fine and testing complete mga3 64.
Whiteboard: (none) => has_procedure mga3-64-ok
Testing complete mga3 32 Validating. Advisory uploaded. Could sysadmin please push from 3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: has_procedure mga3-64-ok => has_procedure advisory mga3-64-ok mga3-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0381.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED