Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[18.09] Apache httpd: 2.4.34 -> 2.4.38 #56374

Closed
wants to merge 4 commits into from

Conversation

@tokudan
Copy link
Contributor

tokudan commented Feb 25, 2019

Motivation for this change

fixes #56366
Note: I've successfully executed the binaries, but don't run a webserver I could update.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

tokudan and others added 4 commits Sep 25, 2018
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/apache-httpd/versions

(cherry picked from commit 524c212)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/apache-httpd/versions

(cherry picked from commit 8e24ea9)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/apache-httpd/versions

(cherry picked from commit 61bcf59)
@tokudan tokudan changed the title Issue 56366 Apache httpd: 2.4.34 -> 2.4.38 Feb 25, 2019
@GrahamcOfBorg GrahamcOfBorg requested review from peti and lovek323 Feb 25, 2019
@xeji xeji changed the title Apache httpd: 2.4.34 -> 2.4.38 [18.09] Apache httpd: 2.4.34 -> 2.4.38 Feb 25, 2019
@aanderse

This comment has been minimized.

Copy link
Contributor

aanderse commented Feb 25, 2019

@tokudan Just to be clear this CVE does not impact 18.09!

@tokudan

This comment has been minimized.

Copy link
Contributor Author

tokudan commented Feb 25, 2019

missed the detail about only version 2.4.37 being affected, so this PR is basically irrelevant.

@tokudan tokudan closed this Feb 25, 2019
@tokudan tokudan deleted the tokudan:issue-56366 branch Feb 25, 2019
@aanderse

This comment has been minimized.

Copy link
Contributor

aanderse commented Feb 26, 2019

@tokudan I wouldn't call this irrelevant. In #55925 I asked @peti if there was a specific reason apache hasn't been bumped in 18.09 yet... though haven't received a response yet.

The apache version in 18.09 very well may have a CVE (or two) that applies to us, see https://www-us.apache.org/dist/httpd/CHANGES_2.4

Consider reopening this PR. I would have opened it myself but was waiting on an answer as I mentioned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.