[users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread Ran Mozes 
to find out about CVEs you can follow the related links from the NVD site. In 
the case of CVE-2021-40438 it led me to 
https://src.fedoraproject.org/rpms/httpd#817ac0a9a475f26768e49342e055307368258b74
there you could dig so more to find information about the 
users/commits/contents. 

HTH

> Am 23.09.2021 um 11:45 schrieb Riccardo Schirone :
> 
> Hi,
> 
> I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275,
> CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49. The
> CHANGES file and the security page on the website just contain very short
> descriptions of the flaws.
> 
> I'd like to know what are the specific issues, patches, and files related to
> each flaw, so that I can better understand what is the impact of each of these
> flaws.
> 
> Thanks in advance for any information,
> -- 
> Riccardo Schirone
> Red Hat -- Product Security
> Email: rschi...@redhat.com
> PGP-Key ID: CF96E110


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Re: [E] [users@httpd] [External] : [users@httpd] Problems compiling under Solaris 10

2021-09-06 Thread Ran Mozes 
Thanks for the update. I was also able to compile it on another Solaris10 x86 
machine so it must have been some issue with the environment.
In my case I needed to compile it with a specific openssl version located in a 
predefined path.  On Solaris10 Sparc btw I had compilation issues. Some 
compilation
„libtool“ commands where failing and I had to manually change -R and -L flags 
to point to the openssl path. It looks like the parameters were not transferred
correctly through the build process. At the end I got it working :)

Am 01.09.2021 um 17:12 schrieb Reed, Nigel 
mailto:nr...@verizon.com>>:

I think I finally got it to compile. Here are my notes. We have an older system 
that hasn't been updated for a while so I had to make it think that openssl was 
ok. It seems to be running ok.

: open configure
: search for: if OPENSSL_VERSION_NUMBER
: Replace the < with >
: Repeat. It should appear 3 times.

#  CC=gcc ab_CFLAGS="-I/usr/sfw/include" ./configure 
--prefix=/home/apache1/httpd8090 --with-included-apr 
--with-pcre=/home/apache1/httpd8090/bin/pcre-config --disable-ssl
# gmake
# gmake install
# cd /home/apache1



On Wed, Sep 1, 2021 at 2:32 AM Ran Mozes 
mailto:ran.mo...@oracle.com>> wrote:
fyi, I have opened a bug. In case someone is interested or experiencing the 
same please feel free to add to it:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65542<https://urldefense.proofpoint.com/v2/url?u=https-3A__bz.apache.org_bugzilla_show-5Fbug.cgi-3Fid-3D65542=DwMGaQ=udBTRvFvXC5Dhqg7UHpJlPps3mZ3LRxpb6__0PomBTQ=N8OdTy9_Fvlb1tDaqVNjOdsWj941NG3Nx_gxKCju7k8=Kgf8pUYeKV4SmU--kCRJcbyuGCfnY7yYTiUha5mr1Ug=zitoD_fiFsUkXIn6vQwqspQduuocwYdZlcAEAX7FVM4=>


Am 31.08.2021 um 17:08 schrieb Ran Mozes 
mailto:ran.mo...@oracle.com>>:

Thanks. Unfortunately it didn’t work for me. I still get the same errors.
Is there a another way of disabling AB (an option to "./configure“)?. I haven’t 
found such so far.


Am 30.08.2021 um 16:30 schrieb Dino Ciuffetti 
mailto:d...@tuxweb.it>>:

If you don't need ab (Apache Benchmark):

cd support ; touch ab ; cd .. ; make

This way you will skip the ab compilation.


30 agosto 2021 13:47, "Ran Mozes" 
mailto:ran.mo...@oracle.com?to=%22ran%20mozes%22%20%3cran.mo...@oracle.com%3E>>
 wrote:

Hi Nigel, all,
I am experiencing the exact same errors while trying to compile apache-2.4.48 
on a Solaris 10 X86 machine.
bash-3.2$ libtool --silent --mode=link gcc -std=gnu99 -g -O2 -o ab ab.lo -lz 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la<https://urldefense.com/v3/__http://libaprutil-1.la__;!!ACWV5N9M2RV99hQ!dcaz3DMZqAdKSyMpzOe7SjImcqtAUQ6dBaOQgnC_aMSDy15m1OqpKhM9DM6bSv0$>
 -lexpat 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la<https://urldefense.com/v3/__http://libapr-1.la__;!!ACWV5N9M2RV99hQ!dcaz3DMZqAdKSyMpzOe7SjImcqtAUQ6dBaOQgnC_aMSDy15m1OqpKhM9pCOdnvU$>
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined first referenced
symbol in file
TLSv1_2_client_method ab.o
TLSv1_1_client_method ab.o
BIO_set_callback ab.o
EVP_PKEY_id ab.o
BIO_set_callback_arg ab.o
BIO_get_callback_arg ab.o
SSL_CTX_set_info_callback ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status
Any solution found?
Thanks,
Ran
Am 23.07.2021 um 11:11 schrieb Reed, Nigel 
mailto:nr...@verizon.com.INVALID>>:
Hi all,
I asked this on the freenode IRC channel and was directed to the dev list, but 
since that's not for support I'll ask here and hope the devs are watching.
I compiled apache-2.4.46 about a year ago and had no problems. Yesterday I went 
to compile apache-2.4.48 and received some errors. I went back to try and 
rebuild .46 and got the same errors. I found out that someone updated the 
server, so a change has broken the build and I cannot figure out where to go 
from here.
These are my configure options:
./configure --prefix=/home/apache1/httpd8090 --with-included-apr 
--with-pcre=/home/apache1/httpd8090/bin/pcre-config --disable-ssl
and the error I get is
Making all in support
gmake[1]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
gmake[2]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libtool --silent 
--mode=link gcc -std=gnu99 -g -O2 \
-o ab ab.lo 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la<https://urldefense.com/v3/__http://libaprutil-1.la__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-bIa2fM8%24>
 -lexpat 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la<https://urldefense.com/v3/__http://libapr-1.la__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-Zd3WfSs%24>
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -l

Re: [users@httpd] [External] : [users@httpd] Problems compiling under Solaris 10

2021-09-01 Thread Ran Mozes 
fyi, I have opened a bug. In case someone is interested or experiencing the 
same please feel free to add to it:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65542


Am 31.08.2021 um 17:08 schrieb Ran Mozes 
mailto:ran.mo...@oracle.com>>:

Thanks. Unfortunately it didn’t work for me. I still get the same errors.
Is there a another way of disabling AB (an option to "./configure“)?. I haven’t 
found such so far.


Am 30.08.2021 um 16:30 schrieb Dino Ciuffetti 
mailto:d...@tuxweb.it>>:

If you don't need ab (Apache Benchmark):

cd support ; touch ab ; cd .. ; make

This way you will skip the ab compilation.


30 agosto 2021 13:47, "Ran Mozes" 
mailto:ran.mo...@oracle.com?to=%22ran%20mozes%22%20%3cran.mo...@oracle.com%3E>>
 wrote:

Hi Nigel, all,
I am experiencing the exact same errors while trying to compile apache-2.4.48 
on a Solaris 10 X86 machine.
bash-3.2$ libtool --silent --mode=link gcc -std=gnu99 -g -O2 -o ab ab.lo -lz 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la<https://urldefense.com/v3/__http://libaprutil-1.la__;!!ACWV5N9M2RV99hQ!dcaz3DMZqAdKSyMpzOe7SjImcqtAUQ6dBaOQgnC_aMSDy15m1OqpKhM9DM6bSv0$>
 -lexpat 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la<https://urldefense.com/v3/__http://libapr-1.la__;!!ACWV5N9M2RV99hQ!dcaz3DMZqAdKSyMpzOe7SjImcqtAUQ6dBaOQgnC_aMSDy15m1OqpKhM9pCOdnvU$>
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined first referenced
symbol in file
TLSv1_2_client_method ab.o
TLSv1_1_client_method ab.o
BIO_set_callback ab.o
EVP_PKEY_id ab.o
BIO_set_callback_arg ab.o
BIO_get_callback_arg ab.o
SSL_CTX_set_info_callback ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status
Any solution found?
Thanks,
Ran
Am 23.07.2021 um 11:11 schrieb Reed, Nigel 
mailto:nr...@verizon.com.INVALID>>:
Hi all,
I asked this on the freenode IRC channel and was directed to the dev list, but 
since that's not for support I'll ask here and hope the devs are watching.
I compiled apache-2.4.46 about a year ago and had no problems. Yesterday I went 
to compile apache-2.4.48 and received some errors. I went back to try and 
rebuild .46 and got the same errors. I found out that someone updated the 
server, so a change has broken the build and I cannot figure out where to go 
from here.
These are my configure options:
./configure --prefix=/home/apache1/httpd8090 --with-included-apr 
--with-pcre=/home/apache1/httpd8090/bin/pcre-config --disable-ssl
and the error I get is
Making all in support
gmake[1]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
gmake[2]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libtool --silent 
--mode=link gcc -std=gnu99 -g -O2 \
-o ab ab.lo 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la<https://urldefense.com/v3/__http://libaprutil-1.la__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-bIa2fM8%24>
 -lexpat 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la<https://urldefense.com/v3/__http://libapr-1.la__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-Zd3WfSs%24>
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined first referenced
symbol in file
TLSv1_2_client_method ab.o
TLSv1_1_client_method ab.o
BIO_set_callback ab.o
EVP_PKEY_id ab.o
BIO_set_callback_arg ab.o
BIO_get_callback_arg ab.o
SSL_CTX_set_info_callback ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status
gmake[2]: *** [ab] Error 1
Now, I compared the config.status file and it seems that ab_LIBS is now being 
set with a bunch of libraries that weren't included previously.
781,782c781,782
< S["ab_LIBS"]=""
< S["ab_CFLAGS"]="-I/usr/sfw/include "
---
> S["ab_LIBS"]=" -lssl -lcrypto -luuid -lsendfile -lrt -lsocket -lnsl -lpthread"
> S["ab_CFLAGS"]=" "
I'm sure this is the cause of my issues but I don't know how to stop these from 
being picked up. I did try to remove the libraries from the 
build/config_vars.mk<https://urldefense.com/v3/__http://config_vars.mk__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-u6T75SE%24>
 file but to no avail.
I'm using apr 1.7 and apr-util 1.6.1 fwiw.
Also, fwiw, it seems whoever set this up installed a i386 compiler.
gcc -v
Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure 
--prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as 
--with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ 
--enabl

Re: [users@httpd] [External] : [users@httpd] Problems compiling under Solaris 10

2021-08-31 Thread Ran Mozes 
Thanks. Unfortunately it didn’t work for me. I still get the same errors.
Is there a another way of disabling AB (an option to "./configure“)?. I haven’t 
found such so far.


Am 30.08.2021 um 16:30 schrieb Dino Ciuffetti 
mailto:d...@tuxweb.it>>:

If you don't need ab (Apache Benchmark):

cd support ; touch ab ; cd .. ; make

This way you will skip the ab compilation.


30 agosto 2021 13:47, "Ran Mozes" 
mailto:ran.mo...@oracle.com?to=%22ran%20mozes%22%20%3cran.mo...@oracle.com%3E>>
 wrote:

Hi Nigel, all,
I am experiencing the exact same errors while trying to compile apache-2.4.48 
on a Solaris 10 X86 machine.
bash-3.2$ libtool --silent --mode=link gcc -std=gnu99 -g -O2 -o ab ab.lo -lz 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la<https://urldefense.com/v3/__http://libaprutil-1.la__;!!ACWV5N9M2RV99hQ!dcaz3DMZqAdKSyMpzOe7SjImcqtAUQ6dBaOQgnC_aMSDy15m1OqpKhM9DM6bSv0$>
 -lexpat 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la<https://urldefense.com/v3/__http://libapr-1.la__;!!ACWV5N9M2RV99hQ!dcaz3DMZqAdKSyMpzOe7SjImcqtAUQ6dBaOQgnC_aMSDy15m1OqpKhM9pCOdnvU$>
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined first referenced
symbol in file
TLSv1_2_client_method ab.o
TLSv1_1_client_method ab.o
BIO_set_callback ab.o
EVP_PKEY_id ab.o
BIO_set_callback_arg ab.o
BIO_get_callback_arg ab.o
SSL_CTX_set_info_callback ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status
Any solution found?
Thanks,
Ran
Am 23.07.2021 um 11:11 schrieb Reed, Nigel 
mailto:nr...@verizon.com.INVALID>>:
Hi all,
I asked this on the freenode IRC channel and was directed to the dev list, but 
since that's not for support I'll ask here and hope the devs are watching.
I compiled apache-2.4.46 about a year ago and had no problems. Yesterday I went 
to compile apache-2.4.48 and received some errors. I went back to try and 
rebuild .46 and got the same errors. I found out that someone updated the 
server, so a change has broken the build and I cannot figure out where to go 
from here.
These are my configure options:
./configure --prefix=/home/apache1/httpd8090 --with-included-apr 
--with-pcre=/home/apache1/httpd8090/bin/pcre-config --disable-ssl
and the error I get is
Making all in support
gmake[1]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
gmake[2]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libtool --silent 
--mode=link gcc -std=gnu99 -g -O2 \
-o ab ab.lo 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la<https://urldefense.com/v3/__http://libaprutil-1.la__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-bIa2fM8%24>
 -lexpat 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la<https://urldefense.com/v3/__http://libapr-1.la__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-Zd3WfSs%24>
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined first referenced
symbol in file
TLSv1_2_client_method ab.o
TLSv1_1_client_method ab.o
BIO_set_callback ab.o
EVP_PKEY_id ab.o
BIO_set_callback_arg ab.o
BIO_get_callback_arg ab.o
SSL_CTX_set_info_callback ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status
gmake[2]: *** [ab] Error 1
Now, I compared the config.status file and it seems that ab_LIBS is now being 
set with a bunch of libraries that weren't included previously.
781,782c781,782
< S["ab_LIBS"]=""
< S["ab_CFLAGS"]="-I/usr/sfw/include "
---
> S["ab_LIBS"]=" -lssl -lcrypto -luuid -lsendfile -lrt -lsocket -lnsl -lpthread"
> S["ab_CFLAGS"]=" "
I'm sure this is the cause of my issues but I don't know how to stop these from 
being picked up. I did try to remove the libraries from the 
build/config_vars.mk<https://urldefense.com/v3/__http://config_vars.mk__;!!ACWV5N9M2RV99hQ!Ye_3j9Kud5mtsXFZRruAcicPH20qEwm2hHNRT5gAMCLSH0GABktWk3s-u6T75SE%24>
 file but to no avail.
I'm using apr 1.7 and apr-util 1.6.1 fwiw.
Also, fwiw, it seems whoever set this up installed a i386 compiler.
gcc -v
Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure 
--prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as 
--with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ 
--enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
So, any suggestions on where to go from here would be appreciated.
Thanks,
Nigel
--
[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]
[http

[users@httpd] Re: [External] : [users@httpd] Problems compiling under Solaris 10

2021-08-30 Thread Ran Mozes 
Hi Nigel, all,

I am experiencing the exact same errors while trying to compile apache-2.4.48 
on a Solaris 10 X86 machine.

bash-3.2$ libtool --silent --mode=link gcc -std=gnu99  -g -O2  -o ab  ab.lo  
-lz  
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la
 -lexpat 
apache_upgrade_2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la 
-luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined   first referenced
 symbol in file
TLSv1_2_client_method   ab.o
TLSv1_1_client_method   ab.o
BIO_set_callbackab.o
EVP_PKEY_id ab.o
BIO_set_callback_argab.o
BIO_get_callback_argab.o
SSL_CTX_set_info_callback   ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status

Any solution found?

Thanks,
Ran

Am 23.07.2021 um 11:11 schrieb Reed, Nigel 
mailto:nr...@verizon.com.INVALID>>:

Hi all,

I asked this on the freenode IRC channel and was directed to the dev list, but 
since that's not for support I'll ask here and hope the devs are watching.

I compiled apache-2.4.46 about a year ago and had no problems. Yesterday I went 
to compile apache-2.4.48 and received some errors. I went back to try and 
rebuild .46 and got the same errors. I found out that someone updated the 
server, so a change has broken the build and I cannot figure out where to go 
from here.

These are my configure options:
./configure --prefix=/home/apache1/httpd8090 --with-included-apr 
--with-pcre=/home/apache1/httpd8090/bin/pcre-config --disable-ssl

and the error I get is

Making all in support
gmake[1]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
gmake[2]: Entering directory 
`/home/apache1/source/apache-2.4.48/httpd-2.4.48/support'
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libtool --silent 
--mode=link gcc -std=gnu99  -g -O2\
 -o ab  ab.lo   
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr-util/libaprutil-1.la
 -lexpat 
/home/apache1/source/apache-2.4.48/httpd-2.4.48/srclib/apr/libapr-1.la
 -luuid -lsendfile -lrt -lsocket -lnsl -lpthread -lm -lssl -lcrypto -luuid 
-lsendfile -lrt -lsocket -lnsl -lpthread
Undefined   first referenced
 symbol in file
TLSv1_2_client_method   ab.o
TLSv1_1_client_method   ab.o
BIO_set_callbackab.o
EVP_PKEY_id ab.o
BIO_set_callback_argab.o
BIO_get_callback_argab.o
SSL_CTX_set_info_callback   ab.o
ld: fatal: symbol referencing errors. No output written to .libs/ab
collect2: ld returned 1 exit status
gmake[2]: *** [ab] Error 1

Now, I compared the config.status file and it seems that ab_LIBS is now being 
set with a bunch of libraries that weren't included previously.

781,782c781,782
< S["ab_LIBS"]=""
< S["ab_CFLAGS"]="-I/usr/sfw/include  "
---
> S["ab_LIBS"]="  -lssl -lcrypto -luuid -lsendfile -lrt -lsocket -lnsl 
> -lpthread"
> S["ab_CFLAGS"]=" "

I'm sure this is the cause of my issues but I don't know how to stop these from 
being picked up. I did try to remove the libraries from the 
build/config_vars.mk
 file but to no avail.

I'm using apr 1.7 and apr-util 1.6.1 fwiw.

Also, fwiw, it seems whoever set this up installed a i386 compiler.
gcc -v
Reading specs from /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/specs
Configured with: /builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure 
--prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as 
--with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ 
--enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)

So, any suggestions on where to go from here would be appreciated.

Thanks,
Nigel



--
[http://ss7.vzw.com/is/image/VerizonWireless/vz-logo-email]
[http://ss7.vzw.com/is/image/VerizonWireless/vz-sig-facebook?$defaultscale$]
  [http://ss7.vzw.com/is/image/VerizonWireless/vz-sig-twitter?$defaultscale$] 

  [http://ss7.vzw.com/is/image/VerizonWireless/vz-sig-linkedin?$defaultscale$]

Re: [users@httpd] [External] Re: [users@httpd] Struggling with "decryption failed or bad record mac" error

2021-06-10 Thread Ran Mozes 
Hi Matteo,

sounds like various issues could be the root cause. Maybe a negotiation issue 
on the TLS version and/or the Ciphers used? 
Another option, the error "SSL3_GET_RECORD:decryption failed or bad record mac“ 
could also imply that something is wrong with the certificates being used.

HTH,
Ran 

> Am 09.06.2021 um 10:06 schrieb Piemonti, Matteo 
> :
> 
> Hi,
>   has someone any suggestion about this topic?
> 
> 
> Thanks
> Matteo
> 
> -Original Message-
> From: Piemonti, Matteo 
> Sent: lunedì 24 maggio 2021 09:56
> To: users@httpd.apache.org
> Subject: RE: [External] Re: [users@httpd] Struggling with "decryption failed 
> or bad record mac" error
> 
> Hi,
>   in my first message you can find many informations...
> The only TLS available is TLS 1.2 and the openssl version is OpenSSL 
> 1.0.2k-fips (the last one of RedHat 7.9), we have this random problem only 
> from a customer that is using .net. In my opinion it should be a client 
> problem but hard to demonstrate.
> Which specific directives do you want to see of httpd-ssl.conf?
> 
> 
> Matteo
> 
> -Original Message-
> From: Daniel Ferradal 
> Sent: domenica 23 maggio 2021 20:49
> To:  
> Subject: [External] Re: [users@httpd] Struggling with "decryption failed or 
> bad record mac" error
> 
> This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with 
> links and attachments.
> 
> Hello,
> 
> Perhaps you may provide more info. Like the openssl version you are using, 
> your SSL related directives in your server, the openssl version or SSL 
> version of the client, the protocol the client is trying to use.
> 
> Also, is this happening with all clients? just one?
> 
> Can you reproduce it with "openssl s_client -connect" command? or even curl? 
> etc.
> 
> El vie, 21 may 2021 a las 12:25, Piemonti, Matteo
> () escribió:
>> 
>> Hi,
>> 
>>  we’re having a weird error on Apache httpd server that I can’t 
>> understand how to troubleshoot it and not clear to me if it is an our 
>> problem (apache http server) or a problem of the caller.
>> 
>> 
>> 
>> We have actually this configuration:
>> 
>> 
>> 
>> Server version: Apache/2.4.46 (Unix)
>> 
>> Server built:   May 13 2021 05:46:31
>> 
>> Server's Module Magic Number: 20120211:93
>> 
>> Server loaded:  APR 1.6.5, APR-UTIL 1.6.1
>> 
>> Compiled using: APR 1.6.5, APR-UTIL 1.6.1
>> 
>> Architecture:   64-bit
>> 
>> Server MPM: event
>> 
>>  threaded: yes (fixed thread count)
>> 
>>forked: yes (variable process count)
>> 
>> Server compiled with
>> 
>> -D APR_HAS_SENDFILE
>> 
>> -D APR_HAS_MMAP
>> 
>> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>> 
>> -D APR_USE_SYSVSEM_SERIALIZE
>> 
>> -D APR_USE_PTHREAD_SERIALIZE
>> 
>> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>> 
>> -D APR_HAS_OTHER_CHILD
>> 
>> -D AP_HAVE_RELIABLE_PIPED_LOGS
>> 
>> -D DYNAMIC_MODULE_LIMIT=256
>> 
>> -D HTTPD_ROOT="/data/apache2_frontend"
>> 
>> -D SUEXEC_BIN="/data/apache2_frontend/bin/suexec"
>> 
>> -D DEFAULT_PIDLOG="logs/httpd.pid"
>> 
>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>> 
>> -D DEFAULT_ERRORLOG="logs/error_log"
>> 
>> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>> 
>> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>> 
>> 
>> 
>> The problem we have is that during ssl handshake we can see (only with debug 
>> or tcpdump) an “SSL Library Error: error:1408F119:SSL 
>> routines:SSL3_GET_RECORD:decryption failed or bad record mac" into apache 
>> httpd error_log.
>> 
>> No other logs are written into access_log.
>> 
>> How is possible to troubleshoot it and understand where is the problem 
>> (caller? network? receiver?)
>> 
>> 
>> 
>> Some logs from trace:
>> 
>> 
>> 
>> [Wed May 12 17:52:04.134409 2021] [ssl:debug] [pid 10532:tid 
>> 140112100849408] ssl_engine_kernel.c(1741): [client ip:port] AH02275:
>> Certificate Verification, depth 2, CRL checking mode: none (0)
>> [subject: CN=etc etc etc]
>> 
>> [Wed May 12 17:52:04.134553 2021] [ssl:debug] [pid 10532:tid 
>> 140112100849408] ssl_engine_kernel.c(1741): [client ip:port] AH02275:
>> Certificate Verification, depth 1, CRL checking mode: none (0)
>> [subject: CN=etc etc etc]
>> 
>> [Wed May 12 17:52:04.134681 2021] [ssl:debug] [pid 10532:tid 
>> 140112100849408] ssl_engine_kernel.c(1741): [client ip:port] AH02275:
>> Certificate Verification, depth 0, CRL checking mode: none (0)
>> [subject: CN=etc etc etc]
>> 
>> [Wed May 12 17:52:04.134705 2021] [ssl:trace3] [pid 10532:tid 
>> 140112100849408] ssl_engine_kernel.c(2192): [client ip:port] OpenSSL:
>> Loop: SSLv3 read client certificate A
>> 
>> [Wed May 12 17:52:04.138368 2021] [ssl:trace3] [pid 10532:tid 
>> 140112100849408] ssl_engine_kernel.c(2192): [client ip:port] OpenSSL:
>> Loop: SSLv3 read client key exchange A
>> 
>> [Wed May 12 17:52:04.138492 2021] [ssl:trace3] [pid 10532:tid 
>> 140112100849408] ssl_engine_kernel.c(2192): [client ip:port] OpenSSL:
>> Loop: SSLv3 read certificate verify A
>> 
>> [Wed May 12 17:52:04.138513 2021]

Re: [users@httpd] Updating apache from 2.4.6 to 2.4.46

2020-12-21 Thread Ran Mozes 
Hi Kapil,

the symbols which are not found seem to be pointing to not finding the OpenSSL. 
I usually build Apache from source and not through the rpmbuild
but my guess would be that your building env is missing the openssl and/or 
maybe one needs to set the LD_LIBRARY_PATH env variable to point to the 
required SSL installation path before building.

HTH,
Ran   

> Am 18.12.2020 um 12:30 schrieb Kapil Awate :
> 
> Hi All,
>  
> Can anyone help me with below ? Want to build rpm for apache 2.4.46 and 
> upgrade it from 2.4.6 on production. Can anyone point/help me ?
>  
> Thanks,
> Kapil
>  
> From: Kapil Awate 
> Date: Monday, 7 December 2020 at 7:56 PM
> To: "users@httpd.apache.org" 
> Subject: Updating apache from 2.4.6 to 2.4.46
>  
> Hi All,
>  
> I am building RPM for apace 2.4.46 as want o upgrade 2.4.6 to 2.4.46. Before 
> building httpd rpm, built and installed apr and apr-util. While building 
> httpd rpm I am getting below error,
>  
> Executed command : rpmbuild -tb httpd-2.4.46.tar.bz2 
>  
> Error encountered :
>  
> ab.o: In function `main':
> /root/rpmbuild/BUILD/httpd-2.4.46/support/ab.c:2305: undefined reference to 
> `TLS_client_method'
> /root/rpmbuild/BUILD/httpd-2.4.46/support/ab.c:2560: undefined reference to 
> `TLS_client_method'
> /root/rpmbuild/BUILD/httpd-2.4.46/support/ab.c:2637: undefined reference to 
> `OPENSSL_init_ssl'
> /root/rpmbuild/BUILD/httpd-2.4.46/support/ab.c:2638: undefined reference to 
> `OPENSSL_init_ssl'
> /root/rpmbuild/BUILD/httpd-2.4.46/support/ab.c:2647: undefined reference to 
> `SSL_CTX_set_options'
> ab.o: In function `test':
> /root/rpmbuild/BUILD/httpd-2.4.46/support/ab.c:1990: undefined reference to 
> `SSL_in_init'
> collect2: error: ld returned 1 exit status
> make[2]: *** [ab] Error 1
> make[2]: Leaving directory `/root/rpmbuild/BUILD/httpd-2.4.46/support'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/root/rpmbuild/BUILD/httpd-2.4.46/support'
> make: *** [all-recursive] Error 1
> error: Bad exit status from /var/tmp/rpm-tmp.hmVImT (%build)
>  
>  
> RPM build errors:
> Bad exit status from /var/tmp/rpm-tmp.hmVImT (%build)
>  
>  
> Can you please help me out ?
>  
> Thanks,
> Kapil
> This email and any attachments thereto may contain private, confidential, 
> and/or privileged material for the sole use of the intended recipient. Any 
> review, copying, or distribution of this email (or any attachments thereto) 
> by others is strictly prohibited. If you are not the intended recipient, 
> please contact the sender immediately and permanently delete the original and 
> any copies of this email and any attachments thereto.

Re: [users@httpd] Changing the 'Range' inside the RequestHeader on the fly

2020-12-08 Thread Ran Mozes 
Thanks!. After removing the "early“ it worked as expected. 

Regards,
Ran   

> Am 08.12.2020 um 16:52 schrieb Yann Ylavic :
> 
> On Tue, Dec 8, 2020 at 12:18 PM Ran Mozes  wrote:
>> 
>> RequestHeader edit Range bytes=\s bytes= early
> 
> I'm surprised this one doesn't work though.
> 
> Could it be that there are multiple spaces, or a space before the '=' sign 
> too?
> I.e. doesn't:
>  RequestHeader edit* Range ((\s+=)|(=\s+)) = early
> work better?
> 
> 
> Regards;
> Yann.
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Changing the 'Range' inside the RequestHeader on the fly

2020-12-08 Thread Ran Mozes 
Hi,

Starting with with Apache 2.4.44 a strict check of the values given in the 
‚Range‘ header was introduced. The new change seems to not allow a blank after 
'bytes=' .
Unfortunately we have some faulty client that inserts an empty space after 
‚bytes=' (from apache error log) 

http_request.c(440): [client 10.xxx.xxx.xx:x]   Range: bytes= 
7168-414976430

Looks like this causes to fail serve the request.
 
Is it possible to work around this through the apache configuration, till the 
client will be fixed, by changing the ‚Range‘ header on the fly (get rid of the 
whitespace)?

I tried
Header edit Range bytes=\s bytes= early
and
RequestHeader edit Range bytes=\s bytes= early

but that didn’t work. 

Thanks,
Ran

Re: [users@httpd] enforcing file transmission in gzip format with Apache 2.4.46

2020-12-08 Thread Ran Mozes 
AddOutputFilter DEFLATE uar
combined with 'IfSetEnv force-gzip‘ worked.  

Thanks! 
Ran 

> Am 02.12.2020 um 22:24 schrieb Christophe JAILLET 
> :
> 
> Le 02/12/2020 à 16:59,  a écrit :
>> Hi,
>> I'd like to configure the server to always send the requested *.uar files in 
>> gzip format back to the client.
>> The following configuration is used but it only works if the client (for 
>> example curl) runs with '—compressed' flag.
>> I read that "SetEnv force-gzip“ should do that but it has no impact in that 
>> context.
>> 
>> Options Indexes MultiViews FollowSymLinks
>> AllowOverride None
>> Require all granted
>> SetEnv force-gzip
>> SetOutputFilter DEFLATE
>> AddOutputFilter DEFLATE *.uar
>> 
>> Regards and TIA,
>> Ran
> 
> Hi,
> 
> The last argument of AddOutputFilter is the file extension, not a match 
> pattern.
> Can you try with:
>   AddOutputFilter DEFLATE uar
> ?
> 
> Anyway, "SetOutputFilter DEFLATE" should be enough and should work, AFAIK.
> CJ
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] enforcing file transmutation in gzip format with Apache 2.4.46

2020-12-02 Thread Ran Mozes 
Hi, 

I'd like to configure the server to always send the requested *.uar files in 
gzip format back to the client.
The following configuration is used but it only works if the client (for 
example curl) runs with '—compressed' flag.
I read that "SetEnv force-gzip“ should do that but it has no impact in that 
context. 


Options Indexes MultiViews FollowSymLinks
AllowOverride None
Require all granted
SetEnv force-gzip
SetOutputFilter DEFLATE
AddOutputFilter DEFLATE *.uar


Regards and TIA,
Ran 
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org