Thanks! Chad
On 11/6/15, 1:19 PM, "epel-devel-bounces@lists.fedoraproject.org on behalf of epel-devel-request@lists.fedoraproject.org" <epel-devel-bounces@lists.fedoraproject.org on behalf of epel-devel-request@lists.fedoraproject.org> wrote:
Send epel-devel mailing list submissions to epel-devel@lists.fedoraproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://admin.fedoraproject.org/mailman/listinfo/epel-devel or, via email, send a message with subject or body 'help' to epel-devel-request@lists.fedoraproject.org
You can reach the person managing the list at epel-devel-owner@lists.fedoraproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of epel-devel digest..."
Today's Topics:
- Re: mod_passenger missing from EPEL 6 (Orion Poplawski)
- I need a copy of mod_security-2.5.12-2.el6.x86_64 (Harriman, Chad (SAA))
- Re: I need a copy of mod_security-2.5.12-2.el6.x86_64 (Athmane Madjoudj)
- Re: mod_passenger missing from EPEL 6 (Rob Nelson)
- Re: I need a copy of mod_security-2.5.12-2.el6.x86_64 (Ken Dreyer)
Message: 1 Date: Fri, 6 Nov 2015 08:10:36 -0700 From: Orion Poplawski orion@cora.nwra.com To: EPEL Development List epel-devel@lists.fedoraproject.org Subject: Re: [EPEL-devel] mod_passenger missing from EPEL 6 Message-ID: 563CC2EC.5030406@cora.nwra.com Content-Type: text/plain; charset=utf-8; format=flowed
On 11/05/2015 11:30 PM, Rob Nelson wrote:
Hello,
I have previously installed mod_passenger from EPEL 6:
server1$ yum list mod_passenger Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
- base: centos.den.host-engine.com http://centos.den.host-engine.com
- epel: mirror.steadfast.net http://mirror.steadfast.net
- extras: mirror.unl.edu http://mirror.unl.edu
- updates: centos.host-engine.com http://centos.host-engine.com
Installed Packages mod_passenger.x86_64 3.0.21-11.el6 @epel
However, it no longer exists in EPEL:
server2$ yum list mod_passenger Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
- base: mirror.cs.uwp.edu http://mirror.cs.uwp.edu
- extras: mirror.steadfast.net http://mirror.steadfast.net
- updates: mirror.acsnet.com http://mirror.acsnet.com
Error: No matching Packages to list
I cannot find any notice of this being an orphaned or removed RPM in the mail list archives since ~April when server1 above was provisioned. Did I miss something obvious, or is there a notice of this change somewhere else?
Thank you,
Rob Nelson
Not sure there was an announcement, although it would have been good if there was. As for the reason:
http://pkgs.fedoraproject.org/cgit/rubygem-passenger.git/tree/dead.package?h...
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com
Message: 2 Date: Fri, 6 Nov 2015 12:25:59 +0000 From: "Harriman, Chad (SAA)" Chad_Harriman@saa.senate.gov To: "epel-devel@lists.fedoraproject.org" epel-devel@lists.fedoraproject.org Subject: [EPEL-devel] I need a copy of mod_security-2.5.12-2.el6.x86_64 Message-ID: 559048E5-567D-41AD-BA64-B596868BD32F@saa.senate.gov Content-Type: text/plain; charset="utf-8"
I have the repo for EPEL synced on my satellite server and the upgrade to 2.7 broke. I need to downgrade but I do not have the mod_security-2.5.12-2.el6.x86_64 package. How do I obtain a copy to downgrade? Chad Harriman Principal Systems Engineer U.S. Senate Sergeant At Arms chad_harriman@saa.senate.gov (w) 202-224-1592 (c) 202-213-6413
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20151106/81b7ce43/attachment-0001.html
Message: 3 Date: Fri, 6 Nov 2015 17:02:11 +0100 From: Athmane Madjoudj athmane@fedoraproject.org To: EPEL Development List epel-devel@lists.fedoraproject.org Subject: Re: [EPEL-devel] I need a copy of mod_security-2.5.12-2.el6.x86_64 Message-ID: CAOV0wtM1AvmgcHt2xgHAuzKCm0Y6s5M3Uw=ufV5DRogBaLvm+g@mail.gmail.com Content-Type: text/plain; charset="utf-8"
Hi,
On Fri, Nov 6, 2015 at 1:25 PM, Harriman, Chad (SAA) < Chad_Harriman@saa.senate.gov> wrote:
I have the repo for EPEL synced on my satellite server and the upgrade to 2.7 broke. I need to downgrade but I do not have the mod_security-2.5.12-2.el6.x86_64 package. How do I obtain a copy to downgrade?
I guess, you could rebuild EL5 package (it's 2.6.8 + security pacthes), rules for 2.5 should run fine with 2.6.x.
AFAIK, we don't keep the old version of the package in the repo.
Best regards.
-- Athmane -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20151106/1b3b2193/attachment-0001.html
Message: 4 Date: Fri, 6 Nov 2015 12:59:26 -0500 From: Rob Nelson rnelson0@gmail.com To: EPEL Development List epel-devel@lists.fedoraproject.org Subject: Re: [EPEL-devel] mod_passenger missing from EPEL 6 Message-ID: CAC76iT-46iakBMQiBqnyDcCn_3cC5qWnY6E3=W10JqFnPAOt6w@mail.gmail.com Content-Type: text/plain; charset="utf-8"
That explains it. Thank you!
Rob Nelson rnelson0@gmail.com
On Fri, Nov 6, 2015 at 10:10 AM, Orion Poplawski orion@cora.nwra.com wrote:
On 11/05/2015 11:30 PM, Rob Nelson wrote:
Hello,
I have previously installed mod_passenger from EPEL 6:
server1$ yum list mod_passenger Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
- base: centos.den.host-engine.com http://centos.den.host-engine.com
- epel: mirror.steadfast.net http://mirror.steadfast.net
- extras: mirror.unl.edu http://mirror.unl.edu
- updates: centos.host-engine.com http://centos.host-engine.com
Installed Packages mod_passenger.x86_64 3.0.21-11.el6 @epel
However, it no longer exists in EPEL:
server2$ yum list mod_passenger Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile
- base: mirror.cs.uwp.edu http://mirror.cs.uwp.edu
- extras: mirror.steadfast.net http://mirror.steadfast.net
- updates: mirror.acsnet.com http://mirror.acsnet.com
Error: No matching Packages to list
I cannot find any notice of this being an orphaned or removed RPM in the mail list archives since ~April when server1 above was provisioned. Did I miss something obvious, or is there a notice of this change somewhere else?
Thank you,
Rob Nelson
Not sure there was an announcement, although it would have been good if there was. As for the reason:
http://pkgs.fedoraproject.org/cgit/rubygem-passenger.git/tree/dead.package?h...
-- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301 http://www.cora.nwra.com _______________________________________________ epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20151106/b17731aa/attachment-0001.html
Message: 5 Date: Fri, 6 Nov 2015 11:19:53 -0700 From: Ken Dreyer ktdreyer@ktdreyer.com To: EPEL Development List epel-devel@lists.fedoraproject.org Subject: Re: [EPEL-devel] I need a copy of mod_security-2.5.12-2.el6.x86_64 Message-ID: CAD3FbMWCjnR=J=O3=B1Pvk-eP+oVxX+84xFUfbMr0BRqKp-3yw@mail.gmail.com Content-Type: text/plain; charset=UTF-8
Yeah, the Koji build has been deleted as well: http://koji.fedoraproject.org/koji/buildinfo?buildID=242226
It would be a good idea to update your rules for 2.7. That mod_security-2.5.12-2.el6 build is over four years old and subject to several CVEs...
CVE-2013-5705 apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
CVE-2013-2765 The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
CVE-2013-1915 ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
CVE-2012-4528 The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
CVE-2012-2751 ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
- Ken
On Fri, Nov 6, 2015 at 9:02 AM, Athmane Madjoudj athmane@fedoraproject.org wrote:
Hi,
On Fri, Nov 6, 2015 at 1:25 PM, Harriman, Chad (SAA) Chad_Harriman@saa.senate.gov wrote:
I have the repo for EPEL synced on my satellite server and the upgrade to 2.7 broke. I need to downgrade but I do not have the mod_security-2.5.12-2.el6.x86_64 package. How do I obtain a copy to downgrade?
I guess, you could rebuild EL5 package (it's 2.6.8 + security pacthes), rules for 2.5 should run fine with 2.6.x.
AFAIK, we don't keep the old version of the package in the repo.
Best regards.
-- Athmane
epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel
epel-devel mailing list epel-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/epel-devel
End of epel-devel Digest, Vol 31, Issue 11
epel-devel@lists.fedoraproject.org