Thanks! Chad
On 11/6/15, 1:19 PM, "[email protected] on behalf of [email protected]" <[email protected] on behalf of [email protected]> wrote: >Send epel-devel mailing list submissions to > [email protected] > >To subscribe or unsubscribe via the World Wide Web, visit > https://admin.fedoraproject.org/mailman/listinfo/epel-devel >or, via email, send a message with subject or body 'help' to > [email protected] > >You can reach the person managing the list at > [email protected] > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of epel-devel digest..." > > >Today's Topics: > > 1. Re: mod_passenger missing from EPEL 6 (Orion Poplawski) > 2. I need a copy of mod_security-2.5.12-2.el6.x86_64 > (Harriman, Chad (SAA)) > 3. Re: I need a copy of mod_security-2.5.12-2.el6.x86_64 > (Athmane Madjoudj) > 4. Re: mod_passenger missing from EPEL 6 (Rob Nelson) > 5. Re: I need a copy of mod_security-2.5.12-2.el6.x86_64 > (Ken Dreyer) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Fri, 6 Nov 2015 08:10:36 -0700 >From: Orion Poplawski <[email protected]> >To: EPEL Development List <[email protected]> >Subject: Re: [EPEL-devel] mod_passenger missing from EPEL 6 >Message-ID: <[email protected]> >Content-Type: text/plain; charset=utf-8; format=flowed > >On 11/05/2015 11:30 PM, Rob Nelson wrote: >> Hello, >> >> I have previously installed mod_passenger from EPEL 6: >> >> server1$ yum list mod_passenger >> Loaded plugins: fastestmirror >> Loading mirror speeds from cached hostfile >> * base: centos.den.host-engine.com <http://centos.den.host-engine.com> >> * epel: mirror.steadfast.net <http://mirror.steadfast.net> >> * extras: mirror.unl.edu <http://mirror.unl.edu> >> * updates: centos.host-engine.com <http://centos.host-engine.com> >> Installed Packages >> mod_passenger.x86_64 >> 3.0.21-11.el6 @epel >> >> However, it no longer exists in EPEL: >> >> server2$ yum list mod_passenger >> Loaded plugins: fastestmirror >> Loading mirror speeds from cached hostfile >> * base: mirror.cs.uwp.edu <http://mirror.cs.uwp.edu> >> * extras: mirror.steadfast.net <http://mirror.steadfast.net> >> * updates: mirror.acsnet.com <http://mirror.acsnet.com> >> Error: No matching Packages to list >> >> I cannot find any notice of this being an orphaned or removed RPM in the >> mail list archives since ~April when server1 above was provisioned. Did >> I miss something obvious, or is there a notice of this change somewhere >> else? >> >> Thank you, >> >> Rob Nelson > >Not sure there was an announcement, although it would have been good if >there was. As for the reason: > >http://pkgs.fedoraproject.org/cgit/rubygem-passenger.git/tree/dead.package?h=el6 > >-- >Orion Poplawski >Technical Manager 303-415-9701 x222 >NWRA/CoRA Division FAX: 303-415-9702 >3380 Mitchell Lane [email protected] >Boulder, CO 80301 http://www.cora.nwra.com > > >------------------------------ > >Message: 2 >Date: Fri, 6 Nov 2015 12:25:59 +0000 >From: "Harriman, Chad (SAA)" <[email protected]> >To: "[email protected]" > <[email protected]> >Subject: [EPEL-devel] I need a copy of > mod_security-2.5.12-2.el6.x86_64 >Message-ID: <[email protected]> >Content-Type: text/plain; charset="utf-8" > >I have the repo for EPEL synced on my satellite server and the upgrade to 2.7 >broke. I need to downgrade but I do not have the >mod_security-2.5.12-2.el6.x86_64 package. >How do I obtain a copy to downgrade? >Chad Harriman >Principal Systems Engineer >U.S. Senate Sergeant At Arms >[email protected] >(w) 202-224-1592 >(c) 202-213-6413 > >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20151106/81b7ce43/attachment-0001.html> > >------------------------------ > >Message: 3 >Date: Fri, 6 Nov 2015 17:02:11 +0100 >From: Athmane Madjoudj <[email protected]> >To: EPEL Development List <[email protected]> >Subject: Re: [EPEL-devel] I need a copy of > mod_security-2.5.12-2.el6.x86_64 >Message-ID: > <CAOV0wtM1AvmgcHt2xgHAuzKCm0Y6s5M3Uw=ufv5drogbalv...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >Hi, > >On Fri, Nov 6, 2015 at 1:25 PM, Harriman, Chad (SAA) < >[email protected]> wrote: > >> I have the repo for EPEL synced on my satellite server and the upgrade to >> 2.7 broke. I need to downgrade but I do not have >> the mod_security-2.5.12-2.el6.x86_64 package. >> How do I obtain a copy to downgrade? >> > >I guess, you could rebuild EL5 package (it's 2.6.8 + security pacthes), >rules for 2.5 should run fine with 2.6.x. > >AFAIK, we don't keep the old version of the package in the repo. > > >Best regards. > >-- Athmane >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20151106/1b3b2193/attachment-0001.html> > >------------------------------ > >Message: 4 >Date: Fri, 6 Nov 2015 12:59:26 -0500 >From: Rob Nelson <[email protected]> >To: EPEL Development List <[email protected]> >Subject: Re: [EPEL-devel] mod_passenger missing from EPEL 6 >Message-ID: > <CAC76iT-46iakBMQiBqnyDcCn_3cC5qWnY6E3=w10jqfnpao...@mail.gmail.com> >Content-Type: text/plain; charset="utf-8" > >That explains it. Thank you! > > >Rob Nelson >[email protected] > >On Fri, Nov 6, 2015 at 10:10 AM, Orion Poplawski <[email protected]> >wrote: > >> On 11/05/2015 11:30 PM, Rob Nelson wrote: >> >>> Hello, >>> >>> I have previously installed mod_passenger from EPEL 6: >>> >>> server1$ yum list mod_passenger >>> Loaded plugins: fastestmirror >>> Loading mirror speeds from cached hostfile >>> * base: centos.den.host-engine.com <http://centos.den.host-engine.com> >>> * epel: mirror.steadfast.net <http://mirror.steadfast.net> >>> * extras: mirror.unl.edu <http://mirror.unl.edu> >>> * updates: centos.host-engine.com <http://centos.host-engine.com> >>> Installed Packages >>> mod_passenger.x86_64 >>> 3.0.21-11.el6 @epel >>> >>> However, it no longer exists in EPEL: >>> >>> server2$ yum list mod_passenger >>> Loaded plugins: fastestmirror >>> Loading mirror speeds from cached hostfile >>> * base: mirror.cs.uwp.edu <http://mirror.cs.uwp.edu> >>> * extras: mirror.steadfast.net <http://mirror.steadfast.net> >>> * updates: mirror.acsnet.com <http://mirror.acsnet.com> >>> Error: No matching Packages to list >>> >>> I cannot find any notice of this being an orphaned or removed RPM in the >>> mail list archives since ~April when server1 above was provisioned. Did >>> I miss something obvious, or is there a notice of this change somewhere >>> else? >>> >>> Thank you, >>> >>> Rob Nelson >>> >> >> Not sure there was an announcement, although it would have been good if >> there was. As for the reason: >> >> >> http://pkgs.fedoraproject.org/cgit/rubygem-passenger.git/tree/dead.package?h=el6 >> >> -- >> Orion Poplawski >> Technical Manager 303-415-9701 x222 >> NWRA/CoRA Division FAX: 303-415-9702 >> 3380 Mitchell Lane [email protected] >> Boulder, CO 80301 http://www.cora.nwra.com >> _______________________________________________ >> epel-devel mailing list >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/epel-devel >> >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: ><http://lists.fedoraproject.org/pipermail/epel-devel/attachments/20151106/b17731aa/attachment-0001.html> > >------------------------------ > >Message: 5 >Date: Fri, 6 Nov 2015 11:19:53 -0700 >From: Ken Dreyer <[email protected]> >To: EPEL Development List <[email protected]> >Subject: Re: [EPEL-devel] I need a copy of > mod_security-2.5.12-2.el6.x86_64 >Message-ID: > <CAD3FbMWCjnR=J=O3=b1pvk-ep+ovxx+84xfufbmr0brqkp-...@mail.gmail.com> >Content-Type: text/plain; charset=UTF-8 > >Yeah, the Koji build has been deleted as well: >http://koji.fedoraproject.org/koji/buildinfo?buildID=242226 > >It would be a good idea to update your rules for 2.7. That >mod_security-2.5.12-2.el6 build is over four years old and subject to >several CVEs... > >CVE-2013-5705 >apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote >attackers to bypass rules by using chunked transfer coding with a >capitalized Chunked value in the Transfer-Encoding HTTP header. > >CVE-2013-2765 >The ModSecurity module before 2.7.4 for the Apache HTTP Server allows >remote attackers to cause a denial of service (NULL pointer >dereference, process crash, and disk consumption) via a POST request >with a large body and a crafted Content-Type header. > >CVE-2013-1915 >ModSecurity before 2.7.3 allows remote attackers to read arbitrary >files, send HTTP requests to intranet servers, or cause a denial of >service (CPU and memory consumption) via an XML external entity >declaration in conjunction with an entity reference, aka an XML >External Entity (XXE) vulnerability. > >CVE-2012-4528 >The mod_security2 module before 2.7.0 for the Apache HTTP Server >allows remote attackers to bypass rules, and deliver arbitrary POST >data to a PHP application, via a multipart request in which an invalid >part precedes the crafted data. > >CVE-2012-2751 >ModSecurity before 2.6.6, when used with PHP, does not properly handle >single quotes not at the beginning of a request parameter value in the >Content-Disposition field of a request with a multipart/form-data >Content-Type header, which allows remote attackers to bypass filtering >rules and perform other attacks such as cross-site scripting (XSS) >attacks. NOTE: this vulnerability exists because of an incomplete fix >for CVE-2009-5031. > >- Ken > >On Fri, Nov 6, 2015 at 9:02 AM, Athmane Madjoudj ><[email protected]> wrote: >> Hi, >> >> On Fri, Nov 6, 2015 at 1:25 PM, Harriman, Chad (SAA) >> <[email protected]> wrote: >>> >>> I have the repo for EPEL synced on my satellite server and the upgrade to >>> 2.7 broke. I need to downgrade but I do not have the >>> mod_security-2.5.12-2.el6.x86_64 package. >>> How do I obtain a copy to downgrade? >> >> >> I guess, you could rebuild EL5 package (it's 2.6.8 + security pacthes), >> rules for 2.5 should run fine with 2.6.x. >> >> AFAIK, we don't keep the old version of the package in the repo. >> >> >> Best regards. >> >> -- Athmane >> >> _______________________________________________ >> epel-devel mailing list >> [email protected] >> https://admin.fedoraproject.org/mailman/listinfo/epel-devel >> > > >------------------------------ > >_______________________________________________ >epel-devel mailing list >[email protected] >https://admin.fedoraproject.org/mailman/listinfo/epel-devel > > >End of epel-devel Digest, Vol 31, Issue 11 >****************************************** _______________________________________________ epel-devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/epel-devel
