Bug 146393

Summary: www/apache20: apache-2.0.63_8 can't start
Product: Ports & Packages Reporter: Stefan Bethke <stb>
Component: Individual Port(s)Assignee: freebsd-apache (Nobody) <apache>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Stefan Bethke 2010-05-08 12:30:03 UTC 
On two machines:
/usr/ports/www/apache20# make WITH_PROXY_MODULES=yes WITH_SSL_MODULES=yes install
..
/usr/ports/www/apache20# apachectl configtest
[Sat May 08 11:14:49 2010] [crit] [Sat May 08 11:14:49 2010] file mod_setenvif.c, line 176, assertion "preg != NULL" failed
Abort trap (core dumped)

On another machine:
# apachectl configtest
Syntax error on line 41 of /usr/local/etc/apache2/httpd.conf:
Cannot load /usr/local/libexec/apache2/mod_ssl.so into server: /usr/local/libexec/apache2/mod_ssl.so: Undefined symbol "mySrvFromConn"

2.0.63_3 seemed to be working OK, will try downgrading now.

How-To-Repeat: Install or or upgrade Apache 2.0 to port revision 2.0.63_8
Comment 1 Stefan Bethke 2010-05-08 13:10:12 UTC 
Versions up to Thursday work, tested via:
$ cvs -R up -D 2010-05-07

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 151 14070811
Comment 2 Stefan Bethke 2010-05-08 13:18:49 UTC 
One of the later commits breaks it: cvs -R up -D "2010-05-07 12:00"

-- 
Stefan Bethke <stb@lassitu.de>   Fon +49 151 14070811
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2010-05-08 15:37:28 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->apache

Fix synopsis and assign.
Comment 4 Benno Overeinder 2010-05-12 22:53:21 UTC 
Same problem here.  After some searchig after mySrvFromConn, and
checking with the original Apache 2.0.63 sources, I figured out it must
be in the patches of the port.  Indeed, in
www/apache20/files/patch-CVE-2009-3555 there is the code injecting the
line "s = mySrvFromConn(c);".

According to the header, it is:
"Modified patch from
http://www.apache.org/dist/httpd/patches/apply_to_2.2.14/CVE-2009-3555-2.2.patch".

In the original apache2.0.63 code there is no reference to
mySrvFromConn, and in the other port patches I cannot find any line
defining mySrvFromConn.  Is this a partial backport of CVE-2009-3555?

Cheers,

-- Benno
Comment 5 Philip M. Gollucci freebsd_committer freebsd_triage 2010-05-12 23:54:26 UTC 
State Changed
From-To: open->closed

duplicate of 146389