On Wed, 03 Jul 2002, Oliver Bleutgen wrote:
Then, on 28.April 2001, SuSe seems to have issued a apache 1.3.19 for suse linux 7.0, at least that is what I figure out from the fact that
Yes.
Maybe the other people had done the previous update, I didn't, and at least two people on the mailing list didn't also and had seemingly the same problem.
Important: we assume that people have installed the previous security updates of apache. I hope that this is a fair assumption?
Not quite, as you see now. I don't know what the issue was on April, 28th 2001, and I don't find a security anouncement from SuSE concerning apache from that time. But I'm quite sure that _if_ it had been an issue for my servers, I had upgraded apache - but I hadn't.
... quotes cruelly edited by dproc ... No-one should forget the other reason why earlier updates are not installed ... a fresh install from the original media. Then it would be normal, I think, for me to go to the critical updates webpage (or possibly run YOU against the updates directory) and install the latest update packages only. I think I would have missed the need for the sequential updates, as Oliver did , if I had done this. Am I right? (Still it took another much bigger software company many years of customer complaints to produce a tool to help install their 'hotfixes' in the correct order, and their product was much smaller that 7 CDs. So, like Oliver, I am not complaining.)
Wrt the texts of the module update packages, they say "update package for apache 1.3.19". Which is what they ought to say.
This is correct, but if it's true that one needs to have other, older updates to get a working server, it would be a great help to describe that in the advisory.
What happend was: stock 7.0 -> apache+mod_ssl update from 18.Jun 2002 -> crash
what I had to do was: stock 7.0 -> mod_contrib+mod_perl from 28.April 2001 + apache+mod_ssl from 18.Jun -> works
IOW, the update from 18.Jun was dependend on the update from 28.April 2001, and that was neither mentioned in the advisory nor reflected in the rpm-dependencies.