# Apache using old apr lib??

## hanj

Hello

Looking into a mod_security problem, I discovered that I might be using old apr lib. Does anyone know how to update this?? I have apr-1.2.8 emerged, but looks like apache was compiled with libapr-0.so.0 -- which when I do a 'equery belongs' shows that it belongs to apr-0.9.12. I have both installed on the system.

Any ideas how to correct this?

```
ldd /usr/sbin/apache2

        linux-gate.so.1 =>  (0xb7f85000)

        libz.so.1 => /lib/libz.so.1 (0xb7f6a000)

        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7f2b000)

        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7dee000)

        libaprutil-0.so.0 => /usr/lib/libaprutil-0.so.0 (0xb7dd6000)

        libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0xb7dd0000)

        libdb-4.2.so => /usr/lib/libdb-4.2.so (0xb7ceb000)

        libexpat.so.0 => /usr/lib/libexpat.so.0 (0xb7cc1000)

        libapr-0.so.0 => /usr/lib/libapr-0.so.0 (0xb7c9f000)   <--- apr

        librt.so.1 => /lib/librt.so.1 (0xb7c96000)

        libm.so.6 => /lib/libm.so.6 (0xb7c71000)

        libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7c43000)

        libnsl.so.1 => /lib/libnsl.so.1 (0xb7c2d000)

        libpthread.so.0 => /lib/libpthread.so.0 (0xb7c15000)

        libdl.so.2 => /lib/libdl.so.2 (0xb7c11000)

        libc.so.6 => /lib/libc.so.6 (0xb7aeb000)

        /lib/ld-linux.so.2 (0xb7f86000)

```

```
equery belongs /usr/lib/libapr-0.so.0

[ Searching for file(s) /usr/lib/libapr-0.so.0 in *... ]

dev-libs/apr-0.9.12 (/usr/lib/libapr-0.so.0 -> libapr-0.so.0.9.12)
```

Shows what my system thinks it's using:

```
emerge -pv apr

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] dev-libs/apr-1.2.8  USE="-debug -ipv6 -urandom" 1,082 kB
```

output of -pC to show all installed:

```
emerge -pC apr

>>> These are the packages that would be unmerged:

 dev-libs/apr

    selected: 1.2.8 0.9.12

   protected: none

     omitted: none
```

Thanks in advance!

hanji

----------

## kashani

apr-1.x is used for Apache 2.2 and apr-0.x is for Apache 2.0. You'll see this if you read the ebuilds for both. I'd only uninstall the one you don't need.

kashani

----------

## hanj

Hello kashani

Thanks for the quick response. Do you know what is requiring this dependency? If I unmerge 1.2.8, and do a emerge -uvDpt world, I get the following:

```
emerge -uvDpt world

These are the packages that would be merged, in order:

Calculating world dependencies... done!

[ebuild  NS   ] dev-libs/apr-1.2.8  USE="-debug -ipv6 -urandom" 1,082 kB
```

Thanks!

hanji

----------

## kashani

My guess would be apache-tools which is a relatively new package that always requires apr-1.x. IIRC it is pulled in a dependency of apache-2.2.x and splits out things like htpasswd, htdigest, etc much like bind-tools does with bind. If you tried 2.2 and then removed and installed 2.0, you'd still have apache-tools installed.

kashani

----------

## hanj

hmmm.. I never installed apache-2.2 before.

hanji

----------

## kashani

I'd play around with emerge -epvt world then and figure out what's using it. In any case apr is slotted so it really doesn't matter that you have both installed.

SOrry I can't be more helpful, but I'm down to one Gentoo machine at the moment and it's Apache 2.2.

kashani

----------

## hanj

Yeah.. it's weird..

```
[nomerge      ] dev-php/adodb-4.94

[nomerge      ]  dev-lang/php-4.4.7  USE="apache2 bzip2 cli crypt ctype curl exif expat ftp gd iconv mhash mysql ncurses nls pcre readline session snmp ssl truetype unicode xml zlib -adabas -bcmath -berkdb -birdstep -calendar -cdb -cgi -cjk -concurrentmodphp -db2 -dbase -dbmaker -dbx -debug -discard-path -doc -empress -empress-bcs -esoob -fastbuild -fdftk -filepro -firebird -flatfile -force-cgi-redirect -frontbase -gd-external -gdbm -gmp -hyperwave-api -imap -informix -inifile -interbase -iodbc -ipv6 -java-external -java-internal -kerberos -ldap -libedit -mcal -mcve -memlimit -ming -mnogosearch -msql -mssql -oci8 -oci8-instant-client -odbc -oracle7 -overload -pcntl -pfpro -pic -posix -postgres -recode -sapdb -sharedext -sharedmem -sockets -solid -spell -sqlite -suhosin -sybase -sybase-ct -sysvipc -threads -tokenizer -wddx -xmlrpc -xpm -xsl -yaz -zip"

[ebuild   R   ]   net-www/apache-2.0.58-r2  USE="apache2 mpm-prefork ssl -debug -doc -ldap -mpm-itk -mpm-leader -mpm-peruser -mpm-threadpool -mpm-worker (-selinux) -static-modules -threads (-no-suexec%*)" 4,652 kB

[ebuild   R   ]    dev-libs/apr-util-0.9.12  USE="berkdb gdbm -ldap" 579 kB

```

That looks good.. but

```
[ebuild   R   ] dev-libs/apr-1.2.8  USE="-debug -ipv6 -urandom" 0 kB
```

Is all by itself. Since it's slotted.. I won't worry about it.. just seemed odd.

Thanks!

hanji

 *Quote:*   

> SOrry I can't be more helpful, but I'm down to one Gentoo machine at the moment and it's Apache 2.2. 

 

Wow.. down to one Gentoo box? What are you running now-a-days?

----------

## kashani

BSD as mandated by the corporate masters. Luckily I joined up the year they finally decided to finally retire BSD for new projects so all new stuff is going to be at least Redhat. I'm on new projects so I'm about half of each at the moment... maybe 80 or so total servers.

The home network has been in hiatus, but the Gentoo laptop, samba server, and test boxes should make comebacks this week. 

I'm wondering if apr-1.2.8 is now officially installed as a new slot on any machine that has apr-0.9.x already installed. Might be prep work for new modules or stabilizing Apache 2.2.

kashani

----------

## ppoudrier

if you do a equery depends apr-util you will see witch package need that. On my system, subversion need apr-util-1.2.8

I think this is the reason with they unmasked it.

----------

