Bug#1071705: marked as done (Add UFW profile integration with apache2)

Debian Bug Tracking System Mon, 01 Jul 2024 07:39:49 -0700

Your message dated Mon, 01 Jul 2024 14:36:38 +0000
with message-id <e1soi90-004gzj...@fasolo.debian.org>
and subject line Bug#1071705: fixed in apache2 2.4.60-1
has caused the Debian Bug report #1071705,
regarding Add UFW profile integration with apache2
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1071705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071705
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: apache2
Version: 2.4.52-1ubuntu4
Severity: wishlist
Tags: patch

In 2008 Ubuntu implemented[1] an Uncomplicated Firewall (UFW) profile for
Apache2.  To the best I can tell, this has not yet been proposed to
Debian, although Debian does use ufw.

Are ufw profiles of interest to Debian?  If so, would Debian's Apache
maintenace team consider adopting this changeset from Ubuntu?

1:  https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/261198

>From cc0cadcadda2725d7c6a961f221bf643bddf6032 Mon Sep 17 00:00:00 2001
From: Bryce Harrington <br...@bryceharrington.org>
Date: Mon, 18 Jul 2022 17:51:08 -0700
Subject: [PATCH] Add Uncomplicated Firewall (UFW) profiles

---
 debian/apache2-utils.ufw.profile | 14 ++++++++++++++
 debian/apache2.dirs              |  1 +
 debian/apache2.install           |  1 +
 debian/control                   |  3 ++-
 4 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 debian/apache2-utils.ufw.profile

diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
new file mode 100644
index 000000000..974a655cd
--- /dev/null
+++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
+[Apache]
+title=Web Server
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=80/tcp
+
+[Apache Secure]
+title=Web Server (HTTPS)
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=443/tcp
+
+[Apache Full]
+title=Web Server (HTTP,HTTPS)
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=80,443/tcp
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 60890130b..1aa6d3c65 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
 var/lib/apache2
 var/log/apache2
 var/www/html
+/etc/ufw/applications.d/apache2
diff --git a/debian/apache2.install b/debian/apache2.install
index b6ad78940..92865fc4e 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf			/etc/apache2
 debian/config-dir/envvars			/etc/apache2
 debian/config-dir/magic				/etc/apache2
 debian/debhelper/apache2-maintscript-helper	/usr/share/apache2/
+debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
diff --git a/debian/control b/debian/control
index a5d33f22e..87f1833b2 100644
--- a/debian/control
+++ b/debian/control
@@ -43,7 +43,8 @@ Depends: apache2-bin (= ${binary:Version}),
 Recommends: ssl-cert
 Suggests: apache2-doc,
           apache2-suexec-pristine | apache2-suexec-custom,
-          www-browser
+          www-browser,
+          ufw
 Pre-Depends: ${misc:Pre-Depends}
 Provides: httpd,
           httpd-cgi
-- 
2.34.1

--- End Message ---

--- Begin Message ---

Source: apache2
Source-Version: 2.4.60-1
Done: Yadd <y...@debian.org>

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <y...@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Jul 2024 18:04:08 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.60-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Yadd <y...@debian.org>
Closes: 1071701 1071705
Changes:
 apache2 (2.4.60-1) unstable; urgency=medium
 .
   [ Bastien Roucariès ]
   * Forward port CVE-2023-25690 uwsgi tests
   * Fix depends of uwsgi test
   * Use python3 uwsgi plugin
   * Encode bytes for uwsgi test
 .
   [ Bryce Harrington ]
   * Add UFW profile integration (Closes: #1071705)
 .
   [Chris Murray]
   * Use https instead of http in doc (LP: #2045055)
 .
   [ Yadd ]
   * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701)
   * Update test framework
   * releasing package apache2 version 2.4.59-1~deb12u1
   * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472,
     CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476,
     CVE-2024-38477, CVE-2024-39573)
   * Unfuzz patches
Checksums-Sha1: 
 987661e17da85c1580b7af482a880b43c09a1c9d 3406 apache2_2.4.60-1.dsc
 09ad4301a9e5d839efd6c4a48d4b6201d7e05d51 9856532 apache2_2.4.60.orig.tar.gz
 fff1d5619cf7b5afb026354ef901d727318acfcf 833 apache2_2.4.60.orig.tar.gz.asc
 ba928a1fda594d7b0c5181751bfa5a32dbb07748 821392 apache2_2.4.60-1.debian.tar.xz
Checksums-Sha256: 
 7738c2e9ace35f11154de1a5dccb778632899e8251f003ee6eaafaca3c966bd3 3406 
apache2_2.4.60-1.dsc
 741554b6f608ac5cbe90d4774d1c3ccb0c251eaf1b087bac359f8146e1465e07 9856532 
apache2_2.4.60.orig.tar.gz
 58fa0c3090466bee6fb549c23349ffa8bac6a30c4de32d401fbab9a895217edc 833 
apache2_2.4.60.orig.tar.gz.asc
 161a3ea10530851fd63ee9b8f20886977a5a72d7e198a2ec1dcaf3bba65be1b2 821392 
apache2_2.4.60-1.debian.tar.xz
Files: 
 79d26bae8dc9a3f042e7482ed33d9360 3406 httpd optional apache2_2.4.60-1.dsc
 6c7ac2cdcb3825550e3318b71dc49472 9856532 httpd optional 
apache2_2.4.60.orig.tar.gz
 41468ffff56a1e05d20e6e12595546ee 833 httpd optional 
apache2_2.4.60.orig.tar.gz.asc
 eb8d8d65d4ac18944f11ce10e11a067c 821392 httpd optional 
apache2_2.4.60-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaCuW0ACgkQ9tdMp8mZ
7ukUrg//b/oaPRWq4xwldK2V9tFw/lsd3XsdLYpRTc2sVyrScWgrFUD5dw7xLLzH
nNwrCeLYMDT7puriobyYgDSEeTRa5xWorQdrzx7PcTOxqxVGFZZXsWZchslKTbJO
saceacRaUBmZlyTxledRptf0ErBzwQr/QtfqU8mtQsoVCpouPyLxcuiUZ1hvGGGA
RYh6LyXsHK2E5K9rVUgYaiOlLrl87vHVa9/CTg7R01Gmtp9jzPzs9rT5hW8QythH
VpGNQ2KPhxPEiq7DxOFk4+iZSTa6mpMPI+LIX4+WJFurJWW93vraKJP/1G55m8zv
ghfKCvRN1iF8tOFgDns+KVlWVAfxn2U7B3Mz/KN5ymId3pNGg3TgJpcGqVCoHiwS
8FJm/XLEPvCUE5A6aN0hQpQwlz++D1NyPGcpe8ho9ZjlTzu43NwgYOF2lYsNHNwk
fkhBN/Kmz4xygRts20iODUzxST6co5DlamzEcZ8WPntU74clS1xNQJ4CubhhY83C
jRcOR8nKlF8aaDajLpkSzvFnEkc0eEsIJaI2666OxEzMp+cRggbtKNkf20PTEoN1
9Oh+o+3lFvHkbHOQaOghACuebhRkLk+Z/XcCLICq7e+Hqg+AUp4BH5S3h3UCps+M
vPqR3ot/BilN0d4sKQzeviKcSMD+hBG2Pk0dbejAZ8n9aIOaWE4=
=3niq
-----END PGP SIGNATURE-----

pgp20uzJ6Sftf.pgp
Description: PGP signature

--- End Message ---

Bug#1071705: marked as done (Add UFW profile integration with apache2)

Reply via email to