Source: modsecurity-crs Severity: important Tags: patch When preparing security updates for LTS/ELTS, I saw that apache is not reloaded when the package is installed or upgraded.
This means that apache will still use the old rules, perhaps a long time, until apache is restarted by other means In case where the new package fixes security issues, this leaves the user exposed (therefore severiy important.) The attached postinst / postrm scripts fixes this issue. -- Cheers, tobi -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-6-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
#!/bin/sh
set -e
case "$1" in
configure|reconfigure)
APACHE2_NEED_ACTION=yes
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
apache2_has_module security2 && apache2_reload reload || true
fi
esac
#DEBHELPER#
#!/bin/sh
set -e
case "$1" in
remove|purge)
APACHE2_NEED_ACTION=yes
if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
. /usr/share/apache2/apache2-maintscript-helper
apache2_has_module security2 && apache2_reload reload || true
fi
esac
#DEBHELPER#
signature.asc
Description: PGP signature
