Bug#542623: marked as done (apache2: segfaults when using mod_deflate)
Your message dated Mon, 31 Aug 2009 19:02:27 + with message-id and subject line Bug#542623: fixed in apache2 2.2.13-1 has caused the Debian Bug report #542623, regarding apache2: segfaults when using mod_deflate to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 542623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542623 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2.2-common Version: 2.2.12-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch The fix for CVE-2009-1891 that is included in upstream's 2.2.12 release causes segfaults when using mod_deflate. *** /tmp/tmpajcHE_ In Ubuntu, we've applied the attached patch to achieve the following: * debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch: - Fix potential segfaults with the use of the legacy ap_rputs() etc interfaces, in cases where an output filter fails. This happens frequently after CVE-2009-1891 got fixed. (LP: #409987) We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers karmic-updates APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-6-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.12-1ubuntu2 utility programs for webservers ii apache2.2-bin 2.2.12-1ubuntu2 Apache HTTP Server common binary f ii libmagic1 5.03-1ubuntu1File type determination library us ii lsb-base4.0-0ubuntu2 Linux Standard Base 4.0 init scrip ii mime-support3.46-1 MIME files 'mime.types' & 'mailcap ii perl5.10.0-24ubuntu2 Larry Wall's Practical Extraction ii procps 1:3.2.8-1ubuntu2 /proc file system utilities diff -u apache2-2.2.12/debian/changelog apache2-2.2.12/debian/changelog diff -u apache2-2.2.12/debian/patches/00list apache2-2.2.12/debian/patches/00list --- apache2-2.2.12/debian/patches/00list +++ apache2-2.2.12/debian/patches/00list @@ -25,0 +26 @@ +203_fix_legacy_ap_rputs_segfaults only in patch2: unchanged: --- apache2-2.2.12.orig/debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch +++ apache2-2.2.12/debian/patches/203_fix_legacy_ap_rputs_segfaults.dpatch @@ -0,0 +1,36 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 203_fix_legacy_ap_rputs_segfaults.dpatch by Marc Deslauriers +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Description: Fix potential segfaults with the use of the legacy ap_rputs() etc +## DP: interfaces, in cases where an output filter fails. This happens +## DP: frequently after CVE-2009-1891 got fixed. +## DP: Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/409987 +## DP: Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537665 +## DP: Upstream: https://issues.apache.org/bugzilla/show_bug.cgi?id=36780 +## DP: Patch: http://svn.apache.org/viewvc?view=rev&revision=800333 + +...@dpatch@ +diff -urNad apache2-2.2.12~/server/util_filter.c apache2-2.2.12/server/util_filter.c +--- apache2-2.2.12~/server/util_filter.c 2006-07-11 23:38:44.0 -0400 apache2-2.2.12/server/util_filter.c 2009-08-17 15:37:59.0 -0400 +@@ -578,8 +578,18 @@ + void *ctx) + { + ap_filter_t *f = ctx; ++apr_status_t rv; + +-return ap_pass_brigade(f, bb); ++rv = ap_pass_brigade(f, bb); ++ ++/* Before invocation of the flush callback, apr_brigade_write et ++ * al may place transient buckets in the brigade, which will fall ++ * out of scope after returning. Empty the brigade here, to avoid ++ * issues with leaving such buckets in the brigade if some filter ++ * fails and leaves a non-empty brigade. */ ++apr_brigade_cleanup(bb); ++ ++return rv; + } + + AP_DECLARE(apr_status_t) ap_fflush(ap_filter_t *f, apr_bucket_brigade *bb) --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.2.13-1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-dbg_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-dbg_2.2.13-1_i386.deb apache2-doc_2.2.13-1_all.deb to pool/main/a/apache2/apache2-doc_2.2.13-1_all.deb apache2-mpm-event_2.2.13-1_all.deb t
apache2_2.2.13-1_i386.changes ACCEPTED
Accepted: apache2-dbg_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-dbg_2.2.13-1_i386.deb apache2-doc_2.2.13-1_all.deb to pool/main/a/apache2/apache2-doc_2.2.13-1_all.deb apache2-mpm-event_2.2.13-1_all.deb to pool/main/a/apache2/apache2-mpm-event_2.2.13-1_all.deb apache2-mpm-itk_2.2.13-1_all.deb to pool/main/a/apache2/apache2-mpm-itk_2.2.13-1_all.deb apache2-mpm-prefork_2.2.13-1_all.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.13-1_all.deb apache2-mpm-worker_2.2.13-1_all.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.13-1_all.deb apache2-prefork-dev_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.13-1_i386.deb apache2-suexec-custom_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-suexec-custom_2.2.13-1_i386.deb apache2-suexec_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-suexec_2.2.13-1_i386.deb apache2-threaded-dev_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.13-1_i386.deb apache2-utils_2.2.13-1_i386.deb to pool/main/a/apache2/apache2-utils_2.2.13-1_i386.deb apache2.2-bin_2.2.13-1_i386.deb to pool/main/a/apache2/apache2.2-bin_2.2.13-1_i386.deb apache2.2-common_2.2.13-1_all.deb to pool/main/a/apache2/apache2.2-common_2.2.13-1_all.deb apache2_2.2.13-1.diff.gz to pool/main/a/apache2/apache2_2.2.13-1.diff.gz apache2_2.2.13-1.dsc to pool/main/a/apache2/apache2_2.2.13-1.dsc apache2_2.2.13-1_all.deb to pool/main/a/apache2/apache2_2.2.13-1_all.deb apache2_2.2.13.orig.tar.gz to pool/main/a/apache2/apache2_2.2.13.orig.tar.gz Override entries for your package: apache2-dbg_2.2.13-1_i386.deb - extra debug apache2-doc_2.2.13-1_all.deb - optional doc apache2-mpm-event_2.2.13-1_all.deb - optional httpd apache2-mpm-itk_2.2.13-1_all.deb - extra httpd apache2-mpm-prefork_2.2.13-1_all.deb - optional httpd apache2-mpm-worker_2.2.13-1_all.deb - optional httpd apache2-prefork-dev_2.2.13-1_i386.deb - extra httpd apache2-suexec-custom_2.2.13-1_i386.deb - extra httpd apache2-suexec_2.2.13-1_i386.deb - optional httpd apache2-threaded-dev_2.2.13-1_i386.deb - extra httpd apache2-utils_2.2.13-1_i386.deb - optional httpd apache2.2-bin_2.2.13-1_i386.deb - optional httpd apache2.2-common_2.2.13-1_all.deb - optional httpd apache2_2.2.13-1.dsc - source httpd apache2_2.2.13-1_all.deb - optional httpd Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 542623 Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
apache2 override disparity
There are disparities between your recently accepted upload and the override file for the following file(s): apache2-mpm-itk_2.2.13-1_all.deb: package says priority is optional, override says extra. Please note that a list of new sections were recently added to the archive: cli-mono, database, debug, fonts, gnu-r, gnustep, haskell, httpd, java, kernel, lisp, localization, ocaml, php, ruby, vcs, video, xfce, zope. At this time a script was used to reclassify packages into these sections. If this is the case, please only reply to this email if the new section is inappropriate, otherwise please update your package at the next upload. Either the package or the override file is incorrect. If you think the override is correct and the package wrong please fix the package so that this disparity is fixed in the next upload. If you feel the override is incorrect then please file a bug against ftp.debian.org and explain why. Please INCLUDE the list of packages as seen above, or we won't be able to deal with your request due to missing information. Please make sure that the subject of the bug you file follows the following format: Subject: override: BINARY1:section/priority, [...], BINARYX:section/priority Include the justification for the change in the body of the mail please. [NB: this is an automatically generated mail; if you already filed a bug and have not received a response yet, please ignore this mail. Your bug needs to be processed by a human and will be in due course, but until then the installer will send these automated mails; sorry.] -- Debian distribution maintenance software (This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Processing of apache2_2.2.13-1_i386.changes
apache2_2.2.13-1_i386.changes uploaded successfully to localhost along with the files: apache2_2.2.13-1.dsc apache2_2.2.13.orig.tar.gz apache2_2.2.13-1.diff.gz apache2.2-bin_2.2.13-1_i386.deb apache2-utils_2.2.13-1_i386.deb apache2-suexec_2.2.13-1_i386.deb apache2-suexec-custom_2.2.13-1_i386.deb apache2-prefork-dev_2.2.13-1_i386.deb apache2-threaded-dev_2.2.13-1_i386.deb apache2-dbg_2.2.13-1_i386.deb apache2.2-common_2.2.13-1_all.deb apache2-mpm-worker_2.2.13-1_all.deb apache2-mpm-prefork_2.2.13-1_all.deb apache2-mpm-event_2.2.13-1_all.deb apache2-mpm-itk_2.2.13-1_all.deb apache2_2.2.13-1_all.deb apache2-doc_2.2.13-1_all.deb Greetings, Your Debian queue daemon -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
apr 1.3.8-1 MIGRATED to testing
FYI: The status of the apr source package in Debian's testing distribution has changed. Previous version: 1.3.7-1 Current version: 1.3.8-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org