Bug#1076225: marked as done (apache2-utils,merecat: install program with same name (htpasswd))
Your message dated Mon, 22 Jul 2024 12:49:43 + with message-id and subject line Bug#1076225: fixed in merecat 2.31+git20220513+ds-5 has caused the Debian Bug report #1076225, regarding apache2-utils,merecat: install program with same name (htpasswd) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1076225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2-utils,merecat Control: block 1075856 by -1 Hi, your packages apache2-utils and merecat both install a program named "htpasswd", although in different components of the PATH. As this is confusing and a possible source of bugs, policy bug #1075856 wants to outlaw this. Please find a solution for your packages. Ideas: 1) if one of the programs is an internal implementation detail of the package, install it into a private path in /usr/lib instead. 2) rename one of the programs 3) rename both of the programs 4) given your packages install programs providing similar features, maybe Conflicts: is also appropriate. Thanks, Chris --- End Message --- --- Begin Message --- Source: merecat Source-Version: 2.31+git20220513+ds-5 Done: Alex Myczko We believe that the bug you reported is fixed in the latest version of merecat, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1076...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alex Myczko (supplier of updated merecat package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Jul 2024 11:30:38 + Source: merecat Architecture: source Version: 2.31+git20220513+ds-5 Distribution: unstable Urgency: medium Maintainer: Joost van Baal-Ilić Changed-By: Alex Myczko Closes: 1073715 1076225 Changes: merecat (2.31+git20220513+ds-5) unstable; urgency=medium . * Ack NMU. * Bump standards version to 4.7.0. * d/control: - update build depends pkg-config to pkgconf. - add apache2-utils to suggests. * d/install: updated. (Closes: #1073715) * d/rules: do not install htpasswd and htpasswd.1. (Closes: #1076225) Checksums-Sha1: 30e2ab2b9e26d7266badf116d30988eaf4885c31 2008 merecat_2.31+git20220513+ds-5.dsc c563303032271e0efeed36041afd87731ac3c0b5 3780 merecat_2.31+git20220513+ds-5.debian.tar.xz 11496fd35e2d02de20280172dd663ceb3bf7c672 7750 merecat_2.31+git20220513+ds-5_source.buildinfo Checksums-Sha256: ede712c0f7212e68456dd9c1c68eb96adbb4bb2b21504a1c5296a2c122583cbb 2008 merecat_2.31+git20220513+ds-5.dsc 9b9460123f6393665aabc32796a3a3998cea95f561968e6052de0edc9bbd519a 3780 merecat_2.31+git20220513+ds-5.debian.tar.xz d71304be59e80eefde6062d98d55953cb1aa30eb965453e00f6a8c93f026b8da 7750 merecat_2.31+git20220513+ds-5_source.buildinfo Files: d251b43a8423663a76a2eea04093c5d3 2008 web optional merecat_2.31+git20220513+ds-5.dsc 5d01422b0d3575c2ad2911b6be561ad3 3780 web optional merecat_2.31+git20220513+ds-5.debian.tar.xz bf058db36138c5e8d6394e14ac155700 7750 web optional merecat_2.31+git20220513+ds-5_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmaeT7kACgkQEWhSvN91 FcAwohAAiNi7h3VgpksTDKfbF2TtUNBFIAHcadv/6FjCKFwVuMbyz3dHbGYTRB3X aUyjp+rt+fqg5rksHk+vTPleCewgB6t7iLuOEP6I9J9JrdpXp6N2Cr75ebXKhMhM M/Os5XFmCXmVvFVdN2Bzw5PCqBrgejThklZPOsU1x1pFbFgMV3tT6WdK2ANoJFx9 YLs7v6zFeYzXz5RxaV+aCIY8r3d9jC/DZus+HGpcBF2krPXK10USOdNGunLusUwi k1cngMJFnfh9TfoFjqF+Azeww2Q5SW3y6OpoH0GyIZzrCOAeFQbfUytPM6nDOdIJ DEe4qVhT+TYTDKLkzi7HyMx+f3bSQb4LBe4BXT3uvJZBrO5pR05XLqS6iGcI5+LJ fHcg5dkiWogfsSj+9hzVROO5PUQH0PowdjCHrEmdEAF9Gf0VHDIM1SM1IcvtB82K pHATpyx4F8ViHqVj5FHZZphTjUkv83sffiTurKA072JIjirKOaD9OAVXeTJMGS+u Nz3zLhgnuR/DBZirSVWxw0Hqz2AZQUjKhiRWkeoSleWyCA36zkWsWazuCdVpY6K9 6aRZfFAgpMU9kHeS57rH82dlyyWRx2V+NE624mtu6vpZ4GhS3cdNl6g8p+6aA9Si BPed/BVMT4SgpPsnIAJrjFEh27dAPws3A7JyovxmWQ49FSzzkrE= =f3my -END PGP SIGNATURE- pgpeP45V0S7qM.pgp Description: PGP signature --- End Message ---
Bug#1076554: Same here
Same here. Big thanks for the workaround.
Processed: bug 1076554 is forwarded to https://bz.apache.org/bugzilla/show_bug.cgi?id=69160
Processing commands for cont...@bugs.debian.org: > forwarded 1076554 https://bz.apache.org/bugzilla/show_bug.cgi?id=69160 Bug #1076554 [apache2] Regression: error parsing URL //: Invalid host/port Set Bug forwarded-to-address to 'https://bz.apache.org/bugzilla/show_bug.cgi?id=69160'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1076554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076554 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1076554: Regression: error parsing URL //: Invalid host/port
Package: apache2 Version: 2.4.61-1~deb12u1 Severity: important Dear Maintainer, Following DSA 5729-1 (2.4.61-1~deb12u1), access to Sympa broke. User error: Bad Request Log error: AH01059: error parsing URL //: Invalid host/port I believe the issue is related to this line: SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://" This is the default configuration from the sympa Debian package. I get the same result when compiling the debdiff from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076531 (2.4.62) I can work-around the issue by appending 'localhost': SetHandler "proxy:unix:/run/sympa/wwsympa.socket|fcgi://localhost" (but this is still a regression in the stable release :)) -- Package-specific info: -- System Information: Debian Release: 12.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-23-cloud-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin2.4.62-1~deb12u1~local ii apache2-data 2.4.62-1~deb12u1~local ii apache2-utils 2.4.62-1~deb12u1~local ii init-system-helpers1.65.2 ii lsb-base 11.6 ii media-types10.0.0 ii perl 5.36.0-7+deb12u1 ii procps 2:4.0.2-3 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc ii apache2-suexec-pristine 2.4.62-1~deb12u1~local pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.7.2-3 ii libaprutil1 1.6.3-1 ii libaprutil1-dbd-sqlite3 1.6.3-1 ii libaprutil1-ldap 1.6.3-1 ii libbrotli1 1.0.9-2+b6 ii libc62.36-9+deb12u7 ii libcrypt11:4.4.33-2 ii libcurl4 7.88.1-10+deb12u6 ii libjansson4 2.14-2 ii libldap-2.5-02.5.13+dfsg-5 ii liblua5.3-0 5.3.6-2 ii libnghttp2-141.52.0-1+deb12u1 ii libpcre2-8-0 10.42-1 ii libssl3 3.0.13-1~deb12u1 ii libxml2 2.9.14+dfsg-1.3~deb12u1 ii perl 5.36.0-7+deb12u1 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc ii apache2-suexec-pristine 2.4.62-1~deb12u1~local pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.62-1~deb12u1~local ii apache2-bin 2.4.62-1~deb12u1~local -- no debconf information
Processing of apache2_2.4.62-1_sourceonly.changes
apache2_2.4.62-1_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.62-1.dsc apache2_2.4.62.orig.tar.gz apache2_2.4.62.orig.tar.gz.asc apache2_2.4.62-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
apache2_2.4.62-1_sourceonly.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 18 Jul 2024 06:56:52 +0400 Source: apache2 Architecture: source Version: 2.4.62-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.62-1) unstable; urgency=medium . * New upstream version 2.4.62 (Closes: CVE-2024-40725, CVE-2024-40898) Checksums-Sha1: 55e59c0cf275e253e5f9dacda4b24235b4d61b3b 3406 apache2_2.4.62-1.dsc 60fd03e9558c240293372953d9fe01bf74896bb6 9872432 apache2_2.4.62.orig.tar.gz 198dd91f2a30797a1804043c70923b11a9b9ebf3 833 apache2_2.4.62.orig.tar.gz.asc 49863667ac434b591732c97572f3c9f110814dee 821508 apache2_2.4.62-1.debian.tar.xz Checksums-Sha256: f3402309c707a83d4b9a560678d73d1b1b646c8de82239543c7a7c36f6f7c13b 3406 apache2_2.4.62-1.dsc 3e2404d762a2da03560d7ada379ba1599d32f04a0d70ad6ff86f44325f2f062d 9872432 apache2_2.4.62.orig.tar.gz 7765403a937dacb562a0eb15ed11ba85f703d10c6bb8b5630591d18876975963 833 apache2_2.4.62.orig.tar.gz.asc c9579bb9fc67493f2795b50cc73f5c43f413e9a113640e86f7f621e9f42e8692 821508 apache2_2.4.62-1.debian.tar.xz Files: 0ce7c146c8c0145f4bb0b9a56ecb952d 3406 httpd optional apache2_2.4.62-1.dsc 9edaa3bce9534184d505e57d2832b365 9872432 httpd optional apache2_2.4.62.orig.tar.gz 84aecb3166133e56a8cc6d784fc9be64 833 httpd optional apache2_2.4.62.orig.tar.gz.asc c174c937b72f130f6ffe87e2e12a6a86 821508 httpd optional apache2_2.4.62-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaYnbIACgkQ9tdMp8mZ 7ukNFQ//SKDl1RQYwgEbEOSkN7lKfuu6VB4CxdpxDhIXFy4cT5Qmj1mXiE6cBmbl /7YYKO1k/tsW4Tyr8X2/opBPt/OZpqwUaN3AvR/2QoWkK09EV3vzByfomquzyxcc pUafLSUmadgXw7JpNjal62PKc5k5BNjQ012A+oe/fYJP4G2MAUxTH9iPM8zXV311 +KEbHyiyHr9B3xoVVIr5+xKE/YZuyVeg4ZauKAfWtvj7Lystljm9c6XN8PIxdQXL otl10jHeJFKXuDMn8iPOG2OY1QS4DpQQn6Z70XUEfWMStvQ7E3EFMHinseXPnL/G gDr1/x8GAJqcOWOPuP237TkN1JWseVX8QBnYhP2I3+xUnlLoa4QNBHpecLDb549m jX3RDR6v9e0kxUz2uXhPbrvE8X8Qku0vBV6CbanC5rYvvkimwKklv9laYxag+K8B 2iJ9I+6heTqmxZehHnwIxYiXiABe3nRJxTEuQhcgWD08+wTetwaDbQ3VlVmhaPrW sMXE/SgLP5w5xw4MG/uJ2pp7H0EcZh0BwrIVFtLTQkgARizwpaFXzae+yyDPhQF+ RI64uz+9XMp3logBodJdK+2ENtT1bB6l5jq1VCDq37NryIiA7i0gpxla++iYvZUJ mZPBJK/+Ftzxk1uGgdVS4xRb7ZB/XJzO3/skNK+ApfKOLL+AWvQ= =K05P -END PGP SIGNATURE- pgp2cM4pbUd2k.pgp Description: PGP signature
apache2_2.4.61-1~deb11u1_sourceonly.changes ACCEPTED into oldstable-proposed-updates
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2024 16:53:54 +0400 Source: apache2 Architecture: source Version: 2.4.61-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.61-1~deb11u1) bullseye-security; urgency=medium . * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884) * Update test framework * Unfuzz patches Checksums-Sha1: d59e355796851ebbac1aefb065049bdd721ffe70 3539 apache2_2.4.61-1~deb11u1.dsc 4b4843bd0caf8ffcfea8d7218e00a9fc42455264 9857686 apache2_2.4.61.orig.tar.gz 236edcb1f7905e4fb276402f60b33681127a1db5 833 apache2_2.4.61.orig.tar.gz.asc 19ac3c9263325a243a2ee057f8bdfbd68eb94b0e 814392 apache2_2.4.61-1~deb11u1.debian.tar.xz Checksums-Sha256: db231c294e1398767c9e1b8059f82366a94aaf1a8e69366ac9802de39ffad8c2 3539 apache2_2.4.61-1~deb11u1.dsc ccdc02f78ebf615002dbcab19c8dd9e124b99207b6fed4eecce7562e64c647c9 9857686 apache2_2.4.61.orig.tar.gz 83a5d3832cc0ffe838efa1fe86dd759d8a7d733c97dd06a5fb820e4642c7fc1e 833 apache2_2.4.61.orig.tar.gz.asc ac898d028e0570ab379b5532fa6bf2a97b4288ac3305148ca9a32746fa199c5d 814392 apache2_2.4.61-1~deb11u1.debian.tar.xz Files: 28e863d2d307012642bad82901230dc8 3539 httpd optional apache2_2.4.61-1~deb11u1.dsc 2bca77bb7cd8d73af007d62f5eaf4985 9857686 httpd optional apache2_2.4.61.orig.tar.gz 787e14a0f411491d6566494906e05c00 833 httpd optional apache2_2.4.61.orig.tar.gz.asc 533023abc5dd9c0393e2610c6dd4c6b1 814392 httpd optional apache2_2.4.61-1~deb11u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaKkF8ACgkQ9tdMp8mZ 7ukUnA//aSnLCzdhqSCyP609vqTVFyxbsaS0jSJ3CXtjXgjDjeN+LYUbAtlA+93u JsyK8h/4BWckpffNgYJa3zDpBv+KID2AUlCm7jCNPP2/sISRPvV8DVejvjH46Md3 ILIbU46e58bNiIkZTZWYcaEFKAjriTEeUunZB00/m049TFk3Egr5rxTrx1Irj9hN I4yvdP8vfOR0Oi6nqvJOsor/cetjesFH6SxEFQC7H8uL8ckpYpfcO75wf3T1wX6J i/N4O3/SryNRWiaCsWKTvsfSzV84epZ/fUsjkDXfp13n/P0AURoZ5UNG0lJGPcEK z5Mfo6nxspyTU9RtjV3K5UQ3r2qZJ5YTzTXK/cyv959t1HNi8sK4PiWNxxH3/g8h 46G+2/BXw5e1M903C3nvYt72DNZWLe2dQO5f6LDykaR85rzVVmzD7JbaEvAV3AHe Rw7yrDdPKL670PqRfaAkoVDhgOY6f0hvEggKMuZJjfJODiIkuY2IlIx+McgflYRe GGyu13tkQIWiQ2divu7gzdRGEF5fBJY8pa6Rlkr1DX4B+ezKRgBTDmhZvAMwqpQ7 N/3btbi+tT1jJ0LOZp5N2rdnoKzu+Kck7xpPK4FL/wCrMA983/pEyEc+8oZOt4az yY1arTsqMQXp/64IOl/z/2o9va4y1MrFpCvEQ9U5Bgtre1dl8ew= =J1ax -END PGP SIGNATURE- pgpDwt27xo4LM.pgp Description: PGP signature
apache2_2.4.61-1~deb12u1_sourceonly.changes ACCEPTED into proposed-updates
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2024 16:08:26 +0400 Source: apache2 Architecture: source Version: 2.4.61-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.61-1~deb12u1) bookworm-security; urgency=medium . * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884) * Unfuzz patches Checksums-Sha1: 2ed65c1eae26da3e9041b1a00ddefe4b9c5e6df2 3520 apache2_2.4.61-1~deb12u1.dsc 4b4843bd0caf8ffcfea8d7218e00a9fc42455264 9857686 apache2_2.4.61.orig.tar.gz 236edcb1f7905e4fb276402f60b33681127a1db5 833 apache2_2.4.61.orig.tar.gz.asc 32a3b1af8b36e611ca1641a17623d05f0d67db37 819888 apache2_2.4.61-1~deb12u1.debian.tar.xz Checksums-Sha256: 315e801cb100d0d8155391c077e0756b85d64f7ebe260c897936c16c795d0a44 3520 apache2_2.4.61-1~deb12u1.dsc ccdc02f78ebf615002dbcab19c8dd9e124b99207b6fed4eecce7562e64c647c9 9857686 apache2_2.4.61.orig.tar.gz 83a5d3832cc0ffe838efa1fe86dd759d8a7d733c97dd06a5fb820e4642c7fc1e 833 apache2_2.4.61.orig.tar.gz.asc 4c8228862e77cb29b84633a98cf61d58e9b8b692a67e41a09bcd5f226d5acfe9 819888 apache2_2.4.61-1~deb12u1.debian.tar.xz Files: 41d08651708e1d539d07d5f1e9d5c5f7 3520 httpd optional apache2_2.4.61-1~deb12u1.dsc 2bca77bb7cd8d73af007d62f5eaf4985 9857686 httpd optional apache2_2.4.61.orig.tar.gz 787e14a0f411491d6566494906e05c00 833 httpd optional apache2_2.4.61.orig.tar.gz.asc 1663ef4b98ef5e91975e7e09dfae472e 819888 httpd optional apache2_2.4.61-1~deb12u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaKhgYACgkQ9tdMp8mZ 7ukFzQ/6Auvlw/txX4oR02YI0k7e7MpWPEUS+I10jrC16Dq0u86vYSG92vFzhjsD Qfc7hnYKVv8kKaKgV51vr5/GrZ6l/g0PZq2gdSllfeUgYJW/bsCldsLziIh7NcHB yByoeaFoh6ZSPr8tx0DanTrJWW53PcyKlqBqq7M8m/KB0u9tjj/K0goc6dRUjnaA LM6UirwfZvkaAD5Pb8QTCG1heS9WpoR3WjKd11Fe5GW/h7V2vj09PnhIJDqoQZfL bZO1ODDOPHnOV/6g7oJZmc1FdtBZpYipt7S5PmhOHQ1fWwbB64y+FsGl23mZIJYA 1Mh8gjOV8VBHD/ePG1HwXo43X+BM7VB4HR5g8ll+i2AZzSsil/e4tC8VgA74jeXu 5YXGbcpLSsWShPU22MdKzdAgAvBCMK8xY0k7Jzd8NURKIAM4ZRlsZS4fnXcmVKD3 C479dBvqRBtbaLASoc8I2KIXF4kWu3tUVTpTnBJjoCTKSsXJZPveSSgLkHxrfsTO 7WMgLqVjcJu1smS/ZLyO9ypuocOagjoxACOmmBEmBpVBPgHqKZPY2tngd735CuCc Tp5JOOJ7Hjxvj944aJJdpi1tyGApXGj2aJ9KUKT3785eTFyUSSxYpmvAJAUJL4To ajJGuGnod33N8fN5wC752F3HpYpUV8nSYHN+rHKQWEXQbj8U5oI= =teFA -END PGP SIGNATURE- pgpFq_ntjof0a.pgp Description: PGP signature
Processed: apache2-utils,merecat: install program with same name (htpasswd)
Processing control commands: > block 1075856 by -1 Bug #1075856 [debian-policy] Clarify filename conflicts for programs 1075856 was blocked by: 1076215 1076220 1076221 1076216 1076224 1076219 1076218 1076222 1076217 1076223 1075856 was not blocking any bugs. Added blocking bug(s) of 1075856: 1076225 -- 1075856: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075856 1076225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076225 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1076225: apache2-utils,merecat: install program with same name (htpasswd)
Package: apache2-utils,merecat Control: block 1075856 by -1 Hi, your packages apache2-utils and merecat both install a program named "htpasswd", although in different components of the PATH. As this is confusing and a possible source of bugs, policy bug #1075856 wants to outlaw this. Please find a solution for your packages. Ideas: 1) if one of the programs is an internal implementation detail of the package, install it into a private path in /usr/lib instead. 2) rename one of the programs 3) rename both of the programs 4) given your packages install programs providing similar features, maybe Conflicts: is also appropriate. Thanks, Chris
apache2_2.4.61-1~deb12u1_sourceonly.changes ACCEPTED into proposed-updates->stable-new
Thank you for your contribution to Debian. Mapping stable-security to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2024 16:08:26 +0400 Source: apache2 Architecture: source Version: 2.4.61-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.61-1~deb12u1) bookworm-security; urgency=medium . * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884) * Unfuzz patches Checksums-Sha1: 2ed65c1eae26da3e9041b1a00ddefe4b9c5e6df2 3520 apache2_2.4.61-1~deb12u1.dsc 4b4843bd0caf8ffcfea8d7218e00a9fc42455264 9857686 apache2_2.4.61.orig.tar.gz 236edcb1f7905e4fb276402f60b33681127a1db5 833 apache2_2.4.61.orig.tar.gz.asc 32a3b1af8b36e611ca1641a17623d05f0d67db37 819888 apache2_2.4.61-1~deb12u1.debian.tar.xz Checksums-Sha256: 315e801cb100d0d8155391c077e0756b85d64f7ebe260c897936c16c795d0a44 3520 apache2_2.4.61-1~deb12u1.dsc ccdc02f78ebf615002dbcab19c8dd9e124b99207b6fed4eecce7562e64c647c9 9857686 apache2_2.4.61.orig.tar.gz 83a5d3832cc0ffe838efa1fe86dd759d8a7d733c97dd06a5fb820e4642c7fc1e 833 apache2_2.4.61.orig.tar.gz.asc 4c8228862e77cb29b84633a98cf61d58e9b8b692a67e41a09bcd5f226d5acfe9 819888 apache2_2.4.61-1~deb12u1.debian.tar.xz Files: 41d08651708e1d539d07d5f1e9d5c5f7 3520 httpd optional apache2_2.4.61-1~deb12u1.dsc 2bca77bb7cd8d73af007d62f5eaf4985 9857686 httpd optional apache2_2.4.61.orig.tar.gz 787e14a0f411491d6566494906e05c00 833 httpd optional apache2_2.4.61.orig.tar.gz.asc 1663ef4b98ef5e91975e7e09dfae472e 819888 httpd optional apache2_2.4.61-1~deb12u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaKhgYACgkQ9tdMp8mZ 7ukFzQ/6Auvlw/txX4oR02YI0k7e7MpWPEUS+I10jrC16Dq0u86vYSG92vFzhjsD Qfc7hnYKVv8kKaKgV51vr5/GrZ6l/g0PZq2gdSllfeUgYJW/bsCldsLziIh7NcHB yByoeaFoh6ZSPr8tx0DanTrJWW53PcyKlqBqq7M8m/KB0u9tjj/K0goc6dRUjnaA LM6UirwfZvkaAD5Pb8QTCG1heS9WpoR3WjKd11Fe5GW/h7V2vj09PnhIJDqoQZfL bZO1ODDOPHnOV/6g7oJZmc1FdtBZpYipt7S5PmhOHQ1fWwbB64y+FsGl23mZIJYA 1Mh8gjOV8VBHD/ePG1HwXo43X+BM7VB4HR5g8ll+i2AZzSsil/e4tC8VgA74jeXu 5YXGbcpLSsWShPU22MdKzdAgAvBCMK8xY0k7Jzd8NURKIAM4ZRlsZS4fnXcmVKD3 C479dBvqRBtbaLASoc8I2KIXF4kWu3tUVTpTnBJjoCTKSsXJZPveSSgLkHxrfsTO 7WMgLqVjcJu1smS/ZLyO9ypuocOagjoxACOmmBEmBpVBPgHqKZPY2tngd735CuCc Tp5JOOJ7Hjxvj944aJJdpi1tyGApXGj2aJ9KUKT3785eTFyUSSxYpmvAJAUJL4To ajJGuGnod33N8fN5wC752F3HpYpUV8nSYHN+rHKQWEXQbj8U5oI= =teFA -END PGP SIGNATURE- pgpVuemywS9Rr.pgp Description: PGP signature
apache2_2.4.61-1~deb11u1_sourceonly.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Thank you for your contribution to Debian. Mapping oldstable-security to oldstable-proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2024 16:53:54 +0400 Source: apache2 Architecture: source Version: 2.4.61-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.61-1~deb11u1) bullseye-security; urgency=medium . * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-39884) * Update test framework * Unfuzz patches Checksums-Sha1: d59e355796851ebbac1aefb065049bdd721ffe70 3539 apache2_2.4.61-1~deb11u1.dsc 4b4843bd0caf8ffcfea8d7218e00a9fc42455264 9857686 apache2_2.4.61.orig.tar.gz 236edcb1f7905e4fb276402f60b33681127a1db5 833 apache2_2.4.61.orig.tar.gz.asc 19ac3c9263325a243a2ee057f8bdfbd68eb94b0e 814392 apache2_2.4.61-1~deb11u1.debian.tar.xz Checksums-Sha256: db231c294e1398767c9e1b8059f82366a94aaf1a8e69366ac9802de39ffad8c2 3539 apache2_2.4.61-1~deb11u1.dsc ccdc02f78ebf615002dbcab19c8dd9e124b99207b6fed4eecce7562e64c647c9 9857686 apache2_2.4.61.orig.tar.gz 83a5d3832cc0ffe838efa1fe86dd759d8a7d733c97dd06a5fb820e4642c7fc1e 833 apache2_2.4.61.orig.tar.gz.asc ac898d028e0570ab379b5532fa6bf2a97b4288ac3305148ca9a32746fa199c5d 814392 apache2_2.4.61-1~deb11u1.debian.tar.xz Files: 28e863d2d307012642bad82901230dc8 3539 httpd optional apache2_2.4.61-1~deb11u1.dsc 2bca77bb7cd8d73af007d62f5eaf4985 9857686 httpd optional apache2_2.4.61.orig.tar.gz 787e14a0f411491d6566494906e05c00 833 httpd optional apache2_2.4.61.orig.tar.gz.asc 533023abc5dd9c0393e2610c6dd4c6b1 814392 httpd optional apache2_2.4.61-1~deb11u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaKkF8ACgkQ9tdMp8mZ 7ukUnA//aSnLCzdhqSCyP609vqTVFyxbsaS0jSJ3CXtjXgjDjeN+LYUbAtlA+93u JsyK8h/4BWckpffNgYJa3zDpBv+KID2AUlCm7jCNPP2/sISRPvV8DVejvjH46Md3 ILIbU46e58bNiIkZTZWYcaEFKAjriTEeUunZB00/m049TFk3Egr5rxTrx1Irj9hN I4yvdP8vfOR0Oi6nqvJOsor/cetjesFH6SxEFQC7H8uL8ckpYpfcO75wf3T1wX6J i/N4O3/SryNRWiaCsWKTvsfSzV84epZ/fUsjkDXfp13n/P0AURoZ5UNG0lJGPcEK z5Mfo6nxspyTU9RtjV3K5UQ3r2qZJ5YTzTXK/cyv959t1HNi8sK4PiWNxxH3/g8h 46G+2/BXw5e1M903C3nvYt72DNZWLe2dQO5f6LDykaR85rzVVmzD7JbaEvAV3AHe Rw7yrDdPKL670PqRfaAkoVDhgOY6f0hvEggKMuZJjfJODiIkuY2IlIx+McgflYRe GGyu13tkQIWiQ2divu7gzdRGEF5fBJY8pa6Rlkr1DX4B+ezKRgBTDmhZvAMwqpQ7 N/3btbi+tT1jJ0LOZp5N2rdnoKzu+Kck7xpPK4FL/wCrMA983/pEyEc+8oZOt4az yY1arTsqMQXp/64IOl/z/2o9va4y1MrFpCvEQ9U5Bgtre1dl8ew= =J1ax -END PGP SIGNATURE- pgpkzBJ414V6D.pgp Description: PGP signature
Processing of apache2_2.4.61-1_sourceonly.changes
apache2_2.4.61-1_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.61-1.dsc apache2_2.4.61.orig.tar.gz apache2_2.4.61.orig.tar.gz.asc apache2_2.4.61-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
apache2_2.4.61-1_sourceonly.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 03 Jul 2024 19:22:29 +0400 Source: apache2 Architecture: source Version: 2.4.61-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.61-1) unstable; urgency=medium . * New upstream version 2.4.61 Checksums-Sha1: d6565e0b196187b09890689dbe2046be3cc2d802 3406 apache2_2.4.61-1.dsc 4b4843bd0caf8ffcfea8d7218e00a9fc42455264 9857686 apache2_2.4.61.orig.tar.gz 236edcb1f7905e4fb276402f60b33681127a1db5 833 apache2_2.4.61.orig.tar.gz.asc 0692f4979a06c367595e49a9238b89644b20c0d7 821328 apache2_2.4.61-1.debian.tar.xz Checksums-Sha256: 4c107e6157c33c7e86465364effe1259c4978aa56020f305f4dc2b701d2fa37d 3406 apache2_2.4.61-1.dsc ccdc02f78ebf615002dbcab19c8dd9e124b99207b6fed4eecce7562e64c647c9 9857686 apache2_2.4.61.orig.tar.gz 83a5d3832cc0ffe838efa1fe86dd759d8a7d733c97dd06a5fb820e4642c7fc1e 833 apache2_2.4.61.orig.tar.gz.asc be1ed125586536cffdd9d7c7db05d2445cf916af319879bb6571a7c7a8ab5174 821328 apache2_2.4.61-1.debian.tar.xz Files: 25f2d170d4f20c365b6f5ab043ad831d 3406 httpd optional apache2_2.4.61-1.dsc 2bca77bb7cd8d73af007d62f5eaf4985 9857686 httpd optional apache2_2.4.61.orig.tar.gz 787e14a0f411491d6566494906e05c00 833 httpd optional apache2_2.4.61.orig.tar.gz.asc e199caa476b61948f9dcbf4b8dcab867 821328 httpd optional apache2_2.4.61-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaFbtIACgkQ9tdMp8mZ 7ukEaw//TbL1COJMsFqsvAI76qMhEAZ7v4h6KJgum/vR6rvNmKKSld3LZRmdZHe+ JY/lktvtySUlCyedGIrtv0TZ3Nf1ClXsdg7zdv5Vwomn8GzmYUan4Hn3Xa7dFiXw DcgScw5E7R1tJ/1wF54EjiF6KmRD1cPlDvugg5/QG37SrSAtqXG0qlyQJAqH2h0q rs+fTrn0yacug04hXX1zYLqdV5RoBP5FJEv4Y0JC5fIOeT4xviAzuePdQVm+yygN cJTKC5RpFMUk2qorZmP2y8LW6czn/D62O4ZqC2A1+4lH563il55r+PoJrE9bE4/R 8Npx7pXjKaODjfsqO6pFTzjrCt78ws3X6zA1/iY8dc/4BUGsqpNclkxusI1opXTK YVIFptAgEzQxJr2Pf5IV3Gml0MRlJJDvLlELyVPXM+C+Lyo66cjFpbqUrktqjdrB 89DgZO1XNKBxTZIwzh+2TpUJ62ne/68TlF+qH2QN2fWpqrjrUWoPsik7llvh+tWQ jttqrn1TLrwAXqhHyGwTIhK+JQv/qaKXnl7EkAGKwqs2s3DuyNZgiXQUusrB61Bg KpYPNUaTWQ2DsoSmsGmtxvfpm0nFHFrb5Bng6f2MC80mSLBJkpN35Tu0unUdjchW LORNe+qDCXYROGOuTRtqZPn+euBjBBOAyjVBUe6rY7KW50W3QLE= =mxxT -END PGP SIGNATURE- pgppNYxGz3SKa.pgp Description: PGP signature
Bug#1074812: apr-util: ftbfs with GCC-14
Package: src:apr-util Version: 1.6.3-2 Severity: important Tags: sid trixie User: debian-...@lists.debian.org Usertags: ftbfs-gcc-14 [This bug is targeted to the upcoming trixie release] Please keep this issue open in the bug tracker for the package it was filed for. If a fix in another package is required, please file a bug for the other package (or clone), and add a block in this package. Please keep the issue open until the package can be built in a follow-up test rebuild. The package fails to build in a test rebuild on at least amd64 with gcc-14/g++-14, but succeeds to build with gcc-13/g++-13. The severity of this report will be raised before the trixie release. The full build log can be found at: http://qa-logs.debian.net/2024/07/01/apr-util_1.6.3-2_unstable_gccexp.log The last lines of the build log are at the end of this report. To build with GCC 14, either set CC=gcc-14 CXX=g++-14 explicitly, or install the gcc, g++, gfortran, ... packages from experimental. apt-get -t=experimental install g++ Common build failures are new warnings resulting in build failures with -Werror turned on, or new/dropped symbols in Debian symbols files. For other C/C++ related build failures see the porting guide at http://gcc.gnu.org/gcc-14/porting_to.html [...] checking for ldap_start_tls_s in -lldap... yes checking for ldap_sslinit in -lldap... no checking for ldapssl_init in -lldap... no checking for ldapssl_install_routines in -lldap... no setting LDADD_ldap to "-lldap -llber" checking for ber_init in -llber... yes checking for lber.h... yes checking for ldap.h... yes checking for ldap_ssl.h... no checking for LDAP toolkit... OpenLDAP checking style of ldap_set_rebind_proc routine... three checking for gdbm.h... yes checking for gdbm_open in -lgdbm... yes checking for Berkeley DB 5.3 in the standard places... checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb-5.3... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb5-5.3... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb53... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb-5... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb5... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb... no checking for Berkeley DB 5.3 in /usr/local... checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb-5.3... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb5-5.3... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb53... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb-5... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb5... no checking for db53/db.h... no checking for db5/db.h... no checking for db.h... yes checking for -ldb... no checking for Berkeley DB 5.3 in /usr/local/BerkeleyDB.5.3... directory not found checking for Berkeley DB 5.3 in /boot/home/config... directory not found configure: error: Berkeley db5 not found make[1]: *** [debian/rules:66: override_dh_auto_configure] Error 1 make[1]: Leaving directory '/<>' make: *** [debian/rules:24: build] Error 2 dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
Processing of apache2_2.4.60-1_sourceonly.changes
apache2_2.4.60-1_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.60-1.dsc apache2_2.4.60.orig.tar.gz apache2_2.4.60.orig.tar.gz.asc apache2_2.4.60-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#1071705: marked as done (Add UFW profile integration with apache2)
Your message dated Mon, 01 Jul 2024 14:36:38 +
with message-id
and subject line Bug#1071705: fixed in apache2 2.4.60-1
has caused the Debian Bug report #1071705,
regarding Add UFW profile integration with apache2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071705
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apache2
Version: 2.4.52-1ubuntu4
Severity: wishlist
Tags: patch
In 2008 Ubuntu implemented[1] an Uncomplicated Firewall (UFW) profile for
Apache2. To the best I can tell, this has not yet been proposed to
Debian, although Debian does use ufw.
Are ufw profiles of interest to Debian? If so, would Debian's Apache
maintenace team consider adopting this changeset from Ubuntu?
1: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/261198
>From cc0cadcadda2725d7c6a961f221bf643bddf6032 Mon Sep 17 00:00:00 2001
From: Bryce Harrington
Date: Mon, 18 Jul 2022 17:51:08 -0700
Subject: [PATCH] Add Uncomplicated Firewall (UFW) profiles
---
debian/apache2-utils.ufw.profile | 14 ++
debian/apache2.dirs | 1 +
debian/apache2.install | 1 +
debian/control | 3 ++-
4 files changed, 18 insertions(+), 1 deletion(-)
create mode 100644 debian/apache2-utils.ufw.profile
diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
new file mode 100644
index 0..974a655cd
--- /dev/null
+++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
+[Apache]
+title=Web Server
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=80/tcp
+
+[Apache Secure]
+title=Web Server (HTTPS)
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=443/tcp
+
+[Apache Full]
+title=Web Server (HTTP,HTTPS)
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=80,443/tcp
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 60890130b..1aa6d3c65 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
var/lib/apache2
var/log/apache2
var/www/html
+/etc/ufw/applications.d/apache2
diff --git a/debian/apache2.install b/debian/apache2.install
index b6ad78940..92865fc4e 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf /etc/apache2
debian/config-dir/envvars /etc/apache2
debian/config-dir/magic/etc/apache2
debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
+debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
diff --git a/debian/control b/debian/control
index a5d33f22e..87f1833b2 100644
--- a/debian/control
+++ b/debian/control
@@ -43,7 +43,8 @@ Depends: apache2-bin (= ${binary:Version}),
Recommends: ssl-cert
Suggests: apache2-doc,
apache2-suexec-pristine | apache2-suexec-custom,
- www-browser
+ www-browser,
+ ufw
Pre-Depends: ${misc:Pre-Depends}
Provides: httpd,
httpd-cgi
--
2.34.1
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.60-1
Done: Yadd
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1071...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 01 Jul 2024 18:04:08 +0400
Source: apache2
Built-For-Profiles: nocheck
Architecture: source
Version: 2.4.60-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Yadd
Closes: 1071701 1071705
Changes:
apache2 (2.4.60-1) unstable; urgency=medium
.
[ Bastien Roucariès ]
* Forward port CVE-2023-25690 uwsgi tests
* Fix depends of uwsgi test
* Use python3 uwsgi plugin
* Encode bytes for uwsgi test
.
[ Bryce Harrington ]
* Add UFW profile integration (Closes: #1071705)
.
[Chris Murray]
* Use https instead of http in doc (LP: #2045055)
.
[ Yadd ]
* Bump liblua
Bug#1071701: marked as done (Please build against lua 5.4 instead of lua 5.3)
Your message dated Mon, 01 Jul 2024 14:36:38 + with message-id and subject line Bug#1071701: fixed in apache2 2.4.60-1 has caused the Debian Bug report #1071701, regarding Please build against lua 5.4 instead of lua 5.3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1071701: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071701 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.52-1 Severity: normal X-Debbugs-Cc: Please bump the liblua Build-Dep from liblua5.3-dev to liblua5.4-dev. In Ubuntu we've verified apache2 builds ok with 5.4, and it looks like Debian has lua 5.4 in testing now. (See also Deb #979501 for prior lua bump.) Thank you, Bryce --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.60-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1071...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 01 Jul 2024 18:04:08 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.60-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1071701 1071705 Changes: apache2 (2.4.60-1) unstable; urgency=medium . [ Bastien Roucariès ] * Forward port CVE-2023-25690 uwsgi tests * Fix depends of uwsgi test * Use python3 uwsgi plugin * Encode bytes for uwsgi test . [ Bryce Harrington ] * Add UFW profile integration (Closes: #1071705) . [Chris Murray] * Use https instead of http in doc (LP: #2045055) . [ Yadd ] * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701) * Update test framework * releasing package apache2 version 2.4.59-1~deb12u1 * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573) * Unfuzz patches Checksums-Sha1: 987661e17da85c1580b7af482a880b43c09a1c9d 3406 apache2_2.4.60-1.dsc 09ad4301a9e5d839efd6c4a48d4b6201d7e05d51 9856532 apache2_2.4.60.orig.tar.gz fff1d5619cf7b5afb026354ef901d727318acfcf 833 apache2_2.4.60.orig.tar.gz.asc ba928a1fda594d7b0c5181751bfa5a32dbb07748 821392 apache2_2.4.60-1.debian.tar.xz Checksums-Sha256: 7738c2e9ace35f11154de1a5dccb778632899e8251f003ee6eaafaca3c966bd3 3406 apache2_2.4.60-1.dsc 741554b6f608ac5cbe90d4774d1c3ccb0c251eaf1b087bac359f8146e1465e07 9856532 apache2_2.4.60.orig.tar.gz 58fa0c3090466bee6fb549c23349ffa8bac6a30c4de32d401fbab9a895217edc 833 apache2_2.4.60.orig.tar.gz.asc 161a3ea10530851fd63ee9b8f20886977a5a72d7e198a2ec1dcaf3bba65be1b2 821392 apache2_2.4.60-1.debian.tar.xz Files: 79d26bae8dc9a3f042e7482ed33d9360 3406 httpd optional apache2_2.4.60-1.dsc 6c7ac2cdcb3825550e3318b71dc49472 9856532 httpd optional apache2_2.4.60.orig.tar.gz 4146856a1e05d20e6e12595546ee 833 httpd optional apache2_2.4.60.orig.tar.gz.asc eb8d8d65d4ac18944f11ce10e11a067c 821392 httpd optional apache2_2.4.60-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaCuW0ACgkQ9tdMp8mZ 7ukUrg//b/oaPRWq4xwldK2V9tFw/lsd3XsdLYpRTc2sVyrScWgrFUD5dw7xLLzH nNwrCeLYMDT7puriobyYgDSEeTRa5xWorQdrzx7PcTOxqxVGFZZXsWZchslKTbJO saceacRaUBmZlyTxledRptf0ErBzwQr/QtfqU8mtQsoVCpouPyLxcuiUZ1hvGGGA RYh6LyXsHK2E5K9rVUgYaiOlLrl87vHVa9/CTg7R01Gmtp9jzPzs9rT5hW8QythH VpGNQ2KPhxPEiq7DxOFk4+iZSTa6mpMPI+LIX4+WJFurJWW93vraKJP/1G55m8zv ghfKCvRN1iF8tOFgDns+KVlWVAfxn2U7B3Mz/KN5ymId3pNGg3TgJpcGqVCoHiwS 8FJm/XLEPvCUE5A6aN0hQpQwlz++D1NyPGcpe8ho9ZjlTzu43NwgYOF2lYsNHNwk fkhBN/Kmz4xygRts20iODUzxST6co5DlamzEcZ8WPntU74clS1xNQJ4CubhhY83C jRcOR8nKlF8aaDajLpkSzvFnEkc0eEsIJaI2666OxEzMp+cRggbtKNkf20PTEoN1 9Oh+o+3lFvHkbHOQaOghACuebhRkLk+Z/XcCLICq7e+Hqg+AUp4BH5S3h3UCps+M vPqR3ot/BilN0d4sKQzeviKcSMD+hBG2Pk0dbejAZ8n9aIOaWE4= =3niq -END PGP SIGNATURE- pgpKqczyrOinS.pgp Description: PGP signature --- End Message ---
apache2_2.4.60-1_sourceonly.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 01 Jul 2024 18:04:08 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.60-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1071701 1071705 Changes: apache2 (2.4.60-1) unstable; urgency=medium . [ Bastien Roucariès ] * Forward port CVE-2023-25690 uwsgi tests * Fix depends of uwsgi test * Use python3 uwsgi plugin * Encode bytes for uwsgi test . [ Bryce Harrington ] * Add UFW profile integration (Closes: #1071705) . [Chris Murray] * Use https instead of http in doc (LP: #2045055) . [ Yadd ] * Bump liblua from liblua5.3-dev to liblua5.4-dev (Closes: #1071701) * Update test framework * releasing package apache2 version 2.4.59-1~deb12u1 * New upstream version (CLoses: CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573) * Unfuzz patches Checksums-Sha1: 987661e17da85c1580b7af482a880b43c09a1c9d 3406 apache2_2.4.60-1.dsc 09ad4301a9e5d839efd6c4a48d4b6201d7e05d51 9856532 apache2_2.4.60.orig.tar.gz fff1d5619cf7b5afb026354ef901d727318acfcf 833 apache2_2.4.60.orig.tar.gz.asc ba928a1fda594d7b0c5181751bfa5a32dbb07748 821392 apache2_2.4.60-1.debian.tar.xz Checksums-Sha256: 7738c2e9ace35f11154de1a5dccb778632899e8251f003ee6eaafaca3c966bd3 3406 apache2_2.4.60-1.dsc 741554b6f608ac5cbe90d4774d1c3ccb0c251eaf1b087bac359f8146e1465e07 9856532 apache2_2.4.60.orig.tar.gz 58fa0c3090466bee6fb549c23349ffa8bac6a30c4de32d401fbab9a895217edc 833 apache2_2.4.60.orig.tar.gz.asc 161a3ea10530851fd63ee9b8f20886977a5a72d7e198a2ec1dcaf3bba65be1b2 821392 apache2_2.4.60-1.debian.tar.xz Files: 79d26bae8dc9a3f042e7482ed33d9360 3406 httpd optional apache2_2.4.60-1.dsc 6c7ac2cdcb3825550e3318b71dc49472 9856532 httpd optional apache2_2.4.60.orig.tar.gz 4146856a1e05d20e6e12595546ee 833 httpd optional apache2_2.4.60.orig.tar.gz.asc eb8d8d65d4ac18944f11ce10e11a067c 821392 httpd optional apache2_2.4.60-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmaCuW0ACgkQ9tdMp8mZ 7ukUrg//b/oaPRWq4xwldK2V9tFw/lsd3XsdLYpRTc2sVyrScWgrFUD5dw7xLLzH nNwrCeLYMDT7puriobyYgDSEeTRa5xWorQdrzx7PcTOxqxVGFZZXsWZchslKTbJO saceacRaUBmZlyTxledRptf0ErBzwQr/QtfqU8mtQsoVCpouPyLxcuiUZ1hvGGGA RYh6LyXsHK2E5K9rVUgYaiOlLrl87vHVa9/CTg7R01Gmtp9jzPzs9rT5hW8QythH VpGNQ2KPhxPEiq7DxOFk4+iZSTa6mpMPI+LIX4+WJFurJWW93vraKJP/1G55m8zv ghfKCvRN1iF8tOFgDns+KVlWVAfxn2U7B3Mz/KN5ymId3pNGg3TgJpcGqVCoHiwS 8FJm/XLEPvCUE5A6aN0hQpQwlz++D1NyPGcpe8ho9ZjlTzu43NwgYOF2lYsNHNwk fkhBN/Kmz4xygRts20iODUzxST6co5DlamzEcZ8WPntU74clS1xNQJ4CubhhY83C jRcOR8nKlF8aaDajLpkSzvFnEkc0eEsIJaI2666OxEzMp+cRggbtKNkf20PTEoN1 9Oh+o+3lFvHkbHOQaOghACuebhRkLk+Z/XcCLICq7e+Hqg+AUp4BH5S3h3UCps+M vPqR3ot/BilN0d4sKQzeviKcSMD+hBG2Pk0dbejAZ8n9aIOaWE4= =3niq -END PGP SIGNATURE- pgpex8pGdlQVK.pgp Description: PGP signature
Bug#1074411: apache2-doc : missing "Alias /manual /usr/share/doc/apache2-doc/manual" in /etc/apache2/apache2.conf
Package: apache2-doc
Version: 2.4.56-1~deb11u2
Severity: normal
Dear Maintainer,
The installation of this package should add the following line in
/etc/apache2/apache2.conf and restart the Apache2 server:
Alias /manual /usr/share/doc/apache2-doc/manual
Indeed, the standard homepage (http://localhost) of the Apache2 server contains
a link to manual ("Refer to this for the full documentation. Documentation for
the web server itself can be found by accessing the manual if the apache2-doc
package was installed on this server."), but this link points to nothing when
someone clicks on it.
The alias above gives the solution to this bug.
Can you add that in a new release?
Thanks in advance.
-- System Information:
Debian Release: 11.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-28-amd64 (SMP w/4 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
apache2-doc depends on no packages.
Versions of packages apache2-doc recommends:
ii apache2 2.4.56-1~deb11u2
apache2-doc suggests no packages.
Bug#1074278: --expiration-day option is wrongly parsed
Source: ssl-cert
Version: 1.1.2
Severity: normal
Tags: patch
Dear maintainer,
This is the Debian equivalent of
https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/2069330. When
using make-ssl-cert's --expiration-day option, the code wrongly assigns
to the ${opt_expiration_days} variable the index of the option, instead
of its value.
The fix is simple: we need to use ${OPTARG} instead of ${OPTIND} to
obtain the actual value.
I opened the following MR which contains the proposed fix:
https://salsa.debian.org/apache-team/ssl-cert/-/merge_requests/4
Thanks,
--
Sergio
GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36
Please send encrypted e-mail if possible
https://sergiodj.net/
signature.asc
Description: PGP signature
Bug#1072729: Acknowledgement (apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem)
Hi again, similar issue with .htaccess and .htpasswd - a simple symlink and Apache happily serves the file(s) so the following lines don't really prevent this. --- 8< --- # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # Require all denied --- 8< --- And btw: why not this? --- 8< --- --- 8< --- Regards, Oliver
Bug#1072804: mod_autoindex: should default to XHTML and send the charset in the document
Package: apache2
Version: 2.4.59-1~deb11u1
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: t...@mirbsd.de
The W3C validator is not quite happy with the default directory indicēs.
Applying the following change to its config…
- IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=*
DescriptionWidth=* Charset=UTF-8
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=*
DescriptionWidth=* Charset=UTF-8 XHTML
… makes it a little happier, only one warning left (no HTML
meta element to declare the charset, which would involve
patching the C source to emit…
("\n",
whateverCharsetVar);
… as well (the whateverCharsetVar is the content of the 「Charset=UTF-8」
config from IndexOptions).
-- Package-specific info:
-- System Information:
Debian Release: 11.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500,
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-30-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages apache2 depends on:
ii apache2-bin 2.4.59-1~deb11u1
ii apache2-data 2.4.59-1~deb11u1
ii apache2-utils2.4.59-1~deb11u1
ii dpkg 1.20.13
ii init-system-helpers 1.60
ii lsb-base 11.1.0
ii mime-support 3.66
ii perl 5.32.1-4+deb11u3
ii procps 2:3.3.17-5
Versions of packages apache2 recommends:
ii ssl-cert 1.1.0+nmu1
Versions of packages apache2 suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii lynx [www-browser] 2.9.0rel.1-0.2
Versions of packages apache2-bin depends on:
ii libapr1 1.7.0-6+deb11u2
ii libaprutil1 1.6.1-5+deb11u1
ii libaprutil1-dbd-pgsql1.6.1-5+deb11u1
ii libaprutil1-dbd-sqlite3 1.6.1-5+deb11u1
ii libaprutil1-ldap 1.6.1-5+deb11u1
ii libbrotli1 1.0.9-2+b2
ii libc62.31-13+deb11u10
ii libcrypt11:4.4.18-4
ii libcurl4 7.88.1-10+deb12u5~bpo11+0wtf1
ii libjansson4 2.13.1-1.1
ii libldap-2.4-22.4.57+dfsg-3+deb11u1
ii liblua5.3-0 5.3.3-1.1+deb11u1
ii libnghttp2-141.43.0-1+deb11u1
ii libpcre3 2:8.39-13
ii libssl1.11.1.1w-0+deb11u1
ii libxml2 2.9.10+dfsg-6.7+deb11u4
ii perl 5.32.1-4+deb11u3
ii zlib1g 1:1.2.11.dfsg-2+deb11u2
Versions of packages apache2-bin suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii lynx [www-browser] 2.9.0rel.1-0.2
Versions of packages apache2 is related to:
ii apache2 2.4.59-1~deb11u1
ii apache2-bin 2.4.59-1~deb11u1
-- Configuration Files:
/etc/apache2/conf-available/charset.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/mods-available/autoindex.conf changed [not included]
/etc/apache2/mods-available/mpm_prefork.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]
/etc/apache2/sites-available/default-ssl.conf changed [not included]
/etc/logrotate.d/apache2 changed [not included]
-- no debconf information
Bug#1072737: ssl-cert: expiration-day wrongly handled
Package: ssl-cert
Version: 1.1.2
Severity: normal
Dear Maintainer,
expiration-day is wrongly handled, if set it is 3 days instead of the value
given. In the script ${OPTIND} should be replaced by ${OPTARG}
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-21-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ssl-cert depends on:
ii adduser3.134
ii debconf [debconf-2.0] 1.5.82
ii openssl3.0.11-1~deb12u2
ssl-cert recommends no packages.
ssl-cert suggests no packages.
-- debconf information:
make-ssl-cert/altname:
make-ssl-cert/hostname: localhost
make-ssl-cert/vulnerable_prng:
make-ssl-cert/title:
Bug#1072729: apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem
Package: apache2 Version: 2.4.59-1~deb12u1 Hi, I *think* the comment above the directive is misleading in the default /etc/apache2/apache2.conf: --- 8< --- # Sets the default security model of the Apache2 HTTPD server. It does # not allow access to the root filesystem outside of /usr/share and /var/www. # The former is used by web applications packaged in Debian, # the latter may be used for local directories served by the web server. If # your system is serving content from a sub-directory in /srv you must allow # access here, or in any related virtual host. Options FollowSymLinks AllowOverride None Require all denied AllowOverride None Require all granted Options Indexes FollowSymLinks AllowOverride None Require all granted --- 8< --- Placing a symlink pointing e.g. to /etc in the /var/www/html/ directory (e.g. 'ln -s /etc /var/www/html/foo') happily shows the content of /etc/ when accessing http:///foo while the comment above suggests it doesn't. From apache2 documentation this is expected(?) so I think the comment in the configuration file is misleading. I *guess* this is not limited to the current version. Regards, Oliver
Processed: Bug#1071705 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1071705 [src:apache2] Add UFW profile integration with apache2 Added tag(s) pending. -- 1071705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1071701 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1071701 [src:apache2] Please build against lua 5.4 instead of lua 5.3 Added tag(s) pending. -- 1071701: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071701 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1071705: Add UFW profile integration with apache2
Source: apache2
Version: 2.4.52-1ubuntu4
Severity: wishlist
Tags: patch
In 2008 Ubuntu implemented[1] an Uncomplicated Firewall (UFW) profile for
Apache2. To the best I can tell, this has not yet been proposed to
Debian, although Debian does use ufw.
Are ufw profiles of interest to Debian? If so, would Debian's Apache
maintenace team consider adopting this changeset from Ubuntu?
1: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/261198
>From cc0cadcadda2725d7c6a961f221bf643bddf6032 Mon Sep 17 00:00:00 2001
From: Bryce Harrington
Date: Mon, 18 Jul 2022 17:51:08 -0700
Subject: [PATCH] Add Uncomplicated Firewall (UFW) profiles
---
debian/apache2-utils.ufw.profile | 14 ++
debian/apache2.dirs | 1 +
debian/apache2.install | 1 +
debian/control | 3 ++-
4 files changed, 18 insertions(+), 1 deletion(-)
create mode 100644 debian/apache2-utils.ufw.profile
diff --git a/debian/apache2-utils.ufw.profile b/debian/apache2-utils.ufw.profile
new file mode 100644
index 0..974a655cd
--- /dev/null
+++ b/debian/apache2-utils.ufw.profile
@@ -0,0 +1,14 @@
+[Apache]
+title=Web Server
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=80/tcp
+
+[Apache Secure]
+title=Web Server (HTTPS)
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=443/tcp
+
+[Apache Full]
+title=Web Server (HTTP,HTTPS)
+description=Apache v2 is the next generation of the omnipresent Apache web server.
+ports=80,443/tcp
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 60890130b..1aa6d3c65 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -10,3 +10,4 @@ var/cache/apache2/mod_cache_disk
var/lib/apache2
var/log/apache2
var/www/html
+/etc/ufw/applications.d/apache2
diff --git a/debian/apache2.install b/debian/apache2.install
index b6ad78940..92865fc4e 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -8,3 +8,4 @@ debian/config-dir/*.conf /etc/apache2
debian/config-dir/envvars /etc/apache2
debian/config-dir/magic/etc/apache2
debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
+debian/apache2-utils.ufw.profile /etc/ufw/applications.d/
diff --git a/debian/control b/debian/control
index a5d33f22e..87f1833b2 100644
--- a/debian/control
+++ b/debian/control
@@ -43,7 +43,8 @@ Depends: apache2-bin (= ${binary:Version}),
Recommends: ssl-cert
Suggests: apache2-doc,
apache2-suexec-pristine | apache2-suexec-custom,
- www-browser
+ www-browser,
+ ufw
Pre-Depends: ${misc:Pre-Depends}
Provides: httpd,
httpd-cgi
--
2.34.1
Bug#1071701: Please build against lua 5.4 instead of lua 5.3
Source: apache2 Version: 2.4.52-1 Severity: normal X-Debbugs-Cc: Please bump the liblua Build-Dep from liblua5.3-dev to liblua5.4-dev. In Ubuntu we've verified apache2 builds ok with 5.4, and it looks like Debian has lua 5.4 in testing now. (See also Deb #979501 for prior lua bump.) Thank you, Bryce
Bug#1071596: marked as done (apache2: envvars evaluates string in conditional instead of testing for empty string)
Your message dated Wed, 22 May 2024 13:25:14 -0700
with message-id
and subject line Re: Bug#1071596: apache2: envvars evaluates string in
conditional instead of testing for empty string
has caused the Debian Bug report #1071596,
regarding apache2: envvars evaluates string in conditional instead of testing
for empty string
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1071596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071596
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.4.59-1~deb12u1
Severity: normal
Dear Maintainer,
`envvars` evaluates string in conditional instead of testing for empty string.
`apachectl` calls `envvars` which shows a syntax error despite working:
root@nodeo:/etc/letsencrypt# apachectl configtest
/usr/sbin/apachectl: 6: [: /etc/apache2: unexpected operator
Syntax OK
If I change this line in `envvars`:
if [ "${APACHE_CONFDIR}" == "" ]; then
export APACHE_CONFDIR=/etc/apache2
fi
to this:
if [ -z ${APACHE_CONFDIR} ]; then
export APACHE_CONFDIR=/etc/apache2
fi
... then it works.
It's trying to evaluate `/etc/apache2` as a command? Weird.
PATH seems totally normal.
Mark
-- Package-specific info:
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-21-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin2.4.59-1~deb12u1
ii apache2-data 2.4.59-1~deb12u1
ii apache2-utils 2.4.59-1~deb12u1
ii init-system-helpers1.65.2
ii lsb-base 11.6
ii media-types10.0.0
ii perl 5.36.0-7+deb12u1
ii procps 2:4.0.2-3
ii sysvinit-utils [lsb-base] 3.06-4
Versions of packages apache2 recommends:
ii ssl-cert 1.1.2
Versions of packages apache2 suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii chromium [www-browser] 125.0.6422.60-1~deb12u1
Versions of packages apache2-bin depends on:
ii libapr1 1.7.2-3
ii libaprutil1 1.6.3-1
ii libaprutil1-dbd-sqlite3 1.6.3-1
ii libaprutil1-ldap 1.6.3-1
ii libbrotli1 1.0.9-2+b6
ii libc62.36-9+deb12u7
ii libcrypt11:4.4.33-2
ii libcurl4 7.88.1-10+deb12u5
ii libjansson4 2.14-2
ii libldap-2.5-02.5.13+dfsg-5
ii liblua5.3-0 5.3.6-2
ii libnghttp2-141.52.0-1+deb12u1
ii libpcre2-8-0 10.42-1
ii libssl3 3.0.11-1~deb12u2
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii perl 5.36.0-7+deb12u1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages apache2-bin suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii chromium [www-browser] 125.0.6422.60-1~deb12u1
Versions of packages apache2 is related to:
ii apache2 2.4.59-1~deb12u1
ii apache2-bin 2.4.59-1~deb12u1
-- Configuration Files:
/etc/apache2/apache2.conf changed:
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
Options FollowSymLinks
AllowOverride None
Require all denied
AllowOverride None
Require all granted
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
AccessFileName .htaccess
Require all denied
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
/etc/apache2/envvars changed:
unset HOME
if [ -z
Bug#1071596: apache2: envvars evaluates string in conditional instead of testing for empty string
Weird. I'll have to reinstall apache2. Maybe I edited it long ago to
debug it, forgot a space, and it got stuck by debconf picking my
version on upgrades instead of the package maintainer's. Thanks.
On Wed, May 22, 2024 at 12:38 PM Stefan Fritsch wrote:
>
> Hi Mark,
>
> Am 21.05.24 um 22:30 schrieb Mark Hedges:
> > Package: apache2
> > Version: 2.4.59-1~deb12u1
> > Severity: normal
> >
> > Dear Maintainer,
> >
> > `envvars` evaluates string in conditional instead of testing for empty
> > string.
> >
> > `apachectl` calls `envvars` which shows a syntax error despite working:
> >
> > root@nodeo:/etc/letsencrypt# apachectl configtest
> > /usr/sbin/apachectl: 6: [: /etc/apache2: unexpected operator
> > Syntax OK
> >
> > If I change this line in `envvars`:
> >
> > if [ "${APACHE_CONFDIR}" == "" ]; then
> >export APACHE_CONFDIR=/etc/apache2
> > fi
>
> This snippet is not in the original file from the apache2 package.
> Compare to
> https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/config-dir/envvars?ref_type=heads
>
> Either you or some package or script has changed the file. If you have
> etckeeper you could dig in the logs.
>
> Cheers,
> Stefan
>
> >
> > to this:
> >
> > if [ -z ${APACHE_CONFDIR} ]; then
> >export APACHE_CONFDIR=/etc/apache2
> > fi
> >
> > ... then it works.
> >
> > It's trying to evaluate `/etc/apache2` as a command? Weird.
> >
> > PATH seems totally normal.
> >
> > Mark
> >
> > -- Package-specific info:
> >
> > -- System Information:
> > Debian Release: 12.5
> >APT prefers stable-updates
> >APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
> > 'stable')
> > Architecture: amd64 (x86_64)
> >
> > Kernel: Linux 6.1.0-21-amd64 (SMP w/1 CPU thread; PREEMPT)
> > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE
> > not set
> > Shell: /bin/sh linked to /usr/bin/dash
> > Init: systemd (via /run/systemd/system)
> > LSM: AppArmor: enabled
> >
> > Versions of packages apache2 depends on:
> > ii apache2-bin2.4.59-1~deb12u1
> > ii apache2-data 2.4.59-1~deb12u1
> > ii apache2-utils 2.4.59-1~deb12u1
> > ii init-system-helpers1.65.2
> > ii lsb-base 11.6
> > ii media-types10.0.0
> > ii perl 5.36.0-7+deb12u1
> > ii procps 2:4.0.2-3
> > ii sysvinit-utils [lsb-base] 3.06-4
> >
> > Versions of packages apache2 recommends:
> > ii ssl-cert 1.1.2
> >
> > Versions of packages apache2 suggests:
> > pn apache2-doc
> > pn apache2-suexec-pristine | apache2-suexec-custom
> > ii chromium [www-browser] 125.0.6422.60-1~deb12u1
> >
> > Versions of packages apache2-bin depends on:
> > ii libapr1 1.7.2-3
> > ii libaprutil1 1.6.3-1
> > ii libaprutil1-dbd-sqlite3 1.6.3-1
> > ii libaprutil1-ldap 1.6.3-1
> > ii libbrotli1 1.0.9-2+b6
> > ii libc62.36-9+deb12u7
> > ii libcrypt11:4.4.33-2
> > ii libcurl4 7.88.1-10+deb12u5
> > ii libjansson4 2.14-2
> > ii libldap-2.5-02.5.13+dfsg-5
> > ii liblua5.3-0 5.3.6-2
> > ii libnghttp2-141.52.0-1+deb12u1
> > ii libpcre2-8-0 10.42-1
> > ii libssl3 3.0.11-1~deb12u2
> > ii libxml2 2.9.14+dfsg-1.3~deb12u1
> > ii perl 5.36.0-7+deb12u1
> > ii zlib1g 1:1.2.13.dfsg-1
> >
> > Versions of packages apache2-bin suggests:
> > pn apache2-doc
> > pn apache2-suexec-pristine | apache2-suexec-custom
> > ii chromium [www-browser] 125.0.6422.60-1~deb12u1
> >
> > Versions of packages apache2 is related to:
> > ii apache2 2.4.59-1~deb12u1
> > ii apache2-bin 2.4.59-1~deb12u1
> >
> > -- Configuration Files:
> > /etc/apache2/apache2.conf changed:
> > DefaultRuntimeDir ${APACHE_RUN_DIR}
> > PidFile ${APACHE_PID_FILE}
> > Timeout 300
> > KeepAlive On
> > MaxKeepAliveRequests 100
> > KeepAliveTimeout 5
> > User ${APACHE_RUN_USER}
> > Group ${APACHE_RUN_GROUP}
> > HostnameLookups Off
> > ErrorLog ${APACHE_LOG_DIR}/error.log
> > LogLevel warn
> > IncludeOptional mods-enabled/*.load
> > IncludeOptional mods-enabled/*.conf
> > Include ports.conf
> >
> > Options FollowSymLinks
> > AllowOverride None
> > Require all denied
> >
> >
> > AllowOverride None
> > Require all granted
> >
> >
> > Options Indexes FollowSymLinks
> > AllowOverride None
> > Require all granted
> >
> > AccessFileName .htaccess
> >
> > Require all denied
> >
> > LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
> > \"%{User-Agent}i\"" vhost_combined
> > LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
> > combined
> > LogFormat
Bug#1071596: apache2: envvars evaluates string in conditional instead of testing for empty string
Hi Mark,
Am 21.05.24 um 22:30 schrieb Mark Hedges:
Package: apache2
Version: 2.4.59-1~deb12u1
Severity: normal
Dear Maintainer,
`envvars` evaluates string in conditional instead of testing for empty string.
`apachectl` calls `envvars` which shows a syntax error despite working:
root@nodeo:/etc/letsencrypt# apachectl configtest
/usr/sbin/apachectl: 6: [: /etc/apache2: unexpected operator
Syntax OK
If I change this line in `envvars`:
if [ "${APACHE_CONFDIR}" == "" ]; then
export APACHE_CONFDIR=/etc/apache2
fi
This snippet is not in the original file from the apache2 package.
Compare to
https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/config-dir/envvars?ref_type=heads
Either you or some package or script has changed the file. If you have
etckeeper you could dig in the logs.
Cheers,
Stefan
to this:
if [ -z ${APACHE_CONFDIR} ]; then
export APACHE_CONFDIR=/etc/apache2
fi
... then it works.
It's trying to evaluate `/etc/apache2` as a command? Weird.
PATH seems totally normal.
Mark
-- Package-specific info:
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-21-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin2.4.59-1~deb12u1
ii apache2-data 2.4.59-1~deb12u1
ii apache2-utils 2.4.59-1~deb12u1
ii init-system-helpers1.65.2
ii lsb-base 11.6
ii media-types10.0.0
ii perl 5.36.0-7+deb12u1
ii procps 2:4.0.2-3
ii sysvinit-utils [lsb-base] 3.06-4
Versions of packages apache2 recommends:
ii ssl-cert 1.1.2
Versions of packages apache2 suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii chromium [www-browser] 125.0.6422.60-1~deb12u1
Versions of packages apache2-bin depends on:
ii libapr1 1.7.2-3
ii libaprutil1 1.6.3-1
ii libaprutil1-dbd-sqlite3 1.6.3-1
ii libaprutil1-ldap 1.6.3-1
ii libbrotli1 1.0.9-2+b6
ii libc62.36-9+deb12u7
ii libcrypt11:4.4.33-2
ii libcurl4 7.88.1-10+deb12u5
ii libjansson4 2.14-2
ii libldap-2.5-02.5.13+dfsg-5
ii liblua5.3-0 5.3.6-2
ii libnghttp2-141.52.0-1+deb12u1
ii libpcre2-8-0 10.42-1
ii libssl3 3.0.11-1~deb12u2
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii perl 5.36.0-7+deb12u1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages apache2-bin suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii chromium [www-browser] 125.0.6422.60-1~deb12u1
Versions of packages apache2 is related to:
ii apache2 2.4.59-1~deb12u1
ii apache2-bin 2.4.59-1~deb12u1
-- Configuration Files:
/etc/apache2/apache2.conf changed:
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
Options FollowSymLinks
AllowOverride None
Require all denied
AllowOverride None
Require all granted
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
AccessFileName .htaccess
Require all denied
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
/etc/apache2/envvars changed:
unset HOME
if [ -z "${APACHE_CONFDIR}" ]; then
export APACHE_CONFDIR=/etc/apache2
fi
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
export LANG=C
export LANG
-- no debconf information
Bug#1071596: apache2: envvars evaluates string in conditional instead of testing for empty string
Package: apache2
Version: 2.4.59-1~deb12u1
Severity: normal
Dear Maintainer,
`envvars` evaluates string in conditional instead of testing for empty string.
`apachectl` calls `envvars` which shows a syntax error despite working:
root@nodeo:/etc/letsencrypt# apachectl configtest
/usr/sbin/apachectl: 6: [: /etc/apache2: unexpected operator
Syntax OK
If I change this line in `envvars`:
if [ "${APACHE_CONFDIR}" == "" ]; then
export APACHE_CONFDIR=/etc/apache2
fi
to this:
if [ -z ${APACHE_CONFDIR} ]; then
export APACHE_CONFDIR=/etc/apache2
fi
... then it works.
It's trying to evaluate `/etc/apache2` as a command? Weird.
PATH seems totally normal.
Mark
-- Package-specific info:
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-21-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin2.4.59-1~deb12u1
ii apache2-data 2.4.59-1~deb12u1
ii apache2-utils 2.4.59-1~deb12u1
ii init-system-helpers1.65.2
ii lsb-base 11.6
ii media-types10.0.0
ii perl 5.36.0-7+deb12u1
ii procps 2:4.0.2-3
ii sysvinit-utils [lsb-base] 3.06-4
Versions of packages apache2 recommends:
ii ssl-cert 1.1.2
Versions of packages apache2 suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii chromium [www-browser] 125.0.6422.60-1~deb12u1
Versions of packages apache2-bin depends on:
ii libapr1 1.7.2-3
ii libaprutil1 1.6.3-1
ii libaprutil1-dbd-sqlite3 1.6.3-1
ii libaprutil1-ldap 1.6.3-1
ii libbrotli1 1.0.9-2+b6
ii libc62.36-9+deb12u7
ii libcrypt11:4.4.33-2
ii libcurl4 7.88.1-10+deb12u5
ii libjansson4 2.14-2
ii libldap-2.5-02.5.13+dfsg-5
ii liblua5.3-0 5.3.6-2
ii libnghttp2-141.52.0-1+deb12u1
ii libpcre2-8-0 10.42-1
ii libssl3 3.0.11-1~deb12u2
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii perl 5.36.0-7+deb12u1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages apache2-bin suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii chromium [www-browser] 125.0.6422.60-1~deb12u1
Versions of packages apache2 is related to:
ii apache2 2.4.59-1~deb12u1
ii apache2-bin 2.4.59-1~deb12u1
-- Configuration Files:
/etc/apache2/apache2.conf changed:
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
Options FollowSymLinks
AllowOverride None
Require all denied
AllowOverride None
Require all granted
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
AccessFileName .htaccess
Require all denied
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
/etc/apache2/envvars changed:
unset HOME
if [ -z "${APACHE_CONFDIR}" ]; then
export APACHE_CONFDIR=/etc/apache2
fi
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
export LANG=C
export LANG
-- no debconf information
Instalacja pv
Dzień dobry, czy są Państwo otwarci na niezobowiązującą rozmowę na temat fotowoltaiki? Jako firma specjalizująca się w instalacji i serwisie najlepszych jakościowo paneli słonecznych na rynku chciałbym przedstawić propozycję, jaką wspólnie z zespołem przygotowaliśmy dla Państwa obiektu. Będę wdzięczny za wiadomość od Państwa czy możemy porozmawiać. Pozdrawiam Konrad Zieliński
Productes
Hola, som el fabricant líder a Europa en la indústria domèstica. T'interessa ampliar la teva oferta amb accessoris de cuina i productes de neteja d'alta qualitat que augmentaran les teves vendes? Oferim preus a l'engròs atractius, que us permeten aconseguir marges satisfactoris. Vols comprovar què et podem oferir? Atentamente Fabio Capo
Bug#1071102: apache2: apache 2.4.59 error of handling HTTPS 100 Continue POST CGI responces
Package: apache2
Version: 2.4.59-1~deb12u1
Severity: normal
Dear Maintainer,
apache 2.4.59 is send correct 100 Continue responce by HTTP, but not by HTTPS.
Sample html POST form is in 100c.htm, sample bash script is in 100c.cgi
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- Package-specific info:
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-21-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin2.4.59-1~deb12u1
ii apache2-data 2.4.59-1~deb12u1
ii apache2-utils 2.4.59-1~deb12u1
ii init-system-helpers1.65.2
ii lsb-base 11.6
ii media-types10.0.0
ii perl 5.36.0-7+deb12u1
ii procps 2:4.0.2-3
ii sysvinit-utils [lsb-base] 3.06-4
Versions of packages apache2 recommends:
ii ssl-cert 1.1.2
Versions of packages apache2 suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii lynx [www-browser] 2.9.0dev.12-1
Versions of packages apache2-bin depends on:
ii libapr1 1.7.2-3
ii libaprutil1 1.6.3-1
ii libaprutil1-dbd-sqlite3 1.6.3-1
ii libaprutil1-ldap 1.6.3-1
ii libbrotli1 1.0.9-2+b6
ii libc62.36-9+deb12u7
ii libcrypt11:4.4.33-2
ii libcurl4 7.88.1-10+deb12u5
ii libjansson4 2.14-2
ii libldap-2.5-02.5.13+dfsg-5
ii liblua5.3-0 5.3.6-2
ii libnghttp2-141.52.0-1+deb12u1
ii libpcre2-8-0 10.42-1
ii libssl3 3.0.11-1~deb12u2
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii perl 5.36.0-7+deb12u1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages apache2-bin suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec-custom
ii lynx [www-browser] 2.9.0dev.12-1
Versions of packages apache2 is related to:
ii apache2 2.4.59-1~deb12u1
ii apache2-bin 2.4.59-1~deb12u1
-- Configuration Files:
/etc/apache2/apache2.conf changed:
ServerRoot "/etc/apache2"
Mutex file:${APACHE_LOCK_DIR} default
DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 1000
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog /var/log/httpd/error.log
LogLevel warn
NoProxy "maasoftware.ru" "192.162.244.247/32" "192.162.244.248/32"
"[2a13:3d80:0:6::d]/128" "[2a13:3d80:0:6::e]/128"
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
SetHandler application/x-httpd-php
Include ports.conf
AccessFileName .htaccess
Require all denied
LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
vhost_combined
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%a %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
ServerAdmin supp...@maasoftware.ru
ServerName maasoftware.ru:80
DocumentRoot "/var/www"
Options FollowSymLinks
AllowOverride None
#Order deny,allow
#Deny from all
Require all denied
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
#
# Controls who can get stuff from this server.
#
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Sun, 05 May 2024 19:17:41 + with message-id and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb11u1 has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1~deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:08:04 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Drop 2.4.56-regression patches * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Install NOTICE files * Update test framework * Refresh patches Checksums-Sha1: b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 8d3d9c0ec949faa3683bc395b0955584347323a6 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz 651b4de4722fb3cf7331e0df7147738b7015bf89 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb 46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212 apache2-data_2.4.59-1~deb11u1_all.deb 7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb
apache2_2.4.59-1~deb11u1_amd64.changes ACCEPTED into oldstable-proposed-updates
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:08:04 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Drop 2.4.56-regression patches * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Install NOTICE files * Update test framework * Refresh patches Checksums-Sha1: b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 8d3d9c0ec949faa3683bc395b0955584347323a6 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz 651b4de4722fb3cf7331e0df7147738b7015bf89 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb 46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212 apache2-data_2.4.59-1~deb11u1_all.deb 7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb a74bbd0f3c77d93b2933e9a7ca2c4daef09767ae 4085344 apache2-doc_2.4.59-1~deb11u1_all.deb 6b04306349ed3dab9a9baae0bb6ecc733d87101e 3148 apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb 592c2db4a61122edf71651806dab471f3c4fd523 12348 apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb c8d55c5c2d152295a8f052afb4687b4c608010b6 203964 apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb f15301bcdfa07e497b13d2e2b63f72b8b1b5e8d1 11140 apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb 32bca066d4c74d879a47c9695eba65305ce40beb 202404 apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb c96298d3153025ee40865dc3114cde0cdc768cd2 115748 apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb 9d40390c27ffcfb4291074e8da52e85d7c1542a4 271100 apache2-utils_2.4.59-1~deb11u1_amd64.deb b6c21fd9d72ce97e5bed90e742367bd956752d4e 12690 apache2_2.4.59-1~deb11u1_amd64.buildinfo cdb3c0c6f59f347ab1a5a05759bb0da7a886a1fa 283732 apache2_2.4.59-1~deb11u1_amd64.deb dba70fb6f094395bf44685af6de02efbb9112f4b 956 libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb 93d5d7eda14453906d757151f463cae78d545069 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb Checksums-Sha256: 778f49efe1aab7caa9446c4027664cbc77c9b54d4f11e69fc1b1e3f4725e8b77 3539 apache2_2.4.59-1~deb11u1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 04df061eedac33928a93afe996a9839e83a5daddc5ee53088a0bb37090ed9331 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz fde3f605f2591fc8ec3ef50cc3fa13e318060fe51f5fa5253654889a48989c36 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb a8b9c67f1f198511d1769ea1d181950c329b82110812515fcc126da12d78ac55 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 701dd3e0bae253b68d9ee12165c67557fc9b9bd485c7d6306410754dd5606ddc 160212 apache2-data_2.4.59-1~deb11u1_all.deb 81082a7e4bb4a469dba94655c5a28cfa215b1aeb189244066904be9eb3670f4b 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb 364ea71d4666f290d80692d9104e1c021380e677821b15bcdb79888be017261f 4085344 apache2-doc_2.4.59-1~deb11u1_all.deb 49a7fd50c283a3a039e59ab3c14702ecb2cff94296ffa9d3bded6ec6cca7c97d 3148 apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb c31f146feaa81ae84ebeba6509ebf1d9cd55f9c2e8b6a5b1f5d9a5837f0ee5dc 12348 apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb 6c646b06d6187df71e36b5400a7fac1df2e578219e1856e57cd3038a7c65eefb 203964 apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb c75bcdb70660d6713671ce437f18205c35099b754b608d770c3b780e7c3625df 11140
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Sun, 05 May 2024 18:47:10 + with message-id and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb12u1 has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1~deb12u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:02:26 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update test framework Checksums-Sha1: 0ff1bbe49e7266429e3ea5f8df651776b961902e 3520 apache2_2.4.59-1~deb12u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 59cd2b140a3e313345acb675f4792a63ecad7403 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz d854f4e07f350cf3b067caf1ed78edbde3c76031 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f6a264c3f91353e88233eaec66f997d86be150ad 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb 16d3d3d8aa25fea0c7755efc8b9685e70cc70b21 160264 apache2-data_2.4.59-1~deb12u1_all.deb 5b643339c2a9ec14872873e41772a91f73031c3d 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 4ec40752b1f22964802957e6a59187ec7dce83ea 4022328
apache2_2.4.59-1~deb12u1_amd64.changes ACCEPTED into proposed-updates
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:02:26 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update test framework Checksums-Sha1: 0ff1bbe49e7266429e3ea5f8df651776b961902e 3520 apache2_2.4.59-1~deb12u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 59cd2b140a3e313345acb675f4792a63ecad7403 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz d854f4e07f350cf3b067caf1ed78edbde3c76031 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f6a264c3f91353e88233eaec66f997d86be150ad 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb 16d3d3d8aa25fea0c7755efc8b9685e70cc70b21 160264 apache2-data_2.4.59-1~deb12u1_all.deb 5b643339c2a9ec14872873e41772a91f73031c3d 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 4ec40752b1f22964802957e6a59187ec7dce83ea 4022328 apache2-doc_2.4.59-1~deb12u1_all.deb b61b2467c5d0e89b06d59ba90bb413fa700f5723 3140 apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb 0fc18949fd895d479f1f033684cfcfeb5385ada9 12392 apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb 9fbc0a9723d878098ad3bb0a713c18e566f3a55f 140492 apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb 58df2e8fa9eaa6086f8af5c5a6952a696143e78f 11204 apache2-suexec-pristine-dbgsym_2.4.59-1~deb12u1_amd64.deb 862fdbcbe729237447cbf794dbc93fa4ae332879 138932 apache2-suexec-pristine_2.4.59-1~deb12u1_amd64.deb af62a8fc5d4ed2048c0c11f12593bdcf9c9acb71 115544 apache2-utils-dbgsym_2.4.59-1~deb12u1_amd64.deb a1df0a4b290f1e84ebad028d4c1c9cadf69f6615 207236 apache2-utils_2.4.59-1~deb12u1_amd64.deb a7a7ff8ced36acd0d5e20895158d4fa5158c6613 12377 apache2_2.4.59-1~deb12u1_amd64.buildinfo 86fd09720da9d0a8496de23c40260c8e363d89c9 219972 apache2_2.4.59-1~deb12u1_amd64.deb 12f47d1cfc23d935ec15347ec919aa43c1441b74 956 libapache2-mod-md_2.4.59-1~deb12u1_amd64.deb 03b37e6a4d807ee07c8fdec6151f0d681f64ea48 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb12u1_amd64.deb Checksums-Sha256: 7eb35073c03aac9d25b20ca453dd6627ec5089e7e7acdf292c874d3dd283df35 3520 apache2_2.4.59-1~deb12u1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 89968e0d151fc1db6f826cff0985be8e8fad14516019719fe506e1d1c067ebdd 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz 07a2a7ebf64eb2765e0f9a74832b8c2a3d2ad82fea12232c03e76a2303c72f7d 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f1d72c8faa521ac1cbd166d5fa0deff7066949519150e3ba42d04941507d0bd7 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb a54966f747c61bff59d1197dd72c582436dd38696d054f5ec38f4ff7d2ae41f9 160264 apache2-data_2.4.59-1~deb12u1_all.deb 41e7c068796b5dfbaa6985483171c330655e530b3507b63d7a00b5646513b463 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 8c6ab968ea42bf4820273329cc3972dfc097ad9eab47013e941de7effa7acc3c 4022328 apache2-doc_2.4.59-1~deb12u1_all.deb f294826ac5db7123a667b3d7048241ffbcb94608ae9658d7f5e611decbcd65ba 3140 apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb 08bf4c363375d78f6c6a2d731e5d6f6f1537aba40f1bc0eb99e820b8c71ea362 12392 apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb 631d97f2123c598f4ac9acb0951dcf518b9d513ed01b372a844a512afd0bd0ac 140492 apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb fea71c46f48fad02ed5ad060589bcc2cf11fd95ef975e6b0fad11053bbdccfc0 11204 apache2-suexec-pristine-dbgsym_2.4.59-1~deb12u1_amd64.deb
Processed: affects 1069748
Processing commands for cont...@bugs.debian.org: > affects 1069748 + release.debian.org,security.debian.org Bug #1069748 [apache2] mod_ssl: warning about compilation against OpenSSL 3.0.13 instead of 3.0.11 on bookworm Added indication that 1069748 affects release.debian.org and security.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 1069748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069748 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processing of apache2_2.4.59-2_sourceonly.changes
apache2_2.4.59-2_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.59-2.dsc apache2_2.4.59-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
apache2_2.4.59-2_sourceonly.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 29 Apr 2024 21:55:28 + Source: apache2 Architecture: source Version: 2.4.59-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Bastien Roucariès Changes: apache2 (2.4.59-2) unstable; urgency=medium . * Breaks against fossil due to CVE-2024-24795 follows up Checksums-Sha1: bf8d373078f7b5cf034aedda8a5b6997189af458 3334 apache2_2.4.59-2.dsc 8c6da99bd38d61ee9c9ae3f49d2b64b7ca61697f 820572 apache2_2.4.59-2.debian.tar.xz Checksums-Sha256: 65a75220c22025d696d1550b81ce8146f5fac3b9ca554187ea793d50986d75c6 3334 apache2_2.4.59-2.dsc f77aceeb1a88968c0709c3c852dfa492e6c05dc18b7c18b33788a551bb9f3264 820572 apache2_2.4.59-2.debian.tar.xz Files: f1ba6185cfcc0c62ba9009b6c41b0061 3334 httpd optional apache2_2.4.59-2.dsc 40a00c40ebc8626f4c9a4cd0a2ac1834 820572 httpd optional apache2_2.4.59-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYwl6wACgkQ9tdMp8mZ 7ulS5Q/9FS+u+K8MYvJbalK4PiU6IryelP0pcgUfC1Qk1u2/i3ru0EfpqjoOFaR6 SkOKxMwb3UGzy20MUSiAtiUtYmpN/ik4M8U8zOpebUXISR+1/+b2nuEIYgSCOh8J NI12kfgjnsiVSTd8+tt1xkJ6Yc/EKDAYs+GJIuLg5JGvnBWXgN8DSBDWi8k6fgS0 bRUu0ytSSec7WeZf76HhXdBO8DK9M8TzLOA0chdXsFfprSgQLONyObsyIUMpHU1o GQhkc3K0vz/g9ptN13wkee8trSNlcCZXMpAZPxgTmou4cXUvW0To2ncGsPYMXQbU uOfUJUhwSjbarxhX/wDu5/Wwr6x3/85AIL8dd6a3a41HVCKf98v3RHVjTracKqUE H3++urv7eSej7xWP0yVfpHmPsDxnNF276s9ySkmqDyfrxcRY8KsyOTgs7uaeygQ5 jAdNZAjHw1/u8g8JLAuPY+xGHLQF42cz4tWblOdYkMrYhlSx1RjNhMb/T7mrarT2 4Kcyok2f953/9zoF01mSinZhwC9lOCCho92jM0FIQz/WXoqZ3SOuX4hL/jojULPD M/K3NQua8rKg+hkmeEO0Md+N37h95/k9GpSWyUurINayPv8mJ55nr1CnNaE8dKFJ hoec2Sak5LHIsGFqgw9GM6OZT5zaCcedqF5kFVGx6JH0ZUTNp8s= =unl2 -END PGP SIGNATURE- pgpb7NeVVdqrm.pgp Description: PGP signature
Bug#1069907: dh_apache2: please output reproducible module package pre/post scripts.
Package: apache2-dev Severity: wishlist User: reproducible-bui...@lists.alioth.debian.org Usertags: randomness Control: affects -1 mod-mono Dear Maintainer, I'm an occasional volunteer contributor to the Reproducible Builds[1] project, and noticed recently that an Apache webserver module, mod-mono, that depends[2] on the dh_apache2 debhelper utility from apache2-dev at build-time, failed an automated Debian reproducibility test[3]. The problem appears to be related to the substitution of a NAMES variable that appears in the templated pre/post scripts evaluated by dh_apache2; the templates[4][5][6] are found in the 'apache2' source package. I don't yet know exactly how the non-deterministic ordering of entries in the NAMES variable occurs; however the replacement parameters[7] in the dh_apache2.in script seem relevant, and tracing the creation of those may help. Producing a value for the NAMES variable deterministically should I believe allow the mod-mono package -- and any other Debian Apache module packages that contain more than one named module -- to build reproducibily, in turn enabling consumers of Debian to reliably rebuild a bit-for-bit identical .deb package from source. Regards, James [1] - https://reproducible-builds.org/ [2] - https://sources.debian.org/src/mod-mono/3.8-3/debian/control/#L9 [3] - https://tests.reproducible-builds.org/debian/rb-pkg/trixie/amd64/diffoscope-results/mod-mono.html [4] - https://sources.debian.org/src/apache2/2.4.58-1/debian/debhelper/postinst-apache2/ [5] - https://sources.debian.org/src/apache2/2.4.58-1/debian/debhelper/postrm-apache2/ [6] - https://sources.debian.org/src/apache2/2.4.58-1/debian/debhelper/prerm-apache2/ [7] - https://sources.debian.org/src/apache2/2.4.58-1/debian/debhelper/dh_apache2.in/#L551
Processed: dh_apache2: please output reproducible module package pre/post scripts.
Processing control commands: > affects -1 mod-mono Bug #1069907 [apache2-dev] dh_apache2: please output reproducible module package pre/post scripts. Added indication that 1069907 affects mod-mono -- 1069907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069907 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1069748: mod_ssl: warning about compilation against OpenSSL 3.0.13 instead of 3.0.11 on bookworm
Package: apache2 Version: 2.4.59-1~deb12u1 Severity: normal X-Debbugs-Cc: t...@security.debian.org Dear Maintainer, I noticed that after a recent security update of apache2 on bookworm (2.4.57-2 -> 2.4.59-1~deb12u1), the following warning started to appear in the error.log on every apache2 restart: [ssl:warn] [pid 1144573:tid 281472850739232] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 3.0.13 30 Jan 2024 (OpenSSL 3.0.11 19 Sep 2023), version currently loaded is 0x30B0) - may result in undefined or erroneous behavior [mpm_event:notice] [pid 1144575:tid 281472850739232] AH00489: Apache/2.4.59 (Debian) mod_fcgid/2.3.9 OpenSSL/3.0.11 configured -- resuming normal operations Comparing package versions on my system with those listed on packages.debian.org for bookworm it seems I'm up to date with apache2 and libssl3 (3.0.11-1~deb12u2) packages. Apart from this warning I haven't noticed any problems so far. Best regards Tomaž -- Package-specific info: -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: arm64 (aarch64) Kernel: Linux 6.1.0-20-arm64 (SMP w/2 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.59-1~deb12u1 ii apache2-data 2.4.59-1~deb12u1 ii apache2-utils 2.4.59-1~deb12u1 ii init-system-helpers1.65.2 ii media-types10.0.0 ii perl 5.36.0-7+deb12u1 ii procps 2:4.0.2-3 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages apache2 recommends: pn ssl-cert Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.7.2-3 ii libaprutil1 1.6.3-1 ii libaprutil1-dbd-sqlite3 1.6.3-1 ii libaprutil1-ldap 1.6.3-1 ii libbrotli1 1.0.9-2+b6 ii libc62.36-9+deb12u6 ii libcrypt11:4.4.33-2 ii libcurl4 7.88.1-10+deb12u5 ii libjansson4 2.14-2 ii libldap-2.5-02.5.13+dfsg-5 ii liblua5.3-0 5.3.6-2 ii libnghttp2-141.52.0-1+deb12u1 ii libpcre2-8-0 10.42-1 ii libssl3 3.0.11-1~deb12u2 ii libxml2 2.9.14+dfsg-1.3~deb12u1 ii perl 5.36.0-7+deb12u1 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.59-1~deb12u1 ii apache2-bin 2.4.59-1~deb12u1 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] /etc/apache2/conf-available/security.conf changed [not included] /etc/apache2/sites-available/000-default.conf changed [not included] -- no debconf information
Bullseyeupdate from 2.4.56-1~deb11u2 to 2.4.59-1~deb11u1
Good morning, we installed this update last week on our reverseproxys for our customers. After the updates were installed customer claims that some of their (really really old) clients (Win7, Win8.1 with IE11) cannot connect to the reverseproxy site with https anymore. After downgrading apache2 back to 2.4.56 they were able to connect again. We checked the https configuration (strict TLS v1.2) and found that configured ciphers weren't allowed anymore. Before the update the ciphers looked like: Supported Server Cipher(s): Preferred TLSv1.3 256 bits TLS_AES_256_GCM_SHA384Curve 25519 DHE 253 Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253 Accepted TLSv1.3 128 bits TLS_AES_128_GCM_SHA256Curve 25519 DHE 253 Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 3072 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 3072 bits After the update: Supported Server Cipher(s): Preferred TLSv1.3 256 bits TLS_AES_256_GCM_SHA384Curve 25519 DHE 253 Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253 Accepted TLSv1.3 128 bits TLS_AES_128_GCM_SHA256Curve 25519 DHE 253 Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 So you can see the DHE-Ciphers were missing. After searching the internet I found https://bz.apache.org/bugzilla/show_bug.cgi?id=68863. I didn't try the patch but the DH-tipp in the certificate file. After including the DH in the certificate the problem was solved. I think that this patch should be imported in the Debian package? Shall I open a bug report? I didn't find anything in the debian-apache bug-database. Kind regards, Andreas Schulz Enterprise & Cyber Security Managed Security 2 Services DACH - Managed Cloud Services Fujitsu Services GmbH Konrad-Zuse-Str. 16, 74172, Neckarsulm, Germany W https://www.fujitsu-services.com Geschäftsführung: Robert Roiger, Michael Pries, Marcos Sanchez Urstadt, Lars Moscherosch Eingetragener Sitz: München, Deutschland Registergericht: Amtsgericht München Reg.- Nr. HRB 219577 Weitere Informationen: https://fujitsu-services.com/impressum Datenschutz-Hinweise: https://fujitsu-services.com/datenschutz
apache2_2.4.59-1~deb12u1_amd64.changes ACCEPTED into proposed-updates->stable-new
Thank you for your contribution to Debian. Mapping stable-security to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:02:26 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update test framework Checksums-Sha1: 0ff1bbe49e7266429e3ea5f8df651776b961902e 3520 apache2_2.4.59-1~deb12u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 59cd2b140a3e313345acb675f4792a63ecad7403 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz d854f4e07f350cf3b067caf1ed78edbde3c76031 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f6a264c3f91353e88233eaec66f997d86be150ad 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb 16d3d3d8aa25fea0c7755efc8b9685e70cc70b21 160264 apache2-data_2.4.59-1~deb12u1_all.deb 5b643339c2a9ec14872873e41772a91f73031c3d 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 4ec40752b1f22964802957e6a59187ec7dce83ea 4022328 apache2-doc_2.4.59-1~deb12u1_all.deb b61b2467c5d0e89b06d59ba90bb413fa700f5723 3140 apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb 0fc18949fd895d479f1f033684cfcfeb5385ada9 12392 apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb 9fbc0a9723d878098ad3bb0a713c18e566f3a55f 140492 apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb 58df2e8fa9eaa6086f8af5c5a6952a696143e78f 11204 apache2-suexec-pristine-dbgsym_2.4.59-1~deb12u1_amd64.deb 862fdbcbe729237447cbf794dbc93fa4ae332879 138932 apache2-suexec-pristine_2.4.59-1~deb12u1_amd64.deb af62a8fc5d4ed2048c0c11f12593bdcf9c9acb71 115544 apache2-utils-dbgsym_2.4.59-1~deb12u1_amd64.deb a1df0a4b290f1e84ebad028d4c1c9cadf69f6615 207236 apache2-utils_2.4.59-1~deb12u1_amd64.deb a7a7ff8ced36acd0d5e20895158d4fa5158c6613 12377 apache2_2.4.59-1~deb12u1_amd64.buildinfo 86fd09720da9d0a8496de23c40260c8e363d89c9 219972 apache2_2.4.59-1~deb12u1_amd64.deb 12f47d1cfc23d935ec15347ec919aa43c1441b74 956 libapache2-mod-md_2.4.59-1~deb12u1_amd64.deb 03b37e6a4d807ee07c8fdec6151f0d681f64ea48 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb12u1_amd64.deb Checksums-Sha256: 7eb35073c03aac9d25b20ca453dd6627ec5089e7e7acdf292c874d3dd283df35 3520 apache2_2.4.59-1~deb12u1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 89968e0d151fc1db6f826cff0985be8e8fad14516019719fe506e1d1c067ebdd 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz 07a2a7ebf64eb2765e0f9a74832b8c2a3d2ad82fea12232c03e76a2303c72f7d 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f1d72c8faa521ac1cbd166d5fa0deff7066949519150e3ba42d04941507d0bd7 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb a54966f747c61bff59d1197dd72c582436dd38696d054f5ec38f4ff7d2ae41f9 160264 apache2-data_2.4.59-1~deb12u1_all.deb 41e7c068796b5dfbaa6985483171c330655e530b3507b63d7a00b5646513b463 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 8c6ab968ea42bf4820273329cc3972dfc097ad9eab47013e941de7effa7acc3c 4022328 apache2-doc_2.4.59-1~deb12u1_all.deb f294826ac5db7123a667b3d7048241ffbcb94608ae9658d7f5e611decbcd65ba 3140 apache2-ssl-dev_2.4.59-1~deb12u1_amd64.deb 08bf4c363375d78f6c6a2d731e5d6f6f1537aba40f1bc0eb99e820b8c71ea362 12392 apache2-suexec-custom-dbgsym_2.4.59-1~deb12u1_amd64.deb 631d97f2123c598f4ac9acb0951dcf518b9d513ed01b372a844a512afd0bd0ac 140492 apache2-suexec-custom_2.4.59-1~deb12u1_amd64.deb fea71c46f48fad02ed5ad060589bcc2cf11fd95ef975e6b0fad11053bbdccfc0 11204
apache2_2.4.59-1~deb11u1_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Thank you for your contribution to Debian. Mapping oldstable-security to oldstable-proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:08:04 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Drop 2.4.56-regression patches * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Install NOTICE files * Update test framework * Refresh patches Checksums-Sha1: b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 8d3d9c0ec949faa3683bc395b0955584347323a6 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz 651b4de4722fb3cf7331e0df7147738b7015bf89 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb 46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212 apache2-data_2.4.59-1~deb11u1_all.deb 7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb a74bbd0f3c77d93b2933e9a7ca2c4daef09767ae 4085344 apache2-doc_2.4.59-1~deb11u1_all.deb 6b04306349ed3dab9a9baae0bb6ecc733d87101e 3148 apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb 592c2db4a61122edf71651806dab471f3c4fd523 12348 apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb c8d55c5c2d152295a8f052afb4687b4c608010b6 203964 apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb f15301bcdfa07e497b13d2e2b63f72b8b1b5e8d1 11140 apache2-suexec-pristine-dbgsym_2.4.59-1~deb11u1_amd64.deb 32bca066d4c74d879a47c9695eba65305ce40beb 202404 apache2-suexec-pristine_2.4.59-1~deb11u1_amd64.deb c96298d3153025ee40865dc3114cde0cdc768cd2 115748 apache2-utils-dbgsym_2.4.59-1~deb11u1_amd64.deb 9d40390c27ffcfb4291074e8da52e85d7c1542a4 271100 apache2-utils_2.4.59-1~deb11u1_amd64.deb b6c21fd9d72ce97e5bed90e742367bd956752d4e 12690 apache2_2.4.59-1~deb11u1_amd64.buildinfo cdb3c0c6f59f347ab1a5a05759bb0da7a886a1fa 283732 apache2_2.4.59-1~deb11u1_amd64.deb dba70fb6f094395bf44685af6de02efbb9112f4b 956 libapache2-mod-md_2.4.59-1~deb11u1_amd64.deb 93d5d7eda14453906d757151f463cae78d545069 1136 libapache2-mod-proxy-uwsgi_2.4.59-1~deb11u1_amd64.deb Checksums-Sha256: 778f49efe1aab7caa9446c4027664cbc77c9b54d4f11e69fc1b1e3f4725e8b77 3539 apache2_2.4.59-1~deb11u1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 04df061eedac33928a93afe996a9839e83a5daddc5ee53088a0bb37090ed9331 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz fde3f605f2591fc8ec3ef50cc3fa13e318060fe51f5fa5253654889a48989c36 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb a8b9c67f1f198511d1769ea1d181950c329b82110812515fcc126da12d78ac55 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 701dd3e0bae253b68d9ee12165c67557fc9b9bd485c7d6306410754dd5606ddc 160212 apache2-data_2.4.59-1~deb11u1_all.deb 81082a7e4bb4a469dba94655c5a28cfa215b1aeb189244066904be9eb3670f4b 374820 apache2-dev_2.4.59-1~deb11u1_amd64.deb 364ea71d4666f290d80692d9104e1c021380e677821b15bcdb79888be017261f 4085344 apache2-doc_2.4.59-1~deb11u1_all.deb 49a7fd50c283a3a039e59ab3c14702ecb2cff94296ffa9d3bded6ec6cca7c97d 3148 apache2-ssl-dev_2.4.59-1~deb11u1_amd64.deb c31f146feaa81ae84ebeba6509ebf1d9cd55f9c2e8b6a5b1f5d9a5837f0ee5dc 12348 apache2-suexec-custom-dbgsym_2.4.59-1~deb11u1_amd64.deb 6c646b06d6187df71e36b5400a7fac1df2e578219e1856e57cd3038a7c65eefb 203964 apache2-suexec-custom_2.4.59-1~deb11u1_amd64.deb
Bug#1068412: apache2: Missing Upgrade to Security Issues in bookworm
Package: apache2 Version: 2.4.57-2 Followup-For: Bug #1068412 Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Security Updates in unstable are not propagated to stable * What exactly did you do (or not do) that was effective (or ineffective)?A Waited for the update to arrive in bookworm * What was the outcome of this action? Well it's not there after almost two weeks * What outcome did you expect instead? ... *** End of the template - remove these template lines *** Apparently there are build issues in sid (maybe due to t64 migration). However that is not a problem in bookworm and after. Please consider to work around the issues and have a fix for "normal users". Ubuntu has provided the update to 2.4.59 last week already. Thank you! Bets regards Peter PS: below is only one of my systems. arm64, amd64 and armhf all miss this update! -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: arm64 (aarch64) Kernel: Linux 6.1.0-18-arm64 (SMP w/4 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: pn apache2-bin pn apache2-data pn apache2-utils ii init-system-helpers1.65.2 ii lsb-base 11.6 ii media-types10.0.0 ii perl 5.36.0-7+deb12u1 ii procps 2:4.0.2-3 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser
Instalacja pv
Dzień dobry, czy są Państwo otwarci na niezobowiązującą rozmowę na temat fotowoltaiki? Jako firma specjalizująca się w instalacji i serwisie najlepszych jakościowo paneli słonecznych na rynku chciałbym przedstawić propozycję, jaką wspólnie z zespołem przygotowaliśmy dla Państwa obiektu. Będę wdzięczny za wiadomość od Państwa czy możemy porozmawiać. Pozdrawiam Konrad Zieliński
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Fri, 5 Apr 2024 21:00:46 +0200 with message-id and subject line [ftpmas...@ftp-master.debian.org: Accepted apache2 2.4.59-1 (source) into unstable] has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl QuaBcwIAy+0EATBhjaVY7sHtM9SydJNr1f4DBBD9kEB2DKEE9n7/iFxcFfSMd52Y xwJ4fPk1fe1ki7k/qn0VULpzf1iM3JDQE19uXyE29cSW4eJhiWvH1v+NZzzxNo+t NtDhSIEEnUkGZSsYyg2qg5NH3e3PJMadc1nTRY6hVNzGpJlsUrCKnMOZbJsBQM6S cNCY48ux8ziQmJNowvBVbXf6/+SH9h2+CYFRw9GZagaNe1yfErNglbn78KZqJUHw YcXIFc96qeznRJ9zRhPdHGGeqa+nETH1lWBp6eitihkKhDjCF48= =dQDE -END PGP SIGNATURE- - End forwarded message End Message ---
Processed: found 1068412 in 2.4.57-2, found 1068412 in 2.4.56-1~deb11u2
Processing commands for cont...@bugs.debian.org: > found 1068412 2.4.57-2 Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Marked as found in versions apache2/2.4.57-2. > found 1068412 2.4.56-1~deb11u2 Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Marked as found in versions apache2/2.4.56-1~deb11u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
[ftpmas...@ftp-master.debian.org: Accepted apache2 2.4.59-1 (source) into unstable]
Source: apache2 Source-Version: 2.4.59-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl QuaBcwIAy+0EATBhjaVY7sHtM9SydJNr1f4DBBD9kEB2DKEE9n7/iFxcFfSMd52Y xwJ4fPk1fe1ki7k/qn0VULpzf1iM3JDQE19uXyE29cSW4eJhiWvH1v+NZzzxNo+t NtDhSIEEnUkGZSsYyg2qg5NH3e3PJMadc1nTRY6hVNzGpJlsUrCKnMOZbJsBQM6S cNCY48ux8ziQmJNowvBVbXf6/+SH9h2+CYFRw9GZagaNe1yfErNglbn78KZqJUHw YcXIFc96qeznRJ9zRhPdHGGeqa+nETH1lWBp6eitihkKhDjCF48= =dQDE -END PGP SIGNATURE- - End forwarded message -
Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
On 4/5/24 15:58, Moritz Muehlenhoff wrote: On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote: On 4/4/24 22:51, Moritz Mühlenhoff wrote: Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. Hi, I'm ready to push 2.4.59 into bookworm-security. Note that this includes a test-framework update Target distribution needs to be bookworm-security, with that please upload. Can you also preparea the equivalent change for bullseye-security? The uploads can already happen, but let's keep the update unreleased until next week, then we can look for regressions reported in unstable (and check with Ondrej if we received reports based on his repo) Cheers, Moritz Both Bullseye and Bookworm uploaded. Bullseye version embeds also a copyright fix
Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
On Fri, Apr 05, 2024 at 08:16:43AM +0400, Yadd wrote: > On 4/4/24 22:51, Moritz Mühlenhoff wrote: > > Source: apache2 > > X-Debbugs-CC: t...@security.debian.org > > Severity: grave > > Tags: security > > > > Hi, > > > > The following vulnerabilities were published for apache2. > > > > CVE-2024-27316[0]: > > https://www.kb.cert.org/vuls/id/421644 > > https://www.openwall.com/lists/oss-security/2024/04/04/4 > > > > CVE-2024-24795[1]: > > https://www.openwall.com/lists/oss-security/2024/04/04/5 > > > > CVE-2023-38709[2]: > > https://www.openwall.com/lists/oss-security/2024/04/04/3 > > > > If you fix the vulnerabilities please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 > > https://www.cve.org/CVERecord?id=CVE-2024-27316 > > [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 > > https://www.cve.org/CVERecord?id=CVE-2024-24795 > > [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 > > https://www.cve.org/CVERecord?id=CVE-2023-38709 > > > > Please adjust the affected versions in the BTS as needed. > > Hi, > > I'm ready to push 2.4.59 into bookworm-security. Note that this includes a > test-framework update Target distribution needs to be bookworm-security, with that please upload. Can you also preparea the equivalent change for bullseye-security? The uploads can already happen, but let's keep the update unreleased until next week, then we can look for regressions reported in unstable (and check with Ondrej if we received reports based on his repo) Cheers, Moritz
Bug#1054564: marked as done (apache2: mod_proxy_connect insecure default server-wide AllowCONNECT value)
Your message dated Fri, 05 Apr 2024 04:34:28 +
with message-id
and subject line Bug#1054564: fixed in apache2 2.4.59-1
has caused the Debian Bug report #1054564,
regarding apache2: mod_proxy_connect insecure default server-wide AllowCONNECT
value
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1054564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054564
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.4.56-1~deb11u2
Severity: normal
X-Debbugs-Cc: raphael.d...@gmail.com
Dear Maintainer,
# Context
For years, one of my SSL vhost (on :443) has been relying mod_proxy_http to
(safely)
forward some requests to a backend, acting as a reverse-proxy.
```
# Something like
ProxyRequests On
SSLProxyEngine On
RewriteRule ^/.well-known/.*$ "https://gitlab-foobar/%{REQUEST_URI}; [P,L]
```
Recently, I experienced the need to (safely) forward some requests (from
another server I own)
through this server (because of some network/geoblocking problem).
I enabled `mod_proxy_connect` and (safely) configured a forward-proxy on :80
(using `Require valid-user / ip`).
```
# Something like
ProxyRequests On
Authtype Basic
AuthUserFile ...
p Require valid-user
Require ip ...
```
# Problem
While this :80 forward-proxy vhost was secure, I later discovered, that
the original (and almost forgotten) vhost had incidentally become an
open-proxy (!)
The reasons are:
- mod_proxy_connect is globally enabled (affects all vhosts)
- AllowCONNECT defaults to "443 563" (affects all vhosts)
Said otherwise, *any* secure reverse-proxy vhost configuration become de-facto
an insecure open forward-proxy vhost as soon as `mod_proxy_connect` is
globally enabled.
This sounds contrary to best security practices.
(and I bet more than one server out there is silently affected by this
insecure-by-default
configuration)
# Proposed solution
I suggest to add a server-wide `AllowCONNECT 0` directive inside
`/etc/apache2/mods-available/proxy_connect.load` (virtually disabling CONNECT)
so that individual vhosts relying on it would have to explicitely set the value
at the vhost-level.
It would be more logical (scope/side-effects) and avoid holes being punched
into existing
(and otherwise secure) reverse-proxy vhosts.
# Additional notes
To cap it all my proxy-enabled vhost was the first one (lexicographically
speaking) making it the destination of all the random internet SSL traffic
scanners.
Google-friendly list of typical log messages that should raise flags:
> AH00898: Connect to remote machine blocked returned by...
> AH00939: CONNECT: attempt to connect to ...:443 (...) failed
> AH10221: proxy: CONNECT: client flushing failed (-102)
> AH10221: proxy: CONNECT: origin flushing failed (-102)
-- Package-specific info:
-- System Information:
Debian Release: bullseye
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.2.0-35-generic (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin 2.4.56-1~deb11u2
ii apache2-data 2.4.56-1~deb11u2
ii apache2-utils2.4.56-1~deb11u2
Versions of packages apache2 recommends:
pn ssl-cert
Versions of packages apache2 suggests:
pn apache2-doc
pn apache2-suexec-pristine | apache2-suexec
Versions of packages apache2 is related to:
ii apache2 2.4.56-1~deb11u2
ii apache2-bin 2.4.56-1~deb11u2
-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
-- no debconf information
--
GPG id: 0xF41572CEBD4218F4
--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.4.59-1
Done: Yadd
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1054...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing
Bug#1032628: marked as done (please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2)
Your message dated Fri, 05 Apr 2024 04:34:28 + with message-id and subject line Bug#1032628: fixed in apache2 2.4.59-1 has caused the Debian Bug report #1032628, regarding please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libapache2-mod-proxy-uwsgi Version: 2.4.56-1 Severity: normal user: qa.debian@packages.debian.org usertags: transitional Please drop the transitional package libapache2-mod-proxy-uwsgi (from the source package apache2) after the release of bookworm, it has been released with buster and bullseye already... Description: transitional package Package: libapache2-mod-proxy-uwsgi Version: 2.4.38-3+deb10u8 Version: 2.4.54-1~deb11u1 Version: 2.4.56-1 Thanks for maintaining apache2! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Try to imagine a future where paying for your morning coffee involved smashing an iPhone and burning enough fossil fuels to run your entire household for 60 days. That's the environmental cost of the "revolutionary" technology behind Bitcoin in a nutshell. https://twitter.com/smdiehl/status/1350869944888664064 signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1032...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl
Processing of apache2_2.4.59-1_sourceonly.changes
apache2_2.4.59-1_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.59-1.dsc apache2_2.4.59.orig.tar.gz apache2_2.4.59.orig.tar.gz.asc apache2_2.4.59-1.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
apache2_2.4.59-1_sourceonly.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl QuaBcwIAy+0EATBhjaVY7sHtM9SydJNr1f4DBBD9kEB2DKEE9n7/iFxcFfSMd52Y xwJ4fPk1fe1ki7k/qn0VULpzf1iM3JDQE19uXyE29cSW4eJhiWvH1v+NZzzxNo+t NtDhSIEEnUkGZSsYyg2qg5NH3e3PJMadc1nTRY6hVNzGpJlsUrCKnMOZbJsBQM6S cNCY48ux8ziQmJNowvBVbXf6/+SH9h2+CYFRw9GZagaNe1yfErNglbn78KZqJUHw YcXIFc96qeznRJ9zRhPdHGGeqa+nETH1lWBp6eitihkKhDjCF48= =dQDE -END PGP SIGNATURE- pgpiykvbhrNFr.pgp Description: PGP signature
Processed: tagging 1068412
Processing commands for cont...@bugs.debian.org: > tags 1068412 + upstream Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: found 1068412 in 2.4.58-1
Processing commands for cont...@bugs.debian.org: > found 1068412 2.4.58-1 Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Marked as found in versions apache2/2.4.58-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1068412: apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709
Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed.
Bug#1057126: Bug#1067104: Acknowledgement (server stalls: AH00046: child process 2876749 still did not exit, sending a SIGKILL)
2024-03-21 13:12 skrev Yaroslav Halchenko: FWIW here is a dirty workaround script I just crafted with chatgpt to monitor/restart apache2 as soon as it starts happening My workaround is simpler, I have this line in root's crontab: 5 * * * * curl --silent --max-time 5 --output /dev/null http://localhost/trac/ || systemctl restart apache2 It seems to restart Apache once every 5-8 days, according to the notices I see from Zabbix. The frequency might very well be related to the number of accesses to the server. -- \\// Peter - http://www.softwolves.pp.se/
Bug#1057126: Bug#1067104: Acknowledgement (server stalls: AH00046: child process 2876749 still did not exit, sending a SIGKILL)
"All ingenious is simple" -- thanks for sharing. I might redo following your example but to check more frequently. On Thu, 21 Mar 2024, Peter Krefting wrote: > My workaround is simpler, I have this line in root's crontab: > 5 * * * * curl --silent --max-time 5 --output /dev/null > http://localhost/trac/ || systemctl restart apache2 -- Yaroslav O. Halchenko Center for Open Neuroscience http://centerforopenneuroscience.org Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 WWW: http://www.linkedin.com/in/yarik
Bug#1057126: Bug#1067104: Acknowledgement (server stalls: AH00046: child process 2876749 still did not exit, sending a SIGKILL)
I think "my" https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067104
is a duplicate of this one. I blame mod_wsgi since this I believe
started to happen after I started to use it.
FWIW here is a dirty workaround script I just crafted with chatgpt to
monitor/restart apache2 as soon as it starts happening (doesn't happen upon
every maintenance event for me I believe). Let me know if I should gather any
additional information.
#!/bin/bash
set -eu
# Define the lock file and log directory
lock_file="/var/log/apache-scoreboard-restart/lock.lck"
log_dir="/var/log/apache-scoreboard-restart/"
# Ensure the log directory exists
mkdir -p "$log_dir"
# Attempt to acquire a lock
exec 200>"$lock_file"
if ! flock -n 200 ; then
echo "Another instance is running."
exit 0
fi
# Function to perform actions when the specified log line is found
handle_scoreboard_full() {
local timestamp=$(date --iso-8601=seconds)
local log_file="${log_dir}${timestamp}.log"
echo "Logging system information to $log_file."
{ ps auxw -H; echo "---"; lsof; } > "$log_file"
echo "Reloading Apache." >> "$log_file"
service apache2 reload
echo "Sleeping for a minute." >> "$log_file"
sleep 60
}
# Monitor the Apache error log
while true; do
tail --follow=name /var/log/apache2/error.log | while read line
; do
if echo "$line" | grep -q "AH03490: scoreboard is full,
not at MaxRequestWorkers.Increase ServerLimit." ; then
handle_scoreboard_full
break # so we start with a fresh tail
fi
done
done
--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW: http://www.linkedin.com/in/yarik
signature.asc
Description: PGP signature
Bug#1067104: server stalls: AH00046: child process 2876749 still did not exit, sending a SIGKILL
Am 18.03.24 um 13:59 schrieb Yaroslav Halchenko: Package: apache2 Version: 2.4.57-2 Severity: important Server was working just fine for years and recently started to stall completely after 3-7 days of functioning normally. error logs get filled up first with AH03490 and then eventually with AH00045 messages: [Sun Mar 17 02:26:01.353381 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. ... [Sun Mar 17 22:00:42.201774 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Sun Mar 17 22:00:42.995574 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Sun Mar 17 22:00:42.998488 2024] [mpm_event:notice] [pid 2649373:tid 139846579189632] AH00492: caught SIGWINCH, shutting down gracefully [Sun Mar 17 22:00:46.358981 2024] [core:warn] [pid 2649373:tid 139846579189632] AH00045: child process 2649375 still did not exit, sending a SIGTERM [Sun Mar 17 22:00:46.359064 2024] [core:warn] [pid 2649373:tid 139846579189632] AH00045: child process 2649376 still did not exit, sending a SIGTERM Have you tried increasing ServerLimit as the warning suggests? Apart from that, it is probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057126 . mod_wsgi or some python script is preventing apache processes from dying and they accumulate until the scroeboard is full. Which versions of the wsgi related packages are you using?
Processed: tagging 1032628
Processing commands for cont...@bugs.debian.org: > tags 1032628 + pending Bug #1032628 [libapache2-mod-proxy-uwsgi] please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1032628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1031034: marked as done (apr: Missing LFS support triggers FTBFS on other packages)
Your message dated Tue, 19 Mar 2024 11:28:35 +0100 with message-id and subject line Re: Bug#1031034: apr: Missing LFS support triggers FTBFS on other packages has caused the Debian Bug report #1031034, regarding apr: Missing LFS support triggers FTBFS on other packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1031034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apr Tags: ftbfs, hppa, lfs Version: 1.7.2-2 On 32-bit platforms it's necessary to compile programs and libraries with Large File Support (LFS) in order to allow them to function correctly on filesystems with > 2GB or 4GB size. This can be solved by adding "-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" to the CFLAGS variable when compiling. apr is currently missing this LFS support and as such it triggers build-from-source errors in other packages like "subversion" or "devscripts" on such 32-bit platforms. There are various possibilities how to add those two defines, e.g. adding DEB_BUILD_MAINT_OPTIONS = future=+lfs or by manually adding the output of getconf LFS_CFLAGS to the CFLAGS variable. Please note, on 64-bit platforms the return value will be empty which is correct as those flags are not needed on 64-bit arches. Here is one suggested patch for apr from me: diff -up ./debian/rules.org ./debian/rules --- ./debian/rules.org 2023-02-10 16:20:07.911340588 + +++ ./debian/rules 2023-02-10 15:54:17.992511554 + @@ -11,6 +11,9 @@ DEB_HOST_ARCH_OS?= $(shell dpkg-arch DEB_HOST_ARCH_BITS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_BITS) DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +# Enable Large File Support (LFS) if necessary: -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 +CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(shell getconf LFS_CFLAGS) + # The 'build' target needs special handling because there there is a directory # named 'build'. .PHONY: build Please apply this (or another patch) to allow apr to build with LFS support. Thanks, Helge --- End Message --- --- Begin Message --- version: 1.7.2-3.2 Am 20.06.23 um 20:27 schrieb Stefan Fritsch: It seems a large transition will be needed for 64bit time_t, anyway. And glibc enforces _FILE_OFFSET_BITS=64 if _TIME_BITS=64 is set. apr should do both transitions at the same time. It seems there won't be a transition for i386 but the whole point of i386 is running old binaries. https://wiki.debian.org/ReleaseGoals/64bit-time This is fixed now as apr has been rebuilt with 64bit time_t, which implies 64 bit ino_t.--- End Message ---
Bug#1067120: nmu: apache2_2.4.58-1
Package: release.debian.org Severity: normal X-Debbugs-Cc: apac...@packages.debian.org Control: affects -1 + src:apache2 User: release.debian@packages.debian.org Usertags: binnmu libaprutil1t64 1.6.3-1.1 contains a wrong symbol file, causing a wrong dependency on libaprutil164 (missing a "t") for packages using the apr_dbd_init or apr_ldap_init symbols. AFAICS, only apache2 is affected. Note that there is already apache2 2.4.58-1+b2 . I am not sure which version is the correct one in the nmu syntax. nmu apache2_2.4.58-1 . ANY . unstable . -m "Rebuild with fixed libaprutil1t64 for #1067035" dw apache2_2.4.58-1 . ANY . -m "libaprutil1-dev (>= 1.6.3-2)"
Bug#1067035: marked as done (apache2-bin: rebuild for the 64-bit time_t migration is uninstallable)
Your message dated Mon, 18 Mar 2024 21:01:39 +0100 with message-id and subject line Re: Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable has caused the Debian Bug report #1067035, regarding apache2-bin: rebuild for the 64-bit time_t migration is uninstallable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2-bin Version: 2.4.58-1+b2 Severity: serious Justification: uninstallable Dear Maintainer, Attempting to upgrade apache2-bin from rebuild 2.4.58-1+b1 to the rebuild 2.4.58-1+b2 leads to the following error: $ sudo apt upgrade apache2-bin Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: apache2-bin : Depends: libaprutil164 (>= 1.2.7+dfsg) but it is not installable E: Broken packages libaprutil164 (note the missing 't' for "t64") is not available in unstable. The dependency looks typoed and duplicated, as libaprutil1t64 (>= 1.6.0) is also present as needed in the Depends field, Otherwise, have a nice Sunday, :) Étienne. -- Package-specific info: -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2-bin depends on: ii libapr1t64 [libapr1] 1.7.2-3.2 ii libaprutil1-dbd-sqlite3 1.6.3-1.1+b1 ii libaprutil1-ldap 1.6.3-1.1+b1 ii libaprutil1t64 [libaprutil1] 1.6.3-1.1+b1 ii libbrotli11.1.0-2+b3 ii libc6 2.37-15.1 ii libcrypt1 1:4.4.36-4 ii libcurl4t64 [libcurl4]8.6.0-4 ii libjansson4 2.14-2+b2 ii libldap-2.5-0 2.5.16+dfsg-2 ii liblua5.3-0 5.3.6-2+b2 ii libnghttp2-14 1.59.0-1+b1 ii libpcre2-8-0 10.42-4+b1 ii libssl3t64 [libssl3] 3.1.5-1.1 ii libxml2 2.9.14+dfsg-1.3+b2 ii perl 5.38.2-3.2 ii zlib1g1:1.3.dfsg-3.1 apache2-bin recommends no packages. Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]115.8.0esr-1+b1 ii lynx [www-browser] 2.9.0rel.0-2+b1 ii surf [www-browser] 2.1+git20221016-6+b1 ii w3m [www-browser]0.5.3+git20230121-2+b3 Versions of packages apache2 depends on: ii apache2-data 2.4.58-1 ii apache2-utils2.4.58-1+b1 ii init-system-helpers 1.66 ii media-types 10.1.0 ii perl 5.38.2-3.2 ii procps 2:4.0.4-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]115.8.0esr-1+b1 ii lynx [www-browser] 2.9.0rel.0-2+b1 ii surf [www-browser] 2.1+git20221016-6+b1 ii w3m [www-browser]0.5.3+git20230121-2+b3 Versions of packages apache2-bin is related to: ii apache2 2.4.58-1+b1 ii apache2-bin 2.4.58-1+b1 -- no debconf information -- .''`. Étienne Mollier : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/4, please excuse my verbosity `-on air: Antony Kalugin - Key signature.asc Description: PGP signature --- End Message --- --- Begin Message --- version: 1.6.3-2 Am 17.03.24 um 15:19 schrieb
Processing of apr-util_1.6.3-2_source.changes
apr-util_1.6.3-2_source.changes uploaded successfully to localhost along with the files: apr-util_1.6.3-2.dsc apr-util_1.6.3-2.debian.tar.xz apr-util_1.6.3-2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processed: tagging 1067035, tagging 1066821
Processing commands for cont...@bugs.debian.org:
> tags 1067035 + pending
Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t
migration is uninstallable
Added tag(s) pending.
> tags 1066821 + pending
Bug #1066821 {Done: Stefan Fritsch } [src:apr-util] apr-util:
FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault
LD_LIBRARY_PATH="`echo
"../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" |
sed -e 's/::*$//'`" ./$prog -v
Added tag(s) pending.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1066821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066821
1067035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067035
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1066821: marked as done (apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRA
Your message dated Mon, 18 Mar 2024 19:49:13 +
with message-id
and subject line Bug#1066821: fixed in apr-util 1.6.3-2
has caused the Debian Bug report #1066821,
regarding apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384
Segmentation fault LD_LIBRARY_PATH="`echo
"../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" |
sed -e 's/::*$//'`" ./$prog -v
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1066821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066821
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apr-util
Version: 1.6.3-1.1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
X-Debbugs-Cc: sramac...@debian.org
https://buildd.debian.org/status/fetch.php?pkg=apr-util=armhf=1.6.3-1.1=1709086833=0
testldap: SUCCESS
testdbd : SUCCESS
testdate: SUCCESS
testmemcache: Error 111 occurred attempting to reach memcached on
localhost:11211. Skipping apr_memcache tests...
SUCCESS
testredis : Error 111 occurred attempting to reach Redis on
localhost:6379. Skipping apr_redis tests...
SUCCESS
testxml : SUCCESS
testxlate : SUCCESS
testrmm : SUCCESS
testdbm : BDB1565 DB->put: method not permitted before handle's
open method
/bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo
"../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" |
sed -e 's/::*$//'`" ./$prog -v
Programs failed: testall
make[2]: *** [Makefile:60: check] Error 139
Cheers
--
Sebastian Ramacher
--- End Message ---
--- Begin Message ---
Source: apr-util
Source-Version: 1.6.3-2
Done: Stefan Fritsch
We believe that the bug you reported is fixed in the latest version of
apr-util, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch (supplier of updated apr-util package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 18 Mar 2024 20:21:56 +0100
Source: apr-util
Architecture: source
Version: 1.6.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Stefan Fritsch
Closes: 1066821
Changes:
apr-util (1.6.3-2) unstable; urgency=medium
.
* Incorporate NMU. Thanks to all the 64-bit time_t transition
people.
* Bump libapr1-dev Build-Dep to 1.7.2-3.2. Hopefully
closes: #1066821
* Add more 64-bit time_t patches from Simon McVittie. Thanks.
Closes: #1066821
Checksums-Sha1:
e54da49c48a25eaa47c11c1649122dde4996948d 2790 apr-util_1.6.3-2.dsc
0a3ba0d15d92ea2a6b4743fa84bcdfcbb9dfb0ac 341028 apr-util_1.6.3-2.debian.tar.xz
8e751c5f1abc1d5eeb09c253c51e5eca51d74d0d 8920 apr-util_1.6.3-2_source.buildinfo
Checksums-Sha256:
ec0980c33c48706d28ee3894c543f2f2fe4a6e0f4b7b233f6448205934b2079f 2790
apr-util_1.6.3-2.dsc
5dd4abc7e74af270900b953523ee50ebc44bb794fba64a08111f3c1ac9942fb4 341028
apr-util_1.6.3-2.debian.tar.xz
0060c54212516ee4f898e3dceff0c339586f6a10f645866b91e28f732a9f1914 8920
apr-util_1.6.3-2_source.buildinfo
Files:
2bd4a9312509ac42206b46bbbc4d60ff 2790 libs optional apr-util_1.6.3-2.dsc
132c383916b36665b64db1820a859540 341028 libs optional
apr-util_1.6.3-2.debian.tar.xz
ef4a4a49dd973d32bcce3d1e9f688cbd 8920 libs optional
apr-util_1.6.3-2_source.buildinfo
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAmX4lSIACgkQxodfNUHO
/eBDZA//Qc15ucwrvI0uXk3SqY/sywk0Jac/wGxx5nUrnM1gYoU1jK1JIsJ5ade3
DqwzxVrOZs/Q5/OT/B2thDmW07WFvWyud2LZeGMipc0ztBRzkB6mRPH5uonLR1/y
ACTUuDfPdfiDxdNx5i943FRNe4Yiqk121LMdFzrRfFkbtb9ZlGjZdvBbPjN8U1Bf
9rEfRA8UCnemGMyczI2TJY2lOWix6rbBspHAqCoCxOMazLRRdH8QPYbCCfmBal6K
3yP/ZHA/utVENUOU3QfmmqNHY0/Kkekqr7SIJVjAeFJRQUDoABp0k4FkyxZuHA5H
g9iYM71txAsrZ6Cup+ez6WJlbYRcswOGeB23BhCAjlyGza8deLkd8KeFFa2h1fh0
alYIf4WHOtal5dGNPx6LPvK4uWaTUSqqwG7WeoCZA5U43pDPj9P6G6nzzNaX+NPg
7eF4JzZ0w9/8sD9eB4GxoE22sLvgBFeswc7GRG1iOLmZuRPd6csFjsGRPqVwI+o5
Da6W7uNjlcjDIR4t4BA77j3n40eXCHTACeoLsJZ9/NuTyq3lkv/62WyaiQrB3T9R
apr-util_1.6.3-2_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 18 Mar 2024 20:21:56 +0100 Source: apr-util Architecture: source Version: 1.6.3-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Stefan Fritsch Closes: 1066821 Changes: apr-util (1.6.3-2) unstable; urgency=medium . * Incorporate NMU. Thanks to all the 64-bit time_t transition people. * Bump libapr1-dev Build-Dep to 1.7.2-3.2. Hopefully closes: #1066821 * Add more 64-bit time_t patches from Simon McVittie. Thanks. Closes: #1066821 Checksums-Sha1: e54da49c48a25eaa47c11c1649122dde4996948d 2790 apr-util_1.6.3-2.dsc 0a3ba0d15d92ea2a6b4743fa84bcdfcbb9dfb0ac 341028 apr-util_1.6.3-2.debian.tar.xz 8e751c5f1abc1d5eeb09c253c51e5eca51d74d0d 8920 apr-util_1.6.3-2_source.buildinfo Checksums-Sha256: ec0980c33c48706d28ee3894c543f2f2fe4a6e0f4b7b233f6448205934b2079f 2790 apr-util_1.6.3-2.dsc 5dd4abc7e74af270900b953523ee50ebc44bb794fba64a08111f3c1ac9942fb4 341028 apr-util_1.6.3-2.debian.tar.xz 0060c54212516ee4f898e3dceff0c339586f6a10f645866b91e28f732a9f1914 8920 apr-util_1.6.3-2_source.buildinfo Files: 2bd4a9312509ac42206b46bbbc4d60ff 2790 libs optional apr-util_1.6.3-2.dsc 132c383916b36665b64db1820a859540 341028 libs optional apr-util_1.6.3-2.debian.tar.xz ef4a4a49dd973d32bcce3d1e9f688cbd 8920 libs optional apr-util_1.6.3-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAmX4lSIACgkQxodfNUHO /eBDZA//Qc15ucwrvI0uXk3SqY/sywk0Jac/wGxx5nUrnM1gYoU1jK1JIsJ5ade3 DqwzxVrOZs/Q5/OT/B2thDmW07WFvWyud2LZeGMipc0ztBRzkB6mRPH5uonLR1/y ACTUuDfPdfiDxdNx5i943FRNe4Yiqk121LMdFzrRfFkbtb9ZlGjZdvBbPjN8U1Bf 9rEfRA8UCnemGMyczI2TJY2lOWix6rbBspHAqCoCxOMazLRRdH8QPYbCCfmBal6K 3yP/ZHA/utVENUOU3QfmmqNHY0/Kkekqr7SIJVjAeFJRQUDoABp0k4FkyxZuHA5H g9iYM71txAsrZ6Cup+ez6WJlbYRcswOGeB23BhCAjlyGza8deLkd8KeFFa2h1fh0 alYIf4WHOtal5dGNPx6LPvK4uWaTUSqqwG7WeoCZA5U43pDPj9P6G6nzzNaX+NPg 7eF4JzZ0w9/8sD9eB4GxoE22sLvgBFeswc7GRG1iOLmZuRPd6csFjsGRPqVwI+o5 Da6W7uNjlcjDIR4t4BA77j3n40eXCHTACeoLsJZ9/NuTyq3lkv/62WyaiQrB3T9R LHP+kEhznsxOmYAZS7YUd7HBRRj6ZhyaMYn+2rmrXfsq4cDqzD+zkPhq7g/N0AlT GMzFjniJz58Dcuy4mml9AJ1L8rk1Nmpc68w3Qa9KymF6faAfVY8= =N8kz -END PGP SIGNATURE- pgpEAXh1vFh10.pgp Description: PGP signature
Bug#1066821: apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/
Am 18.03.24 um 19:30 schrieb Stefan Fritsch: Am 13.03.24 um 22:32 schrieb Sebastian Ramacher: Source: apr-util Version: 1.6.3-1.1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=apr-util=armhf=1.6.3-1.1=1709086833=0 It looks to me like it tried to use a non 64bit time_t libapr1 during build, which does not work because libapr1 changes abi with the time_t transition. Adding a versioned build-depends should help. I will check later. Unfortunately, apr-util build-deps are uninstallable on armhf/armel right now due to postgres not being built for 64bit time_t. So, there is no easy way to test this. I will upload anyway.
Bug#1066821: apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/
Am 13.03.24 um 22:32 schrieb Sebastian Ramacher: Source: apr-util Version: 1.6.3-1.1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=apr-util=armhf=1.6.3-1.1=1709086833=0 It looks to me like it tried to use a non 64bit time_t libapr1 during build, which does not work because libapr1 changes abi with the time_t transition. Adding a versioned build-depends should help. I will check later. testldap: SUCCESS testdbd : SUCCESS testdate: SUCCESS testmemcache: Error 111 occurred attempting to reach memcached on localhost:11211. Skipping apr_memcache tests... SUCCESS testredis : Error 111 occurred attempting to reach Redis on localhost:6379. Skipping apr_redis tests... SUCCESS testxml : SUCCESS testxlate : SUCCESS testrmm : SUCCESS testdbm : BDB1565 DB->put: method not permitted before handle's open method /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/::*$//'`" ./$prog -v Programs failed: testall make[2]: *** [Makefile:60: check] Error 139 Cheers
Bug#1067104: server stalls: AH00046: child process 2876749 still did not exit, sending a SIGKILL
Package: apache2 Version: 2.4.57-2 Severity: important Server was working just fine for years and recently started to stall completely after 3-7 days of functioning normally. error logs get filled up first with AH03490 and then eventually with AH00045 messages: [Sun Mar 17 02:26:01.353381 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. ... [Sun Mar 17 22:00:42.201774 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Sun Mar 17 22:00:42.995574 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Sun Mar 17 22:00:42.998488 2024] [mpm_event:notice] [pid 2649373:tid 139846579189632] AH00492: caught SIGWINCH, shutting down gracefully [Sun Mar 17 22:00:46.358981 2024] [core:warn] [pid 2649373:tid 139846579189632] AH00045: child process 2649375 still did not exit, sending a SIGTERM [Sun Mar 17 22:00:46.359064 2024] [core:warn] [pid 2649373:tid 139846579189632] AH00045: child process 2649376 still did not exit, sending a SIGTERM until I restart the beast. $> grep AH03490 error.log | wc -l 70404 $> grep AH00045 error.log | wc -l 48 Server has a number of virtualserver's configured. Seems has started about a month ago $> for e in error.log*; do zgrep AH03490 $e| head -n 1 ; done [Sun Mar 17 02:26:01.353381 2024] [mpm_event:error] [pid 2649373:tid 139846579189632] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Mon Mar 11 16:47:41.181900 2024] [mpm_event:error] [pid 1172065:tid 140192799893376] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Tue Mar 05 00:00:12.307813 2024] [mpm_event:error] [pid 2686718:tid 139644504094592] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Sun Feb 25 03:23:33.382200 2024] [mpm_event:error] [pid 2686718:tid 139644504094592] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Sat Feb 24 01:02:29.148887 2024] [mpm_event:error] [pid 2686718:tid 139644504094592] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. [Tue Feb 13 14:28:00.653754 2024] [mpm_event:error] [pid 2434335:tid 140300052350848] AH03490: scoreboard is full, not at MaxRequestWorkers.Increase ServerLimit. and likely after I configured some wsgi $> zgrep apache /var/log/dpkg.log.* | grep 2024 /var/log/dpkg.log.2.gz:2024-02-02 12:34:23 install libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:34:23 status half-installed libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:34:23 status unpacked libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:34:23 configure libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:34:23 status unpacked libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:34:23 status half-configured libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:34:25 status installed libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:51:18 status installed libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:51:19 remove libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:51:19 status half-configured libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:51:21 status half-installed libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:51:21 status config-files libapache2-mod-python:amd64 3.5.0+git20211031.e6458ec-1+deb12u1 /var/log/dpkg.log.2.gz:2024-02-02 12:52:11 install libapache2-mod-wsgi-py3:amd64 4.9.4-1+b2 /var/log/dpkg.log.2.gz:2024-02-02 12:52:11 status half-installed libapache2-mod-wsgi-py3:amd64 4.9.4-1+b2 /var/log/dpkg.log.2.gz:2024-02-02 12:52:11 status unpacked libapache2-mod-wsgi-py3:amd64 4.9.4-1+b2 /var/log/dpkg.log.2.gz:2024-02-02 12:52:11 configure libapache2-mod-wsgi-py3:amd64 4.9.4-1+b2 /var/log/dpkg.log.2.gz:2024-02-02 12:52:11 status unpacked libapache2-mod-wsgi-py3:amd64 4.9.4-1+b2 /var/log/dpkg.log.2.gz:2024-02-02 12:52:11 status half-configured libapache2-mod-wsgi-py3:amd64 4.9.4-1+b2 /var/log/dpkg.log.2.gz:2024-02-02 12:52:14 status installed libapache2-mod-wsgi-py3:amd64
Re: Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable
Hi Simon, Simon McVittie, on 2024-03-17: > I believe the attached patches should fix this (untested). After fixing > this in apr-util, apache2 will need a binNMU (or a re-upload). Thanks for your patches, I confirm they resolve the dependency issue after a rebuild of apache2. libaprutil164 without 't' is no more present in the dependencies. Have a nice day, :) -- .''`. Étienne Mollier : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/1, please excuse my verbosity `- signature.asc Description: PGP signature
Processed: Re: Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable
Processing control commands: > reassign -1 libaprutil1t64 Bug #1067035 [apache2-bin] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Bug reassigned from package 'apache2-bin' to 'libaprutil1t64'. No longer marked as found in versions apache2/2.4.58-1. Ignoring request to alter fixed versions of bug #1067035 to the same values previously set > found -1 1.6.3-1.1 Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Marked as found in versions apr-util/1.6.3-1.1. > affects -1 + apache2-bin Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Added indication that 1067035 affects apache2-bin > tags -1 + patch Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Added tag(s) patch. -- 1067035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable
Control: reassign -1 libaprutil1t64 Control: found -1 1.6.3-1.1 Control: affects -1 + apache2-bin Control: tags -1 + patch On Sun, 17 Mar 2024 at 12:01:38 +0100, Étienne Mollier wrote: > libaprutil164 (note the missing 't' for "t64") is not available > in unstable. The dependency looks typoed and duplicated, as > libaprutil1t64 (>= 1.6.0) is also present as needed in the > Depends field, If I'm reading correctly, this is a bug in the NMU of libaprutil1t64 with the rename for 64-bit time_t, not a bug in apache2-bin. The .symbols file in libaprutil1t64 generates dependencies on a nonexistent package name if functions related to LDAP or database functionality are used. I believe the attached patches should fix this (untested). After fixing this in apr-util, apache2 will need a binNMU (or a re-upload). I have not attempted to fix apr-util's other RC bug, #1066821. smcv >From e36a8c4784278ccfb32d112b57cd2260fedb2e3c Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 17 Mar 2024 13:21:29 + Subject: [PATCH 2/3] d/libaprutil1t64.symbols: Fix name of t64 binary package It's libaprutil1t64 (with the "t"), not libaprutil164. Closes: #1067035 --- debian/libaprutil1t64.symbols | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/libaprutil1t64.symbols b/debian/libaprutil1t64.symbols index 8468461..0b6493b 100644 --- a/debian/libaprutil1t64.symbols +++ b/debian/libaprutil1t64.symbols @@ -1,6 +1,6 @@ libaprutil-1.so.0 libaprutil1t64 #MINVER# -| libaprutil1-ldap , libaprutil164 #MINVER# -| libaprutil1-dbd-sqlite3|libaprutil1-dbd-mysql|libaprutil1-dbd-odbc|libaprutil1-dbd-pgsql|libaprutil1-dbd-freetds , libaprutil164 #MINVER# +| libaprutil1-ldap , libaprutil1t64 #MINVER# +| libaprutil1-dbd-sqlite3|libaprutil1-dbd-mysql|libaprutil1-dbd-odbc|libaprutil1-dbd-pgsql|libaprutil1-dbd-freetds , libaprutil1t64 #MINVER# _crypt_blowfish_rn@Base 1.5.0 _crypt_gensalt_blowfish_rn@Base 1.5.0 _crypt_output_magic@Base 1.5.0 -- 2.43.0 >From 1ea1785071067c436b9e0b1938fbc2553e849d3f Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 17 Mar 2024 13:22:27 + Subject: [PATCH 3/3] d/libaprutil1t64.lintian-overrides: Remove unnecessary lintian override --- debian/libaprutil1t64.lintian-overrides | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/libaprutil1t64.lintian-overrides b/debian/libaprutil1t64.lintian-overrides index 90a6b4d..fb2f313 100644 --- a/debian/libaprutil1t64.lintian-overrides +++ b/debian/libaprutil1t64.lintian-overrides @@ -1,3 +1,2 @@ libaprutil1t64: symbols-declares-dependency-on-other-package libaprutil1t64: package-name-doesnt-match-sonames libaprutil-1-0 -libaprutil1t64: package-name-doesnt-match-sonames libaprutil1 -- 2.43.0
Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable
Package: apache2-bin Version: 2.4.58-1+b2 Severity: serious Justification: uninstallable Dear Maintainer, Attempting to upgrade apache2-bin from rebuild 2.4.58-1+b1 to the rebuild 2.4.58-1+b2 leads to the following error: $ sudo apt upgrade apache2-bin Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: apache2-bin : Depends: libaprutil164 (>= 1.2.7+dfsg) but it is not installable E: Broken packages libaprutil164 (note the missing 't' for "t64") is not available in unstable. The dependency looks typoed and duplicated, as libaprutil1t64 (>= 1.6.0) is also present as needed in the Depends field, Otherwise, have a nice Sunday, :) Étienne. -- Package-specific info: -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2-bin depends on: ii libapr1t64 [libapr1] 1.7.2-3.2 ii libaprutil1-dbd-sqlite3 1.6.3-1.1+b1 ii libaprutil1-ldap 1.6.3-1.1+b1 ii libaprutil1t64 [libaprutil1] 1.6.3-1.1+b1 ii libbrotli11.1.0-2+b3 ii libc6 2.37-15.1 ii libcrypt1 1:4.4.36-4 ii libcurl4t64 [libcurl4]8.6.0-4 ii libjansson4 2.14-2+b2 ii libldap-2.5-0 2.5.16+dfsg-2 ii liblua5.3-0 5.3.6-2+b2 ii libnghttp2-14 1.59.0-1+b1 ii libpcre2-8-0 10.42-4+b1 ii libssl3t64 [libssl3] 3.1.5-1.1 ii libxml2 2.9.14+dfsg-1.3+b2 ii perl 5.38.2-3.2 ii zlib1g1:1.3.dfsg-3.1 apache2-bin recommends no packages. Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]115.8.0esr-1+b1 ii lynx [www-browser] 2.9.0rel.0-2+b1 ii surf [www-browser] 2.1+git20221016-6+b1 ii w3m [www-browser]0.5.3+git20230121-2+b3 Versions of packages apache2 depends on: ii apache2-data 2.4.58-1 ii apache2-utils2.4.58-1+b1 ii init-system-helpers 1.66 ii media-types 10.1.0 ii perl 5.38.2-3.2 ii procps 2:4.0.4-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]115.8.0esr-1+b1 ii lynx [www-browser] 2.9.0rel.0-2+b1 ii surf [www-browser] 2.1+git20221016-6+b1 ii w3m [www-browser]0.5.3+git20230121-2+b3 Versions of packages apache2-bin is related to: ii apache2 2.4.58-1+b1 ii apache2-bin 2.4.58-1+b1 -- no debconf information -- .''`. Étienne Mollier : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/4, please excuse my verbosity `-on air: Antony Kalugin - Key signature.asc Description: PGP signature
Processed: reassign 1067031 to src:apache2
Processing commands for cont...@bugs.debian.org: > reassign 1067031 src:apache2 Bug #1067031 [src:apache2-bin] apache2-bin: Probably wrong dependency. Warning: Unknown package 'src:apache2-bin' Bug reassigned from package 'src:apache2-bin' to 'src:apache2'. No longer marked as found in versions apache2-bin/2.4.58-1. Ignoring request to alter fixed versions of bug #1067031 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1067031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067031 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
reassign 1067031 to src:apache2
reassign 1067031 src:apache2 thanks signature.asc Description: PGP signature
Bug#1064950: marked as done (apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.)
Your message dated Wed, 13 Mar 2024 22:29:55 +0100
with message-id
and subject line Re: AW: AW: Bug#1064950: apache2: (Legacy?) "Depends:
apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.
has caused the Debian Bug report #1064950,
regarding apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in
debian/control breaks binNMU builds.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1064950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064950
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Subject: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in
debian/control breaks binNMU builds.
Source: apache2
X-Debbugs-Cc: christof.warl...@siemens.com
Version: 2.4.57-2
Severity: serious
Justification: fails to build from source (but built successfully in the past)
Tags: patch ftbfs
Dear Maintainer,
(re)building apache2 as binNMU (i.e. with appending "+b to the
package version")
works, but installation of the resulting apache2 package fails due to the
following dependency
in debian/control:
Depends: apache2-data (= ${source:Version}),
It causes apt-get to look for the dependency "apache2-data" (= 2.4.57-2) which
does not exist
in the newly built packages. Instead, the dependency should be satisfied by
"apache2-data (= 2.4.57-2+b)".
The folliwing patch fixes the issue:
diff --git a/debian/control b/debian/control
index 2eddc60..31121fa 100644
--- a/debian/control
+++ b/debian/control
@@ -34,7 +34,7 @@ Rules-Requires-Root: binary-targets
Package: apache2
Architecture: any
Depends: apache2-bin (= ${binary:Version}),
- apache2-data (= ${source:Version}),
+ apache2-data (= ${binary:Version}),
apache2-utils (= ${binary:Version}),
lsb-base,
media-types,
Please consider applying the patch.
Best regards,
Christof Warlich
P.S.: Note that the information below, being produced by "reportbug", is
irrelevant as I executed "reportbug"
on WSL2 on Windows 10. The actual Debian version is "bookworm".
-- System Information:
Debian Release: bookworm/sid
APT prefers jammy-updates
APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'),
(100, 'jammy-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.102.1-microsoft-standard-WSL2+ (SMP w/16 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
On 2024-03-04 12:33:39 +, Warlich, Christof wrote:
> Sebastian Ramacher wrote:
> > Christof Warlich wrote:
> > > If this assumption is true, then why is the Debian build system (i.e.
> > > dpkg-buildpackage) not smart enough to simply ignore an existing +bX
> > > extension for Architecture: all binary packages? IMHO, this would
> > > simplify matters, as it would have avoided the pitfall that I stumbled
> > > into altogether.
> >
> > binNMUs are handled a layer above. sbuild will pass the correct options to
> > dpkg-buildpackage to build binNMUs. If you are interested in having binNMU
> > builds for your own infrastructure, you'll probably need to take a look at
> > the sbuild source to see how it is implemented.
>
> Ok, so I'd better start using sbuild instead. Again, thanks for the valuable
> info and your time.
Closing this bug.
Cheers
--
Sebastian Ramacher--- End Message ---
Bug#1066821: apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -
Source: apr-util Version: 1.6.3-1.1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=apr-util=armhf=1.6.3-1.1=1709086833=0 testldap: SUCCESS testdbd : SUCCESS testdate: SUCCESS testmemcache: Error 111 occurred attempting to reach memcached on localhost:11211. Skipping apr_memcache tests... SUCCESS testredis : Error 111 occurred attempting to reach Redis on localhost:6379. Skipping apr_redis tests... SUCCESS testxml : SUCCESS testxlate : SUCCESS testrmm : SUCCESS testdbm : BDB1565 DB->put: method not permitted before handle's open method /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/::*$//'`" ./$prog -v Programs failed: testall make[2]: *** [Makefile:60: check] Error 139 Cheers -- Sebastian Ramacher
Processing of apr_1.7.2-3.2_source.changes
apr_1.7.2-3.2_source.changes uploaded successfully to localhost along with the files: apr_1.7.2-3.2.dsc apr_1.7.2-3.2.debian.tar.xz apr_1.7.2-3.2_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
apr_1.7.2-3.2_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 08 Mar 2024 19:11:28 + Source: apr Architecture: source Version: 1.7.2-3.2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Steve Langasek Changes: apr (1.7.2-3.2) unstable; urgency=medium . * Non-maintainer upload. * Fix symbols files which are in a non-standard location. Checksums-Sha1: fb88873fd02f6cb033899f0b060aa89f4509d0d1 2323 apr_1.7.2-3.2.dsc 2afdfaa223f31b8a53e32576ca32099719f93923 54572 apr_1.7.2-3.2.debian.tar.xz 3aa990b1e6ec1c3271deee5649296e06d75915ac 6624 apr_1.7.2-3.2_source.buildinfo Checksums-Sha256: e6beb42d176608fce031f271017b650658c633f5e31080047541b9549ee2715a 2323 apr_1.7.2-3.2.dsc 0758509e6cda3f6f3f367e84e8ef1c05d58450936f78f4163f22b0df8a663a6c 54572 apr_1.7.2-3.2.debian.tar.xz d38edbb4561165638906f9400f639605e5377ecebfeadab3daca4c6b5174695b 6624 apr_1.7.2-3.2_source.buildinfo Files: 6ac8fd144b7f5db1d7802d5e9134036f 2323 libs optional apr_1.7.2-3.2.dsc c9647dce37ec9a3508da952ea1dd2af5 54572 libs optional apr_1.7.2-3.2.debian.tar.xz bb157860a4bdc6b47e63fa49418a8ccd 6624 libs optional apr_1.7.2-3.2_source.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmXrYzISHHZvcmxvbkBk ZWJpYW4ub3JnAAoJEFaNMPMhshM9DhkP+QFBy+jsislWylMJnb34Cv2NrEpKRnHD vp+OA01hIKiNz834LZDq6/bza8A1RwUu208twVZzm5dl+yAlOwSDDOOzJjjtnu7z XOOEHEsNGlkgsksdsO6bSGxahePuAo1QRG+lZL7O5iXWsqRFQZcThkmTWFyMJuBr /lqlXsVDmci560Binc3KTpAXSAJgj3vhwdtGYxh68DRHSrU52CBUABH+AccFnDA7 kbZqUu01U2IsI3ab9XN6Ddr2nqh0r3qjZsy3CYNQtTfFwrkdSlt/xDWq3iGefLpm KJiiTaHJSB+uqN4MRfqt85ZtNA46+eGHNnH/WIwkmtCnA4vAlOTE3K1IYDSohwa6 CYz0b7oUdaMeuaOfM9pGkVDeWnM+sJ4KiPi3cI/C/i4ZGyPZI38BSJ7ALqEIP8/z hu1cLqU/CRbtVt1f+XSo9lpUmDvEeYDaNSg4aSoPufeyOU7KCbYb3bkcm6apO2mn 8pWqaiDjYOyLMgUSkMCE5EpewFwb9dTCQviZaw6EiAGQBs8GGSgqXW8bJr5U/GAp hEjzfSkd9sMy2uCQhYxj/ZAVPwHadzIO2hqCBxbYWQ/kG11aBtZzuXtM4/vnqqRX 63mFopF/TzZF3+YErHRCtIwGEm8IvKDcZ9QMFu1vZp/2yqd4vw1rwhogOnYy+a6f 30rtKmxTSsEW =uX7W -END PGP SIGNATURE- pgpDri9Ve702H.pgp Description: PGP signature
Bug#1061894: apr: NMU diff for 64-bit time_t transition
The NMU was buggy because symbols files are in a non-standard location, so
did not get updated by our transition scripts; with the result that packages
rebuilt against libapr1t64 still had a dependency on libapr1. Please find
attached a full NMU debdiff for an updated NMU.
On Wed, Feb 28, 2024 at 01:17:59AM +, Steve Langasek wrote:
> Dear maintainer,
>
> Please find attached a final version of this patch for the time_t
> transition. This patch is being uploaded to unstable.
>
> Note that this adds a versioned build-dependency on dpkg-dev, to guard
> against accidental backports with a wrong ABI.
>
> Thanks!
>
>
> -- System Information:
> Debian Release: trixie/sid
> APT prefers unstable
> APT policy: (500, 'unstable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
> Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> diff -Nru apr-1.7.2/debian/changelog apr-1.7.2/debian/changelog
> --- apr-1.7.2/debian/changelog2023-02-26 20:51:24.0 +
> +++ apr-1.7.2/debian/changelog2024-02-28 01:17:18.0 +
> @@ -1,3 +1,10 @@
> +apr (1.7.2-3.1) unstable; urgency=medium
> +
> + * Non-maintainer upload.
> + * Rename libraries for 64-bit time_t transition. Closes: #1061894
> +
> + -- Steve Langasek Wed, 28 Feb 2024 01:17:18 +
> +
> apr (1.7.2-3) unstable; urgency=medium
>
>* Add more fixes for atomics from upstream, in particular for
> diff -Nru apr-1.7.2/debian/control apr-1.7.2/debian/control
> --- apr-1.7.2/debian/control 2023-02-03 16:18:13.0 +
> +++ apr-1.7.2/debian/control 2024-02-28 01:17:18.0 +
> @@ -3,7 +3,7 @@
> Priority: optional
> Maintainer: Debian Apache Maintainers
> Uploaders: Stefan Fritsch
> -Build-Depends: debhelper-compat (= 13),
> +Build-Depends: dpkg-dev (>= 1.22.5), debhelper-compat (= 13),
> autoconf,
> mawk,
> uuid-dev,
> @@ -19,7 +19,10 @@
> Homepage: https://apr.apache.org/
> Rules-Requires-Root: no
>
> -Package: libapr1
> +Package: libapr1t64
> +Provides: ${t64:Provides}
> +Replaces: libapr1
> +Breaks: libapr1 (<< ${source:Version})
> Architecture: any
> Depends: ${shlibs:Depends}, ${misc:Depends}
> Pre-Depends: ${misc:Pre-Depends}
> @@ -33,7 +36,7 @@
> Package: libapr1-dev
> Architecture: any
> Section: libdevel
> -Depends: libapr1 (= ${binary:Version}), uuid-dev, ${misc:Depends},
> libsctp-dev [linux-any], python3:any
> +Depends: libapr1t64 (= ${binary:Version}), uuid-dev, ${misc:Depends},
> libsctp-dev [linux-any], python3:any
> Conflicts: libapr1.0-dev, libapr0-dev
> Description: Apache Portable Runtime Library - Development Headers
> APR is Apache's Portable Runtime Library, designed to be a support library
> diff -Nru apr-1.7.2/debian/libapr1.docs apr-1.7.2/debian/libapr1.docs
> --- apr-1.7.2/debian/libapr1.docs 2023-02-02 21:18:42.0 +
> +++ apr-1.7.2/debian/libapr1.docs 1970-01-01 00:00:00.0 +
> @@ -1 +0,0 @@
> -NOTICE
> diff -Nru apr-1.7.2/debian/libapr1.install apr-1.7.2/debian/libapr1.install
> --- apr-1.7.2/debian/libapr1.install 2023-02-02 21:18:42.0 +
> +++ apr-1.7.2/debian/libapr1.install 1970-01-01 00:00:00.0 +
> @@ -1 +0,0 @@
> -usr/lib/*/libapr-1.so.*
> diff -Nru apr-1.7.2/debian/libapr1.lintian-overrides
> apr-1.7.2/debian/libapr1.lintian-overrides
> --- apr-1.7.2/debian/libapr1.lintian-overrides2023-02-02
> 21:18:42.0 +
> +++ apr-1.7.2/debian/libapr1.lintian-overrides1970-01-01
> 00:00:00.0 +
> @@ -1 +0,0 @@
> -libapr1: package-name-doesnt-match-sonames libapr-1-0
> diff -Nru apr-1.7.2/debian/libapr1.symbols apr-1.7.2/debian/libapr1.symbols
> --- apr-1.7.2/debian/libapr1.symbols 2023-02-02 21:18:42.0 +
> +++ apr-1.7.2/debian/libapr1.symbols 1970-01-01 00:00:00.0 +
> @@ -1,2 +0,0 @@
> -here for the purpose of tricking debhelper...bwahahahaha.
> -
> diff -Nru apr-1.7.2/debian/libapr1t64.docs apr-1.7.2/debian/libapr1t64.docs
> --- apr-1.7.2/debian/libapr1t64.docs 1970-01-01 00:00:00.0 +
> +++ apr-1.7.2/debian/libapr1t64.docs 2023-02-02 21:18:42.0 +
> @@ -0,0 +1 @@
> +NOTICE
> diff -Nru apr-1.7.2/debian/libapr1t64.install
> apr-1.7.2/debian/libapr1t64.install
> --- apr-1.7.2/debian/libapr1t64.install 1970-01-01 00:00:00.0
> +
> +++ apr-1.7.2/debian/libapr1t64.install 2023-02-02 21:18:42.0
> +
> @@ -0,0 +1 @@
> +usr/lib/*/libapr-1.so.*
> diff -Nru apr-1.7.2/debian/libapr1t64.lintian-overrides
> apr-1.7.2/debian/libapr1t64.lintian-overrides
> --- apr-1.7.2/debian/libapr1t64.lintian-overrides 1970-01-01
> 00:00:00.0 +
> +++ apr-1.7.2/debian/libapr1t64.lintian-overrides 2024-02-28
> 01:17:10.0 +
> @@ -0,0
Re: Need Some Help
On 3/7/24 20:52, Ali Ramzan wrote: Hi, I am currently using Debian Apache version on my Debian server, but when I perform a scan, I am alerted to several vulnerabilities. Specifically, the Apache version 2.4.x is vulnerable to multiple CVEs, including 2023-31122, 2023-43622, and 2023-45802. I have a couple of questions: When will Debian release Apache version 2.4.58, which resolves these vulnerabilities? Also, where can I find a link to this release and its release date? Finally, is there any way for me to fix these vulnerabilities in the meantime? Hi, version 2.4.58 doesn't contain important CVE fixes, only minor/medium. So it will be updated during a Debian point release and not in security branch. Cheers, Yadd
Need Some Help
Hi, I am currently using Debian Apache version on my Debian server, but when I perform a scan, I am alerted to several vulnerabilities. Specifically, the Apache version 2.4.x is vulnerable to multiple CVEs, including 2023-31122, 2023-43622, and 2023-45802. I have a couple of questions: When will Debian release Apache version 2.4.58, which resolves these vulnerabilities? Also, where can I find a link to this release and its release date? Finally, is there any way for me to fix these vulnerabilities in the meantime? apt policy apache2 apache2: Installed: 2.4.56-1~deb11u2 Candidate: 2.4.56-1~deb11u2 Version table: *** 2.4.56-1~deb11u2 500 500 http://ftp.de.debian.org/debian bullseye/main amd64 Packages 100 /var/lib/dpkg/status root@vcloudproxy-02:~# lsb_release -a No LSB modules are available. Distributor ID: Debian Description:Debian GNU/Linux 11 (bullseye) Release:11 Codename: bullseye Thanks Ali
Bug#1064950: AW: AW: Bug#1064950: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.
Sebastian Ramacher wrote: > Christof Warlich wrote: > > If this assumption is true, then why is the Debian build system (i.e. > > dpkg-buildpackage) not smart enough to simply ignore an existing +bX > > extension for Architecture: all binary packages? IMHO, this would simplify > > matters, as it would have avoided the pitfall that I stumbled into > > altogether. > > binNMUs are handled a layer above. sbuild will pass the correct options to > dpkg-buildpackage to build binNMUs. If you are interested in having binNMU > builds for your own infrastructure, you'll probably need to take a look at > the sbuild source to see how it is implemented. Ok, so I'd better start using sbuild instead. Again, thanks for the valuable info and your time.
Bug#1064950: AW: Bug#1064950: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.
On 2024-03-04 06:19:58 +, Warlich, Christof wrote:
> Sebastian Ramacher wrote:
> > This is wrong. apache2-data is an Architecture: all package,
> > but apache2 is Architecture: any. So using ${source:Version}
> > here is correct. Note that Debian does not currently support
> > binNMUs for Architecture: all packages, so apache2-data will
> > never have a +bX version.
>
> Thanks for that clarification.
>
> This is somewhat confusing for someone not doing package builds as a daily
> profession: If just doing a "dpkg-buildpackage -us -uc" on the apache2
> sources _with_ the +bX extension, the apache2-data binary package _does_ get
> the +bX extension as well, at least with my build, causing the issue that I
> described initially.
For binNMUs you'll need to pass "-B" at least, but see below.
> Thus, as much as I think I've leaned so far, binNMU builds on source packages
> that also produce Architekture: all binary packages must always be built
> separately from sources without the +bX extension for the Architecture: all
> binary packages, whereras the architecture-dependent binary packages may be
> built from a source package with a +bX extension, right?
Not exactly. The source packages are not changed for binNMUs. This is
handled via sbuild's --binNMU-* options to set the changelog and the
version. Specifically, these options imply that Arch: all binaries are
not built.
> If this assumption is true, then why is the Debian build system (i.e.
> dpkg-buildpackage) not smart enough to simply ignore an existing +bX
> extension for Architecture: all binary packages? IMHO, this would simplify
> matters, as it would have avoided the pitfall that I stumbled into altogether.
binNMUs are handled a layer above. sbuild will pass the correct options
to dpkg-buildpackage to build binNMUs. If you are interested in having
binNMU builds for your own infrastructure, you'll probably need to take
a look at the sbuild source to see how it is implemented.
Cheers
--
Sebastian Ramacher
Bug#1064950: AW: Bug#1064950: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.
Sebastian Ramacher wrote:
> This is wrong. apache2-data is an Architecture: all package,
> but apache2 is Architecture: any. So using ${source:Version}
> here is correct. Note that Debian does not currently support
> binNMUs for Architecture: all packages, so apache2-data will
> never have a +bX version.
Thanks for that clarification.
This is somewhat confusing for someone not doing package builds as a daily
profession: If just doing a "dpkg-buildpackage -us -uc" on the apache2 sources
_with_ the +bX extension, the apache2-data binary package _does_ get the +bX
extension as well, at least with my build, causing the issue that I described
initially.
Thus, as much as I think I've leaned so far, binNMU builds on source packages
that also produce Architekture: all binary packages must always be built
separately from sources without the +bX extension for the Architecture: all
binary packages, whereras the architecture-dependent binary packages may be
built from a source package with a +bX extension, right?
If this assumption is true, then why is the Debian build system (i.e.
dpkg-buildpackage) not smart enough to simply ignore an existing +bX extension
for Architecture: all binary packages? IMHO, this would simplify matters, as it
would have avoided the pitfall that I stumbled into altogether.
Please note that I my main goal is to better understand how to do it right for
future builds.
Bug#1064950: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.
On 2024-02-28 07:16:07 +, Warlich, Christof wrote:
> Subject: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in
> debian/control breaks binNMU builds.
> Source: apache2
> X-Debbugs-Cc: christof.warl...@siemens.com
> Version: 2.4.57-2
> Severity: serious
> Justification: fails to build from source (but built successfully in the past)
> Tags: patch ftbfs
>
> Dear Maintainer,
>
> (re)building apache2 as binNMU (i.e. with appending "+b to the
> package version")
> works, but installation of the resulting apache2 package fails due to the
> following dependency
> in debian/control:
>
> Depends: apache2-data (= ${source:Version}),
>
> It causes apt-get to look for the dependency "apache2-data" (= 2.4.57-2)
> which does not exist
> in the newly built packages. Instead, the dependency should be satisfied by
> "apache2-data (= 2.4.57-2+b)".
>
> The folliwing patch fixes the issue:
>
> diff --git a/debian/control b/debian/control
> index 2eddc60..31121fa 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -34,7 +34,7 @@ Rules-Requires-Root: binary-targets
> Package: apache2
> Architecture: any
> Depends: apache2-bin (= ${binary:Version}),
> - apache2-data (= ${source:Version}),
> + apache2-data (= ${binary:Version}),
> apache2-utils (= ${binary:Version}),
> lsb-base,
> media-types,
>
> Please consider applying the patch.
This is wrong. apache2-data is an Architecture: all package, but apache2
is Architecture: any. So using ${source:Version} here is correct. Note
that Debian does not currently support binNMUs for Architecture: all
packages, so apache2-data will never have a +bX version.
Cheers
>
> Best regards,
>
> Christof Warlich
>
> P.S.: Note that the information below, being produced by "reportbug", is
> irrelevant as I executed "reportbug"
> on WSL2 on Windows 10. The actual Debian version is "bookworm".
>
> -- System Information:
> Debian Release: bookworm/sid
> APT prefers jammy-updates
> APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500,
> 'jammy'), (100, 'jammy-backports')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.10.102.1-microsoft-standard-WSL2+ (SMP w/16 CPU threads)
> Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
--
Sebastian Ramacher
apache2_2.4.58-2_sourceonly.changes REJECTED
apache2 source: lintian output: 'not-binnmuable-any-depends-all apache2 -> apache2-data', automatically rejected package. apache2 source: If you have a good reason, you may override this lintian tag. === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. pgpfQaPlmvLga.pgp Description: PGP signature
Processing of apache2_2.4.58-2_sourceonly.changes
apache2_2.4.58-2_sourceonly.changes uploaded successfully to localhost along with the files: apache2_2.4.58-2.dsc apache2_2.4.58-2.debian.tar.xz Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processed: Bug#1064950 marked as pending in apache2
Processing control commands:
> tag -1 pending
Bug #1064950 [src:apache2] apache2: (Legacy?) "Depends: apache2-data (=
${source:Version})," in debian/control breaks binNMU builds.
Added tag(s) pending.
--
1064950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064950
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1064950: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.
Subject: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in
debian/control breaks binNMU builds.
Source: apache2
X-Debbugs-Cc: christof.warl...@siemens.com
Version: 2.4.57-2
Severity: serious
Justification: fails to build from source (but built successfully in the past)
Tags: patch ftbfs
Dear Maintainer,
(re)building apache2 as binNMU (i.e. with appending "+b to the
package version")
works, but installation of the resulting apache2 package fails due to the
following dependency
in debian/control:
Depends: apache2-data (= ${source:Version}),
It causes apt-get to look for the dependency "apache2-data" (= 2.4.57-2) which
does not exist
in the newly built packages. Instead, the dependency should be satisfied by
"apache2-data (= 2.4.57-2+b)".
The folliwing patch fixes the issue:
diff --git a/debian/control b/debian/control
index 2eddc60..31121fa 100644
--- a/debian/control
+++ b/debian/control
@@ -34,7 +34,7 @@ Rules-Requires-Root: binary-targets
Package: apache2
Architecture: any
Depends: apache2-bin (= ${binary:Version}),
- apache2-data (= ${source:Version}),
+ apache2-data (= ${binary:Version}),
apache2-utils (= ${binary:Version}),
lsb-base,
media-types,
Please consider applying the patch.
Best regards,
Christof Warlich
P.S.: Note that the information below, being produced by "reportbug", is
irrelevant as I executed "reportbug"
on WSL2 on Windows 10. The actual Debian version is "bookworm".
-- System Information:
Debian Release: bookworm/sid
APT prefers jammy-updates
APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'),
(100, 'jammy-backports')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.102.1-microsoft-standard-WSL2+ (SMP w/16 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Bug#1061893: marked as done (apr-util: NMU diff for 64-bit time_t transition)
Your message dated Wed, 28 Feb 2024 02:05:20 +
with message-id
and subject line Bug#1061893: fixed in apr-util 1.6.3-1.1
has caused the Debian Bug report #1061893,
regarding apr-util: NMU diff for 64-bit time_t transition
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1061893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061893
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apr-util
Version: 1.6.3-1
Severity: serious
Tags: patch pending
Justification: library ABI skew on upgrade
User: debian-...@lists.debian.org
Usertags: time-t
Dear maintainer,
As part of the 64-bit time_t transition required to support 32-bit
architectures in 2038 and beyond
(https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified
apr-util as a source package shipping runtime libraries whose ABI
either is affected by the change in size of time_t, or could not be
analyzed via abi-compliance-checker (and therefore to be on the safe
side we assume is affected).
To ensure that inconsistent combinations of libraries with their
reverse-dependencies are never installed together, it is necessary to
have a library transition, which is most easily done by renaming the
runtime library package.
Since turning on 64-bit time_t is being handled centrally through a change
to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is
important that libraries affected by this ABI change all be uploaded close
together in time. Therefore I have prepared a 0-day NMU for apr-util
which will initially be uploaded to experimental if possible, then to
unstable after packages have cleared binary NEW.
Please find the patch for this NMU attached.
If you have any concerns about this patch, please reach out ASAP. Although
this package will be uploaded to experimental immediately, there will be a
period of several days before we begin uploads to unstable; so if information
becomes available that your package should not be included in the transition,
there is time for us to amend the planned uploads.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru apr-util-1.6.3/debian/changelog apr-util-1.6.3/debian/changelog
--- apr-util-1.6.3/debian/changelog 2023-02-03 20:15:18.0 +
+++ apr-util-1.6.3/debian/changelog 2024-01-30 00:55:31.0 +
@@ -1,3 +1,10 @@
+apr-util (1.6.3-1.1) experimental; urgency=medium
+
+ * Non-maintainer upload.
+ * Rename libraries for 64-bit time_t transition.
+
+ -- Steve Langasek Tue, 30 Jan 2024 00:55:31 +
+
apr-util (1.6.3-1) unstable; urgency=medium
[ Stefan Fritsch ]
diff -Nru apr-util-1.6.3/debian/control apr-util-1.6.3/debian/control
--- apr-util-1.6.3/debian/control 2023-02-02 22:42:28.0 +
+++ apr-util-1.6.3/debian/control 2024-01-30 00:55:31.0 +
@@ -22,7 +22,10 @@
Vcs-Git: https://salsa.debian.org/apache-team/apr-util.git
Homepage: https://apr.apache.org/
-Package: libaprutil1
+Package: libaprutil1t64
+Provides: ${t64:Provides}
+Replaces: libaprutil1
+Breaks: libaprutil1 (<< ${source:Version})
Architecture: any
Multi-Arch: same
Depends: ${shlibs:Depends},
diff -Nru apr-util-1.6.3/debian/libaprutil1.docs
apr-util-1.6.3/debian/libaprutil1.docs
--- apr-util-1.6.3/debian/libaprutil1.docs 2023-02-01 21:35:51.0
+
+++ apr-util-1.6.3/debian/libaprutil1.docs 1970-01-01 00:00:00.0
+
@@ -1 +0,0 @@
-NOTICE
diff -Nru apr-util-1.6.3/debian/libaprutil1.install
apr-util-1.6.3/debian/libaprutil1.install
--- apr-util-1.6.3/debian/libaprutil1.install 2023-02-01 21:35:51.0
+
+++ apr-util-1.6.3/debian/libaprutil1.install 1970-01-01 00:00:00.0
+
@@ -1,3 +0,0 @@
-usr/lib/*/libaprutil-1.so.*
-usr/lib/*/apr-util-1/apr_dbm*.so*
-usr/lib/*/apr-util-1/apr_crypt*.so*
diff -Nru apr-util-1.6.3/debian/libaprutil1.lintian-overrides
apr-util-1.6.3/debian/libaprutil1.lintian-overrides
--- apr-util-1.6.3/debian/libaprutil1.lintian-overrides 2023-02-01
21:35:51.0 +
+++ apr-util-1.6.3/debian/libaprutil1.lintian-overrides 1970-01-01
00:00:00.0 +
@@ -1,2 +0,0 @@
-libaprutil1: symbols-declares-dependency-on-other-package
-libaprutil1:
