Bug#904150: marked as done (apache2: typo in maintainer script)
Your message dated Fri, 05 Apr 2019 05:32:08 + with message-id and subject line Bug#904150: fixed in apache2 2.4.25-3+deb9u7 has caused the Debian Bug report #904150, regarding apache2: typo in maintainer script to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904150: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904150 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.33-3 Severity: normal Dear Maintainer, Tim Bishop filed this bug in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1782806 showing what appears to be a typo in a maintainer script: https://salsa.debian.org/apache-team/apache2/blob/master/debian/debhelper/apache2-maintscript-helper#L290 a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$? The argument to -m was probably meant to be "mpm_$MPM", as the shell function where this statement lives explicitly requests that the mpm module name should not have a "mpm_" prefix. The fix should be as simple as this: --- a/debian/debhelper/apache2-maintscript-helper +++ b/debian/debhelper/apache2-maintscript-helper @@ -287,7 +287,7 @@ apache2_switch_mpm() fi local a2query_ret=0 - a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$? + a2query -m "mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$? case $a2query_ret in 0) Thanks! --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.25-3+deb9u7 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 02 Apr 2019 21:05:13 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: source amd64 all Version: 2.4.25-3+deb9u7 Distribution: stretch-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Stefan Fritsch Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Closes: 904150 915103 920302 920303 Changes: apache2 (2.4.25-3+deb9u7) stretch-security; urgency=medium . [ Xavier Guimard ] * CVE-2018-17199: mode_session: Fix missing check for session expiry time. Closes: #920303 . [ Stefan Fritsch ] * mod_http2: Fix keepalive timeout behavior. This fixes a regression with Safari web browsers, introduced in 2.4.25-3+deb9u6. Closes: #915103 * Fix typo in apache2_switch_mpm() in apache2-maintscript-helper. Closes: #904150 * CVE-2018-17189: mod_http2: Fix DoS via slow, unneeded request bodies. Closes: #920302 * CVE-2019-0196: mod_http2: Fix read after free * CVE-2019-0211: All MPMs: privilege escalation from www-data user to root. * CVE-2019-0217: mod_auth_digest: Access control bypass * CVE-2019-0220: URL normalization inconsistincy. Consecutive slashes in URL's are now merged before use in LocationMatch and RewriteRule. The old behavior can be restored with the new directive "MergeSlashes off". Checksums-Sha1: ad40893da9251264e64dd34b862d4ac6ac0b1b64 2986 apache2_2.4.25-3+deb9u7.dsc 0eafb26fd945d2c39e54e54b8dd7616428984b56 795236 apache2_2.4.25-3+deb9u7.debian.tar.xz 1cf9ffe32d5e58e3d0cda2cb9c0798257e1948ed 1187486 apache2-bin_2.4.25-3+deb9u7_amd64.deb abebbface5e521553163d3a962c0705577f3a169 162062
Bug#904150: marked as done (apache2: typo in maintainer script)
Your message dated Fri, 27 Jul 2018 20:38:08 + with message-id and subject line Bug#904150: fixed in apache2 2.4.34-1 has caused the Debian Bug report #904150, regarding apache2: typo in maintainer script to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 904150: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904150 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.33-3 Severity: normal Dear Maintainer, Tim Bishop filed this bug in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1782806 showing what appears to be a typo in a maintainer script: https://salsa.debian.org/apache-team/apache2/blob/master/debian/debhelper/apache2-maintscript-helper#L290 a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$? The argument to -m was probably meant to be "mpm_$MPM", as the shell function where this statement lives explicitly requests that the mpm module name should not have a "mpm_" prefix. The fix should be as simple as this: --- a/debian/debhelper/apache2-maintscript-helper +++ b/debian/debhelper/apache2-maintscript-helper @@ -287,7 +287,7 @@ apache2_switch_mpm() fi local a2query_ret=0 - a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$? + a2query -m "mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$? case $a2query_ret in 0) Thanks! --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.34-1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 904...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 27 Jul 2018 21:37:37 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.34-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Stefan Fritsch Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 904106 904107 904150 904641 Changes: apache2 (2.4.34-1) unstable; urgency=medium . [ Ondřej Surý ] * New upstream version 2.4.34 Security fixes: - CVE-2018-1333: Denial of service in mod_http2. Closes: #904106 - CVE-2018-8011: Denial of service in mod_md. Closes: #904107 * Refresh patches for Apache2 2.4.34 release * Update the suexec-custom.patch for 2.4.34 release . [ Stefan Fritsch ] * Remove load order dependency introduced in mod_lbmethod_* in 2.4.34 * Remove debian/gbp.conf. Closes: #904641 * Fix typo in apache2_switch_mpm() in apache2-maintscript-helper. Closes: #904150 Checksums-Sha1: 25d293cf60a153ba5cc1106c99f6573e0400c5c0 3518 apache2_2.4.34-1.dsc 94d6e274273903ed153479c7701fa03761abf93d 6942969 apache2_2.4.34.orig.tar.bz2 acb8e31638e8ced866c6c49be49284c851feb20d 833 apache2_2.4.34.orig.tar.bz2.asc 51aad42cb6910d72d960f110494994a5531ee59c 787912 apache2_2.4.34-1.debian.tar.xz 20a88d3706732ef8b4da6fc7b3c84a8a764c2296 1308608 apache2-bin_2.4.34-1_amd64.deb 33a968c6e049321c1a4dfe49657bb6157f9a21a7 164948 apache2-data_2.4.34-1_all.deb 2338177074f73f71814f45b83f16669959e22417 4866084 apache2-dbg_2.4.34-1_amd64.deb