Your message dated Sat, 21 Jul 2007 17:31:11 +0000 with message-id <E1ICInP-0006PP-7e@ries.debian.org> and subject line Bug#397886: fixed in apache2 2.2.4-2 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: BTS submit <submit@bugs.debian.org>
- Subject: apache2: Files served incorrectly after upgrade due to encoding change
- From: Frans Pop <elendil@planet.nl>
- Date: Wed, 21 Mar 2007 21:07:56 +0100
- Message-id: <200703212107.56983.elendil@planet.nl>
Package: apache2 Version: 2.2.3-3.3 Severity: serious Justification: Causes unexpected changes in behavior of websites After upgrading my (home) server from Sarge to Etch I noticed that the word "Privé" on one of my webpages was not served correctly anymore. The default encoding of the system itself was not changed during the upgrade, but apparently the default encoding set by apache2 in absence of an encoding in the html headers has. After discussion with Peter Samuelson (and others) on #d-devel, we suspect this new config file to be the culprit: $ cat /etc/apache2/conf.d/charset AddDefaultCharset UTF-8 Apparently that file was not supposed to be created on upgrades, but is. Not entirely sure that this is RC, but the consensus on IRC was that this is quite a nasty unexpected behavior change that can be hard to spot during regular post-upgrade checks (and downgrading is easy). -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages apache2 depends on: ii apache2-mpm-worker 2.2.3-3.3 High speed threaded model for Apac apache2 recommends no packages. -- no debconf informationAttachment: pgpNRkRwJ0JO3.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 397886-close@bugs.debian.org
- Subject: Bug#397886: fixed in apache2 2.2.4-2
- From: Stefan Fritsch <sf@debian.org>
- Date: Sat, 21 Jul 2007 17:31:11 +0000
- Message-id: <E1ICInP-0006PP-7e@ries.debian.org>
Source: apache2 Source-Version: 2.2.4-2 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-dbg_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-dbg_2.2.4-2_i386.deb apache2-doc_2.2.4-2_all.deb to pool/main/a/apache2/apache2-doc_2.2.4-2_all.deb apache2-mpm-event_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-mpm-event_2.2.4-2_i386.deb apache2-mpm-perchild_2.2.4-2_all.deb to pool/main/a/apache2/apache2-mpm-perchild_2.2.4-2_all.deb apache2-mpm-prefork_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.4-2_i386.deb apache2-mpm-worker_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.4-2_i386.deb apache2-prefork-dev_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.4-2_i386.deb apache2-src_2.2.4-2_all.deb to pool/main/a/apache2/apache2-src_2.2.4-2_all.deb apache2-threaded-dev_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.4-2_i386.deb apache2-utils_2.2.4-2_i386.deb to pool/main/a/apache2/apache2-utils_2.2.4-2_i386.deb apache2.2-common_2.2.4-2_i386.deb to pool/main/a/apache2/apache2.2-common_2.2.4-2_i386.deb apache2_2.2.4-2.diff.gz to pool/main/a/apache2/apache2_2.2.4-2.diff.gz apache2_2.2.4-2.dsc to pool/main/a/apache2/apache2_2.2.4-2.dsc apache2_2.2.4-2_all.deb to pool/main/a/apache2/apache2_2.2.4-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 397886@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 03 Jul 2007 21:23:40 +0200 Source: apache2 Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-dbg apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source all i386 Version: 2.2.4-2 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Next generation, scalable, extendable web server apache2-dbg - Apache debugging symbols apache2-doc - documentation for apache2 apache2-mpm-event - Event driven model for Apache HTTPD apache2-mpm-perchild - Transitional package - please remove apache2-mpm-prefork - Traditional model for Apache HTTPD apache2-mpm-worker - High speed threaded model for Apache HTTPD apache2-prefork-dev - development headers for apache2 apache2-src - Apache source code apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers apache2.2-common - Next generation, scalable, extendable web server Closes: 164493 275561 338472 359008 397886 404598 408462 418499 433552 Changes: apache2 (2.2.4-2) unstable; urgency=low . * Modularize config: Move module specific configuration from apache2.conf to mods-available/*conf (Closes: #338472) * Remove the NO_START kludge. Now you have to use rc*.d symlinks to disable apache2. (Closes: #408462, #275561) * Create run and lock directores in apache2ctl to make it work on fresh installations before the first call of the init script. Together with the previous item, this closes: #418499 * Disable AddDefaultCharset again (Closes: #397886) * Make ports.conf, conf.d/charset, and /etc/default/apache2 conffiles managed by dpkg * Listen on port 443 by default if mod_ssl is loaded (Closes: #404598) * Add logic to start htcacheclean as daemon or cronjob. The configuration is in /etc/default/apache2 * Fix security issues: - CVE-2007-3304: prevent parent process to send SIGUSR1 to arbitrary processes - CVE-2006-5752: XSS in mod_status * Add init.d dependency info from insserv overrides to /etc/init.d/apache2 * Replace apachectl with apache2ctl in docs (Closes: #164493) * Add usage message to apache2ctl (Closes: #359008) * Make -dev packages priority extra * Add secure example cipher/protocol configuration to ssl.conf * Update watch file (Closes: #433552) * Bump dh_compat to 5 * Add new package apache2-dbg with debugging symbols * Fix mod_cache returning 304 instead of 200 on HEAD requests Files: 86e3aa5e3d0f963c0c23dafea87096d5 1223 web optional apache2_2.2.4-2.dsc aed212e9761513c8e6af21fc9536c2e8 118122 web optional apache2_2.2.4-2.diff.gz d113376edb16497fcaae173b07d2bec2 964732 web optional apache2.2-common_2.2.4-2_i386.deb 8cf4337b899571574c0e8f6f08d7bf05 437680 web optional apache2-mpm-worker_2.2.4-2_i386.deb ae7755a2658cf92c8002fb36599c37f6 433956 web optional apache2-mpm-prefork_2.2.4-2_i386.deb 907c0d24b556e14d073ee0ba85f6a425 438304 web optional apache2-mpm-event_2.2.4-2_i386.deb 00ae16aaad1abb323a27f54d10bc4a74 345286 web optional apache2-utils_2.2.4-2_i386.deb fb9aad6c0e4fb43abbb07a3d312283e9 411130 devel extra apache2-prefork-dev_2.2.4-2_i386.deb 4b2634f792c0b3683bbd792fa3622c44 411812 devel extra apache2-threaded-dev_2.2.4-2_i386.deb e54ec3b775aa566a2358d0cdd569cae6 2239806 libdevel extra apache2-dbg_2.2.4-2_i386.deb 3471dc2df567a4c49e624785628de9a4 277428 web optional apache2-mpm-perchild_2.2.4-2_all.deb e9a1d40b6e4b96692ae41778d6915fc2 41632 web optional apache2_2.2.4-2_all.deb 53373d14c3e2c6496e8f68512664adf1 2216150 doc optional apache2-doc_2.2.4-2_all.deb 49285194d9e85a0830d90bd00f909174 6639824 devel extra apache2-src_2.2.4-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGn9zybxelr8HyTqQRAtjKAJ9b37tnYWBMh8bMml+7vSluMTkdcgCfc6/9 nXRLpr6sfdu1rHQxcby7ikw= =shM+ -----END PGP SIGNATURE-----
--- End Message ---