Your message dated Thu, 17 Jan 2008 21:17:05 +0000 with message-id <E1JFc6j-0000ka-25@ries.debian.org> and subject line Bug#458857: fixed in apache2 2.2.8-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian BTS Submit <submit@bugs.debian.org>
- Subject: apache2: Drop unnecessary dependencies
- From: Martin Pitt <martin.pitt@ubuntu.com>
- Date: Thu, 3 Jan 2008 11:28:14 +0100
- Message-id: <[🔎] 20080103102814.GA6366@piware.de>
Package: apache2 Version: 2.2.6-3 Severity: minor Tags: patch User: ubuntu-devel@lists.ubuntu.com Usertags: origin-ubuntu hardy ubuntu-patch Hi! The apache binaries currently depend on a lot of unnecessary packages and libraries, for example libdb4.4. Please consider building with -Wl,--as-needed to drop these (tested patch attached). This will ease library transitions in the future. apache2.2-common before: Depends: apache2-utils, libapr1, libaprutil1, libc6 (>= 2.7-1), libdb4.4, libexpat1 (>= 1.95.8), libldap2 (>= 2.1.17-1), libmagic1, libpcre3 (>= 6.0), libpq5, libsqlite3-0 (>= 3.4.2), libssl0.9.8 (>= 0.9.8f-1), libuuid1, lsb-base, mime-support, net-tools, procps, zlib1g (>= 1:1.2.3.3.dfsg-1) ... and after: Depends: apache2-utils, libapr1, libaprutil1, libc6 (>= 2.7-1), libmagic1, libssl0.9.8 (>= 0.9.8f-1), lsb-base, mime-support, net-tools, procps, zlib1g (>= 1:1.2.3.3.dfsg-1) Thanks for considering, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.orgdiff -u apache2-2.2.6/debian/rules apache2-2.2.6/debian/rules --- apache2-2.2.6/debian/rules +++ apache2-2.2.6/debian/rules @@ -102,7 +102,7 @@ dh_testdir mkdir -p $(BUILD)/$* cd $(BUILD)/$* ;\ - CFLAGS="$(AP2_CONFLAGS)" $(CONFFLAGS) $(REALCURDIR)/configure --srcdir=$(REALCURDIR) $(AP2_COMMON_CONFARGS) $(AP2_CONFARGS) --with-mpm=$* ;\ + CFLAGS="$(AP2_CONFLAGS)" LDFLAGS="-Wl,--as-needed" $(CONFFLAGS) $(REALCURDIR)/configure --srcdir=$(REALCURDIR) $(AP2_COMMON_CONFARGS) $(AP2_CONFARGS) --with-mpm=$* ;\ $(MAKE) touch $@ diff -u apache2-2.2.6/debian/changelog apache2-2.2.6/debian/changelog --- apache2-2.2.6/debian/changelog +++ apache2-2.2.6/debian/changelog @@ -1,3 +1,10 @@ +apache2 (2.2.6-3ubuntu1) hardy; urgency=low + + * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary + dependencies (including db4.5). + + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 03 Jan 2008 11:19:10 +0100 + apache2 (2.2.6-3) unstable; urgency=low * Allocate fewer bucket brigades in case of a flush bucket. This might helpAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 458857-close@bugs.debian.org
- Subject: Bug#458857: fixed in apache2 2.2.8-1
- From: Stefan Fritsch <sf@debian.org>
- Date: Thu, 17 Jan 2008 21:17:05 +0000
- Message-id: <E1JFc6j-0000ka-25@ries.debian.org>
Source: apache2 Source-Version: 2.2.8-1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-dbg_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-dbg_2.2.8-1_i386.deb apache2-doc_2.2.8-1_all.deb to pool/main/a/apache2/apache2-doc_2.2.8-1_all.deb apache2-mpm-event_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-mpm-event_2.2.8-1_i386.deb apache2-mpm-perchild_2.2.8-1_all.deb to pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1_all.deb apache2-mpm-prefork_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1_i386.deb apache2-mpm-worker_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-mpm-worker_2.2.8-1_i386.deb apache2-prefork-dev_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-prefork-dev_2.2.8-1_i386.deb apache2-src_2.2.8-1_all.deb to pool/main/a/apache2/apache2-src_2.2.8-1_all.deb apache2-threaded-dev_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-threaded-dev_2.2.8-1_i386.deb apache2-utils_2.2.8-1_i386.deb to pool/main/a/apache2/apache2-utils_2.2.8-1_i386.deb apache2.2-common_2.2.8-1_i386.deb to pool/main/a/apache2/apache2.2-common_2.2.8-1_i386.deb apache2_2.2.8-1.diff.gz to pool/main/a/apache2/apache2_2.2.8-1.diff.gz apache2_2.2.8-1.dsc to pool/main/a/apache2/apache2_2.2.8-1.dsc apache2_2.2.8-1_all.deb to pool/main/a/apache2/apache2_2.2.8-1_all.deb apache2_2.2.8.orig.tar.gz to pool/main/a/apache2/apache2_2.2.8.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 458857@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 17 Jan 2008 20:27:56 +0100 Source: apache2 Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-dbg apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source i386 all Version: 2.2.8-1 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Next generation, scalable, extendable web server apache2-dbg - Apache debugging symbols apache2-doc - documentation for apache2 apache2-mpm-event - Event driven model for Apache HTTPD apache2-mpm-perchild - Transitional package - please remove apache2-mpm-prefork - Traditional model for Apache HTTPD apache2-mpm-worker - High speed threaded model for Apache HTTPD apache2-prefork-dev - development headers for apache2 apache2-src - Apache source code apache2-threaded-dev - development headers for apache2 apache2-utils - utility programs for webservers apache2.2-common - Next generation, scalable, extendable web server Closes: 311269 337325 349709 411774 436441 458085 458093 458857 459236 460105 Changes: apache2 (2.2.8-1) unstable; urgency=low . * New upstream version: - Fixes cross-site scripting issues in o mod_imagemap (CVE-2007-5000) o mod_status (CVE-2007-6388) o mod_proxy_balancer's balancer manager (CVE-2007-6421) - Fixes a denial of service issue in mod_proxy_balancer's balancer manager (CVE-2007-6422). - Fixes mod_proxy URL encoding in error messages (closes: #337325). - Adds explicit charset to the output of various modules to work around possible cross-site scripting flaws affecting web browsers that do not derive the response character set as required by RFC2616. For mod_proxy_ftp there is now the new ProxyFtpDirCharset directive to specify something else than ISO-8859-1 (CVE-2008-0005). - Adds mod_substitute which performs inline response content pattern matching (including regex) and substitution (like mod_line_edit). - Adds "DefaultType none" option. - Adds new "B" option to RewriteRule to suppress URL unescaping. - Adds an "if" directive for mod_include to test whether an URL is accessible, and if so, conditionally display content. - Adds support for mod_ssl to the event MPM. * Move the configuration of User, Group, and PidFile to /etc/apache2/envvars. This makes it easier to use these settings in scripts. /etc/apache2/envvars can now also be used to influence apache2ctl (inspired by Marc Haber's patch). (Closes: #349709, #460105, #458085) * Make apache2ctl check the configuration syntax before trying to restart apache, to match the behaviour documented in the man page. (Closes: #459236) * Convert docs to be directly viewable with a browser (and not use content negotiation). * Add doc-base entry for the documentation. (closes: #311269) * Don't ship default files in /var/www, but copy a sample file to /var/www/index.html on new installs. Also remove the now unneeded RedirectMatch line from sites-available/default. (Closes: #411774, #458093) * Add some information to README.Debian (Apache wiki, default virtual host) * Build with LDFLAGS=-Wl,--as-needed to drop a lot of unnecessary dependencies, easing library transitions (closes: #458857). * Add icons for OpenDocuments, add sharutils to Build-Depends for uudecode. Patch by Nicolas Valcárcel. (Closes: #436441) * Add reportbug script to list enabled modules. * Fix some lintian warnings: - Pass --no-start to dh_installinit instead of omitting the debhelper token in various maintainer scripts. Also move the update-rc.d call to apache2.2-common. - Add Short-Description to init script. * Remove unused apache2-mpm-prefork.prerm from source package and clean up debian/rules a bit. * Don't ship NEWS.Debian with apache2-utils, as the contents are only relevant for the server. Files: c2f8c4852c9f6b851552901f7765e344 1269 web optional apache2_2.2.8-1.dsc 39a755eb0f584c279336387b321e3dfc 6125771 web optional apache2_2.2.8.orig.tar.gz 405c7118ef0f2e8ee36253e94b9cc5cf 128534 web optional apache2_2.2.8-1.diff.gz 7c5c628ce099a8db2af2f0673013db9d 758632 web optional apache2.2-common_2.2.8-1_i386.deb bf9cc92e127c56eacc3702a4c4a3a8e5 232758 web optional apache2-mpm-worker_2.2.8-1_i386.deb 9e326ea633159ddc17a8dcd4e6c0ed4f 228630 web optional apache2-mpm-prefork_2.2.8-1_i386.deb 4ab3e1fc87dd5e1d1a1cd8d653b653df 233408 web optional apache2-mpm-event_2.2.8-1_i386.deb 469ab3fae7c2245a1f9eb162d862fbd6 138010 web optional apache2-utils_2.2.8-1_i386.deb 61914e18762538c19fcdcd3558d0e216 206262 devel extra apache2-prefork-dev_2.2.8-1_i386.deb 985308826a67afc0acfb19f6e05eb55f 206946 devel extra apache2-threaded-dev_2.2.8-1_i386.deb 6a2141ae61e5857f168bf061a3078416 2299634 libdevel extra apache2-dbg_2.2.8-1_i386.deb 4a312e9c72ae3bb2f58b131c4dd1a7be 71126 web optional apache2-mpm-perchild_2.2.8-1_all.deb 8edcee73f90cb5c55852cd02b4cfc66d 43932 web optional apache2_2.2.8-1_all.deb b0080e3a9d6e7309b56ea594887b7b34 1938972 doc optional apache2-doc_2.2.8-1_all.deb e5fb8960e908fd0762d7a0bdfa99d94c 6398378 devel extra apache2-src_2.2.8-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHj7wLbxelr8HyTqQRAiyVAJ9mztuh0wXHVX4mchK+6L9LAxb+lgCgvdHS UY3rMy17E4oBG/p6MKPvzZA= =ixvS -----END PGP SIGNATURE-----
--- End Message ---