[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#260063: marked as done (apache2: suggestion to add new file - conf.d/security.conf)



Your message dated Wed, 02 Jul 2008 09:32:09 +0000
with message-id <E1KDyh7-0002r2-Sb@ries.debian.org>
and subject line Bug#260063: fixed in apache2 2.2.9-3
has caused the Debian Bug report #260063,
regarding apache2: suggestion to add new file - conf.d/security.conf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
260063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260063
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.0.50-5
Severity: wishlist
Tags: security

Perhaps there could be a separate configuration file that
woould control the default security setings. I'm not sure
if conf.d/ is meant solely for user settings, but it could
be one possibility to include:

  conf.d/security.conf

For a start, it could include statement:

   <Files ~ "\.htpasswd">
      Order       allow,deny
      Deny from   all
  </Files>

Other settings that user could enable could be added in comments, like:

  #<Directory />
  #    # DENY by default. Later, Explicitly allow access to directories. 
  #    Order Deny,Allow
  #    Deny from all
  #</Directory>


-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.26.20040601
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork           2.0.50-5   Traditional model for Apache2

-- debconf-show failed


--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.2.9-3

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.9-3_i386.deb
apache2-doc_2.2.9-3_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.9-3_all.deb
apache2-mpm-event_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.9-3_i386.deb
apache2-mpm-prefork_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.9-3_i386.deb
apache2-mpm-worker_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.9-3_i386.deb
apache2-prefork-dev_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.9-3_i386.deb
apache2-src_2.2.9-3_all.deb
  to pool/main/a/apache2/apache2-src_2.2.9-3_all.deb
apache2-suexec-custom_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-suexec-custom_2.2.9-3_i386.deb
apache2-suexec_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-suexec_2.2.9-3_i386.deb
apache2-threaded-dev_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.9-3_i386.deb
apache2-utils_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.9-3_i386.deb
apache2.2-common_2.2.9-3_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.9-3_i386.deb
apache2_2.2.9-3.diff.gz
  to pool/main/a/apache2/apache2_2.2.9-3.diff.gz
apache2_2.2.9-3.dsc
  to pool/main/a/apache2/apache2_2.2.9-3.dsc
apache2_2.2.9-3_all.deb
  to pool/main/a/apache2/apache2_2.2.9-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 260063@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 02 Jul 2008 10:15:57 +0200
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source i386 all
Version: 2.2.9-3
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-src - Apache source code
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-common - Apache HTTP Server common files
Closes: 260063 267477 293469 293519 293524 314606 395823 398520 421802 446765 450831 457708 473982 486286 488821
Changes: 
 apache2 (2.2.9-3) unstable; urgency=low
 .
   [ Stefan Fritsch ]
   * Move NameVirtualHost directive to ports.conf and switch from "*" to
     "*:80". (Closes: #314606, #486286)
   * Comment out the CacheEnable line in disk_cache.conf. It would have caused
     problems with Etch to Lenny upgrades.
   * Change the minimum user id for suexec back to 100, the new value of 1000
     was too disruptive for existing configurations. (Closes: #488821)
   * Add a default SSL virtual host. (Closes: #267477)
     - Use snakeoil certificate by default (if ssl-cert is installed).
       (Closes: #293524, #446765)
     - Document this in README.Debian.
       (Closes: #293469, #293519, #398520, #395823)
     - Add MSIE workarounds. (Closes: #421802)
     - Add ssl-cert to Recommends.
   * Add a new config file /etc/apache2/conf.d/security with some vaguely
     security related diectives. (Closes: #260063)
   * Adjust mod_userdir accordingly. Also add "AllowOverride Indexes" for the
     home directories.
   * Disable SSLv2 by default. It is insecure. Also only enable ciphers with
     key lengths of at least 128 bit.
   * Make the init script complain about a missing $APACHE_PID_FILE during
     "start", too, and not only during "stop" or "restart". This makes it more
     obvious that /etc/apache2/envvars has to be updated. (Closes: #473982)
   * Add hint about the "..., using 127.0.0.1 for ServerName" warning to
     README.Debian. (Closes: #457708)
   * Add hint about the "could not create rewrite_log_lock" error message to
     README.Debian. (Closes: #450831)
   * Remove empty dir from apache2-doc to fix Lintian warning.
   * Always pass -g to gcc instead of relying on dpkg-buildpackage to set
     CFLAGS. We always want the debug info for the apache2-dbg package.
 .
   [ Ryan Niebur ]
   * Upgraded to policy 3.8.0
     - added support for noopt in DEB_BUILD_OPTIONS
     - added a README.source
     - added support for parallel in DEB_BUILD_OPTIONS
   * Dropped XS- from the Vcs fields in control
Checksums-Sha1: 
 c2da7019dd46e34ddfda058571985fa8e2a1cde2 1641 apache2_2.2.9-3.dsc
 6513ca0c1d4c069965749dd62c73d40306faaf91 126616 apache2_2.2.9-3.diff.gz
 e6663ffb1488a222bcb281761a02d1146d34547a 778364 apache2.2-common_2.2.9-3_i386.deb
 2bafc49c5cbba27b193d5a979368954e60b679c7 239540 apache2-mpm-worker_2.2.9-3_i386.deb
 e64654eda8823f9ce705af3e3cfa2dd8cc8801bc 236618 apache2-mpm-prefork_2.2.9-3_i386.deb
 d1613c114cb036eb351e243f1d4242cd3984f19f 240186 apache2-mpm-event_2.2.9-3_i386.deb
 0e68d96dca72d484ec04601a9a231dda35d65f23 142418 apache2-utils_2.2.9-3_i386.deb
 7ae9d66b34d9b3253a024c1ea138edc8d65e3a58 80790 apache2-suexec_2.2.9-3_i386.deb
 d9abad54382b2d340b1944cc463785e87b0e2b72 82452 apache2-suexec-custom_2.2.9-3_i386.deb
 d384e1e8bac1941899ff589172ed7b5b18961737 209210 apache2-prefork-dev_2.2.9-3_i386.deb
 e89d383f84052e2f1dee295f4aa7748df8e96119 210304 apache2-threaded-dev_2.2.9-3_i386.deb
 738fd46416f008cb6a6a7d3637b2943a75347832 2319062 apache2-dbg_2.2.9-3_i386.deb
 d0679fb3ea7711f5b0fc7efb916bff5008f599dd 43140 apache2_2.2.9-3_all.deb
 8e38416e84e7cdd84d4fa98f96d5035528e29e8b 2057394 apache2-doc_2.2.9-3_all.deb
 cc8280b3c4de2709956da4112b5f36fafda377b0 6734336 apache2-src_2.2.9-3_all.deb
Checksums-Sha256: 
 d8e1de45a94ad6e70295c606f69c97c7a58ae0c5f6c7780f4dfba65d42695cdd 1641 apache2_2.2.9-3.dsc
 c5e543e717f7b2b9b212557c391679c0de45876e5d1ed63acef10acd5357ab75 126616 apache2_2.2.9-3.diff.gz
 bf6ad0ecfa1fd4d2d747be86b761743e47595b23e4a9baeea81b7aae2815b347 778364 apache2.2-common_2.2.9-3_i386.deb
 23e187115f6acdcd83d204f25f3907b331a68a892dbbc9f170216060540a13d4 239540 apache2-mpm-worker_2.2.9-3_i386.deb
 453ef890865600711d0195eb36695a1227ba40519763d96524cd60ab3033f2ff 236618 apache2-mpm-prefork_2.2.9-3_i386.deb
 752a556d1b6d3c06ff494bd7c529fd3f2e2e02bb0d0e89a638d571baafce7db5 240186 apache2-mpm-event_2.2.9-3_i386.deb
 aa01b704fa214313b7f34b96831fc69d4f7ac5bfe674e678995b7c372e21157c 142418 apache2-utils_2.2.9-3_i386.deb
 632956bd650448ce84e41b8641e5ec2f4cc4d3058af91837585ce9cc60d2d4f6 80790 apache2-suexec_2.2.9-3_i386.deb
 2455ae66549520e4238b39eb058176a668f34f22f6ea210d630346a6c0fe1a38 82452 apache2-suexec-custom_2.2.9-3_i386.deb
 6ea64e749fc571c916dd3c4874dfe757284d09a15f20b91e497b3e2777a18439 209210 apache2-prefork-dev_2.2.9-3_i386.deb
 9918b90dc309e67c86c590398052da29b324e53f4977b7222546cb206446283f 210304 apache2-threaded-dev_2.2.9-3_i386.deb
 d88a7ff32d206c92a3733037b87e04e7a10bf09760ab02cba1b5c22b78d5ab6a 2319062 apache2-dbg_2.2.9-3_i386.deb
 5f4d0ef2610207df726ff02934f14fea47a3354ad01f50c9143138be2d191613 43140 apache2_2.2.9-3_all.deb
 961fc5166a4b29a8bac5b3c9a9856d29b2d36dee90d80bbd2ae9f30075b0cea1 2057394 apache2-doc_2.2.9-3_all.deb
 4874727d6e67604e56dbc5db6177dda4ea99e847627d450f0b02f24788736978 6734336 apache2-src_2.2.9-3_all.deb
Files: 
 a8e523e0415174ac64577caf55f8745a 1641 web optional apache2_2.2.9-3.dsc
 0459503c0d88da287ff516ecafce9998 126616 web optional apache2_2.2.9-3.diff.gz
 1554d5ce7a70152d28d7b4bce6c79f45 778364 web optional apache2.2-common_2.2.9-3_i386.deb
 3287ed7279e3c0bc1cef038b886c1b7e 239540 web optional apache2-mpm-worker_2.2.9-3_i386.deb
 2b5156a06d46f0a7e4d643249ba55f2b 236618 web optional apache2-mpm-prefork_2.2.9-3_i386.deb
 effcc03772a7bd4d6b9b8f282c11a359 240186 web optional apache2-mpm-event_2.2.9-3_i386.deb
 c955c67dd02c1c2d5c543cd47b63aac2 142418 web optional apache2-utils_2.2.9-3_i386.deb
 64b3b0782228f7a656e705cff00e582f 80790 web optional apache2-suexec_2.2.9-3_i386.deb
 d15c5387d2758dcd039c7c2e509c8c4e 82452 web extra apache2-suexec-custom_2.2.9-3_i386.deb
 08001c4371cd1920d06a15a0f2649809 209210 devel extra apache2-prefork-dev_2.2.9-3_i386.deb
 362ef82244c8fefd8e7b3bfc8069f04e 210304 devel extra apache2-threaded-dev_2.2.9-3_i386.deb
 7dbdcf6abef745df3355cf079733af41 2319062 libdevel extra apache2-dbg_2.2.9-3_i386.deb
 add4e21d639577972115a45d03d27e2c 43140 web optional apache2_2.2.9-3_all.deb
 7edaa4241b46761d7c3be94f7a9feb87 2057394 doc optional apache2-doc_2.2.9-3_all.deb
 531cb4bf24dc5fbd09f98d58593716bb 6734336 devel extra apache2-src_2.2.9-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIa0Cqbxelr8HyTqQRArtPAJ9lgkZMRiyD3ucJhH6yvTJ0tbP71ACfQ5Un
6yFDwWTm3YCPi/QOiVhGSEk=
=RGTl
-----END PGP SIGNATURE-----



--- End Message ---

Reply to: