Bug#544509: marked as done (apache2 is not binNMU safe)

To: Stefan Fritsch <sf@debian.org>
Subject: Bug#544509: marked as done (apache2 is not binNMU safe)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 16 Sep 2009 22:33:45 +0000
Message-id: <handler.544509.D544509.125313996629109.ackdone@bugs.debian.org>
References: <E1Mo2bX-0006nc-Mq@ries.debian.org> <20090901065014.GN22841@mails.so.argh.org>

Your message dated Wed, 16 Sep 2009 22:03:59 +0000
with message-id <E1Mo2bX-0006nc-Mq@ries.debian.org>
and subject line Bug#544509: fixed in apache2 2.2.13-2
has caused the Debian Bug report #544509,
regarding apache2 is not binNMU safe
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
544509: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544509
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: apache2 is not binNMU safe
From: Andreas Barth <aba@not.so.argh.org>
Date: Tue, 1 Sep 2009 08:50:14 +0200
Message-id: <20090901065014.GN22841@mails.so.argh.org>

Package: apache2
Version: 2.2.12-1
Severity: serious
Tags: patch

Hi,

apache2 is no longer binNMU safe. This rendes currently this package
to be uninstallable on ia64:

Package: apache2-prefork-dev
Architecture: ia64
Source: apache2 (2.2.12-1)
Version: 2.2.12-1+b1
Depends: apache2.2-common (= 2.2.12-1+b1), openssl, libaprutil1-dev

(apache2.2-common is arch=all)

As apache2.2-common depends strict on apache2.2-bin which is
architecture=any, the only resolution of this is to converte
apache2.2-common to arch=any.


Cheers,
Andi

--- End Message ---

--- Begin Message ---

To: 544509-close@bugs.debian.org
Subject: Bug#544509: fixed in apache2 2.2.13-2
From: Stefan Fritsch <sf@debian.org>
Date: Wed, 16 Sep 2009 22:03:59 +0000
Message-id: <E1Mo2bX-0006nc-Mq@ries.debian.org>

Source: apache2
Source-Version: 2.2.13-2

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.13-2_i386.deb
apache2-doc_2.2.13-2_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.13-2_all.deb
apache2-mpm-event_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.13-2_i386.deb
apache2-mpm-itk_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-itk_2.2.13-2_i386.deb
apache2-mpm-prefork_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.13-2_i386.deb
apache2-mpm-worker_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.13-2_i386.deb
apache2-prefork-dev_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.13-2_i386.deb
apache2-suexec-custom_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-suexec-custom_2.2.13-2_i386.deb
apache2-suexec_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-suexec_2.2.13-2_i386.deb
apache2-threaded-dev_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.13-2_i386.deb
apache2-utils_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.13-2_i386.deb
apache2.2-bin_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2.2-bin_2.2.13-2_i386.deb
apache2.2-common_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.13-2_i386.deb
apache2_2.2.13-2.diff.gz
  to pool/main/a/apache2/apache2_2.2.13-2.diff.gz
apache2_2.2.13-2.dsc
  to pool/main/a/apache2/apache2_2.2.13-2.dsc
apache2_2.2.13-2_i386.deb
  to pool/main/a/apache2/apache2_2.2.13-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 544509@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 Sep 2009 20:55:02 +0200
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source i386 all
Version: 2.2.13-2
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 541536 541607 544509 545951
Changes: 
 apache2 (2.2.13-2) unstable; urgency=high
 .
   * mod_proxy_ftp security fixes (closes: #545951):
     - DoS by malicious ftp server (CVE-2009-3094)
     - missing input sanitization: a user could execute arbitrary ftp commands
       on the backend ftp server (CVE-2009-3095)
   * Add entries to NEWS.Debian and README.Debian about Apache being stricter
     about certain misconfigurations involving name based SSL virtual hosts.
     Also make Apache print the location of the misconfigured VirtualHost when
     it complains about a missing SSLCertificateFile statement. Closes: #541607
   * Add Build-Conflicts: autoconf2.13 (closes: #541536).
   * Adjust priority of apache2-mpm-itk to extra.
   * Switch apache2.2-common and the four mpm packages from architecture all to
     any. This is stupid but makes apache2 binNMUable again (closes: #544509).
   * Bump Standards-Version (no changes).
Checksums-Sha1: 
 bbd12d630b1005da87f4a40d1e7889a10c8de1e9 1813 apache2_2.2.13-2.dsc
 7938c204ffb780f9f66dc20269d049f99877c53f 181484 apache2_2.2.13-2.diff.gz
 34209f96e048870b3b3e957f2b3d95237bd04965 292296 apache2.2-common_2.2.13-2_i386.deb
 208a848093a9cce5610ebb80ae1b59bb5b91587b 1301960 apache2.2-bin_2.2.13-2_i386.deb
 85be746b8de17525a4c6fc3e42c2f77bdb189848 2268 apache2-mpm-worker_2.2.13-2_i386.deb
 817038c091c470b463ed0eb30038d18055938701 2330 apache2-mpm-prefork_2.2.13-2_i386.deb
 f5ea922ce44cc90f0d2dad5c1ba5cbb57fbfaa23 2300 apache2-mpm-event_2.2.13-2_i386.deb
 5c7fb9e384ff086f5c759dd1c82a7a50f8cf61bb 2328 apache2-mpm-itk_2.2.13-2_i386.deb
 80a939fcd07158426bf46a4335d98e3919393863 154800 apache2-utils_2.2.13-2_i386.deb
 ee1532bdeb716d7a65b070f44c125a9b0c719417 90904 apache2-suexec_2.2.13-2_i386.deb
 9705b9247d5f1bc8a43ce4fd23c0f473cf8c2755 92454 apache2-suexec-custom_2.2.13-2_i386.deb
 9d94647ee45435dfe7b6fd615de87caa43a322d1 1376 apache2_2.2.13-2_i386.deb
 15b21bf3143516d9cf474cf8b07eca7b0a4498ba 138032 apache2-prefork-dev_2.2.13-2_i386.deb
 0695a7874db9faf3a1f3b3f486a02f1215a536b9 139216 apache2-threaded-dev_2.2.13-2_i386.deb
 1fe9992cb0b4506b69deab0f1eba372167846b14 2672452 apache2-dbg_2.2.13-2_i386.deb
 8f355ceb4dc3863438dcf5356f7cccf422c21a45 2272814 apache2-doc_2.2.13-2_all.deb
Checksums-Sha256: 
 aaf0110a68aa27e084f356c343c4aa411e35c01bdd519992615fa722cf72a5bd 1813 apache2_2.2.13-2.dsc
 269b3301498c8ff0a5187502a1999ad7e78d35e3afafc2bfba8747d7256b5930 181484 apache2_2.2.13-2.diff.gz
 bf601051a11727ca378925b2f08fc1c0f1fbc45fc375c54b38809974e1005b77 292296 apache2.2-common_2.2.13-2_i386.deb
 4f1f9bb778349d1a8955e953364e9fcd22ff26f9007b568ee7f2ac3410beae54 1301960 apache2.2-bin_2.2.13-2_i386.deb
 d9e11cea3b05c0eca723851beb6b6977db22d99221af107b8064072bbdd98087 2268 apache2-mpm-worker_2.2.13-2_i386.deb
 bb7bc32609b0393c8f23c4092a919aec8541f7edb19b246124228bc7ad0d80c3 2330 apache2-mpm-prefork_2.2.13-2_i386.deb
 efac0d8b55f1758170e41a824800703861cf64fe4dac0ff6d98d2612ec9e83d3 2300 apache2-mpm-event_2.2.13-2_i386.deb
 c5d6389bb3d5a8ad95ac476ecd0b8eccf87eee9fdb022b662eed801d5c963a92 2328 apache2-mpm-itk_2.2.13-2_i386.deb
 6f9fb6690307496ab52005723a80ca3e1cc8527170f57454610662324ffb4764 154800 apache2-utils_2.2.13-2_i386.deb
 7a212bc37d2219500de6e15bf3224bb5a3348cd1ede593aa28812ed13779676d 90904 apache2-suexec_2.2.13-2_i386.deb
 71baa7bce8942912efe669378dfe3f0fce5fe9542d8ec5f600821c157af35f27 92454 apache2-suexec-custom_2.2.13-2_i386.deb
 7710a1cca521eae7ca282ae0f21d914577bcfadbf5c503cb31e4569d845127e7 1376 apache2_2.2.13-2_i386.deb
 da938db98baecb070b2839d287e54a6d0d95a681e9ea8d04982b389080a9ccc5 138032 apache2-prefork-dev_2.2.13-2_i386.deb
 dfc063caae79629fa18744cea730ef73be2c0fc103ba7f5f0c6c0c9c7871bec7 139216 apache2-threaded-dev_2.2.13-2_i386.deb
 cf2718c27af28f88343d7e3b7f19d09651d5a12ec5b31d025432b3ab8e05ebaf 2672452 apache2-dbg_2.2.13-2_i386.deb
 22fbf875bbaf412d194d8604d61bf3045769414d840d939f1558663796e77887 2272814 apache2-doc_2.2.13-2_all.deb
Files: 
 97bad00546872899c897af892c472e61 1813 httpd optional apache2_2.2.13-2.dsc
 b86f09d23e32384f679276007cbd9095 181484 httpd optional apache2_2.2.13-2.diff.gz
 471bccf7c92ca8ee22fae71ef847e52a 292296 httpd optional apache2.2-common_2.2.13-2_i386.deb
 286a5778b758a073aa296269e49cb596 1301960 httpd optional apache2.2-bin_2.2.13-2_i386.deb
 ffa4691e7df5d0178d5ff7f9322c1b41 2268 httpd optional apache2-mpm-worker_2.2.13-2_i386.deb
 e8743341f6b03f4c3d8b81fad957e738 2330 httpd optional apache2-mpm-prefork_2.2.13-2_i386.deb
 2ff7fa8d12596611ded962aae41fce0b 2300 httpd optional apache2-mpm-event_2.2.13-2_i386.deb
 22e76983a8954a25126b1e19f6b507ae 2328 httpd extra apache2-mpm-itk_2.2.13-2_i386.deb
 39a3ffb8d6162841a1269c23bfb13479 154800 httpd optional apache2-utils_2.2.13-2_i386.deb
 8ca00bd9a08c22b4797db31e4ee2abd7 90904 httpd optional apache2-suexec_2.2.13-2_i386.deb
 cf2ba08382e1563c0194152509e843b3 92454 httpd extra apache2-suexec-custom_2.2.13-2_i386.deb
 fd9b3cecff03088b35bddde0be34e2c8 1376 httpd optional apache2_2.2.13-2_i386.deb
 7cfbf6f406d8cf1829d4ad5c8e5825b2 138032 httpd extra apache2-prefork-dev_2.2.13-2_i386.deb
 f527eb83f7179f02b7cc0bc13261ae07 139216 httpd extra apache2-threaded-dev_2.2.13-2_i386.deb
 0a58245ed8f8a40acf08589505afa026 2672452 debug extra apache2-dbg_2.2.13-2_i386.deb
 31bb0c0e3c48710812e5dda3fc128e5c 2272814 doc optional apache2-doc_2.2.13-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFKsUSJbxelr8HyTqQRAgkBAJ9LUO53e3KLjYkG18vdJ06Jce90EwCdFwDa
WoBXtQ17ZlGTgSu60SHu65Q=
=XRVy
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#544509: apache2 is not binNMU safe
  - From: Andreas Barth <aba@not.so.argh.org>

Prev by Date: Bug#541607: marked as done (apache2: fails to start because of SSL configuration changes)
Next by Date: Bug#541536: marked as done (apache2: need Build-Conflicts with autoconf2.13)
Previous by thread: Bug#544509: apache2 is not binNMU safe
Next by thread: Processed: severity of 544509 is normal
Index(es):
- Date
- Thread