Your message dated Sun, 07 Mar 2010 22:47:38 +0000 with message-id <E1NoPG6-0004oN-N7@ries.debian.org> and subject line Bug#572232: fixed in apache2 2.2.15-1 has caused the Debian Bug report #572232, regarding apache2.2-common: bash_completion script sed substition bug on file containing load or conf word to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 572232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572232 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2.2-common: bash_completion script sed substition bug on file containing load or conf word
- From: Rémi Laurent <remi.laurent@conostix.com>
- Date: Tue, 2 Mar 2010 15:55:36 +0100
- Message-id: <[🔎] 20100302145536.GA25695@ambiorix.conostix.com>
Package: apache2.2-common Version: 2.2.9-10+lenny4 Severity: normal Tags: patch In the a2ensite helper for bash_completion, there is an unfortunate substition expression that rips part of the completed filename when it contains the 'load' or 'conf' string. example with configuration files like /etc/apache2/sites-available/testconf /etc/apache2/sites-available/www.loaded.com /etc/apache2/sites-available/www.reload.com /etc/apache2/sites-available/www.reloaded.com this would auto-complete with $ a2ensite <TAB> tes wwwed.com www.r.com www.red.com with the proposed patch applied, we get $ a2ensite <TAB> testconf www.loaded.com www.reload.com www.reloaded.com --- /tmp/bash_completion.d/apache2.2-common.orig 2010-03-02 15:18:05.000000000 +0100 +++ /etc/bash_completion.d/apache2.2-common 2010-03-02 15:18:40.000000000 +0100 @@ -4,7 +4,7 @@ _apache2_modsites() { COMPREPLY=( $( compgen -W '$( command ls /etc/apache2/$1 2>/dev/null \ - | sed -e 's/\.load//' -e 's/\.conf//' )' -- $cur ) ) + | sed -e 's/\\\\.load$//' -e 's/\\\\.conf$//' )' -- $cur ) ) } _a2enmod() -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi deflate dir env mime negotiation php5 setenvif status -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.31-1-686 (SMP w/2 CPU cores) Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.9-10+lenny4 utility programs for webservers ii libapr1 1.2.12-5 The Apache Portable Runtime Librar ii libaprutil1 1.2.12+dfsg-8 The Apache Portable Runtime Utilit ii libc6 2.9-4 GNU C Library: Shared libraries ii libmagic1 4.26-1 File type determination library us ii libssl0.9.8 0.9.8k-6 SSL shared libraries ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-22 The NET-3 networking toolkit ii perl 5.10.0-19 Larry Wall's Practical Extraction ii procps 1:3.2.7-11 /proc file system utilities ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime Versions of packages apache2.2-common recommends: ii ssl-cert 1.0.23 simple debconf wrapper for OpenSSL Versions of packages apache2.2-common suggests: pn apache2-doc <none> (no description available) pn apache2-suexec | apache2-suex <none> (no description available) ii iceweasel [www-browser] 3.5.5-1 lightweight web browser based on M ii midori [www-browser] 0.1.8-1 fast, lightweight graphical web br ii w3m [www-browser] 0.5.2-2+b1 WWW browsable pager with excellent Versions of packages apache2.2-common is related to: pn apache2-mpm-event <none> (no description available) pn apache2-mpm-itk <none> (no description available) ii apache2-mpm-prefork 2.2.9-10+lenny4 Apache HTTP Server - traditional n pn apache2-mpm-worker <none> (no description available) -- no debconf information -- Rémi Laurent Phone: +352 26 10 30 61 General Support: support@conostix.com Managed Services Support: support@lcms.lu GPG FP: 27F4 6810 2B0E 1AA0 CDAE 7C7B 3DC9 085A 0FA0 0601Attachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 572232-close@bugs.debian.org
- Subject: Bug#572232: fixed in apache2 2.2.15-1
- From: Stefan Fritsch <sf@debian.org>
- Date: Sun, 07 Mar 2010 22:47:38 +0000
- Message-id: <E1NoPG6-0004oN-N7@ries.debian.org>
Source: apache2 Source-Version: 2.2.15-1 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive: apache2-dbg_2.2.15-1_i386.deb to main/a/apache2/apache2-dbg_2.2.15-1_i386.deb apache2-doc_2.2.15-1_all.deb to main/a/apache2/apache2-doc_2.2.15-1_all.deb apache2-mpm-event_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-event_2.2.15-1_i386.deb apache2-mpm-itk_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-itk_2.2.15-1_i386.deb apache2-mpm-prefork_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-prefork_2.2.15-1_i386.deb apache2-mpm-worker_2.2.15-1_i386.deb to main/a/apache2/apache2-mpm-worker_2.2.15-1_i386.deb apache2-prefork-dev_2.2.15-1_i386.deb to main/a/apache2/apache2-prefork-dev_2.2.15-1_i386.deb apache2-suexec-custom_2.2.15-1_i386.deb to main/a/apache2/apache2-suexec-custom_2.2.15-1_i386.deb apache2-suexec_2.2.15-1_i386.deb to main/a/apache2/apache2-suexec_2.2.15-1_i386.deb apache2-threaded-dev_2.2.15-1_i386.deb to main/a/apache2/apache2-threaded-dev_2.2.15-1_i386.deb apache2-utils_2.2.15-1_i386.deb to main/a/apache2/apache2-utils_2.2.15-1_i386.deb apache2.2-bin_2.2.15-1_i386.deb to main/a/apache2/apache2.2-bin_2.2.15-1_i386.deb apache2.2-common_2.2.15-1_i386.deb to main/a/apache2/apache2.2-common_2.2.15-1_i386.deb apache2_2.2.15-1.diff.gz to main/a/apache2/apache2_2.2.15-1.diff.gz apache2_2.2.15-1.dsc to main/a/apache2/apache2_2.2.15-1.dsc apache2_2.2.15-1_i386.deb to main/a/apache2/apache2_2.2.15-1_i386.deb apache2_2.2.15.orig.tar.gz to main/a/apache2/apache2_2.2.15.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 572232@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 07 Mar 2010 23:22:56 +0100 Source: apache2 Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg Architecture: source all i386 Version: 2.2.15-1 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server metapackage apache2-dbg - Apache debugging symbols apache2-doc - Apache HTTP Server documentation apache2-mpm-event - Apache HTTP Server - event driven model apache2-mpm-itk - multiuser MPM for Apache 2.2 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model apache2-mpm-worker - Apache HTTP Server - high speed threaded model apache2-prefork-dev - Apache development headers - non-threaded MPM apache2-suexec - Standard suexec program for Apache 2 mod_suexec apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec apache2-threaded-dev - Apache development headers - threaded MPM apache2-utils - utility programs for webservers apache2.2-bin - Apache HTTP Server common binary files apache2.2-common - Apache HTTP Server common files Closes: 533661 571461 572232 Changes: apache2 (2.2.15-1) unstable; urgency=low . * New upstream version: - CVE-2010-0408: mod_proxy_ajp: Fixes denial of service vulnerability - CVE-2009-3555: mod_ssl: Improve the mitigation against SSL/TLS protocol prefix injection attack. - CVE-2010-0434: mod_headers: Fix potential information leak with threaded MPMs. - mod_reqtimeout: New module limiting the time waiting for receiving a request from the client. This is a (partial) mitigation against slowloris-type resource exhaustion attacks. The module is enabled by default. Closes: #533661 - mod_ssl: Add SSLInsecureRenegotiation directive to allows insecure renegotiation with clients which do not yet support the secure renegotiation protocol. As this requires openssl 0.9.8m, bump build dependency accordingly. * Fix bash completion for a2ensite if the site name contains 'conf' or 'load'. Closes: #572232 * Do a configcheck in the init script before doing a non-graceful restart. Closes: #571461 Checksums-Sha1: ddf6169247b98092afd5b80db0d6e9b54cc69527 1796 apache2_2.2.15-1.dsc 1a751aab443ce76ede233b6d3351223e9c9516f2 6593633 apache2_2.2.15.orig.tar.gz 9284f39682f34bd639ea5c6f32691b5dc6777038 196290 apache2_2.2.15-1.diff.gz 3c43bae560c14a4888770d9efae396b2b51ebae9 2299506 apache2-doc_2.2.15-1_all.deb 219d269780ba0bc81519dcfceddbde6b543bf53e 302896 apache2.2-common_2.2.15-1_i386.deb 759042d8fc3d14e8a4117f8b0cbc00411bd419eb 1320202 apache2.2-bin_2.2.15-1_i386.deb 5fd60bf990e047459c26acecc5d7d9f10f6197c4 2272 apache2-mpm-worker_2.2.15-1_i386.deb fa882ec21c82cf5e85581346bb00db1e71221f95 2328 apache2-mpm-prefork_2.2.15-1_i386.deb ce5a934471544cf5294eeed445f3d08ebd2d33dc 2300 apache2-mpm-event_2.2.15-1_i386.deb c54115d1bda8c75349ae9bca2106115b1e368ea1 2334 apache2-mpm-itk_2.2.15-1_i386.deb 300028487c5d69065c7061a8d5f17c7acf553253 158556 apache2-utils_2.2.15-1_i386.deb f563cfa2ef32f89c18382c958712451f8f0163b7 95960 apache2-suexec_2.2.15-1_i386.deb 47b8f3a5560b1716820a07d4adb8da14c43bcc03 97546 apache2-suexec-custom_2.2.15-1_i386.deb 58909d736b689328e019a9c7b3dfe06a8768e088 1382 apache2_2.2.15-1_i386.deb 7698bb9de7cf3232d19a755268765d68123f8a01 137166 apache2-prefork-dev_2.2.15-1_i386.deb cf7e6bd7de9ea289f7993f4b8646378e604e0777 138316 apache2-threaded-dev_2.2.15-1_i386.deb 7419946f64fdf951069b9e661ad87dfb8acd9c9d 2683280 apache2-dbg_2.2.15-1_i386.deb Checksums-Sha256: 7dc9f68d31c6408e1d9ca3436beb610511e19cfacda21b451a4a3ba659f5840a 1796 apache2_2.2.15-1.dsc 4f879251e938e81fafedabc946831a501b71ddc33cb8a9ad4a994fce233f281b 6593633 apache2_2.2.15.orig.tar.gz 081de168512ab6a0634050e378c880029e828164b1a26f90db346ef26c265493 196290 apache2_2.2.15-1.diff.gz 7dc561357429fa7a7bae19b1efd49ea02112abcb4fc439ee468e0c9892c65d4a 2299506 apache2-doc_2.2.15-1_all.deb 00e0e75f1fec9ec3d4eaae2bd6190903ebc3d600cef40ad145fac4e2263b38dd 302896 apache2.2-common_2.2.15-1_i386.deb fa398e43af7c0ad23e93c8c6f35075c40332b70036754c229ff984fa89589087 1320202 apache2.2-bin_2.2.15-1_i386.deb 78721f1301aab92f23217a240b1201fa8c2342bccd1f3ffcb5eeaaad03f35a98 2272 apache2-mpm-worker_2.2.15-1_i386.deb 5561632891546e9e30f1ae142588dfb505bddf5a6efb0a3e0d201a3b205c40fa 2328 apache2-mpm-prefork_2.2.15-1_i386.deb 3b48a469b196532760fefe40952cb1679109d2d0a69ed1f7803b4e6838fb3ea4 2300 apache2-mpm-event_2.2.15-1_i386.deb 889f6910f459168ea62aac9408387ccbbffc31f78cee282157eacd61d70e7111 2334 apache2-mpm-itk_2.2.15-1_i386.deb 053c5119dad0f43c4cc8642c7bfd9c1d0e233fc824f1f9392cb17ed3d626e06d 158556 apache2-utils_2.2.15-1_i386.deb 1d761a6862f0b57544cf584aea8c603284970c13ddfba902abd6843688e901f1 95960 apache2-suexec_2.2.15-1_i386.deb a2940c17b9b530f69bdfc3ea567ffcf178b7ea8cd0e2beead0c11fa14adeab15 97546 apache2-suexec-custom_2.2.15-1_i386.deb ec81076f8b5ee42b1fc8b3eaee49fd17638d008aebf3392aa496f5c738967d1f 1382 apache2_2.2.15-1_i386.deb 20d1412aeb23b18d5e1eb827b4e37fc2327929db2a2179b0ff884f7bc60324a2 137166 apache2-prefork-dev_2.2.15-1_i386.deb 7867983a7ecbb752398ff629aa1abdf308d59632a0fc6beb7193651792b6db03 138316 apache2-threaded-dev_2.2.15-1_i386.deb f0c6a326fe331cd0bcd0c75243538a508ecf152632c94160f64fdace0876fd6b 2683280 apache2-dbg_2.2.15-1_i386.deb Files: 59304a8d6f5e76e5cbdf60be5ab5cdb2 1796 httpd optional apache2_2.2.15-1.dsc 31fa022dc3c0908c6eaafe73c81c65df 6593633 httpd optional apache2_2.2.15.orig.tar.gz 948f7496304408088c14c2f0d2e5e474 196290 httpd optional apache2_2.2.15-1.diff.gz cf591ac5cfa0553e7eb04ed91ca31704 2299506 doc optional apache2-doc_2.2.15-1_all.deb b150352d5615301be9b93131538c90ae 302896 httpd optional apache2.2-common_2.2.15-1_i386.deb af1b901a5ca4b5263abf441a3ea99ec5 1320202 httpd optional apache2.2-bin_2.2.15-1_i386.deb 04c3592c3eacf928e06e66b599827d45 2272 httpd optional apache2-mpm-worker_2.2.15-1_i386.deb 8d56e5efc9894ae5b78b12b41643bb95 2328 httpd optional apache2-mpm-prefork_2.2.15-1_i386.deb 1d72d6c56491f4f0af33ca327d9deb28 2300 httpd optional apache2-mpm-event_2.2.15-1_i386.deb 0f6eb269907db8e6fa99216097ca7593 2334 httpd extra apache2-mpm-itk_2.2.15-1_i386.deb 96aafa5312873daf6fc43dcced45542c 158556 httpd optional apache2-utils_2.2.15-1_i386.deb 4a15c0eb4b8825417cc0d538f186b475 95960 httpd optional apache2-suexec_2.2.15-1_i386.deb 740d8a58ed38c79aade44404e0c4d01d 97546 httpd extra apache2-suexec-custom_2.2.15-1_i386.deb 9918e30a794b2a3f0ad37e830f24c6c8 1382 httpd optional apache2_2.2.15-1_i386.deb 4b8d068b9e4f1e5bcb8092e8caad49eb 137166 httpd extra apache2-prefork-dev_2.2.15-1_i386.deb 41a9968ceef4a3d1d839b8d7d674a024 138316 httpd extra apache2-threaded-dev_2.2.15-1_i386.deb 35aa3db7a8e60d980cdd9389089d0e07 2683280 debug extra apache2-dbg_2.2.15-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFLlCnhbxelr8HyTqQRAij7AKC7HtgT1AUZ3w1NaRf0iCrMisc2oACgpMVu D9nPmF/skLVUP+x5d5Mp9vw= =xAAZ -----END PGP SIGNATURE-----
--- End Message ---