Bug#789788: marked as done (apache2: old configuration syntax in security.conf)

To: Stefan Fritsch <sf@debian.org>
Subject: Bug#789788: marked as done (apache2: old configuration syntax in security.conf)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 01 Aug 2015 23:09:11 +0000
Message-id: <[🔎] handler.789788.D789788.143847032631840.ackdone@bugs.debian.org>
References: <E1ZLfqE-0006bW-Fm@franck.debian.org> <20150624124237.15195.15254.reportbug@rw1.media-concept.com>

Your message dated Sat, 01 Aug 2015 23:05:22 +0000
with message-id <E1ZLfqE-0006bW-Fm@franck.debian.org>
and subject line Bug#789788: fixed in apache2 2.4.16-1
has caused the Debian Bug report #789788,
regarding apache2: old configuration syntax in security.conf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
789788: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789788
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2: old configuration syntax in security.conf
From: Werner Detter <werner@aloah-from-hell.de>
Date: Wed, 24 Jun 2015 14:42:37 +0200
Message-id: <20150624124237.15195.15254.reportbug@rw1.media-concept.com>

Package: apache2
Version: 2.4.10-10
Severity: minor

Dear Maintainer,

the default installation of Apache 2.4 on Jessie uses old Apache 2.2 syntax in /etc/apache2/conf-available/security.conf:

#<Directory />
#   AllowOverride None
#   Order Deny,Allow
#   Deny from all
#</Directory>

Which should be:

#<Directory />
#   AllowOverride None
#   Require all denied
#</Directory>

cheers,
Werner



*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- Package-specific info:

-- System Information:
Debian Release: 8.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin    2.4.10-10
ii  apache2-data   2.4.10-10
ii  apache2-utils  2.4.10-10
ii  dpkg           1.17.25
ii  lsb-base       4.1+Debian13+nmu1
ii  mime-support   3.58
ii  perl           5.20.2-3+deb8u1
ii  procps         2:3.3.9-9

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.35

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  w3m [www-browser]                                0.5.3-19

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.1-3
ii  libaprutil1              1.5.4-1
ii  libaprutil1-dbd-sqlite3  1.5.4-1
ii  libaprutil1-ldap         1.5.4-1
ii  libc6                    2.19-18
ii  libldap-2.4-2            2.4.40+dfsg-1
ii  liblua5.1-0              5.1.5-7.1
ii  libpcre3                 2:8.35-3.3
ii  libssl1.0.0              1.0.1k-3+deb8u1
ii  libxml2                  2.9.1+dfsg1-5
ii  perl                     5.20.2-3+deb8u1
ii  zlib1g                   1:1.2.8.dfsg-2+b1

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  w3m [www-browser]                                0.5.3-19

Versions of packages apache2 is related to:
ii  apache2      2.4.10-10
ii  apache2-bin  2.4.10-10

-- Configuration Files:
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/mods-available/ssl.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]
/etc/apache2/sites-available/default-ssl.conf [Errno 2] Datei oder Verzeichnis nicht gefunden: u'/etc/apache2/sites-available/default-ssl.conf'

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 789788-close@bugs.debian.org
Subject: Bug#789788: fixed in apache2 2.4.16-1
From: Stefan Fritsch <sf@debian.org>
Date: Sat, 01 Aug 2015 23:05:22 +0000
Message-id: <E1ZLfqE-0006bW-Fm@franck.debian.org>

Source: apache2
Source-Version: 2.4.16-1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 789788@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 02 Aug 2015 00:44:07 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.16-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Closes: 733979 787103 789788 789914
Changes:
 apache2 (2.4.16-1) unstable; urgency=medium
 .
   [ Stefan Fritsch ]
   * New upstream version, fixing the following security issues:
     + CVE-2015-3183: Fix chunk header parsing defect.
     + CVE-2015-3185: ap_some_auth_required() broken in apache 2.4 in an
       unfixable way. Add a new replacement API ap_some_authn_required()
       and ap_force_authn hook.
 .
   [ Jean-Michel Vourgère ]
   * Allow "triggers-awaited" and "triggers-pending" states in addition to
     "installed" when determining whether to defer actions or process
     deferred actions. Thanks Colin Watson. Closes: #787103
   * Allow a2dismod cgi on threaded mpms. Thanks Raul Dias. Closes:
     #733979
   * Remove pre-Jessie transition scripts, and remaining breaks.
   * Made builds reproducible: d/rules set the date from the changelog in
     CPPFLAGS, new reproducible_builds.diff patch to use it.
   * Moved bash_completion from /etc to /usr/share/bash_completion. Added
     links there for dynamic loading.
   * Upgrade security.conf comments to 2.4 auth format. Thanks Werner
     Detter. Closes: #789788
   * apache2.postinst: Fixed tests on deferred mpm switch. Closes:
     #789914
Checksums-Sha1:
 fb5065924934ca6c1300f773ee15533c18d5ba44 2627 apache2_2.4.16-1.dsc
 9963e7482700dd50c53e47abfe2d1c5068875a9c 5101005 apache2_2.4.16.orig.tar.bz2
 f04d64607fa67f2b90be714c0fee896f1d0bf788 437292 apache2_2.4.16-1.debian.tar.xz
 a9dbe517968a6303c6eb65eb2be58fce83704a8b 1044070 apache2-bin_2.4.16-1_amd64.deb
 c45bf50cf722d41854608e3d214f84ac7192c900 162908 apache2-data_2.4.16-1_all.deb
 71456db11a8eec602e2c5c795de7f8a214c3c575 2010854 apache2-dbg_2.4.16-1_amd64.deb
 5ef360138a05fbde4ef41571fd53e7f42cbbd37e 288948 apache2-dev_2.4.16-1_amd64.deb
 28643d3639abbbb523996c1bd8499de77e4cb191 2756076 apache2-doc_2.4.16-1_all.deb
 4ff42ae633069fc6a57228f4a5c949955ae73de9 137776 apache2-suexec-custom_2.4.16-1_amd64.deb
 1ccdb2cc27079637f960050946505499d15b0ec5 136316 apache2-suexec-pristine_2.4.16-1_amd64.deb
 94ddeeb4f3d8c9b75f283ee8dc8096c08afd4b49 202066 apache2-utils_2.4.16-1_amd64.deb
 6be6d194d5800ce64e93d5b0a61341b5a8b981a3 206708 apache2_2.4.16-1_amd64.deb
Checksums-Sha256:
 effb5633da2b6f3b976b1c371465528a0ecc3318e3f6aae011dae76939f6b3d2 2627 apache2_2.4.16-1.dsc
 ac660b47aaa7887779a6430404dcb40c0b04f90ea69e7bd49a40552e9ff13743 5101005 apache2_2.4.16.orig.tar.bz2
 0053ccf0847b26cecdc335ae1d54a03484b5388ab230783f6e4a53f7be4288fa 437292 apache2_2.4.16-1.debian.tar.xz
 4143ec67229518426e46b4bef708ff0c8242531fd453f1fbac480338e3c5c2a9 1044070 apache2-bin_2.4.16-1_amd64.deb
 a94367c59ca9634ee95a9b4f6004c3fc67cefd3dcdc96154ba70f8b3c6eb7e0b 162908 apache2-data_2.4.16-1_all.deb
 3e548af2c4714419badd45feb4a0a1d33156a59ac5f4db4d33632fec2536f72e 2010854 apache2-dbg_2.4.16-1_amd64.deb
 9b442c53f47cf35817da72a94b163bb8074f1ed863c904ee7b9a63f42d35b1f8 288948 apache2-dev_2.4.16-1_amd64.deb
 d96da210b1590326d3eb2270349d8efa5b569f21f3cdcbad7cbdb8a500e83587 2756076 apache2-doc_2.4.16-1_all.deb
 ac54644378d4080a7320fa2332563a63d7ff7789128775bbc7bb2e2b7d39fa49 137776 apache2-suexec-custom_2.4.16-1_amd64.deb
 64af08d49a6d11f2d7193e81135886bb98189e87e27d057d4bb706509ef86b46 136316 apache2-suexec-pristine_2.4.16-1_amd64.deb
 0f27bb8ab7500c3489594ce0f14217427607b696cb9786dc0165fd79371f448f 202066 apache2-utils_2.4.16-1_amd64.deb
 64b8acb9289011fa3892ac1dedacfb1feeb90a84187636f190e7a1ee856c32ae 206708 apache2_2.4.16-1_amd64.deb
Files:
 b87020bdf4a48e6bf6c4d850c1d4b42d 2627 httpd optional apache2_2.4.16-1.dsc
 2b19cd338fd526dd5a63c57b1e9bfee2 5101005 httpd optional apache2_2.4.16.orig.tar.bz2
 9b4e058d21dc72d8511141fb068b9651 437292 httpd optional apache2_2.4.16-1.debian.tar.xz
 2f3b71e9ce7f12f1f9f38a57e8c092f1 1044070 httpd optional apache2-bin_2.4.16-1_amd64.deb
 6985626bc5ad254b0f35e6cf8b33ac31 162908 httpd optional apache2-data_2.4.16-1_all.deb
 e68a50c99a78c0edf4f4e67590a78020 2010854 debug extra apache2-dbg_2.4.16-1_amd64.deb
 10eec8232372acd906f1224b203cbf52 288948 httpd optional apache2-dev_2.4.16-1_amd64.deb
 86d378ba2bf96971395b99428e93b073 2756076 doc optional apache2-doc_2.4.16-1_all.deb
 960c71212ff4d4469261aad2bd5b3e6d 137776 httpd extra apache2-suexec-custom_2.4.16-1_amd64.deb
 ab023abbcb06087ecae71ed8181d329b 136316 httpd optional apache2-suexec-pristine_2.4.16-1_amd64.deb
 e678108ee3a1d2c39835384ea822f799 202066 httpd optional apache2-utils_2.4.16-1_amd64.deb
 b1662a16c5c956e4163cf84e2cc662ea 206708 httpd optional apache2_2.4.16-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVb1MxsaHXzVBzv3gAQieBRAAlUA9VBi0BBLLMczOcO8onuC4fBV2L+gj
i1FgYablmTD8T576wTfOvn7wW6faJTUJ+YrsdWUfVdXWki0kLKiDphTK9YWtw/uw
/uglXfS0G9SOT2APc2DiMKRLmfH09sGboP0yOScqQoHn07ttUhR0w/7CbbhLRfqY
IALlPvDE8LJxXB3KZsFZy/YVH8quWPt/607e1plDGqM0/qdc8eWX4s0+6aQSXiJ9
ZDZS053RdH+ZJzxfPTmEt7lVYpNCSFNzSCMmd1jey5gWhCR7zsN/Tc0REStS/A0C
hzybJJBNgtGueXIrZGwQ5C2Bzk/rSNN4UhMp/SwOwd0SaQew/fm3NfJ6gRkKlhsQ
iE05KtOOETFBA2POuxuo8llH4xoo1N36vj+nWz1lLruXFzzyZva3h/I0CVrra+kX
zqYLum0b5Qea/9WZ+/lwM2csvDGENX8ALibqIDYDICTAJqJ70W4ao2loez0MgzOM
bbzIsFH8wY6FOnyOnBnzQ/esCQU5TrTDTSB4F8Rg/O6ei+60VTyqQp+7ODuxD0pR
yvv7rVhjkQDH+fWWSLowqEXxqLhO+cvN+GyWy06MQaFZVyCbn2B74SLA4gR3x3d2
4sgIoqZ7w/rAkR9WXVMZ6bDjMGWaKysOSfstDgGriX7JDERL5Kbim7GsG0J4CAdG
uMy7aZo3X3c=
=hLFT
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#787103: marked as done (Deferring postinst actions fails when triggers are in use)
Next by Date: Bug#789914: marked as done (apache2: fails to install: ERROR: Module mpm_event is enabled - cannot proceed due to conflicts. It needs to be disabled first!)
Previous by thread: Bug#787103: marked as done (Deferring postinst actions fails when triggers are in use)
Next by thread: Bug#789914: marked as done (apache2: fails to install: ERROR: Module mpm_event is enabled - cannot proceed due to conflicts. It needs to be disabled first!)
Index(es):
- Date
- Thread