(Please keep me in Cc) Background: The latest Apache upload (2.4.16) introduced a new symbol, ap_hook_force_authn. Subversion's Apache modules need to use this symbol to close the loop on the related security fixes. Issue: Simply rebuilding subversion against the latest apache2-dev doesn't cause there to be a lockstep upgrade of apache and libapache2-mod-svn. If someone happens to only upgrade libapache2-mod-svn, then Apache will fail to load mod_authz_svn because of the missing symbol. Following the package practices laid out in the wiki[0] doesn't provide any recommendation on how to handle this. Should there be a symbols file (or similar mechanism) to address this scenario, or does every maintainer of an Apache module need to add explicit “Depends: apache2-bin (>= …)” (which conflicts with the wiki) to ensure smooth upgrades? [0]: https://wiki.debian.org/Apache/PackagingFor24 Cheers, -- James GPG Key: 4096R/331BA3DB 2011-12-05 James McCoy <jamessan@debian.org>
Attachment:
signature.asc
Description: Digital signature