Bug#876384: marked as done ([PATCH] apache2ctl: Fix passing arguments with spaces in them to apache2)

To: Stefan Fritsch <sf@debian.org>
Subject: Bug#876384: marked as done ([PATCH] apache2ctl: Fix passing arguments with spaces in them to apache2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 23 Sep 2017 22:39:14 +0000
Message-id: <[🔎] handler.876384.D876384.150620607527034.ackdone@bugs.debian.org>
Reply-to: 876384@bugs.debian.org
References: <E1dvt0K-0001vY-TG@fasolo.debian.org> <[🔎] CABr9L5CXcqO-X_1ptO85v-SL51x7c-DjoQA2q53dbYU=SQ4Pxw@mail.gmail.com>

Your message dated Sat, 23 Sep 2017 22:34:32 +0000
with message-id <E1dvt0K-0001vY-TG@fasolo.debian.org>
and subject line Bug#876384: fixed in apache2 2.4.27-6
has caused the Debian Bug report #876384,
regarding [PATCH] apache2ctl: Fix passing arguments with spaces in them to apache2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
876384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876384
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [PATCH] apache2ctl: Fix passing arguments with spaces in them to apache2
From: Ville Skyttä <ville.skytta@iki.fi>
Date: Thu, 21 Sep 2017 18:07:27 +0300
Message-id: <[🔎] CABr9L5CXcqO-X_1ptO85v-SL51x7c-DjoQA2q53dbYU=SQ4Pxw@mail.gmail.com>

Package: apache2
Version: 2.4.25-3+deb9u3

For example:

# apachectl -D FOREGROUND -c "ErrorLog /dev/stderr"
[...]
Action '-D FOREGROUND -c ErrorLog /dev/stderr' failed.
The Apache error log may have more information.

'git am'able fix attached.

From bc9076ec3f3e76a692e3985ff2e67633d749b608 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Skytt=C3=A4?= <ville.skytta@iki.fi>
Date: Thu, 21 Sep 2017 17:54:50 +0300
Subject: [PATCH] apache2ctl: Fix passing arguments with spaces in them to
 apache2

For example:
apache2ctl -D FOREGROUND -c "ErrorLog /dev/stderr"
---
 debian/apache2ctl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/apache2ctl b/debian/apache2ctl
index f31263b1..b03dc7e9 100755
--- a/debian/apache2ctl
+++ b/debian/apache2ctl
@@ -205,7 +205,7 @@ fullstatus)
     get_status
     ;;
 *)
-    $HTTPD ${APACHE_ARGUMENTS} $ARGV
+    $HTTPD ${APACHE_ARGUMENTS} "$@"
     ERROR=$?
 esac
 
-- 
2.13.5

--- End Message ---

--- Begin Message ---

To: 876384-close@bugs.debian.org
Subject: Bug#876384: fixed in apache2 2.4.27-6
From: Stefan Fritsch <sf@debian.org>
Date: Sat, 23 Sep 2017 22:34:32 +0000
Message-id: <E1dvt0K-0001vY-TG@fasolo.debian.org>

Source: apache2
Source-Version: 2.4.27-6

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876384@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Sep 2017 00:08:01 +0200
Source: apache2
Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg
Architecture: source amd64 all
Version: 2.4.27-6
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
 apache2    - Apache HTTP Server
 apache2-bin - Apache HTTP Server (modules and other binary files)
 apache2-data - Apache HTTP Server (common files)
 apache2-dbg - Apache debugging symbols
 apache2-dev - Apache HTTP Server (development headers)
 apache2-doc - Apache HTTP Server (on-site documentation)
 apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers)
 apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec
 apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec
 apache2-utils - Apache HTTP Server (utility programs for web servers)
Closes: 876109 876384
Changes:
 apache2 (2.4.27-6) unstable; urgency=high
 .
   * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files
     which could result in HTTP OPTIONS method leaking Apache's server memory.
     Closes: #876109
   * Fix argument escaping in apachectl. Closes: #876384
Checksums-Sha1:
 277dbd6c4dbdc35de716edf93e5922779c416aec 3037 apache2_2.4.27-6.dsc
 4e20690dd882e2d1cf2862c352efffff7e86d361 702204 apache2_2.4.27-6.debian.tar.xz
 8e7a2fe92669793a8107922b226ab01d821f4860 1210944 apache2-bin_2.4.27-6_amd64.deb
 c2591565e07e0bc67cce92e03f15aa2545bfc2ba 162070 apache2-data_2.4.27-6_all.deb
 614d34e21df7ffba21e6a5780c01a1650a12279f 3985494 apache2-dbg_2.4.27-6_amd64.deb
 f11c3bb32a3b5e9c774bce80bbeeeeea074bfa7d 317878 apache2-dev_2.4.27-6_amd64.deb
 e6959269c5bad03c01bf95ebd2b063b9b06c614d 3820886 apache2-doc_2.4.27-6_all.deb
 fce4d0a7e7c005469a5a7935f045ed14c2aab9fd 2248 apache2-ssl-dev_2.4.27-6_amd64.deb
 ff3d0a5f3b6af50c0032c4232b8c320e61bcb610 159126 apache2-suexec-custom_2.4.27-6_amd64.deb
 97bc0b212e076876599136f68542a1648f28f2da 157570 apache2-suexec-pristine_2.4.27-6_amd64.deb
 7b1ec81bedc5a6e3791b70aa4aee926538c4a5ac 222218 apache2-utils_2.4.27-6_amd64.deb
 0e24ef4593cfe87844f79bdde90b8fc5aae9b617 9723 apache2_2.4.27-6_amd64.buildinfo
 f32bfa0db625289c1a1a6fcf0b39917b4c410841 239556 apache2_2.4.27-6_amd64.deb
Checksums-Sha256:
 b73ffa8787be3039dac0da8a6db6f10936da81412f72d2d814c4087237071c3b 3037 apache2_2.4.27-6.dsc
 f8eb526bee4afb66daf91ebec40a832c3949ba0ebb00e08994d005a9e06d47bd 702204 apache2_2.4.27-6.debian.tar.xz
 f94f7f705dfc39b53c199f1f7ac5f9c04d6923833c096050f102ad1bbb55da69 1210944 apache2-bin_2.4.27-6_amd64.deb
 e0fb8f9aa28f431db06d1c86ac1993d9e4686e82786b22e77e57acb4ce0dbd57 162070 apache2-data_2.4.27-6_all.deb
 c0dab7c9a9035d1e6241f4fef0fb3c7165ba575b25e0fabd2f9804b8a5446639 3985494 apache2-dbg_2.4.27-6_amd64.deb
 7867f7ccd249394c6afcb3b4558bd564509caaad124a30f8841760309e82c043 317878 apache2-dev_2.4.27-6_amd64.deb
 0e839b308a748774f512f6ce2e2edbf22c857e76514095af5c50b0f1992f4aa9 3820886 apache2-doc_2.4.27-6_all.deb
 a15f9c384a507cbec9786e17dcc9984b4624366b15397f360d34a2e1e4955713 2248 apache2-ssl-dev_2.4.27-6_amd64.deb
 30e87074f8bde2e73384aacb2e3b747638efb17ae513ecf5722b636eee5f3c23 159126 apache2-suexec-custom_2.4.27-6_amd64.deb
 b45618254d316d399e625fb204e3539f1ac78747a1e843fc7c253b486dfd5a80 157570 apache2-suexec-pristine_2.4.27-6_amd64.deb
 6e120b0278fca3366b22126117dcb0ba188553b4e032fe11b80967212fb1c312 222218 apache2-utils_2.4.27-6_amd64.deb
 e7b607a1abae8ef0149670442737d35bca58c92d96cc1050a67f83eb058de6a5 9723 apache2_2.4.27-6_amd64.buildinfo
 27c6222645a1b500a23fadc91867239ce38f1bdadff9dcb2672c5c88ee6e5a3a 239556 apache2_2.4.27-6_amd64.deb
Files:
 0ae173b9951fb71c08cd9d512be9302b 3037 httpd optional apache2_2.4.27-6.dsc
 03166ef9bcde309ec44cbc43fdb4bf3a 702204 httpd optional apache2_2.4.27-6.debian.tar.xz
 1db293eac26f0561c24ee37cd5f9412c 1210944 httpd optional apache2-bin_2.4.27-6_amd64.deb
 b6f135ad85621ee1147930c3d022d55a 162070 httpd optional apache2-data_2.4.27-6_all.deb
 403a3bd6d89baa156fbc280de6517d81 3985494 debug optional apache2-dbg_2.4.27-6_amd64.deb
 fe1c8351ad734dd026696412e9227a76 317878 httpd optional apache2-dev_2.4.27-6_amd64.deb
 e6c5ae8b7fc464e10a6f334f160d00f4 3820886 doc optional apache2-doc_2.4.27-6_all.deb
 112ed5139c769bbba0e3cd6667621f9c 2248 httpd optional apache2-ssl-dev_2.4.27-6_amd64.deb
 24b4216f42d471cbeee699cef2a44bc4 159126 httpd optional apache2-suexec-custom_2.4.27-6_amd64.deb
 2dfdc02dab9dc95e4653dc666dd6dde8 157570 httpd optional apache2-suexec-pristine_2.4.27-6_amd64.deb
 003ceb6dd12add2bdb45e584fcbc6334 222218 httpd optional apache2-utils_2.4.27-6_amd64.deb
 197710fae3790cd5e47c356c007934ec 9723 httpd optional apache2_2.4.27-6_amd64.buildinfo
 a3b860ebe329e38769e78dfcd89bfef6 239556 httpd optional apache2_2.4.27-6_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlnG3ZoACgkQxodfNUHO
/eDbyxAArF6+L/M1yUDDoqV4PxSY+Ru+LDiunnFjVAt0ef5bZOAuJLcG+7IfY2Di
QIWpqjojdEfC1cn6/AmDAoxIakk2hbbmFlBsWr9jlB/xcKrDGBx4EZGDKYlx95+T
6depFJXpMgM0Dd4tUyYkr7Yo24b6vgl7CR7HUpfaSH6cSJm8KupVUBg2EeeIhiEl
zzF+Byf0cXs9hthsdY6M9w4qpLqOHChZjzIT8epz3s+hfS3Hg+HzJPjU8tydeARY
HG4CBrnvR5Kq/jLLVvyEPAYoMBT2MOGTkA6bFBs0LAWF2TwX/q304NQwlSmjl6re
gPPwzHW9QFA8SBkAER7U0yXAD/2xK+4AOi6Wt0j2bNfb2S4FrG4gAohRPqnvy4eb
dJGg/ALK/NI/AcoAhv2pYg2QBXorFIX5i02GjubIWCxTkXQvQsczxFffOlPleerB
NZVoPofG8ZEDVQXY+V9j2luz8b7Ll9ljBlhRkiYiZdZ35+tVtdZILc2zI8eKXcDq
lZapqdBnqpR7ds0zlioTz/w4oM8D9jZHgESDAGTpF0jZdnJFV6CSDOaNCMTRKTZq
g+SqosyqzrwYN2V2F/GdJziG/opXJ68g00Piq29j9TloZvQjV5S/GzvMDkd58hAx
VTWrpi6ajTFzcQK6Wa8rnWtZpFwY5sUN+2VcFoKqkdtoaT78tnw=
=r8In
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#876384: [PATCH] apache2ctl: Fix passing arguments with spaces in them to apache2
  - From: Ville Skyttä <ville.skytta@iki.fi>

Prev by Date: Bug#876109: marked as done (apache2: CVE-2017-9798: HTTP OPTIONS method can leak Apache's server memory)
Next by Date: Processing of apache2_2.4.27-6_amd64.changes
Previous by thread: Bug#876384: [PATCH] apache2ctl: Fix passing arguments with spaces in them to apache2
Next by thread: apache2_2.4.25-3+deb9u3_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread