Please unblock apache/1.3.34-4.1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear release team,
My NMU of apache to close #357561 has just been uploaded. It closes a
security vulnerability which was only not RC due to it being terminal
related. I feel that even so, when a fix is available it should be
allowed into Etch. The changelog entry is as follows:
apache (1.3.34-4.1) unstable; urgency=low
.
* Non-Mainainer Upload.
* Revert 033_-F_NO_SETSID patch and re-fix #244857 in such a way that a
local root hole is not created (Closes: #357561)
The change I made is to revert 033_-F_NO_SETSID, but retain it's functionality by adding 033_SETSID_allowfail which still calls setsid, but allows it to fail when the -F flag has been specified to apache without it exiting. 514_nice_proxy_cache_cleanup is patched against the same bit of file, so this has been changed so that it applies cleanly.
This is a minimal change and has been confirmed to still solve the problem for
which 033_-F_NO_SETSID was introduced.
Thanks,
Matt
- --
Matthew Johnson
http://www.matthew.ath.cx/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76
iD8DBQFF6yOOpldmHVvob7kRAgNfAJ0XCQ925F39G7NpXZ6WKY9K0Vg8YgCgmK2V
HmPyMjc1Ym59QPCztmowrjc=
=W77K
-----END PGP SIGNATURE-----
Reply to: