Please unblock apache/1.3.34-4.1

To: debian-release@lists.debian.org
Subject: Please unblock apache/1.3.34-4.1
From: Matthew Johnson <debian@matthew.ath.cx>
Date: Sun, 4 Mar 2007 19:52:42 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.4.63.0703041946250.30101@illythia.matthew.ath.cx>
Reply-to: Matthew Johnson <debian@matthew.ath.cx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear release team,

My NMU of apache to close #357561 has just been uploaded. It closes a
security vulnerability which was only not RC due to it being terminal
related. I feel that even so, when  a fix is available it should be
allowed into Etch. The changelog entry is as follows:

 apache (1.3.34-4.1) unstable; urgency=low
 .
   * Non-Mainainer Upload.
   * Revert 033_-F_NO_SETSID patch and re-fix #244857 in such a way that a
     local root hole is not created (Closes: #357561)

The change I made is to revert 033_-F_NO_SETSID, but retain it's functionality by adding 033_SETSID_allowfail which still calls setsid, but allows it to fail when the -F flag has been specified to apache without it exiting. 514_nice_proxy_cache_cleanup  is patched against the same bit of file, so this has been changed so that it applies cleanly.

This is a minimal change and has been confirmed to still solve the problem for
which 033_-F_NO_SETSID was introduced.

Thanks,

Matt

- --Matthew Johnson

http://www.matthew.ath.cx/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFF6yOOpldmHVvob7kRAgNfAJ0XCQ925F39G7NpXZ6WKY9K0Vg8YgCgmK2V
HmPyMjc1Ym59QPCztmowrjc=
=W77K
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Please unblock apache/1.3.34-4.1
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: D-I RC2 - Status and schedule - Post-Etch development
Next by Date: Please unblock id3ren 1.1b0-3
Previous by thread: Re: please allow freeze exception for ppp-2.4.4rel-7
Next by thread: Re: Please unblock apache/1.3.34-4.1
Index(es):
- Date
- Thread