[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1033770: bullseye-pu: package apache2/2.4.56-1~deb11u2

Control: tags -1 - confirmed

On 4/1/23 22:47, Moritz Mühlenhoff wrote:

Am Sat, Apr 01, 2023 at 08:32:55AM +0400 schrieb Yadd:

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: apache2@packages.debian.org
Control: affects -1 + src:apache2

[ Reason ]
apache2 silently reenable apache2-doc.conf despite having been disabled
(#1018718)


If we update Apache in Bullseye, how about also adding patches for
#1033408 and #1033284?

Cheers,
         Moritz


Hi,

here is the new debdiff

Cheers,
Yadd
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 00000000..c048ae45
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,9 @@
+apache2 (2.4.56-1~deb11u2) bullseye; urgency=medium
+
+  This version does not automatically enable the apache2 config snippet for
+  /manual anymore. If you want to have it enabled you will need to do this
+  yourself, e.g. with
+
+    /usr/sbin/a2enconf apache2-doc
+
+ -- Yadd <yadd@debian.org>  Sat, 01 Apr 2023 08:17:08 +0400
diff --git a/debian/apache2-doc.postinst b/debian/apache2-doc.postinst
deleted file mode 100644
index e7e1e5a7..00000000
--- a/debian/apache2-doc.postinst
+++ /dev/null
@@ -1,17 +0,0 @@
-#! /bin/sh
-
-set -e
-
-# conffiles must be moved before invoking rc.d
-#DEBHELPER#
-
-# This code should use dh_apache2 once it is available as build dependency
-
-if [ "$1" = "configure" ] ; then
-	if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
-		. /usr/share/apache2/apache2-maintscript-helper
-		apache2_invoke enconf apache2-doc || true
-	fi
-fi
-
-exit
diff --git a/debian/changelog b/debian/changelog
index 41c3a7cc..e440c341 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+apache2 (2.4.56-1~deb11u2) bullseye; urgency=medium
+
+  [ Hendrik Jäger ]
+  * Don't automatically enable apache2-doc.conf (Closes: #1018718)
+
+  [ Yadd ]
+  * Fix regression in mod_rewrite introduced in version 2.4.56
+     (Closes: #1033284)
+  * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408)
+
+ -- Yadd <yadd@debian.org>  Sun, 02 Apr 2023 07:06:01 +0400
+
 apache2 (2.4.56-1~deb11u1) bullseye-security; urgency=medium
 
   * New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690)
diff --git a/debian/patches/fix-2.4.56-regression-2.patch b/debian/patches/fix-2.4.56-regression-2.patch
new file mode 100644
index 00000000..d19373c0
--- /dev/null
+++ b/debian/patches/fix-2.4.56-regression-2.patch
@@ -0,0 +1,30 @@
+Description: h2 request headers clone instead of copy
+Author: Stefan Eissing
+Origin: upstream, https://bz.apache.org/bugzilla/attachment.cgi?id=38527&action=diff
+Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=66539
+Bug-Debian: https://bugs.debian.org/1033408
+Forwarded: not-needed
+Applied-Upstream: 2.4.57
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2023-04-02
+
+--- a/modules/http2/h2_request.c
++++ b/modules/http2/h2_request.c
+@@ -279,7 +279,7 @@
+ apr_bucket *h2_request_create_bucket(const h2_request *req, request_rec *r)
+ {
+     conn_rec *c = r->connection;
+-    apr_table_t *headers = apr_table_copy(r->pool, req->headers);
++    apr_table_t *headers = apr_table_clone(r->pool, req->headers);
+     const char *uri = req->path;
+ 
+     AP_DEBUG_ASSERT(req->authority);
+@@ -303,7 +303,7 @@
+ {
+     const char *cl;
+ 
+-    r->headers_in = apr_table_copy(r->pool, req->headers);
++    r->headers_in = apr_table_clone(r->pool, req->headers);
+     if (req->authority) {
+         /* for internal handling, we have to simulate that :authority
+          * came in as Host:, RFC 9113 ch. says that mismatches between
diff --git a/debian/patches/fix-2.4.56-regression.patch b/debian/patches/fix-2.4.56-regression.patch
new file mode 100644
index 00000000..0203491d
--- /dev/null
+++ b/debian/patches/fix-2.4.56-regression.patch
@@ -0,0 +1,19 @@
+Description: fix 2.4.56 regression
+Author: covener
+Bug-Debian: https://bugs.debian.org/1033284
+Origin: upstream, http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?r1=1908813&r2=1908812&pathrev=1908813
+Forwarded: not-needed
+Applied-Upstream: 2.4.57
+Reviewed-By: Yadd <yadd@debian.org>
+Last-Update: 2023-04-01
+
+--- a/modules/mappers/mod_rewrite.c
++++ b/modules/mappers/mod_rewrite.c
+@@ -3854,6 +3854,7 @@
+     if (*(a2_end-1) == '?') {
+         /* a literal ? at the end of the unsubstituted rewrite rule */
+         newrule->flags |= RULEFLAG_QSNONE;
++	*(a2_end-1) = '\0'; /* trailing ? has done its job */
+     }
+     else if (newrule->flags & RULEFLAG_QSDISCARD) {
+         if (NULL == ap_strchr(newrule->output, '?')) {
diff --git a/debian/patches/series b/debian/patches/series
index aa0aae42..6d738242 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,6 +4,8 @@ suexec-CVE-2007-1742.patch
 customize_apxs.patch
 build_suexec-custom.patch
 reproducible_builds.diff
+fix-2.4.56-regression.patch
+fix-2.4.56-regression-2.patch
 
 # This patch is applied manually
 #suexec-custom.patch
Reply to: