Bug#487431: marked as done (ITP: libapache-mod-security -- Tighten web applications security for Apache)
Your message dated Sun, 28 Dec 2008 16:41:19 +0000
with message-id <E1LGyhb-0004kg-74@ries.debian.org>
and subject line Bug#487431: fixed in libapache-mod-security 2.5.6-1
has caused the Debian Bug report #487431,
regarding ITP: libapache-mod-security -- Tighten web applications security for Apache
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
487431: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487431
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: wnpp
Severity: wishlist
Owner: Alberto Gonzalez Iniesta <agi@inittab.org>
* Package name : libapache-mod-security2
Version : 2.5.x
Upstream Author : Breach Security, Inc. (http://www.breach.com/)
* URL : http://www.modsecurity.org/
* License : GPLv2
Programming Lang: C
Description : Tighten web applications security for Apache
Mod_security is an Apache 1.x/2.x module whose purpose is to tighten the Web
application security. Effectively, it is an intrusion detection and prevention
system for the web server.
.
At the moment its main features are:
* Audit log; store full request details in a separate file, including POST
payloads.
* Request filtering; incoming requests can be analysed and offensive requests
can be rejected (or simply logged, if that is what you want). This feature
can be used to prevent many types of attacks (e.g. XSS attacks, SQL
injection, ...) and even allow you to run insecure applications on your
servers (if you have no other choice, of course).
**********************
** To: debian-legal **
**********************
I'm Cc'ing debian-legal because this package was removed from Debian [1]
due to GPLv2 and Apache licences not being compatible [2][3].
After some threads in upstream's mailing list, great interest from users
and some work from upstream [4], they (upstream) wrote a exception (draft)
in order to get ModSecurity back to Debian [5].
So upstream is basically waiting the green light from -legal on this
draft so the new release already includes it.
I'm sending this ITP because I understand this exception should solve
the problem and got positive feedback from other DDs. So please, if you
see something wrong with this talk now or STFU forever :)
Please Cc: me and Ivan since we're not subscribed.
Thanks,
Alberto
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=313615
[2] http://www.gnu.org/philosophy/license-list.html#GPLIncompatibleLicenses
[3] http://www.thinkingstone.com/about/legal/licensing-clarifications.html
[4] http://lists.debian.org/debian-legal/2008/01/msg00172.html
[5] http://blog.modsecurity.org/2008/06/modsecurity-lic.html
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.25.6 (PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--
Alberto Gonzalez Iniesta | They that give up essential liberty
agi@(agi.as|debian.org) | to obtain a little temporary safety
Encrypted mail preferred | deserve neither liberty nor safety.
-- Benjamin Franklin
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
--- End Message ---
--- Begin Message ---
- To: 487431-close@bugs.debian.org
- Subject: Bug#487431: fixed in libapache-mod-security 2.5.6-1
- From: Alberto Gonzalez Iniesta <agi@inittab.org>
- Date: Sun, 28 Dec 2008 16:41:19 +0000
- Message-id: <E1LGyhb-0004kg-74@ries.debian.org>
Source: libapache-mod-security
Source-Version: 2.5.6-1
We believe that the bug you reported is fixed in the latest version of
libapache-mod-security, which is due to be installed in the Debian FTP archive:
libapache-mod-security_2.5.6-1.diff.gz
to pool/main/liba/libapache-mod-security/libapache-mod-security_2.5.6-1.diff.gz
libapache-mod-security_2.5.6-1.dsc
to pool/main/liba/libapache-mod-security/libapache-mod-security_2.5.6-1.dsc
libapache-mod-security_2.5.6-1_i386.deb
to pool/main/liba/libapache-mod-security/libapache-mod-security_2.5.6-1_i386.deb
libapache-mod-security_2.5.6.orig.tar.gz
to pool/main/liba/libapache-mod-security/libapache-mod-security_2.5.6.orig.tar.gz
mod-security-common_2.5.6-1_all.deb
to pool/main/liba/libapache-mod-security/mod-security-common_2.5.6-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 487431@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <agi@inittab.org> (supplier of updated libapache-mod-security package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 08 Aug 2008 13:31:56 +0200
Source: libapache-mod-security
Binary: libapache-mod-security mod-security-common
Architecture: source all i386
Version: 2.5.6-1
Distribution: unstable
Urgency: low
Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>
Changed-By: Alberto Gonzalez Iniesta <agi@inittab.org>
Description:
libapache-mod-security - Tighten web applications security for Apache
mod-security-common - Tighten web applications security - common files
Closes: 487431
Changes:
libapache-mod-security (2.5.6-1) unstable; urgency=low
.
* The 'Back to the archive!' Release (Closes: #487431)
* Drop '2' from package name, now libapache-mod-security
* New upstream release
- Includes a new licensing exception that allows binary
distribution with licenses not compatible with GPLv2,
such as Apache's. See MODSECURITY_LICENSING_EXCEPTION
* Removed debian/bug and debian/rules entry to install bug
handling when out of the archive.
* Bumped Standards-Version to 3.8.0.0
Checksums-Sha1:
e2478e70bcc4e5731587cf171d60fbf7aab28775 1192 libapache-mod-security_2.5.6-1.dsc
5fb2b5ff3933d4bf766f2e46242bb991603e7081 1079094 libapache-mod-security_2.5.6.orig.tar.gz
4b04294f678e321e3125e10539f5f41f8e567d9c 14047 libapache-mod-security_2.5.6-1.diff.gz
a3f4fe8fa380ed8fd5beb9fd1c23a25bc5d6248e 697694 mod-security-common_2.5.6-1_all.deb
8b940c7e4cd75ef402e186954c7c515577776694 104688 libapache-mod-security_2.5.6-1_i386.deb
Checksums-Sha256:
0c7bc293620347a0e88ba58d81814260f827e66008270d5f284552c3fd85c430 1192 libapache-mod-security_2.5.6-1.dsc
9f38176cdb69e610238e5aa5401b0fc72972fc72af5d9203ada98f962833bdca 1079094 libapache-mod-security_2.5.6.orig.tar.gz
2dfcf9b02076cde712d78a974c5d551e1598e0b25b4e9aa3b46d25fa2deab809 14047 libapache-mod-security_2.5.6-1.diff.gz
19d3ebdb291f773ce65216e329308c766c5b7a197c63c2f677050a97f6db48e9 697694 mod-security-common_2.5.6-1_all.deb
9d2f74fea696955808bed08bb89de68872c84fb2188d9163381f63d32f6db5f0 104688 libapache-mod-security_2.5.6-1_i386.deb
Files:
a019e9e9d1c7fb8d85ef1c79b62800a3 1192 web optional libapache-mod-security_2.5.6-1.dsc
eb9e80a232269378752aa5b81f3e99f8 1079094 web optional libapache-mod-security_2.5.6.orig.tar.gz
39d211bf234c342e328232946be87b07 14047 web optional libapache-mod-security_2.5.6-1.diff.gz
5d7052ecf7c268e6b7d23ac6fce24d06 697694 web optional mod-security-common_2.5.6-1_all.deb
936f42672cf21f1ebff5865423b9c5eb 104688 web optional libapache-mod-security_2.5.6-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkki7ksACgkQxRSvjkukAcNJ9QCg9yMd/GqeUk7TFB9CesgMp8TU
0aYAoJD815W77xLwvUeIMpllW8AxIq8V
=EK4j
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: