Processed: Re: Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Processing control commands: > tags -1 + pending Bug #862363 [release.debian.org] jessie-pu: package dwww/1.12.1+deb8u1 Added tag(s) pending. -- 862363: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Control: tags -1 + pending On Tue, 2017-08-08 at 15:41 -0400, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2017-07-05 at 23:39 +0200, Robert Luberda wrote: > > +dwww (1.12.1+deb8u1) jessie; urgency=medium > > + > > + * Fix an old typo in the `Last-Modified' header name that prevents dwww > > +from working correctly on systems running the latest available jessie > > +version of apache2, which as a part its security update for > > CVE-2016-8743 > > +started enforcing HTTP headers conformance with the appropriate > > standards > > +(closes: #850016, #850885). > = > > Apologies for the delay in getting back to you; please go ahead. > > [...] > > Would this be accepted? If yes, could you please let me know how should > > I upload this, as I haven't uploaded anything to stable for ages? > > Build the package in a jessie chroot, then simply upload it as you would > for a package destined for any other suite in the main archive (e.g. > unstable). The archive software will automagically do the right thing > based on the changelog (more specifically the .changes) using a target > distribution of "jessie". Uploaded and flagged for acceptance. Regards, Adam
Processed: Re: Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Processing control commands: > tags -1 + confirmed Bug #862363 [release.debian.org] jessie-pu: package dwww/1.12.1+deb8u1 Added tag(s) confirmed. -- 862363: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Control: tags -1 + confirmed On Wed, 2017-07-05 at 23:39 +0200, Robert Luberda wrote: > +dwww (1.12.1+deb8u1) jessie; urgency=medium > + > + * Fix an old typo in the `Last-Modified' header name that prevents dwww > +from working correctly on systems running the latest available jessie > +version of apache2, which as a part its security update for > CVE-2016-8743 > +started enforcing HTTP headers conformance with the appropriate > standards > +(closes: #850016, #850885). = Apologies for the delay in getting back to you; please go ahead. [...] > Would this be accepted? If yes, could you please let me know how should > I upload this, as I haven't uploaded anything to stable for ages? Build the package in a jessie chroot, then simply upload it as you would for a package destined for any other suite in the main archive (e.g. unstable). The archive software will automagically do the right thing based on the changelog (more specifically the .changes) using a target distribution of "jessie". Regards, Adam
Processed: Re: Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Processing commands for cont...@bugs.debian.org: > reopen 862363 ! Bug #862363 {Done: Adrian Bunk} [release.debian.org] jessie-pu: package dwww/1.12.1+deb8u1 Bug reopened Changed Bug submitter to 'Robert Luberda ' from 'Adrian Bunk '. Ignoring request to alter fixed versions of bug #862363 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 862363: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
reopen 862363 ! thanks Cyril Brulebois writes: >> Could you please approve this change and allow Adrian to proceed with >> the NMU? >> >> It fixes a pretty old bug in dwww that was recently made visible (and >> thus made dwww mostly unusable) due to the security upload of apache2 >> into jessie. > > This is the kind of things that should have been in the pu request. This > should also be mentioned in the changelog. Fixing bugs is great, but > providing explanations while doing so is even better. > I can see that Adrian has closed the bug report, so I've just prepared another version of the patch: diff --git a/debian/changelog b/debian/changelog index d30cd60..48f6a8d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +dwww (1.12.1+deb8u1) jessie; urgency=medium + + * Fix an old typo in the `Last-Modified' header name that prevents dwww +from working correctly on systems running the latest available jessie +version of apache2, which as a part its security update for CVE-2016-8743 +started enforcing HTTP headers conformance with the appropriate standards +(closes: #850016, #850885). + dwww (1.12.1) unstable; urgency=medium * apache.conf: add an `Alias /dwww /var/www/dwww' line to accommodate diff --git a/scripts/dwww-convert b/scripts/dwww-convert index a9792c5..d296d32 100755 --- a/scripts/dwww-convert +++ b/scripts/dwww-convert @@ -327,7 +327,7 @@ sub PrintHeaders() { # {{{ print "Content-type: $mime_type" . (defined $mime_charset ? "; charset=$mime_charset\n" : "\n"); my @stat = stat( $filename ); my $mtime = $stat[9]; -print "Last modified: " . gmtime($mtime) . "\n"; +print "Last-modified: " . gmtime($mtime) . "\n"; print "Content-Disposition: inline; filename=\"$base_name\"\n"; print "\n"; } # }}} Would this be accepted? If yes, could you please let me know how should I upload this, as I haven't uploaded anything to stable for ages? Regards, robert
Processed: Re: Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Processing control commands: > tag -1 moreinfo Bug #862363 [release.debian.org] jessie-pu: package dwww/1.12.1+deb8u1 Added tag(s) moreinfo. -- 862363: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862363 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Control: tag -1 moreinfo Hi, Robert Luberda(2017-05-20): > Adrian Bunk wrote: [ a patch with no context whatsoever ] Seriously?! > Could you please approve this change and allow Adrian to proceed with > the NMU? > > It fixes a pretty old bug in dwww that was recently made visible (and > thus made dwww mostly unusable) due to the security upload of apache2 > into jessie. This is the kind of things that should have been in the pu request. This should also be mentioned in the changelog. Fixing bugs is great, but providing explanations while doing so is even better. KiBi. signature.asc Description: Digital signature
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
On Sat, 2017-05-20 at 11:40 +0200, Robert Luberda wrote: > Could you please approve this change and allow Adrian to proceed with > the NMU? > > It fixes a pretty old bug in dwww that was recently made visible (and > thus made dwww mostly unusable) due to the security upload of apache2 > into jessie. When someone has time to review it, they'll do so. Prioritising this request over others right now won't change when the fix reaches users. Adrian's request was filed just over a week ago; that's not really a long time to wait, particularly at this stage of a freeze. Regards, Adam
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adrian Bunk wrote: Hi, > > debian/changelog |8 scripts/dwww-convert |2 > +- 2 files changed, 9 insertions(+), 1 deletion(-) > > diff -Nru dwww-1.12.1/debian/changelog > dwww-1.12.1+deb8u1/debian/changelog --- > dwww-1.12.1/debian/changelog 2014-01-14 00:10:17.0 +0200 > +++ dwww-1.12.1+deb8u1/debian/changelog 2017-05-11 > 22:14:30.0 +0300 @@ -1,3 +1,11 @@ +dwww (1.12.1+deb8u1) > jessie; urgency=medium + + * Non-maintainer upload. + * Apply fix > from Holger Spielmann for the `Last-Modified' header. +(Closes: > #850016, #850885) + + -- Adrian BunkThu, 11 May > 2017 22:07:36 +0300 + dwww (1.12.1) unstable; urgency=medium > > * apache.conf: add an `Alias /dwww /var/www/dwww' line to > accommodate diff -Nru dwww-1.12.1/scripts/dwww-convert > dwww-1.12.1+deb8u1/scripts/dwww-convert --- > dwww-1.12.1/scripts/dwww-convert 2014-01-14 00:10:17.0 > +0200 +++ dwww-1.12.1+deb8u1/scripts/dwww-convert 2017-05-11 > 22:03:26.0 +0300 @@ -327,7 +327,7 @@ print "Content-type: > $mime_type" . (defined $mime_charset ? "; charset=$mime_charset\n" > : "\n"); my @stat = stat( $filename ); my $mtime = $stat[9]; - > print "Last modified: " . gmtime($mtime) . "\n"; +print > "Last-modified: " . gmtime($mtime) . "\n"; print > "Content-Disposition: inline; filename=\"$base_name\"\n"; print > "\n"; } # }}} > Release Team, Could you please approve this change and allow Adrian to proceed with the NMU? It fixes a pretty old bug in dwww that was recently made visible (and thus made dwww mostly unusable) due to the security upload of apache2 into jessie. Regads, robert, dwww maintainer -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAlkgDvoACgkQYx3nVTvo r9TEpxAAq+rfbXQzAHBv88RC28dbzo4D5c2Op2w/cuwQaV6kQZB089wsRuTtW4f2 7GovlpbwfXZR2TIp98KN3+kinz+CySu0n/XpKyfgFzdKUGuCVdoNpNLJV/YhXAWA E7t+BhGFIj0MTI1b4vDe4ZPxIDhtxFwFI57iW6G7RzqHOL6gVPbk4NZW+LKgaCma piW3ec7SGUR+ZTCa5QzMLCr9YUpubzeUBLD1EesFTtnjPZAyLqjYpEYQryRI/Udt WLISOyyRUCECcq89ff2FbR2Z62AOKHGFuR2dFLL41H5up69NRh/hK1JzwKBBVRCG 2v79CJy9gX8Ee8S4o9LvAbPeBwu0ga9WIcutMngbjJzLi+C2Qaex7A6D6zXzk3x5 XSMwFFB53eW1UJX4R0HZ+4V8D9ai1os3wTEDMpb/i2ZyeUFr138NtRDLL/hxqWqn Hmm/0XgzR0f6Nzvhmq25vbXgbAq2FIhsjA2s2b6dmktU5lSB92PdxrES9rnWFMXe g7J1rccrQ+n1C2YIzwxlvyZxtx2NkjfzzeWSP4gHdWOlfk8biorltMeURpxUV5X8 G0YPmj9uf0Ilx5fNTAoqfAb/wyLwM2ky46N8mO4jlVLJO8c+YL0LqDaQslurjTJw 9gqa9W4wgdPpRd7v4Ygamo/rpExLATaPmZYOUTHsg6rzdLfdD3c= =zpV9 -END PGP SIGNATURE-
Bug#862363: jessie-pu: package dwww/1.12.1+deb8u1
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu debian/changelog |8 scripts/dwww-convert |2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff -Nru dwww-1.12.1/debian/changelog dwww-1.12.1+deb8u1/debian/changelog --- dwww-1.12.1/debian/changelog2014-01-14 00:10:17.0 +0200 +++ dwww-1.12.1+deb8u1/debian/changelog 2017-05-11 22:14:30.0 +0300 @@ -1,3 +1,11 @@ +dwww (1.12.1+deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Apply fix from Holger Spielmann for the `Last-Modified' header. +(Closes: #850016, #850885) + + -- Adrian BunkThu, 11 May 2017 22:07:36 +0300 + dwww (1.12.1) unstable; urgency=medium * apache.conf: add an `Alias /dwww /var/www/dwww' line to accommodate diff -Nru dwww-1.12.1/scripts/dwww-convert dwww-1.12.1+deb8u1/scripts/dwww-convert --- dwww-1.12.1/scripts/dwww-convert2014-01-14 00:10:17.0 +0200 +++ dwww-1.12.1+deb8u1/scripts/dwww-convert 2017-05-11 22:03:26.0 +0300 @@ -327,7 +327,7 @@ print "Content-type: $mime_type" . (defined $mime_charset ? "; charset=$mime_charset\n" : "\n"); my @stat = stat( $filename ); my $mtime = $stat[9]; -print "Last modified: " . gmtime($mtime) . "\n"; +print "Last-modified: " . gmtime($mtime) . "\n"; print "Content-Disposition: inline; filename=\"$base_name\"\n"; print "\n"; } # }}}