Your message dated Thu, 23 May 2013 12:04:04 +0000 with message-id <e1ufufy-0004bq...@franck.debian.org> and subject line Bug#666848: fixed in modsecurity-apache 2.6.6-7 has caused the Debian Bug report #666848, regarding modsecurity-apache: sourceful transition towards Apache 2.4 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 666848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: modsecurity-apache Severity: important User: debian-apa...@lists.debian.org Usertags: apache24transition Dear maintainer, your package modsecurity-apache is provding an Apache2 web server module. We're upgrading Apache to the new upstream version 2.4 [1] (tracked as transition bug #661958). This requires all modules to be rebuilt due to ABI changes. Thus, you need to rebuild and reupload your Apache2 module package in a version compatible to our new package available in experimental [2]. Please note it is not enough to simply rebuild the module - it needs some adaptions in the module package metadata. We have written packaging guidelines for our reverse dependencies [3]. Please read it carefully, it should be able to answer most of your questions. Do also look at dh_apache2 (available through the dh-apache2 package) which can simplify packaging Apache2 modules. In short, we want to highlight these changes you need to be aware of. * APIs changed for some cases [3]. Chances are your module needs some adaptions, please get in touch with upstream or us if you need help to port your module to Apache 2.4. * MPM packages are gone. You cannot depend or conflict with a particular MPM anymore. If your module does not work with a particular module, make sure to make it abort with an error if loaded together with an incompatible MPM. You can use our apache2-maintscript-helper [4] to switch to the MPM of your choice in your maintainer scripts. * Do not build-depend on apache2-threaded-dev or apache2-prefork-dev anymore. Just like MPMs are gone, are our MPM -dev packages as well. All modules need to simply build-depend on apache2-dev. * Do NOT depend on apache2, apache2-common or any other real apache2 package in your binary module package. Depend on our virtual apache2-api-20120211 package only! * Do NOT call a2enmod/a2dismod in your maintainer scripts. Use our apache2-maintscript-helper [3] instead. This is required to get a uniform and stateful handling of all Apache2 modules. You can look at our Apache 2.4 packaging hints [5] for hands-on tutorials. Please note: This bug is filed as "important" for now. As the time goes by we plan make it a release critical severity. In the consequences your module either needs an update or is going to be removed from Wheezy. For the time being please tag the bug as pending as soon as you have a package ready. We strongly recommend that at least maintainers of complex module packages make an upload to experimental as well. Of course, uploading simple modules to experimental is welcome, too. [1] https://lists.debian.org/debian-devel-announce/2012/03/msg00013.html [2] http://packages.debian.org/search?keywords=apache2&searchon=sourcenames&exact=1&suite=all§ion=all [3] http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git;a=blob;f=debian/PACKAGING;hb=next [4] http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html [5] http://wiki.debian.org/Apache/PackagingFor24
--- End Message ---
--- Begin Message ---Source: modsecurity-apache Source-Version: 2.6.6-7 We believe that the bug you reported is fixed in the latest version of modsecurity-apache, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 666...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated modsecurity-apache package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 23 May 2013 13:38:35 +0200 Source: modsecurity-apache Binary: libapache2-modsecurity libapache-mod-security Architecture: source amd64 all Version: 2.6.6-7 Distribution: experimental Urgency: low Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org> Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org> Description: libapache-mod-security - Dummy transitional package libapache2-modsecurity - Tighten web applications security for Apache Closes: 666848 Changes: modsecurity-apache (2.6.6-7) experimental; urgency=low . [Arno Töll] * Add support for Apache 2.4 using the patch provided by Ondřej Surý (Closes: #666848) * Move apache2 configuration files to their canonical name: - mod-security.load -> security2.load - mod-security.conf -> security2.conf Thus, also slightly raise the debhelper build dependency to 8.1. * Update security2.conf for changes in Apache 2.4 Checksums-Sha1: 254e832b58e6d5d9f902203846e91a74504c111e 1322 modsecurity-apache_2.6.6-7.dsc ecc69f464e486ece1c94e54868bcf8a91463954a 10297 modsecurity-apache_2.6.6-7.debian.tar.gz da05a5c96b77d57ee6c9e32d64a93e933ef467c1 302928 libapache2-modsecurity_2.6.6-7_amd64.deb 369b6edc34d9533536779946ba6d5f630ca1effe 18494 libapache-mod-security_2.6.6-7_all.deb Checksums-Sha256: 25932f02a596afe7b0848097b885e32af33fd8b705940525f99f951b3f5f68fa 1322 modsecurity-apache_2.6.6-7.dsc 68e5722489c280ac0dcebaf343f8aaf648d79914f0476eb8f1f301d855406c0b 10297 modsecurity-apache_2.6.6-7.debian.tar.gz 3768d2585cc62b48e527e418c614d9e20e36f82a52267cf7e3105f06cb8646d0 302928 libapache2-modsecurity_2.6.6-7_amd64.deb 7463425ca920285f036399177b8a841a5e8a44466d2467d72d26f09e4cbcc3e7 18494 libapache-mod-security_2.6.6-7_all.deb Files: a1b0689cf297e354c170e408b4b14c95 1322 httpd optional modsecurity-apache_2.6.6-7.dsc 3c7a57a73fdadb5a28e23a89fc2db403 10297 httpd optional modsecurity-apache_2.6.6-7.debian.tar.gz 890ccfe14eb3b85279b159d1a3dee2fd 302928 httpd optional libapache2-modsecurity_2.6.6-7_amd64.deb e195c5db81a6561c94b355e148337d5e 18494 oldlibs extra libapache-mod-security_2.6.6-7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGeAO0ACgkQxRSvjkukAcM2DwCeMCYjuleLKvdac9hHRZscei/D t3EAoLPKk6+fCn0c573NEjvciKCmB7di =N6XV -----END PGP SIGNATURE-----
--- End Message ---
