/usr/share/doc/apache2/examples/setup-instance neglects to create symlinkjs a2enconf-$SUFFIX and a2disconf-$SUFFIX in /usr/local/sbin

Bug #1430936 reported by Patrick on 2015-03-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)

Bug Description

The apache2 package provides an example script:

use of which is described in:

This setup-instance script creates the following symbolic links for the new apache2 instance, e.g. "XXX":
/usr/local/sbin/a2enmod-XXX -> /usr/sbin/a2enmod
/usr/local/sbin/a2dismod-XXX -> /usr/sbin/a2dismod
/usr/local/sbin/a2ensite-XXX -> /usr/sbin/a2ensite
/usr/local/sbin/a2dissite-XXX -> /usr/sbin/a2dissite
/usr/local/sbin/apache2ctl-XXX -> /usr/sbin/apache2ctl
/usr/local/sbin/apache2ctl-XXX -> /usr/sbin/apache2ctl

It should similarly create:
/usr/local/sbin/a2enconf-XXX -> /usr/sbin/a2enconf
/usr/local/sbin/a2disconf-XXX -> /usr/sbin/a2disconf

That is, line 28, which reads:
   for a in a2enmod a2dismod a2ensite a2dissite apache2ctl ; do

should instead read:
   for a in a2enconf a2disconf a2enmod a2dismod a2ensite a2dissite apache2ctl ; do

CVE References

Patrick (patrick123) wrote :

(Typo in the summary: "symlinkjs" should be "symlinks")

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apache2 - 2.4.12-2ubuntu1

apache2 (2.4.12-2ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - Add dep8 tests.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html: replace Debian with Ubuntu on default page.
    - Allow "triggers-awaited" and "triggers-pending" states in addition
      to "installed" when determining whether to defer actions or
      process deferred actions.
  * Drop patches (applied upstream):
    - d/p/split-logfile.patch
    - d/p/CVE-2015-0228.patch
  * Drop changes (superceded in Debian):
    - Cherry-pick versioned build-depend on dpkg from Debian for correct
      dpkg-maintscript-helper symlink_to_dir support.
  * Drop changes (adopted in Debian):
    - d/control, d/config-dir/mods-available/ssl.conf,
      d/ask-for-passphrase, d/apache2.install: Plymouth aware passphrase
      dialog program ask-for-passphrase.
  * Fix cross-building configure line in d/rules, which had bit-rotted in
    previous merges.

apache2 (2.4.12-2) unstable; urgency=medium

  [ Jean-Michel Nirgal Vourgère ]
  * d/control:
    + Update Vcs-Browser.
  * d/copyright:
    + Change d/debhelper/dh_apache2 to dh_apache2.in.
    + Drop paragraph about inexistant itk patches.

  [ Stefan Fritsch ]
  * Remove all the transitional packages:
    apache2-mpm-worker, apache2-mpm-prefork, apache2-mpm-event,
    apache2-mpm-itk, apache2.2-bin, apache2.2-common,
    libapache2-mod-proxy-html, libapache2-mod-macro, apache2-suexec
    This also fixes the dependency problems caused by a recent version
    of debhelper (see #784803).

apache2 (2.4.12-1) unstable; urgency=medium

  * New upstream version
  * Add a patch for CVE-2015-0253 which was introduced in 2.4.11 which
    was never shipped in Debian.
  * Ship mod_proxy_html's default config file. Closes: #782022
  * Fix typo in dh_apache2 man page. Closes: #781032

apache2 (2.4.10-11) unstable; urgency=medium

  * core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
    This could cause all kinds of strange behavior. PR 56008. PR 57328
  * mpm_event: Fix process deadlock when shutting down a worker. PR 56960
  * mpm_event: Fix crashes due to various race conditions. Closes: #779078

apache2 (2.4.10-10) unstable; urgency=medium

  * CVE-2015-0228: mod_lua: Fix denial of service vulnerability in
  * Fix setup-instance example script to handle a2enconf/a2disconf.
    LP: #1430936
  * Tweak mention of mod_access_compat in NEWS.Debian. The module does
    not really work in practice.

 -- Robie Basak <email address hidden> Thu, 28 May 2015 16:34:00 +0000

Changed in apache2 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers