<br /> Where Oh Where Are the Updated Apache Packages – Debian Planet

Welcome to Debian Planet

News for Debian. Stuff that *really* matters

Sponsorship

Debian Planet is hosted by Bluelinux Internet Services Ltd. Offering a special discounted rate for Free and Open Source software community members.

Buy your Debian merchandise at DebianShop.com.

Debian
These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Debian Weekly News — excellent news source!
  • Unofficial APT sources
    (apt-get.org)

  • Developers’ Corner
  • Community
    Need help? You’re not alone on this planet.

  • Planet Debian
  • debianHELP
    (User support site)

  • Debian Administration
    (SysAdmin resources)

  • Debian International
  • DebianForum.de
    (Deutsch)

  • DebianForum.dk
    (Dansk)

  • EsDebian
    (Español)

  • DebianWorld
    (Français)

  • Debian-Fr
    (Français)

  • MaximumDebian
    (Italiano)

  • DebianItalia
    (Italiano)
  • DebianUsers
    (한국어)

  • Debian-BR
    (Português)

  • DebianHOWTO
    (Deutsch)

  • Russian Debian (Русский)
  • Debian-JP
    (日本語)
  • Debian Suisse
    (Suisse)
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    General feedback should be sent to staff@debianplanet.org

    IRC
    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.oftc.net.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.

    Syndicate
    XML

    Where Oh Where Are the Updated Apache Packages
    Submitted by Anonymous on Friday, June 21, 2002 – 18:09
    SecuritySo everyone knows that the Apache Web Server had a bad security flaw which was quickly fixed, and the stable version of Debian has already released an update… but where is the update for the testing distribution? Many people run production servers on the middle-of-the-road distro and are (as far as I can tell) left out in the cold right now 🙁 Anyone know where the missing packages are?
    Debian does not provide security updates for testing or for unstable.
    apache 1.3.26-1 went into sid today. packages for woody have
    been uploaded into the new testing-security system. since i
    have no idea how long that’s going to take to be visible to users,
    http://satie.debian.org/~willy/ provides packages for those who have
    foolishly upgraded to a distribution which does not yet provide security
    releases.

    I’m going to cc debian-devel & debian-user with this so that hopefully
    more people get to see this and STOP FILING BUGS ABOUT THIS. I have
    already noticed there’s a security problem, believe it or not.
    Category: Opinion

    Control panel

    Comment viewing options:



    Select your prefered way to display the comments and click ‘Update settings’ to activate your changes.

    Subject: Re: Where Oh Where Are the Updated Apache Packages
    Author: NoMercy
    Date: Monday, 2002/06/24 – 01:34
    Debian needs to keep a current branch, something which isn’t testing, but something which is the current state of affairs containing security patches as well as the near-latest releases, things from testing which are stable.

    The current state of affiars has left me tempted to go back to slackware.

    [ Please login, or register ]

    Subject: security update for woody starting to show up
    Author: noahm
    Date: Sunday, 2002/06/23 – 22:58
    While no DSAs will be released for woody until it becomes stable, updated packages are being built by the new security build system. Make sure you have the right apt source line for security:
    deb http://security.debian.org/ woody/updates main

    There are no guarantees, but they’re likely to be as good as any other unofficial builds you’ll find out there.

    noah

    [ Please login, or register ]

    Subject: Re: Where Oh Where Are the Updated Apache Packages
    Author: gregbjohns
    Date: Sunday, 2002/06/23 – 01:41
    I have updated packages and sources for Woody
    (testing) for both i386 and Sparc
    up on http://lynx.yyz.be/

    Got them from incoming.debian.org and the .se
    ftp mirror.

    [ Please login, or register ]

    Subject: Re: Where Oh Where Are the Updated Apache Packages
    Author: jimpop
    Date: Saturday, 2002/06/22 – 23:50
    [i]…provides packages for those who have foolishly upgraded to a distribution which does not yet provide security releases.[/i]

    What! Mandrake, SuSE, and RedHat all provide security releases, and all for their current versions. 😉 SERIOUSLY, it is time for Debian to finalize and release a mainstream version…again.

    [ Please login, or register ]

    Subject: They’re ther
    Author: inan
    Date: Saturday, 2002/06/22 – 05:04
    As of 12:04 EDT the woody packages are up on security.debian.org. Thanks a million security team!
    [ Please login, or register ]

     

    Subject: Re: They’re ther
    Author: nereid
    Date: Saturday, 2002/06/22 – 22:44
    apache-ssl is NOT (?!) I don’t know if have relation with non-us….
    But it is on http://satie.debian.org/~willy/
    TNX Willy!
    [ Please login, or register ]

     

    Subject: apache-ssl *IS* there
    Author: gwolf
    Date: Monday, 2002/06/24 – 15:55
    ...
    Unpacking replacement apache-ssl ...
    Preparing to replace apache 1.3.24-3 (using .../apache_1.3.26-0woody1_i386.deb) ...

    Monday morning.

    [ Please login, or register ]

    Subject: Re: Where Oh Where Are the Updated Apache Packages
    Author: grolschie
    Date: Saturday, 2002/06/22 – 02:04
    http://satie.debian.org/~willy/ provides packages for those who have foolishly upgraded to a distribution which does not yet provide security releases.

    I take exception to that statement, seeing since we have a stale mouldy old Potato for a stable release. People who have upgraded to testing rather than switch to a more up-to-date (non-prehistoric) Linux distributions are not fools. Or are we for sticking with Debian? I really wonder sometimes.

    If it weren’t for .deb packaging…………

    [ Please login, or register ]

    Subject: Re: Where Oh Where Are the Updated Apache Packages
    Author: DerJoern
    Date: Friday, 2002/06/21 – 19:39
    Go to for favorite debian mirror, change to
    debian/pool/main/a/apache, wget apache-common_1.3.26-1_$ARCH.deb and apache_1.3.26-1_$ARCH.deb, throw it to dpkg and sit back.

    Yupp, I know that this packages are not properly tested.

    [ Please login, or register ]

     

    Subject: Unfortunately it’s not that easy.
    Author: captainlarry
    Date: Friday, 2002/06/21 – 20:28
    There are other problems. Currently I can’t upgrade my apache instance because it wants to uninstall apache-perl which I run on another interface because running libapache-mod-perl as a DSO module is incredibly unreliable (and in fact causes apache to segfault on start up if php or modssl are also active).

    So my choices are running an insecure system, which with an exploit of this size makes me really uncomfortable, or disabling all my mod_perl services until a patched version is available.

    To clarify my position, I’m a big fan of Debian and have been using since about ’95. But this is a problem. Stable is too old to be of much use to many and the response is run testing/unstable. That’s fine with me, I have suffienct clue to deal with the occasional packaging bugs. But it’s been a few days and I still can’t upgrade my apache install to solve a potential remote root exploit and the response is that there are no security packages for testing? WTF?

    Adam.

    [ Please login, or register ]

     

    Subject: Re: Unfortunately it’s not that easy.
    Author: schth
    Date: Friday, 2002/06/21 – 21:09
    Sorry, but everyone knows that woody is testing and that means it is not the stable distribution. It’s not supposed to be used in a productive environment and if you do it, you have to live with it that the security updates are a little bit late.
    Woody is finished when it is finished and until then we don’t have to expect security updates as fast as in stable. But soon it will be the stable distro… I’m also eager for it.

    Thomas

    [ Please login, or register ]

     

    Subject: Re: Unfortunately it’s not that easy.
    Author: geoffbeaumont
    Date: Friday, 2002/06/21 – 23:10
    It’s a bit of a Hobson’s choice, though. For many of us, Potato lacks numerous packages (or the versions are too old to be of use). So we have a choice – accept the risk of running Woody before it’s released, or use a different distribution. Potato isn’t really an option.
    [ Please login, or register ]

     

    Subject: Re: Unfortunately it’s not that easy.
    Author: jimpop
    Date: Saturday, 2002/06/22 – 19:15
    I agree completely.

    Debian is doomed as a well used OS unless the distros can be more streamlined and released at something less than a snails pace. Potato is what 4 years old now?!? That’s 2 lifetimes on the Internet. Even M$ has better more feature-full releases in shorter amounts of time.

    [ Please login, or register ]

     

    Subject: Re: Unfortunately it’s not that easy.
    Author: Integral
    Date: Saturday, 2002/06/22 – 23:02
    Potato is what 4 years old now?!?

    Where did you get this number from? Is someone spreading falsehoods on some other web site?

    (FYI: potato is less than two years old)

    Daniel

    [ Please login, or register ]

     

    Subject: Re: Unfortunately it’s not that easy.
    Author: jimpop
    Date: Saturday, 2002/06/22 – 23:45
    That’s not my understanding…. It may have been release 2 years ago, but it’s been around a lot longer than that. Still, 2 years is a lifetime these days. Peace….Out.
    [ Please login, or register ]

     

    Subject: Re: Unfortunately it’s not that easy.
    Author: annoia
    Date: Sunday, 2002/06/23 – 19:13
    Still, 2 years is a lifetime these days.
    And now it’s being replaced… Follows the cycle beautifully! 🙂
    [ Please login, or register ]

     

    Subject: Actually it’s not that bad.
    Author: captainlarry
    Date: Friday, 2002/06/21 – 21:09
    Just wanted to comment that right after posting this I made the decision to kill my mod_perl services and just wait for a package to be available.

    A few minutes after actually doing that I got a response from Daniel Jacobowitz that the packages had been uploaded to security.debian.org. Sure enough, a quick change to sources.list and I’m rocking and rolling again.

    Sorry for doubting my one true faith. 🙂

    For those that are in a similar situation make sure you are syncing off unstable and then add this line to your sources.list:

    deb http://security.debian.org/ woody/updates main contrib non-free

    Thanks again to all the Debian folks out there.

    Adam.

    [ Please login, or register ]

    Search articles



    Category
    ·News (407)
    ·Features (5)
    ·Site News (16)
    ·HOWTOs (80)
    ·Tips (21)
    ·Opinion (29)
    ·Q & A (35)
    ·Sponsorship (1)
    ·Press Releases (5)

    Log in
    Username:

    Password:

    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-943 perl
    DSA-942 albatross
    DSA-903 unzip
    DSA-941 tuxpaint
    DSA-940 gpdf
    DSA-939 fetchmail
    DSA-938 koffice
    DSA-937 tetex-bin
    DSA-936 libextractor
    DSA-935 libapache2-mod-auth-pgsql

    Planet Debian
    Wouter Verhelst: On flames.
    Joachim Breitner: Fixing my planet.debian.org subscription
    Steve Kemp: She has the blood of reptile just underneath her skin
    Pierre Habouzit: Married …
    Pierre Habouzit: whitelister 0.4 (SPF) and aaege ….
    Pierre Habouzit: kde 3.4.1 upload
    Holger Levsen: In case you are running OpenWRT
    Michael Janssen: Shiny roofs are good for the environment!
    Matthew Palmer: Work it out yourself, dammit!
    Axel Beckert: Tell me which music you like and I tell who you are

    Debian Administration
    How do I prevent rebuilt packages from being upgraded?
    Disabling the print-screen key inside X?
    Monitoring your bandwidth usage with vnstat
    Ruby on Rails on Debian
    Choice for Virtual Private Servers?
    Monitoring your hardware’s temperature
    Sending mail with Exim from ‘dialup’ IP
    How to recover GRUB Debian Sarge after reinstalling Windows
    Getting a GUI
    Spam filtering with Pyzor and SpamBayes

    Latest poll: Which release scheme should Debian follow?
    Continue this way (release when ready)
    48%
     
    Give up on releasing
    8%
       
    Split the release up
    8%
       
    Speed the release up
    32%
       
    Crank the workload up (see DebianWiki ReleaseProposals for details on these)
    4%
       

    Total votes: 372
    0 comments · older polls

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal

    Debian Planet is not officially related to the Debian Project.
    Debian and the Debian logo are trademarks of Software in the Public Interest, Inc.