Package: mailman
Severity: important
User: [email protected]
Usertags: apache24webapptransition
Dear maintainer,
your package mailman is a web application which supports the Apache2
web server. We're upgrading Apache to the new upstream version 2.4 [1]
(tracked as transition bug #661958). This requires some changes in your
package about how to interface to our package. You can test your package
against our package available in experimental [2] which is soon to be
uploaded to Sid. Please note, chances are that for the time being, third
party modules (e.g. mod_php, mod_perl and such) are not yet available in
a version capable to run with the Apache 2.4 web server. You can use
their (Fast-)CGI counter parts, e.g. php5-fpm to test your packages. You
can see an up to date state of modules being in the transition to
Apache2 2.4 at [3]. We have written packaging guidelines for our reverse
dependencies [4]. Please read this document carefully, it should be able
to answer most of your questions. Do also look at dh_apache2 (available
through the dh-apache2 package) which can simplify shipping of Apache2
configuration files.
In short, we want to highlight these changes you need to be aware of:
* Do NOT declare a strong relation against apache2.2-common (or
apache2-common as its natural successor). Instead recommend "apache2 |
httpd" in your package relationships.
* Do NOT install any files to /etc/apache2/conf.d/. This directory is
obsolete. Its successor is /etc/apache2/conf-available/ which can be
interfaced through a2enconf/a2disconf
* Do NOT call a2enconf/a2disconf in your maintainer scripts. Use our
apache2-maintscript-helper [4] instead. This is required to get a
uniform and stateful handling of all web applications interfacing with
Apache2.
* Please use the new authentication and authorization directives of
Apache 2.4 [6]. While the old style directives are in principle still
supported using mod_access_compat, mixing old and new style directives
can cause problems. Moreover, the compatibility mode may be removed in
a future release.
You can look at our Apache 2.4 packaging hints [7] for hands-on
tutorials.
[1] https://lists.debian.org/debian-devel-announce/2012/03/msg00013.html
[2] http://packages.debian.org/search?keywords=apache2&searchon=sourcenames&exact=1&suite=all§ion=all
[3] http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=apache24transition;[email protected]
[4] http://anonscm.debian.org/gitweb/?p=pkg-apache/apache2.git;a=blob;f=debian/PACKAGING;hb=next
[5] http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html
[6] http://httpd.apache.org/docs/2.4/upgrading.html#run-time
[7] http://wiki.debian.org/Apache/PackagingFor24
Acknowledgement sent
to "Thijs Kinkhorst" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Tue, 24 Apr 2012 20:18:06 GMT) (full text, mbox, link).
Subject: Re: [Pkg-mailman-hackers] Bug#669813: mailman: transition towards
Apache 2.4
Date: Tue, 24 Apr 2012 22:15:15 +0200
On Sat, April 21, 2012 14:07, [email protected] wrote:
> Package: mailman
> Severity: important
> User: [email protected]
> Usertags: apache24webapptransition
Thanks. I plan to include this when we upload upstream's 2.1.15 release.
Thijs
Acknowledgement sent
to Stefan Fritsch <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Fri, 18 May 2012 05:17:14 GMT) (full text, mbox, link).
Subject: Apache2 2.4 transition postponed until after Wheezy
Date: Fri, 18 May 2012 07:13:01 +0200
Hi,
we have decided to postpone the transition to apache2 2.4. The main blocker is that mod_perl needs a major new upstream release which very likely won't be ready in time for Wheezy and we don't want to release Wheezy without mod_perl.
The transition will probably happen shortly after the release of Wheezy. We are sorry for any inconvenience this may have caused.
Cheers,
Stefan
Acknowledgement sent
to "Thijs Kinkhorst" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Sun, 20 May 2012 14:03:06 GMT) (full text, mbox, link).
Subject: Re: [Pkg-mailman-hackers] Bug#669813: mailman: transition towards
Apache 2.4
Date: Sun, 20 May 2012 15:59:37 +0200
severity 669813 wishlist
retitle 669813 automatically configure Apache
thanks
Hi,
On Sat, April 21, 2012 14:07, [email protected] wrote:
> your package mailman is a web application which supports the Apache2
> web server. We're upgrading Apache to the new upstream version 2.4 [1]
Current Mailman packaging is very light on Apache interactions. I verified
the package and concluded that current package is not incompatible with
2.4, so not a part of/a blocker for this transition.
We could use more Apache interactions, but probably best to do that with
2.4 from the start, so retitling the bug accordingly.
cheers,
Thijs
Changed Bug title to 'automatically configure Apache' from 'mailman: transition towards Apache 2.4'
Request was from "Thijs Kinkhorst" <[email protected]>
to [email protected].
(Sun, 20 May 2012 14:03:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Arno Töll <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Thu, 30 May 2013 20:34:58 GMT) (full text, mbox, link).
Dear fellow maintainers,
we have just uploaded Apache2 2.4 to Unstable along with some important
module reverse dependencies. That means, starting with today your
package will behave slightly broken if you are going to install
configuration snippets enabling your module in the Apache web server.
Having that said, some of your packages might be RC broken, depending on
what exactly you do.
Even if you do not do so, please check at very least whether your
configuration fits with Apache2 2.4.
Please read our instructions carefully if you are going to upgrade your
package. We gave you detailed instructions what to do. In particular
watch your dependencies, and do not use a2ensite/a2dissite directly.
Comprehensive guidelines how to upgrade your package were given when we
filed this bug.
Contrary to the situation from last year when we filed this bug, by now
the most important third party modules (wsgi, php, etc.) should be
available to you to test.
--
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
Acknowledgement sent
to Joey Hess <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Thu, 08 Aug 2013 00:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Michael Paoli" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Tue, 11 Jul 2017 14:45:05 GMT) (full text, mbox, link).
Subject: Debian bug: mailman: Re: Archives not-->now working (need Require
all granted in <Directory /var/lib/mailman/archives/public/>)
Date: Tue, 11 Jul 2017 07:23:01 -0700
Most relevant bit found among Debian bugs:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669813#36
The new apache security model requires adding this to the
Directory stanza for mailman:
Require all granted
But that's not particularly detailed, most notably omits
mention of
/etc/mailman/apache.conf
and the
<Directory /var/lib/mailman/archives/public/>
section within.
Recommended to (mostly) fix mailman 1:2.1.18-2+deb8u1 amd64:
$ diff -U 5 etc/mailman/apache.conf.bug_669813 etc/mailman/apache.conf
--- etc/mailman/apache.conf.bug_669813 2016-09-14 23:05:02.000000000 -0700
+++ etc/mailman/apache.conf 2017-07-11 07:01:29.116879436 -0700
@@ -26,10 +26,11 @@
<Directory /var/lib/mailman/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
+ Require all granted
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Order allow,deny
Allow from all
$
At least that's the case for Jessie (presently oldstable)
(
Debian GNU/Linux 8.8 (jessie) x86_64
mailman 1:2.1.18-2+deb8u1 amd64
apache2 2.4.10-10+deb8u9 amd64
)
I haven't (at least yet) checked to see if there's patch applied
yet for newer than mailman 1:2.1.18-2+deb8u1 amd64 that may cover
that fix.
In the meantime, for work-around for at least those versions,
in Apache configuration, in addition to (which I added):
Include ../mailman/apache.conf
(or
Include /etc/mailman/apache.conf
or equivalent
)
also add (and if the above is used via Include, use this *after* the above):
<Directory /var/lib/mailman/archives/public/>
Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
> From: "Michael Paoli" <[email protected]>
> Subject: Archives now working: BALUG-Test list
> Date: Tue, 11 Jul 2017 00:36:28 -0700
> Archives are now working.
> Relevant bit ... I ought (when I get around to it) check if there's
> bug filed (it may already be fixed even - but not yet to stable).
> The missing bit ... I'd (rather than redundantly copied/maintain) used:
> (relative to /etc/apache2):
> Include ../mailman/apache.conf
> in file sites-available/Include/temp.balug.org
> that was almost all well fine and good (I'd reviewed
> ./mailman/apache.conf earlier). But it left out one key needed bit,
> it has:
> <Directory /var/lib/mailman/archives/public/>
> Options FollowSymlinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
> but needs:
> <Directory /var/lib/mailman/archives/public/>
> Options FollowSymlinks
> AllowOverride None
> Order allow,deny
> Allow from all
> Require all granted
> </Directory>
> My relatively simple fix,
> add to file
> sites-available/Include/temp.balug.org
> <Directory /var/lib/mailman/archives/public/>
> Options FollowSymlinks
> AllowOverride None
> Order allow,deny
> Allow from all
> Require all granted
> </Directory>
> after:
> Include ../mailman/apache.conf
> ... Apache doesn't seem to care about the same
> <Directory /var/lib/mailman/archives/public/>
> appearing twice, and seems in that case to just use the latter fine,
> So ... /etc/mailman/apache.conf
> should have included but failed to include, in it's section:
> <Directory /var/lib/mailman/archives/public/>
> the line:
> Require all granted
> So ... I think I'd call that a "bug" - even if it's documentation
> errata. Might be a Debian specific patch needed, as other
> distributions and/or Apache may have different defaults on
> that security.
https://temp.balug.org/pipermail/balug-test/2017-July/000004.html
temp.balug.org will in future be moved to lists.balug.org, so that
will become:
https://lists.balug.org/pipermail/balug-test/2017-July/000004.html
Acknowledgement sent
to Geert Stappers <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Wed, 25 Apr 2018 14:00:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Thijs Kinkhorst" <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Wed, 25 Apr 2018 14:51:03 GMT) (full text, mbox, link).
On Wed, April 25, 2018 15:57, Geert Stappers wrote:
> Control: tag -1 patch
>
> Hi,
>
> FWIW I also needed the patch describe
> in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669813#41
>
> So now tagging this BR with 'patch'
This specific configuration change has been made since Stretch (1:2.1.20-1).
So I don't think this bug report should be tagged 'patch', as the original
wish is not satisfied (and likely will not be because focus is on
Mailman3).
Cheers,
Thijs
Acknowledgement sent
to Geert Stappers <[email protected]>:
Extra info received and forwarded to list. Copy sent to Mailman for Debian <[email protected]>.
(Thu, 26 Apr 2018 10:00:05 GMT) (full text, mbox, link).
Control: tag -1 -patch
On Wed, Apr 25, 2018 at 04:40:57PM +0200, Thijs Kinkhorst wrote:
> On Wed, April 25, 2018 15:57, Geert Stappers wrote:
> >
> > FWIW I also needed the patch described
> > in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669813#41
> >
> > So now tagging this BR with 'patch'
>
> This specific configuration change has been made since Stretch (1:2.1.20-1).
>
> So I don't think this bug report should be tagged 'patch', as the original
> wish is not satisfied (and likely will not be because focus is on
> Mailman3).
I admit that I was helping friends with Mailman on an Ubuntu system.
Doing `debcheckout mailman` on Debian system indeed reveals
file debian/contrib/apache.conf with 'Require granted all'.
Bugreport now contains that information.
Removed the 'patch' tag.
Groeten
Geert Stappers
--
Leven en laten leven
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.