[apache2] 01/01: Fix conffiles from wheezy upgrade
Stefan Fritsch
sf at moszumanska.debian.org
Wed Aug 10 10:06:41 UTC 2016
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit 237b6b842b3eb4674a6b09d456290d6a0905043d
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Wed Aug 10 11:25:19 2016 +0200
Fix conffiles from wheezy upgrade
Some conffile may have got the wrong content during upgrade from
wheezy to early jessie versions. In order to fix this without dpkg
prompting the user, we need to replace those conffiles during preinst.
Unfortunately, in preinst the package is not yet unpacked so we cannot
access any of its files. Therefore, the correct conffile content is
embedded in a base64 encoded tarball in the preinst script.
---
debian/apache2.postinst | 20 ++++++++++
debian/apache2.preinst.in | 96 +++++++++++++++++++++++++++++++++++++++++++++++
debian/changelog | 7 ++++
debian/clean | 3 ++
debian/create_preinst | 32 ++++++++++++++++
debian/rules | 17 ++++++++-
6 files changed, 174 insertions(+), 1 deletion(-)
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index b00075f..7063dfa 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -240,9 +240,29 @@ execute_deferred_actions ()
rm /var/lib/apache2/deferred_actions
}
+list_fixup_conffiles () {
+ cat <<- EOF
+ /etc/bash_completion.d/apache2
+ /etc/apache2/sites-available/000-default.conf
+ /etc/apache2/sites-available/default-ssl.conf
+ /etc/apache2/conf-available/charset.conf
+ /etc/apache2/conf-available/localized-error-pages.conf
+ /etc/apache2/conf-available/other-vhosts-access-log.conf
+ /etc/apache2/conf-available/security.conf
+ EOF
+}
+
case "$1" in
configure)
+ if dpkg --compare-versions "$2" lt-nl "2.4.23-3~" ; then
+ list_fixup_conffiles | while read FILE ; do
+ if [ -e "${FILE}.dpkg-remove-fixup" ] ; then
+ echo "Removing backup copy of $FILE"
+ rm "${FILE}.dpkg-remove-fixup"
+ fi
+ done
+ fi
enable_default_mpm $@
refresh_modules $@
install_default_files $@
diff --git a/debian/apache2.preinst.in b/debian/apache2.preinst.in
new file mode 100644
index 0000000..1139f9b
--- /dev/null
+++ b/debian/apache2.preinst.in
@@ -0,0 +1,96 @@
+#! /bin/bash
+# preinst script for apache2
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+FIXUP_TEMPFILE=
+
+
+list_fixup_conffiles () {
+ cat <<- EOF
+ /etc/bash_completion.d/apache2 6a5f85e62655f6b5c8fa0f95c7c35c9c removed
+ /etc/apache2/sites-available/000-default.conf 2cc450cf300a880abbc3767fc002477d
+ /etc/apache2/sites-available/default-ssl.conf 196d150beeaeaf845ece50d7e84e12de
+ /etc/apache2/conf-available/charset.conf e6fbb8adf631932851d6cc522c1e48d7
+ /etc/apache2/conf-available/localized-error-pages.conf 844ba27ddb794fc6967bfb56b950e6a8
+ /etc/apache2/conf-available/other-vhosts-access-log.conf 2cad303fc4221d6b0068a8b37597b9fb
+ /etc/apache2/conf-available/security.conf 0f644d9d04ad556f44f1e65674bc07dc
+ EOF
+}
+
+create_fixup_conffiles_tgz () {
+ FIXUP_TEMPFILE=$(mktemp)
+ base64 -d > $FIXUP_TEMPFILE << EOF
+XXX_FIXUP_CONFFILES_BASE64_XXX
+EOF
+}
+
+extract_fixup_conffile () {
+ local FILE=$1
+ local BASENAME=${FILE##*/}
+ tar -xz -O -f $FIXUP_TEMPFILE $BASENAME > $FILE
+}
+
+replace_broken_conffiles () {
+ local FILE
+ local MD5
+ create_fixup_conffiles_tgz
+ while read FILE MD5 REMOVED ; do
+ if [ -f "$FILE" ] && md5sum "$FILE" | grep -q "^$MD5 " ; then
+ echo "Replacing broken conffile ${FILE}."
+ mv "$FILE" "${FILE}.dpkg-remove-fixup"
+ if [ -z "$REMOVED" ] ; then
+ extract_fixup_conffile "$FILE"
+ fi
+ fi
+ done
+ rm -f "$FIXUP_TEMPFILE"
+}
+
+revert_broken_conffiles () {
+ local FILE
+ local MD5
+ local REMOVE
+ while read FILE MD5 REMOVED; do
+ if [ -f "$FILE.dpkg-remove-fixup" ]; then
+ echo "Moving broken conffile $FILE back."
+ mv "${FILE}.dpkg-remove-fixup" "$FILE"
+ fi
+ done
+}
+
+case "$1" in
+ upgrade)
+
+ if dpkg --compare-versions "$2" lt-nl "2.4.23-3~" ; then
+ list_fixup_conffiles | replace_broken_conffiles
+ fi
+
+ ;;
+
+ abort-upgrade)
+ list_fixup_conffiles | revert_broken_conffiles
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/changelog b/debian/changelog
index 0481ed6..1787aad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.4.23-3) UNRELEASED; urgency=low
+
+ * Fix conffiles that may have got the wrong content during upgrade from
+ wheezy to early jessie versions. Closes: #794933
+
+ -- Stefan Fritsch <sf at debian.org> Wed, 10 Aug 2016 11:25:02 +0200
+
apache2 (2.4.23-2) unstable; urgency=high
* CVE-2016-5387: Sets environmental variable based on user supplied Proxy
diff --git a/debian/clean b/debian/clean
index d49752e..ae27f64 100644
--- a/debian/clean
+++ b/debian/clean
@@ -15,5 +15,8 @@ debian/config-dir/apache2.conf
debian/manpages/a2query.8
debian/manpages/dh_apache2.1
debian/debhelper/dh_apache2
+debian/apache2.preinst
+debian/fixup_conffiles.b64
+debian/fixup_conffiles.tgz
config.nice
support/suexec-custom.c
diff --git a/debian/create_preinst b/debian/create_preinst
new file mode 100755
index 0000000..1f30072
--- /dev/null
+++ b/debian/create_preinst
@@ -0,0 +1,32 @@
+#!/usr/bin/perl
+#
+# This script embeds a base64 encoded tarball into apache2.preinst.
+# See #794933
+
+use strict;
+use warnings;
+use autodie;
+
+
+sub readfile
+{
+ my $fname = shift;
+ local $/;
+ open(my $fd, "<", $fname);
+ my $content = <$fd>;
+ return $content;
+}
+
+sub writefile
+{
+ my $fname = shift;
+ my $content = shift;
+ open(my $fd, ">", $fname);
+ print $fd $content;
+}
+
+my $preinst = readfile("debian/apache2.preinst.in");
+my $embed = readfile("debian/fixup_conffiles.b64");
+
+$preinst =~ s/XXX_FIXUP_CONFFILES_BASE64_XXX/$embed/;
+writefile("debian/apache2.preinst", $preinst);
diff --git a/debian/rules b/debian/rules
index b754534..f68de5b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -45,6 +45,21 @@ prebuild-checks:
false ; \
fi
+debian/fixup_conffiles.tgz: \
+ debian/config-dir/sites-available/000-default.conf \
+ debian/config-dir/sites-available/default-ssl.conf \
+ debian/config-dir/conf-available/charset.conf \
+ debian/config-dir/conf-available/localized-error-pages.conf \
+ debian/config-dir/conf-available/other-vhosts-access-log.conf \
+ debian/config-dir/conf-available/security.conf
+ tar --transform 's,.*/,,' -cz -f $@ $^
+
+debian/fixup_conffiles.b64: debian/fixup_conffiles.tgz
+ base64 < $< > $@
+
+debian/apache2.preinst: debian/apache2.preinst.in debian/fixup_conffiles.b64 debian/create_preinst
+ debian/create_preinst
+
clean-config-vars:
# Clean up config_vars.mk
# FIXME: Maybe someone could document here why we actually need to
@@ -59,7 +74,7 @@ prepare-scripts: debian/a2query debian/debhelper/dh_apache2
(grep -s -v apache2:API debian/apache2-bin.substvars; echo apache2:API=apache2-api-$(API)) > debian/apache2-bin.substvars.new
mv debian/apache2-bin.substvars.new debian/apache2-bin.substvars
-generate-maintainer-scripts:
+generate-maintainer-scripts: debian/apache2.preinst
set -e ; \
for type in custom pristine ; do \
for f in postinst preinst prerm links dirs lintian-overrides postrm; do \
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list