--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: lintian: false positive on apache2-deprecated-auth-config due to strict check
- From: Carsten Schoenert <c.schoenert@t-online.de>
- Date: Tue, 16 Jun 2015 21:52:49 +0200
- Message-id: <20150616195249.11634.43566.reportbug@jessie.cruise.homelinux.net>
Package: lintian
Version: 2.5.31
Severity: normal
Dear Maintainer,
I believe I found a false positive while Lintian is checking for old
configuration style for Apache 2.2 whithin the Zarafa upstream packages.
We've got the following Apache configuration:
> Alias /webaccess /usr/share/zarafa-webaccess
>
> <Directory /usr/share/zarafa-webaccess/>
> DirectoryIndex index.php
> Options -Indexes +FollowSymLinks
> AllowOverride Options
>
> <IfModule !mod_authz_core.c>
> Order allow,deny
> Allow from all
> </IfModule>
> <IfModule mod_authz_core.c>
> Require all granted
> </IfModule>
> <IfModule mod_socache_shmcb.c>
> php_flag session.cookie_secure on
> php_flag session.cookie_httponly on
> </IfModule>
>
> # Uncomment to enhance security of WebApp by restricting cookies to only
> # be provided over HTTPS connections
> # php_flag session.cookie_secure on
> # php_flag session.cookie_httponly on
> </Directory>
Lintian is detecting the line with 'Order' and 'Allow' within the
<IfModule !mod_authz_core.c> check. But this check is needed to detect if the
configuration is running on a Apache less then 2.4. A Apache version smaller than
2.4 didn't now a modul 'mod_authz_core.c' and needs the Order and Allow
entries then of course.
If the there is a modul 'mod_authz_core.c' detected you running a Apache
2.4 (and probably later). So the configuration above is correct.
Please change Lintian to not print a warning if the Order and Allow
directive is within a '<IfModule !mod_authz_core.c> ... </IfModule>'.
There is also a report #710656 that goes quite in the same direction. As
it's not exactly the same issue I opened up this new report, feel free
to merge this two bugs if reasonable.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710656
Regards
Carsten
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 3.10-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lintian depends on:
ii binutils 2.25-8
ii bzip2 1.0.6-8
ii diffstat 1.58-1
ii file 1:5.22+15-2
ii gettext 0.19.4-1
ii hardening-includes 2.7
ii intltool-debian 0.35.0+20060710.2
ii libapt-pkg-perl 0.1.29+b2
ii libarchive-zip-perl 1.39-1
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.38-1
ii libdpkg-perl 1.18.1
ii libemail-valid-perl 1.195-1
ii libfile-basedir-perl 0.03-1
ii libipc-run-perl 0.94-1
ii liblist-moreutils-perl 0.410-1
ii libparse-debianchangelog-perl 1.2.0-3
ii libtext-levenshtein-perl 0.12-1
ii libtimedate-perl 2.3000-2
ii liburi-perl 1.64-1
ii man-db 2.7.0.2-5
ii patchutils 0.3.4-1
ii perl [libdigest-sha-perl] 5.20.2-6
ii t1utils 1.38-4
ii xz-utils 5.1.1alpha+20120614-2+b3
Versions of packages lintian recommends:
ii dpkg 1.18.1
ii libautodie-perl 2.25-1
ii libperlio-gzip-perl 0.18-3+b1
ii perl 5.20.2-6
ii perl-modules [libautodie-perl] 5.20.2-6
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii dpkg-dev 1.18.1
ii libhtml-parser-perl 3.71-2
ii libtext-template-perl 1.46-1
ii libyaml-perl 1.13-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: lintian
Source-Version: 2.5.67
We believe that the bug you reported is fixed in the latest version of
lintian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 788991@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated lintian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 01 Jan 2018 14:58:24 +0000
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.67
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
lintian - Debian package checker
Closes: 673734 710656 750537 788991 793406 885621 885693 885790 885899 885910 885968
Changes:
lintian (2.5.67) unstable; urgency=medium
.
* Summary of tag changes:
+ Added:
- debian-rules-should-not-use-DH_EXTRA_ADDONS
- debian-watch-could-verify-download
- invalid-date-in-debian-changelog
- override_dh_fixperms-does-not-call-dh_fixperms
.
* checks/apache2.{desc,pm}:
+ [CL] Include the offending filename and line number in the output of
apache2-deprecated-auth-config and apache2-unparsable-dependency.
+ [CL] Avoid false positives in apache2-deprecated-auth-config where
the offending lines are wrapped in suitable "IfModule" or "IfVersion"
directives. (Closes: #788991, #710656)
* checks/changelog-file.{desc,pm}:
+ [CL] Warn about changelog entries that have incorrectly formatted
dates. (Closes: #793406)
* checks/files.pm:
+ [CL] Split out python-module-has-overly-generic-name regular
expression into a data file.
+ [CL] Don't warn about extra license files installed via Sphinx.
Thanks, Stuart Prescott! (Closes: #885968)
* checks/python.pm:
+ [CL] Prevent false positives when checking for Python {2,3} packages
that depend on Python {3,2} packages when the package being depended
on ends with -doc. We were previously only catching the case for
dependencies *from* packages with such names. (Closes: #885693)
+ [CL] Also ignore -doc, -docs, -dev, -common and -tools packages for
intra-Python variant dependency checking, python-but-no-python3, etc.
+ [CL] Drop parens in depends-on-package-from-other-python-variant
output.
+ [CL] Refactor django-package-does-not-depend-on-django check to
correctly check Django packages called python2-django-foo.
* checks/rules.{desc.pm}:
+ [CL] Suggest using /usr/share/dpkg/architecture.mk as a solution to
debian-rules-sets-dpkg-architecture-variable rather than simply
replacing assignments with ?=. Thanks to Helmut Grohne for the
suggestion.
+ [CL] Include the line number when warning about instances of
override_dh_clean targets that are missing calls to dh_clean.
+ [CL] Apply patch from Paul Tagliamonte to check for files
that use DH_EXTRA_ADDONS. Thanks! (Closes: #885790)
+ [CL] Update $PYTHON3X_DEPEND to prevent false positives in
missing-python-build-dependency. (Closes: #750537)
+ [CL] Refactor check for override_dh_clean-does-not-call-dh_clean
tag into a loop.
+ [CL] Check for override_dh_fixperms targets that are missing calls
to dh_fixperms. (Closes: #885910)
* checks/scripts.pm:
+ [CL] Include the offending/unknown shebang in the output of various
interpreter-related tags. (Closes: #673734)
* checks/source-copyright.desc:
+ [CL] Also mention that we check for NOTICE.gz files when looking for
Apache 2.0 packages that do not distribute their accompanying NOTICE
file.
* checks/watch-file.{desc,pm}:
+ [CL] Apply patch from Felix Lechner <felix.lechner@lease-up.com> to
check for packages where an upstream signature exists but is not
being used. (Closes: #885621)
.
* data/fields/name_section_mappings:
+ [CL] Ensure that PAM modules are placed in the "admin" section,
additionally preventing a false positive for libpam-krb5 which was
being caught by a "libfoo1" => "libs" entry. (Closes: #885899)
* data/files/python-generic-modules:
+ [CL] Add "examples".
* data/spelling/corrections:
+ [PW] Add a number of corrections.
* data/standards-version/release-dates:
+ [CL] Correct date(1) invocation example in comment.
+ [CL] Add 4.1.3 as a known standards version.
.
* debian/control:
+ [CL] Declare compliance with Debian Policy 4.1.3.
+ [CL] Mention Debian Policy 4.1.3 in long package description.
Checksums-Sha1:
dedce2f3059854278607a3894b6015e84171edb7 3516 lintian_2.5.67.dsc
af2ccb4c91ddb873f5179607b8819786e2490483 2615600 lintian_2.5.67.tar.xz
429166cb13d87b2368e9d5d5d716281f281cd93e 1082188 lintian_2.5.67_all.deb
89332e1e9e7a22c064f570eaa105915f1f817612 15846 lintian_2.5.67_amd64.buildinfo
Checksums-Sha256:
1a355b81bb5d96720b40b2be060026dd7bfe3e0a13cbb910009d917ff98c120b 3516 lintian_2.5.67.dsc
4bc66a14351ac07bd36645f89fca2bc46fbbf9aa9ba0c907c04c07d558ec6e0d 2615600 lintian_2.5.67.tar.xz
d445682180e954cdd3d428cda673bf74c857bb2c39ef00be01effbbdec0afa52 1082188 lintian_2.5.67_all.deb
bb1bfb641c1439dd17ab9776ef13739ce64db5c04621a39e223ff0986bfe5d98 15846 lintian_2.5.67_amd64.buildinfo
Files:
a449ee5b1c4bdc9ef688d9c4d6ee898f 3516 devel optional lintian_2.5.67.dsc
b2432863798bf6da5e0edc39b4af698d 2615600 devel optional lintian_2.5.67.tar.xz
1701909bb9a5fb16a4fed4cbcd1c1c4a 1082188 devel optional lintian_2.5.67_all.deb
2939e8fb6346ad447f5fc1eb97eec446 15846 devel optional lintian_2.5.67_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlpKVmoACgkQHpU+J9Qx
HliwdA//Ucq0M4jrG22id5DVpVQ8zYelImTVNA5pLHxYTn8QAzokuMc0pHcqUTYn
D3gq2QaghR8yHiBcMq4M496U5IWUY6KwULXk61z0zCyM5TryMOsziX3RPBPSnnJW
fhlzKFgRT7hZj8bIvCsBBljnQPXr9XGMbjYYcF1xstVQoeHCtvPw4HTBqHXzil55
E5xDyVXh9lVbnOXOlQCi5v8KriJKDLreTPxZJEIapITusrHdSQ9IIaAY6A2aJ2a8
VYGfmWrYflNM5TPAti1Q/5nkwWgAjU5Vq8eGXSlsG+JUu+mlz2kkNWFa9cy/85q9
i/9I21h/y+DRnsxvtzQ9KrD+D+LgXbXIUhkvM1+q4x2IFz89qY9I+hWgUxLWu+o0
tOdTjplLhVFWsSYcn5NdPmxdCXf5TCktCw0Vh8ouSt9RnQ1kyEcbO4Rl8cpt0cSo
yg+ne/MZomA+ibnjYKIxbAnACjkcxeP7FqYAt3SGaG0tCbn3zj3l/L6Tms9CPzgd
kk05ceM8Cd9fOvWbKyvUfQGwxBH4rwn6Eb4Qj9RYAtcPFhte/ABvsUoSxbQ2WsSr
EAKc5kW9dIBNwUfK5KtmZHGuQ9Zj4W5mOE68zAF+k2iRTdNemtFpvqm9KzAAtcBF
4rvy+XrPqFRV/qB46ROAIUkUxgOHgOB/2y8eDWFRouImJPFNwt8=
=stUQ
-----END PGP SIGNATURE-----
--- End Message ---