On 5/1/2011 9:51 AM, Camaleón wrote:

Regarding the Suhosin module, it should be disabled by default unless you
are not using Apache web server. Review "/usr/share/doc/roundcube-core/
News.Debian.gz" file.

Camaleón, thank you. This is what I needed to know. I indeed do not use Apache, but Lighttpd.

; Transparent Encryption Options
;suhosin.session.encrypt = on   <-- default
suhosin.session.encrypt = off   <-- after reading the above

The problem is now resolved.

However, this is very strange because everything worked fine under Lenny w/ RC 0.3.1 from backports. Note the RC version didn't change with Squeeze. Also, I checked the date stamps on all the relevant config files, and none of those were overwritten by the Squeeze upgrade.

I don't know where to verify it, but I'm guessing that PHP5 in Lenny didn't have Suhosin compiled in and enabled by default, but Squeeze does. If this is the case, the Squeeze upgrade should have thrown up a warning about this issue. Allowing a server application to simply be totally broken after an upgrade, and leaving it to the SA to figure out what broke, with zero errors in any logs to point him/her in the right direction, is not acceptable IMO.

Thanks again Camaleón.

--
Stan


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4dbdf15d.7050...@hardwarefreak.com

Reply via email to