header set Server - not working

[saravanan ganapathy]

Hai
  I am using apache 1.3.26 on debian woody. Now I need
to customize http headers for security reasons. 

I have enabled mod_headers module, then I include as
 Header set Server test
But this is not set, I couldn't even unset also.

But If I include as
  Header append Author myname , then its working.

What may be the problem?

Sarav
 






__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Bug#286975: apache: FTBFS - x86/testing (31mrule: command not found)

[Jon Dowland]

Package: apache
Version: 1.3.33-2
Severity: serious
Justification: no longer builds from source

Hi, I'm sorry to be filing this as I'm finding it hard to believe that
this could be a problem for anyone but me. However a fresh apt-get
source of apache, with the build-depends installed and no customisation
at all fails. Nobody in #debian had experienced this when I asked and
there's no match for 'apache FTBFS' on -devel or -user archives for the
last couple of months.

SUMMARY

$ apt-get source apache
# apt-get build-dep apache
$ cd apache-1.3.33
apache-1.3.33$ dpkg-buildpackage -rfakeroot -b

../configure: line 1: 31mrule: command not found
 + using installation path layout: Debian (config.layout)
 configure:Error: No such rule named 'SHARED_CHAIN'
 make: *** [debian/stampdir/configure-stamp-apache] Error 1

DETAILED

Full output of dpkg-buildpackage is attached. I note that the first line
of every file named 'configure' in the source dir is a standard
hash-bang.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages apache depends on:
ii  apache-common   1.3.33-2 Support files for all Apache webse
ii  debconf 1.4.30.10Debian configuration management sy
ii  dpkg1.10.25  Package maintenance system for Deb
ii  libc6   2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libexpat1   1.95.8-1 XML parsing C library - runtime li
ii  libmagic1   4.12-1   File type determination library us
ii  logrotate   3.7-2Log rotation utility
ii  mime-support3.28-1   MIME files 'mime.types'  'mailcap
ii  perl5.8.4-3  Larry Wall's Practical Extraction 

-- debconf information:
  apache/server-name: localhost
  apache/document-root: /var/www
  apache/server-port: 80
* apache/enable-suexec: false
  apache/init: true
  apache/server-admin: [EMAIL PROTECTED]
dpkg-buildpackage: source package is apache
dpkg-buildpackage: source version is 1.3.33-2
dpkg-buildpackage: source maintainer is Fabio M. Di Nitto [EMAIL PROTECTED]
dpkg-buildpackage: host architecture is i386
 fakeroot debian/rules clean
dh_testdir
dh_testroot
rm -f 
debian/apache{,-ssl,-perl}.{presubj,init,conffiles,config,dirs,docs,examples,lintian,intro.html}
rm -f 
debian/apache{,-ssl,-perl}.{logrotate,postinst,postrm,preinst,prerm,httpd.conf}
rm -f debian/apaci{,-ssl,-perl,.append{,-ssl,-perl}}
rm -f debian/{apache-common.examples,apache-dev.docs,libapache-mod-perl.docs}
rm -f debian/{*.gz,local-apxs*,apxs*} o debian/o debian/buildinfo.Debian
rm -rf debian/logos debian/logos.ssl
chmod +x debian/{ubersed,modules-config,sys-build.mk,scripts/*.*,scripts/modchk}
/usr/bin/make -f debian/sys-build.mk source.clean
make[1]: Entering directory `/home/jon/code/apache-1.3.33'
make[1]: Leaving directory `/home/jon/code/apache-1.3.33'
rm -rf build-tree-*
rm -rf debian.diff debian/stampdir
rm -rf libapache-mod-perl-1.29
dh_clean
 debian/rules build


*** unpacking/patching common tree ***

/usr/bin/make -f debian/sys-build.mk source.make
make[1]: Entering directory `/home/jon/code/apache-1.3.33'
Extracting upstream tarball upstream/tarballs/apache_1.3.33.tar.gz successful.
Extracting upstream tarball 
upstream/tarballs/apache-contrib-1.0.8a-nomodcvs.tar.gz successful.
Extracting upstream tarball upstream/tarballs/pkg.eapi-2.8.22-1.3.33.tar.gz 
successful.
Applying patch 001_ab_overzealous_connections successful.
Applying patch 002_apxs_assumes_dso successful.
Applying patch 003_apxs_wrong_prefix successful.
Applying patch 005_mime_type_fix successful.
Applying patch 006_phf_dot_log successful.
Applying patch 007_regex_must_conform_to_posix_for_LFS_to_work successful.
Applying patch 008_suexec_combined successful.
Applying patch 009_suexec_of_death successful.
Applying patch 010_dbm_part_2_the_revenge successful.
Applying patch 011_find_dbm_libdb41_fix successful.
Applying patch 012_hurd_compile_fix_for_upstream successful.
Applying patch 013_hurd_libdb_fix successful.
Applying patch 014_mod_auth_db_libdb41_fix successful.
Applying patch 015_suexec_uid_min successful.
Applying patch 017_uncrack_proxy_ftp_eapi_bit successful.
Applying patch 018_suexec_reopenlog successful.
Applying patch 019_apxs_dont_extra_libs successful.
Applying patch 030_autoindex_studly successful.
Applying patch 031_autoindex_indexes successful.
Applying patch 032_autoindex_generator successful.
Applying patch 033_-F_NO_SETSID successful.
Applying patch 034_ab.8_formatting_error successful.
Applying patch 100_proxy_content_base successful.
Applying patch 101_httpd_manpage successful.
Applying patch 102_inetdfix successful.
Applying patch 500_configure_hashbang 

Bug#286975: apache: FTBFS - x86/testing (31mrule: command not found)

[Jon Dowland]

On Thu, Dec 23, 2004 at 01:18:06PM +0100, Fabio Massimo Di Nitto wrote:

 I know for sure that configure explicitly requires bash, did you replace 
 /bin/bash with another
 shell? Can you verify the bash md5sum?

~$ md5sum `which sh` `which bash`
6a01accdaa1baad9b2af1bcda2d80769  /bin/sh
6a01accdaa1baad9b2af1bcda2d80769  /bin/bash

 This is my best guess atm.. otherwise would it be possible for you to test 
 the same
 in a fresh sarge/sid chroot? that would really help to isolate the problem
 between your installed system and my build-test env.

I'd be happy to help in any way possible, although things might be
delayed over the christmas break as my machine will most likely be off.
Can I achieve this using pbuilder?

Bug#286975: apache: FTBFS - x86/testing (31mrule: command not found)

[Fabio Massimo Di Nitto]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Jon,
Jon Dowland wrote:
| Package: apache
| Version: 1.3.33-2
| Severity: serious
| Justification: no longer builds from source
|
| Hi, I'm sorry to be filing this as I'm finding it hard to believe that
| this could be a problem for anyone but me.
Unfortunatly i cannot reproduce it here at all, neither on sarge or sid.
|
| cd build-tree-apache/apache_1.3.33  LDFLAGS= CFLAGS=-O1  -g -Wall 
-D_LARGEFILE_SOURCE
- -D_FILE_OFFSET_BITS=64 ./configure 
--suexec-logfile=/var/log/apache/suexec.log --target=apache
- --with-layout=Debian --enable-suexec --suexec-caller=www-data 
--suexec-docroot=/var/www
- --includedir=/usr/include/apache-1.3 --without-confadjust --without-execstrip 
--enable-shared=max
- --enable-rule=SHARED_CHAIN --enable-module=most --enable-module=status 
--enable-module=auth_digest
- --enable-module=log_referer --enable-module=log_agent --enable-module=auth_db
- --activate-module=src/modules/extra/mod_macro.c
| Configuring for Apache, Version 1.3.33
| ../configure: line 1: rule_[01: command not found
I know for sure that configure explicitly requires bash, did you replace 
/bin/bash with another
shell? Can you verify the bash md5sum?
This is my best guess atm.. otherwise would it be possible for you to test the 
same
in a fresh sarge/sid chroot? that would really help to isolate the problem
between your installed system and my build-test env.
Thanks
Fabio
- --
Self-Service law:
The last available dish of the food you have decided to eat, will be
inevitably taken from the person in front of you.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFByrd8hCzbekR3nhgRAnyMAJ9oj0YrLvR9q/e/yPTbxEp/FmFPLQCgjsCZ
nqqFxdUNeMKZrnq5c2qq7vo=
=LhWo
-END PGP SIGNATURE-

Bug#286975: apache: FTBFS - x86/testing (31mrule: command not found)

[Fabio Massimo Di Nitto]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jon Dowland wrote:
|This is my best guess atm.. otherwise would it be possible for you to test
|the same
|in a fresh sarge/sid chroot? that would really help to isolate the problem
|between your installed system and my build-test env.
|
|
| I'd be happy to help in any way possible, although things might be
| delayed over the christmas break as my machine will most likely be off.
| Can I achieve this using pbuilder?
Yes. I did test with pbuilder too and i still can't reproduce the bug. Perhaps
something related to your user environment?
Fabio
PS i will leave for xmas holydays in a few hours too... so if we don't manage to
figure out the problem, don't worry.. we will work on it on monday.
- --
Self-Service law:
The last available dish of the food you have decided to eat, will be
inevitably taken from the person in front of you.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFByrxhhCzbekR3nhgRAi13AJ9YCnU7i3MG/8MuscUHCWhkEV9P5ACggS21
7zDLuTqmzp81QLhc88NIgN0=
=q/mw
-END PGP SIGNATURE-

Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)

[Jan Minar]

On Wed, Dec 22, 2004 at 07:05:13PM -0800, Matt Zimmerman wrote:
 On Tue, Dec 21, 2004 at 09:41:35PM +, Jan Minar wrote:
 
  Package: apache
  Version: 1.3.33-2
  Severity: minor
  Tags: security
  
  Hi.
  
  /var/log/apache is world-readable, so users can e.g. check whether
  certain operation triggered an error.  And given that the error strings
  are pretty standardized, they can guess what string has been added to
  the logfile, judging by the number of bytes that was appended to the
  log.
  
  As this is not very obvious to the system administrator, and as there is
  no use of /var/log/apache directory being readable and searchable while
  the files in it are not, apart from the information disclosure described
  above, I think it should be chmod-ed 750, just as the logs in it are
  chmod 640.
 
 I don't see a scenario where this could result in a meaningful security
 issue.

I do, but I don't think it's worth my time to write PoCs for every
unimportant marginally important security issue out there.

 The user can just as easily find out that an error was caused by noticing
 the 5xx error returned by the server in response to the request.

Only if it was an error returned to them.  Also, the log files can have
far more detail than just the error code.

Cheers,
-- 
 )^o-o^|jabber: [EMAIL PROTECTED]
 | .v  Ke-mail: jjminar FastMail FM
 `  - .' phone: +44(0)7981 738 696
  \ __/Jan icq: 345 355 493
 __|o|__Min  irc: [EMAIL PROTECTED]


pgp5pzQMeHhb8.pgp
Description: PGP signature

libapache-mod-perl : libperl.so does not have a corresponding .info file

[Mathieu Jondet]

Hi,
i've just run a apt-get dist-upgrade on my machine on debian/testing, 
everything went well except for the mod_perl upgrade, here are the 
information:

mathieu:/home/mathieu# apt-get dist-upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
Calculating Upgrade... Done
The following packages have been kept back:
 eterm libdirectfb-dev pstoedit
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up libapache-mod-perl (1.29.0.2-16) ...
Error: libperl.so does not have a corresponding .info file.
The above errors might cause apache to not work properly or start
Please refer to the documentation on how to fix it or report it to
Debian Apache Mailing List debian-apache@lists.debian.org if in doubt
on how to proceed
dpkg: error processing libapache-mod-perl (--configure):
subprocess post-installation script returned error exit status 20
Errors were encountered while processing:
libapache-mod-perl
E: Sub-process /usr/bin/dpkg returned an error code (1)
mathieu:/home/mathieu#
Can someone point me to any direction in solving this issue ?
Thanks.
Mathieu

Bug#287012: apache: Should warn on nonsensical configuration

[Jan Minar]

Package: apache
Version: 1.3.33-2
Severity: wishlist

It just took me 3 hours and a lots of cursing to find this:

Listen 433
VirtualHost foo.localhost:443

(Note the port numbers differ.)

Under such circumstances, apache really should warn about possible
misconfiguration.  I don't know whether this can actually be a valid
config setup.  If not, erring, not warning would be more appropriate.

Cheers,
Jan.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (700, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.28-jan
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2 (charmap=ISO-8859-2)

Versions of packages apache depends on:
ii  apache-common   1.3.33-2 Support files for all Apache webse
ii  debconf 1.4.30.10Debian configuration management sy
ii  dpkg1.10.25  Package maintenance system for Deb
ii  libc6   2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libexpat1   1.95.8-1 XML parsing C library - runtime li
ii  libmagic1   4.12-1   File type determination library us
ii  logrotate   3.7-2Log rotation utility
ii  mime-support3.28-1   MIME files 'mime.types'  'mailcap
ii  perl5.8.4-3  Larry Wall's Practical Extraction 

-- debconf information:
  apache/init: true
  apache/server-port: 80
  apache/document-root: /var/www
  apache/server-admin: [EMAIL PROTECTED]
  apache/server-name: localhost
* apache/enable-suexec: false

-- 
 )^o-o^|jabber: [EMAIL PROTECTED]
 | .v  Ke-mail: jjminar FastMail FM
 `  - .' phone: +44(0)7981 738 696
  \ __/Jan icq: 345 355 493
 __|o|__Min  irc: [EMAIL PROTECTED]


pgpKGBgBdH6yd.pgp
Description: PGP signature

Processed: issue is resolved

[Debian Bug Tracking System]

Processing commands for [EMAIL PROTECTED]:

 close 276717
Bug#276717: apache2-mpm-prefork: mod_auth_ldap segfaults
'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing.
Bug closed, send any further explanations to simon raven [EMAIL PROTECTED]

 thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Bug#287012: apache: Should warn on nonsensical configuration

[simon]

Ce jour Thu, 23 Dec 2004, Jan Minar a dit:

 Package: apache
 Version: 1.3.33-2
 Severity: wishlist
 
 It just took me 3 hours and a lots of cursing to find this:
 
   Listen 433
   VirtualHost foo.localhost:443
 
 (Note the port numbers differ.)
 
 Under such circumstances, apache really should warn about possible
 misconfiguration.  I don't know whether this can actually be a valid
 config setup.  If not, erring, not warning would be more appropriate.
 
 Cheers,
 Jan.

apachectl configtest is there for a reason ;).

apachectl -S works nice for vhosts.

eric


signature.asc
Description: Digital signature

Bug#276717: issue is resolved

[simon]

close 276717
thanks

the SEGV in the module seems to have been fixed since the last updates.

it's ok to close this now.

thank you,
eric

-- 
Cold pizza and cold coffee, second best thing to cold pizza and warm beer.
-- me


signature.asc
Description: Digital signature

Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)

[Matt Zimmerman]

On Thu, Dec 23, 2004 at 01:20:02PM +, Jan Minar wrote:

 On Wed, Dec 22, 2004 at 07:05:13PM -0800, Matt Zimmerman wrote:
  The user can just as easily find out that an error was caused by noticing
  the 5xx error returned by the server in response to the request.
 
 Only if it was an error returned to them.  Also, the log files can have
 far more detail than just the error code.

The detail is irrelevant, since the user can't read the file.  In both
cases, they can find out that an error occurred.

-- 
 - mdz

Bug#286740: apache: log directory should have same permissions as logfiles (possible information disclosure)

[Jan Minar]

On Thu, Dec 23, 2004 at 09:44:00AM -0800, Matt Zimmerman wrote:
 On Thu, Dec 23, 2004 at 01:20:02PM +, Jan Minar wrote:
 
  On Wed, Dec 22, 2004 at 07:05:13PM -0800, Matt Zimmerman wrote:
   The user can just as easily find out that an error was caused by noticing
   the 5xx error returned by the server in response to the request.
  
  Only if it was an error returned to them.  Also, the log files can have
  far more detail than just the error code.
 
 The detail is irrelevant, since the user can't read the file.  In both
 cases, they can find out that an error occurred.

Please read the original bugreport.

-- 
 )^o-o^|jabber: [EMAIL PROTECTED]
 | .v  Ke-mail: jjminar FastMail FM
 `  - .' phone: +44(0)7981 738 696
  \ __/Jan icq: 345 355 493
 __|o|__Min  irc: [EMAIL PROTECTED]


pgpHq4B2Gf5qT.pgp
Description: PGP signature

Bug#287033: fails with libgcc1/woody, but doesn't depend on newer

[Jeremy Jackson]

Package: apache2-mpm-worker
Version: 2.0.52-3
Severity: important

apache2 emits the following into error.log: (with libgcc1=1:3.0.4-7)

libgcc_s.so.1 must be installed for pthread_cancel to work

and starts only 1 thread, accepts connections, but doesn't serve
requests. 

A desktop system or a server upgraded fully to testing distribution
would pull libgcc1 in from some other dependency, masking the problem.
If someone were to *only* upgrade apache and dependencies, it fails.

I am unable to determine in more detail which package, either
apache2-mpm-worker, or some library it uses, should have it's package
depend on libgcc1 of a newer version (libgcc1=3.4.2-2 at least works)

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux bob 2.6.9-1-k7 #1 Thu Nov 25 03:20:07 EST 2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages apache2-mpm-worker depends on:
ii  apache2-common  2.0.52-3 Next generation, scalable, extenda
ii  libapr0 2.0.52-3 The Apache Portable Runtime
ii  libc6   2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii  libexpat1   1.95.8-1 XML parsing C library - runtime li
ii  libldap22.1.30-3 OpenLDAP libraries
ii  libssl0.9.7 0.9.7e-2 SSL shared libraries
ii  zlib1g  1:1.2.2-3compression library - runtime

problem with libapache-mod-php4

[Paulo Delgado]

Hello all,
I am having the following problem with libapache-mod-php4 and I do not 
know how to fix it.

If anyone knows what is the problem and how to fix it, i'd appreciate 
some guidance.

Thank you.
 START **
zeus:~# apt-get upgrade
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
4 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up libapache-mod-php4 (4.3.10-2) ...
Error: mod_webkit.so does not have a corresponding .info file.
The above errors might cause apache to not work properly or start
Please refer to the documentation on how to fix it or report it to
Debian Apache Mailing List debian-apache@lists.debian.org if in doubt
on how to proceed
dpkg: error processing libapache-mod-php4 (--configure):
subprocess post-installation script returned error exit status 20
dpkg: dependency problems prevent configuration of php4:
php4 depends on libapache-mod-php4 (= 4:4.3.10-2) | libapache2-mod-php4 
(= 4:4.3.10-2) | caudium-php4 (= 4:4.3.10-2); however:
Package libapache-mod-php4 is not configured yet.
Package libapache2-mod-php4 is not installed.
Package caudium-php4 is not installed.
dpkg: error processing php4 (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of php4-imap:
php4-imap depends on phpapi-20020918; however:
Package phpapi-20020918 is not installed.
Package libapache-mod-php4 which provides phpapi-20020918 is not 
configured yet.
dpkg: error processing php4-imap (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of php4-pgsql:
php4-pgsql depends on phpapi-20020918; however:
Package phpapi-20020918 is not installed.
Package libapache-mod-php4 which provides phpapi-20020918 is not 
configured yet.
dpkg: error processing php4-pgsql (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
libapache-mod-php4
php4
php4-imap
php4-pgsql
E: Sub-process /usr/bin/dpkg returned an error code (1)
zeus:~#

*** END *