Bug#671171: apache2.2: mod_speling offers only permanent redirects
Package: apache2.2-bin
Version: 2.2.16-6+squeeze4zynet1
Severity: wishlist
File: apache2.2
mod_speling offers only permanent redirects, whilst this saves on CPU it
means that you are potentially storing issues for renaming content of a
web site in future as browsers will cache this indefinitely.
I propose a patch that adds "SpellingRedirectTemporary"
So that adding "SpellingRedirectTemporary On" to the configuation causes
Apache to issue 302 redirects instead of 301, which are pre-expired
causing clients to always retry.
-- System Information:
Debian Release: 6.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-25-hvmflexiant (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apache2.2-bin depends on:
ii libapr11.4.2-6+squeeze3 The Apache Portable Runtime Librar
ii libaprutil11.3.9+dfsg-5 The Apache Portable Runtime Utilit
ii libaprutil1-dbd-sqlite 1.3.9+dfsg-5 The Apache Portable Runtime Utilit
ii libaprutil1-ldap 1.3.9+dfsg-5 The Apache Portable Runtime Utilit
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libcap21:2.19-3 support for getting/setting POSIX.
ii libldap-2.4-2 2.4.23-7.2OpenLDAP libraries
ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi
ii libssl0.9.80.9.8o-4squeeze12 SSL shared libraries
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
apache2.2-bin recommends no packages.
apache2.2-bin suggests no packages.
-- no debconf information
--- orig/httpd-2.2.16/modules/mappers/mod_speling.c 2008-04-17 15:10:52.0 +0100
+++ apache2-2.2.16/modules/mappers/mod_speling.c 2012-05-02 09:50:15.0 +0100
@@ -60,6 +60,7 @@
typedef struct {
int enabled;
int case_only;
+int redirect_temporary;
} spconfig;
/*
@@ -77,6 +78,7 @@
cfg->enabled = 0;
cfg->case_only = 0;
+cfg->redirect_temporary = 0;
return cfg;
}
@@ -109,6 +111,9 @@
AP_INIT_FLAG("CheckCaseOnly", ap_set_flag_slot,
(void*)APR_OFFSETOF(spconfig, case_only), OR_OPTIONS,
"whether or not to fix only miscapitalized requests"),
+AP_INIT_FLAG("SpellingRedirectTemporary", ap_set_flag_slot,
+ (void*)APR_OFFSETOF(spconfig, redirect_temporary), OR_OPTIONS,
+ "whether to issue a 301 or a 302 on spelling errors"),
{ NULL }
};
@@ -399,6 +404,8 @@
: "Fixed spelling: %s to %s",
r->uri, nuri, ref);
+ if (cfg->redirect_temporary == 1) return HTTP_MOVED_TEMPORARILY;
+
return HTTP_MOVED_PERMANENTLY;
}
/*
Bug#671204: apache2: mod_cache caches 206 Partial Content responses
Package: apache2.2-common
Version: 2.2.16-6+squeeze7
Severity: normal
Hello,
mod_cache suffered from a regression (from 2.2.12) causing it to cache
"206 partial content" responses, and then serving these partial responses
when replying to normal requests.
This is upstream bug #49113, which has been fixed in apache2's SVN trunk,
but not yet backported to the 2.2.x branch.
Attached is a debdiff which applies upstream patch to Debian's 2.2.16.
Thanks,
Colin
-- Package-specific info:
List of enabled modules from 'apache2 -M':
alias auth_basic authn_file authz_default authz_groupfile
authz_host authz_user autoindex cache cgi deflate dir disk_cache
env headers info jk mem_cache mime negotiation php5 proxy_http
proxy reqtimeout rewrite setenvif status
List of enabled php5 extensions:
gd mysql mysqli pdo pdo_mysql suhosin
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apache2 depends on:
ii apache2-mpm-prefork2.2.16-6+squeeze7 Apache HTTP Server - traditional n
ii apache2.2-common 2.2.16-6+squeeze7 Apache HTTP Server common files
apache2 recommends no packages.
apache2 suggests no packages.
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.16-6+squeeze7 utility programs for webservers
ii apache2.2-bin 2.2.16-6+squeeze7 Apache HTTP Server common binary f
ii libmagic1 5.04-5+squeeze1 File type determination library us
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii mime-support 3.48-1MIME files 'mime.types' & 'mailcap
ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction
ii procps 1:3.2.8-9 /proc file system utilities
-- no debconf information
diff -u apache2-2.2.16/debian/changelog apache2-2.2.16/debian/changelog
--- apache2-2.2.16/debian/changelog
+++ apache2-2.2.16/debian/changelog
@@ -1,3 +1,10 @@
+apache2 (2.2.16-6+squeeze8) squeeze; urgency=low
+
+ * Apply Apache provided fix for bug #49113 (mod_cache caches partial
+content)
+
+ -- Colin Leroy Wed, 02 May 2012 14:18:00 +0200
+
apache2 (2.2.16-6+squeeze7) squeeze-security; urgency=high
* CVE-2012-0216: Remove "Alias /doc /usr/share/doc" from the default virtual
diff -u apache2-2.2.16/debian/patches/00list apache2-2.2.16/debian/patches/00list
--- apache2-2.2.16/debian/patches/00list
+++ apache2-2.2.16/debian/patches/00list
@@ -42,0 +43 @@
+203_mod_cache-partial-content.dpatch
only in patch2:
unchanged:
--- apache2-2.2.16.orig/debian/patches/203_mod_cache-partial-content.dpatch
+++ apache2-2.2.16/debian/patches/203_mod_cache-partial-content.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 203_mod_cache-partial-content.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix caching of 206 partial content responses. Patch from
+## DP: upstream r933919, fixes upstream bug #49113
+
+--- trunk/modules/cache/mod_cache.c 2009/11/02 23:03:14 832177
trunk/modules/cache/mod_cache.c 2010/04/14 12:00:11 933919
+@@ -734,7 +734,8 @@
+ * We include 304 Not Modified here too as this is the origin server
+ * telling us to serve the cached copy.
+ */
+-if (exps != NULL || cc_out != NULL) {
++if ((exps != NULL || cc_out != NULL)
++&& r->status != HTTP_PARTIAL_CONTENT) {
+ /* We are also allowed to cache any response given that it has a
+ * valid Expires or Cache Control header. If we find a either of
+ * those here, we pass request through the rest of the tests. From
+@@ -747,6 +748,9 @@
+ * include the following: an Expires header (section 14.21); a
+ * "max-age", "s-maxage", "must-revalidate", "proxy-revalidate",
+ * "public" or "private" cache-control directive (section 14.9).
++ *
++ * But do NOT store 206 responses in any case since we
++ * don't (yet) cache partial responses.
+ */
+ }
+ else {
Re: seriously
Arno, I managed to upgrade smoothly (albeit noisily) in a clean chroot environment. I guess I shall have to develop in that. On 30/04/12 22:08, Nicholas Bamber wrote: clone 669796 -1 retitle -1 w3c-markup-validator: transition towards Apache 2.4 user debian-apache@lists.debian.org usertags -1 apache24webapptransition thanks Okay I tried upgrading to the experimental release of apache and I failed. It seems to me the experimental release needs some piuparts testing. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa18514.7070...@periapt.co.uk
Re: seriously
clone 669796 -1 retitle -1 please split apache2-dev severity -1 wishlist reassign -1 apache2-dev thanks P.S. It is slightly odd that to *build* a package containing a pure perl CGI script I should need to install an actual apache2 instance. If apache2-dev could be split so that dh_apche2 and the debhelper stuff were in a separate arch:all package that does NOT depend on apache2 that would be good I think. On 02/05/12 20:03, Nicholas Bamber wrote: Arno, I managed to upgrade smoothly (albeit noisily) in a clean chroot environment. I guess I shall have to develop in that. On 30/04/12 22:08, Nicholas Bamber wrote: clone 669796 -1 retitle -1 w3c-markup-validator: transition towards Apache 2.4 user debian-apache@lists.debian.org usertags -1 apache24webapptransition thanks Okay I tried upgrading to the experimental release of apache and I failed. It seems to me the experimental release needs some piuparts testing. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fa1875e.5060...@periapt.co.uk
Processed: Re: seriously
Processing commands for cont...@bugs.debian.org: > clone 669796 -1 Bug #669796 [w3c-linkchecker] w3c-linkchecker: transition towards Apache 2.4 Bug 669796 cloned as bug 671260 > retitle -1 please split apache2-dev Bug #671260 [w3c-linkchecker] w3c-linkchecker: transition towards Apache 2.4 Changed Bug title to 'please split apache2-dev' from 'w3c-linkchecker: transition towards Apache 2.4' > severity -1 wishlist Bug #671260 [w3c-linkchecker] please split apache2-dev Severity set to 'wishlist' from 'important' > reassign -1 apache2-dev Bug #671260 [w3c-linkchecker] please split apache2-dev Bug reassigned from package 'w3c-linkchecker' to 'apache2-dev'. Ignoring request to alter found versions of bug #671260 to the same values previously set Ignoring request to alter fixed versions of bug #671260 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 669796: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669796 671260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.133598605224492.transcr...@bugs.debian.org
Bug#671260: Fwd: Re: seriously
[forwarding to #671260, that's better than #669796] Hi, On 02.05.2012 21:13, Nicholas Bamber wrote: > P.S. It is slightly odd that to *build* a package containing a pure perl > CGI script I should need to install an actual apache2 instance. If > apache2-dev could be split so that dh_apche2 and the debhelper stuff > were in a separate arch:all package that does NOT depend on apache2 that > would be good I think. that's on our list already. This is why we ask people to build-depend on dh-apache2 explicitly. For now that's a virtual package provided by apache2-dev but this might change in future. We may even try to include it in debhelper proper if Joey agrees with. We didn't yet because we still need to think how dh_apache2 should get its information from if no apache package is installed. signature.asc Description: OpenPGP digital signature
