Processed: your mail
Processing commands for cont...@bugs.debian.org: retitle 296493 apache2 should warn about DirectoryIndex starting with # Bug #296493 [apache2] apache2ctl -t should warn about non-initial # Changed Bug title to 'apache2 should warn about DirectoryIndex starting with #' from 'apache2ctl -t should warn about non-initial #' found 296493 2.4.6-2 Bug #296493 [apache2] apache2 should warn about DirectoryIndex starting with # Marked as found in versions apache2/2.4.6-2. End of message, stopping processing here. Please contact me if you need assistance. -- 296493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.137569374420964.transcr...@bugs.debian.org
Bug#718789: apache2: upgrade wheezy - testing (2.4.6-2) wiped out all of my log files
Package: apache2 Version: 2.4.6-2 Severity: serious Justification: causes data loss I discovered that on upgrading from wheezy to the current testing, which has just had 2.4.6-2 migrating to it, the entire contents of /var/log/apache2 were blitzed. I'm guessing that what I did was to purge apache2.2-common, not realising the effects of this. Although there is the protection in it about not purging if upgrading to 2.4, it seems that somehow the timings didn't work out correctly and the purge took place anyway. There's no simple or obvious solution to this, I guess, except to provide a transitional apache2.2-common package with apache2 which doesn't purge the log files on purge, now that this task has been taken over by a different package. The description would presumably say: This package may be purged after apache2 version 2.4.6 or higher has been installed; purging prior to this may result in the loss of historical log files. Julian -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130805133355.ga15...@d-and-j.net
Bug#718789: apache2: upgrade wheezy - testing (2.4.6-2) wiped out all of my log files
On 05.08.2013 16:26, Arno Töll wrote: It's your responsibility if you use this option or apt's equivalent. This is the same problem as #717476. Refer there too, why an apache2.2-common package is problematic. err. #711925 I mean. #717476 is a duplicate of the same issue, too. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Bug#718789: apache2: upgrade wheezy - testing (2.4.6-2) wiped out all of my log files
severity 718789 important thanks On 05.08.2013 15:33, Julian Gilbey wrote: Severity: serious Justification: causes data loss Yes it does, and that's expected. Read the manpage from aptitude (for example): --purge-unused [..] THIS OPTION CAN CAUSE DATA LOSS! DO NOT USE IT UNLESS YOU KNOW WHAT YOU ARE DOING! It's your responsibility if you use this option or apt's equivalent. This is the same problem as #717476. Refer there too, why an apache2.2-common package is problematic. That being said we may just provide it to make these discussions finally (but possibly open a new can'o'worms). -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Bug#388443: marked as done (apache2: MUST NOT send data in an 304 reply)
Your message dated Mon, 5 Aug 2013 16:36:17 +0200
with message-id
e996592fed796396d8c7a3b5cb5a2a98.squir...@aphrodite.kinkhorst.nl
and subject line Re: Bug#388443: apache2: MUST NOT send data in an 304 reply
has caused the Debian Bug report #388443,
regarding apache2: MUST NOT send data in an 304 reply
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
388443: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388443
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: apache2
Version: 2.0.55-4.1
Severity: normal
Tags: upstream
A php script may set the http reply code to 304 i.e. not modified.
Then Apache happily forwards that code to the caller and also all other
data supplied by that script, for example:
| ?php
| header('HTTP/1.0 304 Not Modified');
| ?
| Hello World
[ foo.php ]
yields
| $ telnet localhost 80
| Trying 127.0.0.1...
| Connected to localhost.localdomain.
| Escape character is '^]'.
| GET /foo.php HTTP/1.0
|
| HTTP/1.1 304 Not Modified
| Date: Wed, 20 Sep 2006 08:56:51 GMT
| Server: Apache/2.0.55 (Debian) PHP/4.4.2-1.1
| Connection: close
|
| Hello World
|
| Connection closed by foreign host.
which is an absolute prohibition of the RfC 2616
| 4.3 Message Body
| (...)
| All 1xx
|(informational), 204 (no content), and 304 (not modified) responses
|MUST NOT include a message-body.
| 10.3.5 304 Not Modified
| (...)
| The 304 response MUST NOT contain a
|message-body, and thus is always terminated by the first empty line
|after the header fields.
(RfC 1945 regarding HTTP/1.0 tells basically the same)
Therefore, apache has to chop the data supplied by a script and must not
send any data beyond the header.
Things are worse: Even if a script behaves well e.g. it basically does
| ?php
| header('HTTP/1.0 304 Not Modified');
| ?
there is still a body of a single empty line. If compression/deflate is
enabled, the null string is blown up to 20 bytes of undeclared(!)
gzip'ed data.
Therefore this report is assigned to apache by intention. This is not a
real bug in php, although php /should/ not not send such superflous
data. But the same misbehaviour of apache be be triggered when calling a
cgi-bin script like
| #!/bin/sh
| echo Status: 304 Not Modified
| echo Content-Type: text/plain
| echo
| echo Hello World.
The effect of this bug becomes visible if such a generated page is
accessed via the squid proxy server. Probably the most popular case is
reading the rss file of a blog powered by serendipidy (s9y)[1]. This php
script sets the http reply code 304 to indicate there are no new entries
but apache with compression still sends the null body gzip'ed. As a
result squid logs messages like
| squid[2678]: httpReadReply: Excess data from GET
http://blog.$DOMAIN.de/feeds/index.rss1;
Christoph
[1] I'd like to emphasize s9y is not to blame here. It sets the 304 code
and does not send any additional data.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.13
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.0.55-4.1 traditional model for Apache2
signature.asc
Description: Digital signature
---End Message---
---BeginMessage---
This has been vetoed upstream, so no reason to keep the request open:
http://marc.info/?l=apache-httpd-devm=123845333914309w=2---End Message---
Processed: Re: Bug#718789: apache2: upgrade wheezy - testing (2.4.6-2) wiped out all of my log files
Processing commands for cont...@bugs.debian.org: severity 718789 important Bug #718789 [apache2] apache2: upgrade wheezy - testing (2.4.6-2) wiped out all of my log files Severity set to 'important' from 'serious' thanks Stopping processing here. Please contact me if you need assistance. -- 718789: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718789 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13757128085417.transcr...@bugs.debian.org
Bug#421820: marked as done (ap_escape_uri() doesn't escape -sign)
Your message dated Mon, 5 Aug 2013 16:59:27 +0200 with message-id 8171ea3b3d582722955ad720b988ed02.squir...@aphrodite.kinkhorst.nl and subject line Re: Bug#421820: ap_escape_uri() doesn't escape -sign has caused the Debian Bug report #421820, regarding ap_escape_uri() doesn't escape -sign to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 421820: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421820 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libapache2-mod-musicindex Version: 1.1.5-2 Severity: normal File paths containing an -sign are not URL-encoded correctly. One of my subdirectories inside my MusicIndex tree contains an -sign: (like Jazz Swing). - This directory, and its subdirectories are displayed correctly by MusicIndex. The bug does appear in the browser's address bar, but has no negative effects here. Example: the bar displays http://host/Jazz%20%20Swing/SomeAlbum/;. This should have been Jazz%20%26%20Swing. - File info (mp3 tags etc) inside these dirs are also displayed correctly. But: - The download-link for files also contains the -sign instead of the URL-encoded %26. This messes up URL rewriting and download scripts (PHP), as everything after the -sign is treated as script arguments. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable'), (98, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-fox2200704022211 (PREEMPT) Locale: LANG=nl_NL@euro, LC_CTYPE=nl_NL@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/bash Versions of packages libapache2-mod-musicindex depends on: ii apache2.2-common 2.2.3-4Next generation, scalable, extenda ii libapr1 1.2.7-8.2 The Apache Portable Runtime Librar ii libarchive1 1.3.1-1Single library to read/write tar, ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libflac7 1.1.2-6Free Lossless Audio Codec - runtim ii libid3tag00.15.1b-10 ID3 tag reading library from the M ii libmad0 0.15.1b-2.1MPEG audio decoder library ii libvorbis0a 1.1.2.dfsg-1.2 The Vorbis General Audio Compressi ii libvorbisfile31.1.2.dfsg-1.2 The Vorbis General Audio Compressi ii mod-musicindex-common 1.1.5-2Common files for mod-musicindex libapache2-mod-musicindex recommends no packages. -- no debconf information ---End Message--- ---BeginMessage--- Version: 2.2.12-1 Hi, A fix for this issue has been included in version 2.2.12-1, so all supported Debian releases should now have it. Thijs---End Message---
Bug#718789: apache2: upgrade wheezy - testing (2.4.6-2) wiped out all of my log files
On Mon, Aug 05, 2013 at 04:26:41PM +0200, Arno Töll wrote: Yes it does, and that's expected. Read the manpage from aptitude (for example): --purge-unused [..] THIS OPTION CAN CAUSE DATA LOSS! DO NOT USE IT UNLESS YOU KNOW WHAT YOU ARE DOING! It's your responsibility if you use this option or apt's equivalent. This is the same problem as #717476. Refer there too, why an apache2.2-common package is problematic. That being said we may just provide it to make these discussions finally (but possibly open a new can'o'worms). True, but I had no idea that purging that unused legacy apache-2.2.x package would mean that my modules configuration and all of my log files would be wiped out (I had spotted the earlier problem too, but did not realise the connection until reading the other bug report you referred to); I would expect that if I were purging apache completely, but not when purging legacy packages from an old version during an upgrade. I think enough people are likely to be stung by this one that providing a transition apache2.2-common package would be worth doing, with an appropriate warning in the Description field. Thanks! Julian -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130805155327.gc19...@d-and-j.net
Processed (with 1 errors): your mail
Processing commands for cont...@bugs.debian.org: forcemerge 288615 157734 Bug #288615 [apache2] apache2: Issue with language negotiation exceptions Bug #157734 [apache2] request to support a wee bit of guesswork in content negotiation Set Bug forwarded-to-address to 'https://issues.apache.org/bugzilla/show_bug.cgi?id=54033'. Severity set to 'normal' from 'wishlist' Marked as found in versions apache2/2.2.22-11 and apache2/2.0.52-3. Added tag(s) patch. Bug #157734 [apache2] request to support a wee bit of guesswork in content negotiation Ignoring request to alter found versions of bug #157734 to the same values previously set Unable to complete merge on previous attempt; trying again (retry: 2) Bug #157734 [apache2] request to support a wee bit of guesswork in content negotiation Ignoring request to alter found versions of bug #157734 to the same values previously set Unable to complete merge on previous attempt; trying again (retry: 3) Bug #157734 [apache2] request to support a wee bit of guesswork in content negotiation Ignoring request to alter found versions of bug #157734 to the same values previously set After four attempts, the following changes were unable to be made: found_versions of #157734 is 'apache2/2.2.22-11 apache2/2.0.52-3' not '2.0.52-3 apache2/2.2.22-11' Failed to forcibly merge 288615: Unable to modify bugs so they could be merged. End of message, stopping processing here. Please contact me if you need assistance. -- 157734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=157734 288615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.13757246249759.transcr...@bugs.debian.org
Processed: your mail
Processing commands for cont...@bugs.debian.org: severity 157734 wishlist Bug #157734 [apache2] request to support a wee bit of guesswork in content negotiation Bug #288615 [apache2] apache2: Issue with language negotiation exceptions Severity set to 'wishlist' from 'normal' Severity set to 'wishlist' from 'normal' End of message, stopping processing here. Please contact me if you need assistance. -- 157734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=157734 288615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.137572646319889.transcr...@bugs.debian.org
Processed: BTS lost with versions....
Processing commands for cont...@bugs.debian.org: notfound 288615 2.0.52-3 Bug #288615 [apache2] apache2: Issue with language negotiation exceptions No longer marked as found in versions 2.0.52-3. found 288615 2.0.52-3 Bug #288615 [apache2] apache2: Issue with language negotiation exceptions Marked as found in versions apache2/2.0.52-3. forcemerge 288615 157734 Bug #288615 [apache2] apache2: Issue with language negotiation exceptions Bug #157734 [apache2] request to support a wee bit of guesswork in content negotiation Merged 157734 288615 thanks Stopping processing here. Please contact me if you need assistance. -- 157734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=157734 288615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.137572591716945.transcr...@bugs.debian.org
