Re: The status of libapache2-mod-perl2
On Wed, Aug 15, 2007 at 09:32:30PM -0500, Gunnar Wolf wrote: - Should we hijack/adopt the package, or will its current maintainers stand up and get it back to life? - Is there somebody who wants to lead this? - Pkg-perl and/or Apache groups: Do you agree? :) - In any other case: Other takers? The debian-apache group has both the necssary perl, apache, and C skills required to maintain this, what we're lacking at times (hey, check the apache changelogs for my name recently... *sigh*) is the time. I'd be happy to see it in the debian-apache SVN repo, though, with a blanket policy for open non-NMU uploads from the Perl folk as well, just to spread the blame as thinly as possibly. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#357561: privilege escalation hole
Joey Hess wrote: On the third hand, this bug has documented a security hole with exploit in apache for about 2 weeks without any reaction from its maintainers, and was open for many months before that without any reaction from them. If apache isn't being maintained, it might be better to drop it from etch anyway. I have every intention of uploading to fix this ASAP, this week's just been... Special. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#395853: Help, I purged a package and now my configuration is gone.
Peter Samuelson wrote: It seems reasonable to purge apache2-common _after_ apache 2.2 is installed. That will work. But you apparently purged it _before_ upgrading to apache 2.2. That is not reasonable, and will not work. Unfortunately, apt-get --purge dist-upgrade will do just this, and this is muscle memory for a lot of us (me included). I'm not positive what, if anything, we can do about this, but this is not going to be an isolated bug report, it's likely to be very common. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#393083: Hijacked website
Stephen Gran wrote: Was this a joke? Did I miss something here? Yes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#388443: apache2: MUST NOT send data in an 304 reply
Christoph Biedl wrote:
| ?php
| header('HTTP/1.0 304 Not Modified');
| ?
While I can see the argument that apache should perhaps be trimming its
own output, you are aware that you can fix this in your PHP script by
not having that trailing newline in the file, right?
I realise some text editors enforce having a trailing newline, which
makes it a pain to remove it, but others will let you trim it.
... Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#387625: please split up the configuration files
Wessel Dankers wrote: - All config files must be named *.conf; this to prevent problems when dpkg creates a foo.conf.dpkg-old file. The postinst script might want to offer to rename existing files. Not commenting on the rest of the bug currently, but we already have a patch in apache2 that prevents it from loading .dpkg-* files when doing includes, so this is a non-issue. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#387396: subversion: depend libapr0 = 2.0.55-4.2 (libdb-4.4 problem)
Peter Samuelson wrote: - Conflicts: libsvn0 ( 1.4.0) - libaprutil-0 0 libapr0 (= 2.0.55-4.2) in the shlibs file These two things address the incompatibility from both directions. The shlibs change would have prevented bug #387396. Probably not worth having the conflict, since we're pretty sure that SVN will be rebuilt between now and release, but the missing shlibs bump was definitely an oops. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt problem with libapache-mod-perl
Hoeppner, Stan D. wrote: Error: mod_auth_ldap.so does not have a corresponding .info file. Error: mod_ntlm.so does not have a corresponding .info file. So, where did the above modules come from? If they were hand-compiled, create a .info file for them and your problems will be solved. If they were packaged, file a bug on the appropriate packages. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383267: apache: subprocess post-installation script returned error exit status 10
Bj�rn Mork wrote: This bug is also present in the latest security updates for Sarge, preventing them from being applied. I believe that the fix from 1.3.34-4 should be backported and distributed as an updated security fix with an updated version of DSA 1167. ii debconf 1.5.3 Debian configuration management sy This bug only manifests on your system because you're not using Sarge's version (1.4.30.13) of Debconf. I don't think that fixing bugs in stable because of their interaction with packages from testing is really all that sane. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#358543: apache: fails to install
Mike Koz wrote: Bug confirmed on unstable with Apache already installed and being upgraded on the PA-Risc platform. Workaround also works. Hopefully apache 1.3.34-4 will make it's way to the repositories soon. Err, it's already there, on all architectures. Perhaps you have a stale mirror? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache 1 in Etch
Moritz Muehlenhoff wrote: It has now, but if it's included in Etch it means that the Security Team has to maintain it until at least June 2009. Historically most of the vulnerabilities in Apache 1 applied to version 2 as well, so it's twice the amount of work and should only be done for good reason. Traditionally, I've had no issues with preparing stable-security updates of both apache1.3 and apache2, and would be happy to do this again in the future, if communication between the security team and debian-apache isn't too problematic for this to be a reality. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: RFH: PHP unbuildable due conflicting dependencies of apache-dev and apache2-prefork-dev
Ondrej Sury wrote: apache-dev depends on libbdb4.4-dev apache2-prefork-dev depends on libbdb4.3-dev libbdb4.4-dev conflicts with libbdb4.3-dev http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383659 ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#383659: apache2: please switch to libdb4.4-dev
Andreas Beckmann wrote: apache (1.x) recently switched to libdb4.4-dev, but apache2 still uses libdb4.3-dev. Now php5 can't be built due to conflicting build depends: libdb4.4-dev (pulled by apache-dev) and libdb4.3-dev (pulled by apache2-prefork-dev). I know. I'll be moving apache2, php4, and php5 to db4.4 shortly. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#366843: apache: same problem here...
Cristian Ionescu-Idbohrn wrote: Version: 1.3.34-3 | dpkg: error processing apache (--configure): | subprocess post-installation script returned error exit status 10 This is already fixed in 1.3.34-4. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how to add mod_info
nieca-onet wrote: Witaj debian-apache! how to add /usr/lib/apache2/modules/mod_info.so to /etc/apache2/mods-available directory and then compile into apache2 using a2enmod mod_info ? Does a2enmod info not do what you want it to do? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316321: revisiting the reload target issue
Pierre HABOUZIT wrote: Ping apache2-common maintainers ? is there any reason why that bug is rotting in a RC state for 4+ monthes ? I may perform an NMU soon. Yes, because I'm preparing a 2.0.58 upload which includes several patches to the init scripts, not just this one, so uploading just for this one bug would be reasonably pointless. The RC bugs certainly matter for Etch's release (and will be fixed soon, so in plenty of time), but they don't much matter for sid-etch migration, since we're already up to date in Etch. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to turn off index listing
David Liontooth wrote: On a fresh installation of apache2 (2.0.55-4), I installed mediawiki1.5. I'm now unable to turn off index listing. In /etc/apache2/sites-available/default, notice the bit here: Directory /var/www/ Options Indexes FollowSymLinks MultiViews [...] /Directory Remove Indexes, and you're golden. In http://httpd.apache.org/docs/1.3/mod/core.html I read, Why are you reading the 1.3 docs to configure apache 2.0? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368315: apache: [notice] child pid xxxxx exit signal Segmentation fault (11)
[EMAIL PROTECTED] wrote: Have a look at http://lists.debian.org/debian-user/2005/09/msg00382.html I've found this message on lists.debian.org. It seems it describe the same problem but it never got any answer :( Apache can segfault for any number of wonderful reasons. One person reporting segfaults does not mean it's the same problem you're having. The only way I can reliably debug this is with a gdb backtrace of the offending process. I can't magically determine why it crashed just from reading logfiles that say apache crashed. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368610: Log for failed build of libapache2-mod-geoip_1.1.8-1 (dist=unstable)
Martin Michlmayr wrote: Sorry, Adam, but ssl-cert still doesn't install - the following happens when it's installed with debconf priority non-interactive: Automatic build of libapache2-mod-geoip_1.1.8-1 on bilbao by sbuild/sparc 85 ... Setting up ssl-cert (1.0.13) ... chgrp: cannot access `/etc/ssl/private/ssl-cert-snakeoil.key': No such file or directory chmod: cannot access `/etc/ssl/private/ssl-cert-snakeoil.key': No such file or directory Oh, grr. Foiled by a bugfix that generated a diffirent bug. I need to slow down and just do it right. Thanks for the heads-up. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368610: Log for failed build of libapache2-mod-geoip_1.1.8-1 (dist=unstable)
Adam Conrad wrote: Martin Michlmayr wrote: ... Setting up ssl-cert (1.0.13) ... chgrp: cannot access `/etc/ssl/private/ssl-cert-snakeoil.key': No such file or directory chmod: cannot access `/etc/ssl/private/ssl-cert-snakeoil.key': No such file or directory Oh, grr. Foiled by a bugfix that generated a diffirent bug. I need to slow down and just do it right. Thanks for the heads-up. Actually, on second thought, I don't see how this can happen. Those files should be generated earlier in the postinst before we try to chmod/chgrp them. Does /etc/ssl/private not exist on that machine when openssl is installed? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#368315: apache: [notice] child pid xxxxx exit signal Segmentation fault (11)
tech wrote: my /var/log/apache/error.log is filled with error messages like : [notice] child pid 15353 exit signal Segmentation fault (11) Please run apache -X under gdb and see if you can get a backtrace of the segfault, so we know who's at fault here. Also, a list of modules you have loaded (and their package versions, or information if they've been compiled/installed manually) would be useful. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327139: apache-perl purge ate /etc/apache
Geoff Crompton wrote: There is also /var/lib/dpkg/info/apache-perl.list, with the line /etc/apache. Does dpkg use this file to remove stuff? Or is everything to be removed expressed in the apache-perl.*rm scritpts? dpkg removes everything from .list files, *BUT*, it will never remove a directory if it's either a) still owned by another package, or b) not empty. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327139: apache-perl purge ate /etc/apache
Geoff Crompton wrote:
Do you have any recommendations on how to safely purge apache-perl? I
thought it'd be good to have it documented in this bug report, for
future people that might stumble across this.
* manually edit files in /var/lib/dpkg/info to remove references to
things belonging to apache, then purge
This one's probably your best bet.
/var/lib/dpkg/info/apache-perl.{prerm,postrm} may both be executed on
purge, depending on the current state of the package, and how those
scripts are written. Dissecting them to remove whatever offending bits
they may have shouldn't be too hard.
... Adam
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327139: apache-perl purge ate /etc/apache
Geoff Crompton wrote: ii apache 1.3.33-6sarge1 versatile, high-performance HTTP server pc apache-perl1.3.9-13.1-1.2 Versatile, high-performance HTTP There's nothing I can do to fix the potato (!) version of apache-perl at this point. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298689: What do you gain?
Nick Phillips wrote: Using a passphrase on your ssl keys should mean that someone is unable to take them and use them elsewhere without your knowledge. You do realise that anyone with root access on your machine while apache is running can just yank the unencrypted key right out of apache's memory space, right? This is obviously true, since if apache didn't keep either your key or your passphrase (which would amount to the same thing) in memory at all times, it would have to ask you for your passphrase on each incoming connection. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298975: Regex problems remain for apache in sarge/amd64
Grant McLean wrote: The latest version of apache for amd64 in Sarge seems to be 1.3.33-6 which does not include the fixes to the regex code. This seems to me to be a fairly grave flaw in the stable version. Am I missing some obvious solution? You're missing that amd64 is not an officially supported architecture for sarge (it will be in Etch) and that we don't make updates to sarge for non-critical bugs. Your best bet would be to recompile the sarge version of the package with the patch from the bug report applied, if you want this fixed on amd64/sarge. Either that, or update to etch. :/ ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache startup script in /etc/init.d
Didier Gehéniau wrote: I found a bug in the startup script. We start and stop apache in a cron job to backup some files. In the startup script start-stop-daemon is used, this command is in /sbin in the PATH variable the /sbin directory is not there. Therefore when /etc/init.d/apache is run in an environment with no /sbin in the PATH the script will fail to run! /sbin and /usr/sbin are expected to be in your path when you run init scripts, as they're expected to be run as root. If this isn't the case in your setup, the bug lies elsewhere, not in apache. (hint: you can set PATH at the top of your crontab) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289868: NMU?
Olaf van der Spek wrote: Do you mind if a NMU is done to fix this issue? Isn't it traditional to submit patches before an NMU? How do you propose to fix it? The only real way to fix it is to move the config out of mod_ssl's config and into the default ssl vhost. Which is a bit of a catch 22, since we don't HAVE a default SSL vhost currently (which is a different set of bugs we intend to fix). ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#350286: apache2-common: why is the apache2 pid file not in /var/run/apache2?
Marc Haber wrote: why is apache2 configured to write its pid to /var/run/apache2.pid instead of /var/run/apache2/apache2.pid? Is that an oversight in packaging or am I missing something? You're missing the fact that, while the current location isn't ideal, it's a serious pain in the ass to FIX it now, because it requires unconditionally running sed across people's config files. Which is not generally considered nice. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: To which package should I report this bug?
Christoph Auer wrote: I'm currently asking me to which package I should report this bug: http://bugs.php.net/bug.php?id=19113 apache2-mpm-prefork2.0.54-5 libapache2-mod-php44.3.10-16 I can't reproduce this on unstable, with apache2 2.0.55-3 and either php4 or php5. As the PHP bug concludes, this has been fixed along the way, though I'm not positive in which package. If I had to guess, I'd say it's probably been fixed in apache2, but I'd have to comb through the changes to find the fix. Even then, we're highly unlikely to fix the bug in stable (we tend to only fix security bugs and critical/grave functionality breakage in stable, specifically so it can remain stable). ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#241223: (no subject)
Rikard Bremark wrote: Linux warzone-web-mysql 2.6.8-2-686 #1 Thu May 19 17:53:30 JST 2005 i686 GNU/Linux Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-16 Server at www.warzone.nu Port 80 and still not working, a 3.5 gb tar file. ... which is why the bug is still open, and will remain open until we start shipping Apache 2.2.x ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#289868: apache2: No keep-alive for MSIE
Olaf van der Spek wrote: Hi Apache2 maintainers, Could you tell me why this bug has not been fixed yet? It most likely will be in my next upload. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#328596: workaround
Renat Sabitov wrote: After searching in web I found command, that help: # fc-cache -f Why this command not executed when font packages are just installed? Erm, it is (or, it's supposed to be, via defoma). If this bug is being caused by a specific font package that isn't running defoma/fc-cache correctly (or at all), pretty please reassign it the correct package. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#337507: apache2: apache segfault when requesting text file
Brent G. wrote: I dont have the slightest clue when this error popped up since it only happens for a certain file which isn't requested all that often, but whenever somebody tries to load it, apache then proceeds to segfault. Can you provide the text file for which this occurs? Furhtermore, does it occur if you try the same text file on another webserver? What about if you move the file to another path? If it seems to be path or server-dependant, then we'll need as much info as possible about how your paths are set up, what your apache configuration looks like, etc (as well as the text file itself, if it's not sensitive...) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#322348: /etc/init.d/apache script wasn't removed by postrm
A. Costa wrote: Seconded. It's not installed on my system: % dlocate -s apache | grep Status Status: deinstall ok config-files [ much confusion about status lines ] I think you're confusing the first and last columns. That installed | not-installed stuff goes in the third column, which is the state column. In your case, the state is config-files, which is basically halfway in between installed and not-installed. The first column is the selection state (what would get set by dselect, for instance), which is more a statement of what you've TOLD the package system to do, not necessarily what it has done. That one can be install, deinstall, or purge, IIRC. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#336318: compiling mod_watch in apache2
reassign 336318 wnpp retitle 336318 RFP: libapache2-mod-watch, a vhost monitoring module kthxbye Paul van der Holst wrote: Is it possible to add mod_watch: http://www.snert.com/Software/mod_watch/ into apache2? I'm not going to include random 3rd party modules in the apache2 source package, so the right place for this to be is a filed as a request for packaging bug against WNPP (which I've now done for you). ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug on php4.3.10-16 with apache 1.3
[EMAIL PROTECTED] wrote: Hi, I've just seen that the function checkdnsrr return always true on my server whereas on my laptop with Apache2 the function works perfectly. This bug is seen also on the dedicated server of a friend, debian stable with the same PHP version and apache 1.3 I'm pretty sure that apache1.3 versus apache2 is a red herring here. Can you install php4-cli on all the system, and try php4 test.php at the command line, using checkdnsrr() in test.php? I'd bet that the problem will manifest on the same machines, but your laptop will work, in which case I'd assume it's something to do with your local resolver setup on each of those boxes. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: libapache-mod-per error
Javier Vicente wrote: Error: mod_mono.so does not have a corresponding .info file. What can I do? I assume you compiled mod_mono.so by hand. See the documentation[1] for how to se up an info file for your module, then you should be able to complete configuration of mod_perl without any issues. ... Adam [1] /usr/share/doc/apache-dev/README.modules -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#335438: libsvncpp-dev and libapr0-dev cannot be installed together
Matthias Klose wrote: Package: libsvncpp-dev,libapr0-dev Severity: serious that means, that pysvn's build-deps cannot be installed anymore. Please coordinate, if these these packages should depend on libdb4.2-dev or libdb4.3-dev. They should depend on libdb4.3-dev (and build against libdb4.3). I'm committing changes to pkg-subversion right now to fix up libsvn0 and friends to switch over to db4.3... With any luck, we can rid our systems of db4.2 sometime in the next 6 months. :/ ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: conf.d or sites-enabled?
Faheem Mitha wrote: I have no current plans to use Virtual Hosts, so I was wondering if there would be any downside to moving the stuff in sites-enables/default to conf.d, which seems like the obvious place for it to go. There's no real downside to moving the file anywhere you want, as long as the main config includes it, and includes it at the right place, but who really cares? If you're not using vhosts right now, that just means you have exactly one vhost -- default. Works fine out of the box like that. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#334824: logrotate: Postrotate documentation - Why restart?
Kai Hendry wrote: I discovered a HUP signal causes Apache just to reload the configs. And crash, in certain interesting and curious corner cases. Though in Debian Unstable's /etc/logrotate.d/apache2 it actually does a *restart* not a kill -HUP. Which in /etc/init.d/apache2 issues a restart which actually stops the server. Is that a bug? Yes, but it's one I won't fix until I'm sure that doing a reload won't crash anymore. the logrotate script is a conffile, which means we won't touch it on upgrade without asking first, so feel free to change your local copy to do whatever works for you. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unstable upgrade exp
Kai Hendry wrote: Fatal error: Call to undefined function mysql_connect() dpkg-reconfigure php5-mysql Make sure it's enabled in apache2 (if that's what you're using, CGI, apache1, or whatever as appropriate) Restart the webserver (this bit's important, unless you're using CGI) If that doesn't work, I'd like to know. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unstable upgrade exp
Kai Hendry wrote: bible$ dpkg -L apache2-common | grep init /etc/init.d /etc/init.d/apache2 bible$ cat /etc/init.d/apache2 cat: /etc/init.d/apache2: No such file or directory Big problem was the /etc/init.d/apache2 could not be found. I did reinstall apache2-common and still it wasn't to be found. dpkg -i --force-confmiss /var/cache/apt/archives/apache2-common*deb dpkg --configure -a Init scripts are conffiles, and deleting a conffile is a decision respected by the packaging system. All your other problems stem from this. I should probably fix our postinsts to be more tolerant in the face of a missing init script, but that still wouldn't have solved your problem, just made the errors less scary. :) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache-perl update?
Evan Carroll wrote: Do those that maintain debian have any interest in updating to Apache 2.0. An apache2-perl package or an update of apache-perl would be convienient. mod_perl2 is also out now. There's really no need to have a statically-compiled apache2-perl package, just install apache2 and libapache2-mod-perl2 instead. The apache-perl package exists for historical reasons, due to past instability with mod_perl compiled as a DSO, but these issues seem to have been long since fixed. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache2 error with ssl and php4
Com Puter wrote: I am trying to configure apache2 for a Debian distribution and having trouble getting ssl and php4 to work. If the loadmodule statement is included for either of these two modules I get an error like below: Syntax error on line 1 of /etc/apache2/mods-enabled/ssl.load: Cannot load /usr/lib/apache2/modules/mod_ssl.so into server: /usr/lib/apache2/modules/mod_ssl.so: undefined symbol: SSL_get_error Is this on unstable, with php4 4.4.0-3? If so, this is probably due to symbol clash between different versions of libssl used with php4 and apache2, and will be cleared up reasonably soon. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#241223: apache2-common: me three?
Mark Nipper wrote: I'm having what I assume is the exact same problem. Automatically built indexes avoid showing files larger than 2GB and directly trying to GET those files produces a 403 and this in error.log: If you check the apache2 changelog, you'll note that we once turned on large file support, but due to A) ABI incompatibilities with upstream that we got yelled at for, and B) an odd bug in subversion we couldn't readily hunt down, we turned it off again. The upstream 2.0 does NOT support large ( 2GB) files on 32-bit platforms, the upcoming 2.2 release does. If you want to compile your own, you can grab the LFS patches from debian/patches/to-review, move them into debian/patches, uncomment the FILE_OFFSET CFLAGS in debian/rules, and build the packages, it does all work fine, but it breaks the module ABI, so you need to recompile all your apache modules too (including enabling LFS in PHP). An easier option may be to switch to a 64-bit platform, where large file support is the norm. ;) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#330276: marked as done ('apache2ctl restart' exits with 0 after 404)
reopen 330276 thanks Debian Bug Tracking System wrote: . * Rebuild due to gmp transition. Closes: #330276. Hello, typo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#330275: apache2: init script exits with 0 when called incorrectly
Luke Kanies wrote: Apache2's init script does not support a 'restart' option It doesn't? It does here. but when it is called with that option, it mistakenly exits with a return code of 0, instead of a code indicating failure. According to the LSB, it should exit with a 4: Right you are, though, that it shouldn't exit 0 when called incorrectly, will fix that. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#330276: 'apache2ctl restart' exits with 0 after 404
Luke Kanies wrote: When 'apache2ctl status' is called against a server that does not have the 'status.cgi' configured, it gets a 404 but then still exits with a 0 exit code. While in some ways it could legitimately be said to have verified that the server is at least running, it gives a false impression via its exit code, one which is particularly frustrating with automated tools. Not sure how the exit code of status would ever be meaningful without also looking at the output, as lynx may have succeeded, but the status page could be telling you that your webserver's on fire. The whole point of status is the output, as far as I'm concerned. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mass bug filing on packages that are blocking use of cdebconf
Joey Hess wrote: This is your third and final reminder. I count 542 packages remaining, down only 9 from last month. I assume most of the people below do not read debian-devel, so I've taken the librerty of BCCing you all. :-P Debian Apache Maintainers debian-apache@lists.debian.org apache2 apache2 will be fixed when 2.0.55 is released upstream and I upload it to sid (which is due to happen any day now). I didn't see the point in an upload just to fix this issue. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327269: still problems
Andreas Jellinghaus wrote: btw, I tried --no-auth-cache and it does not help at all. any other idea? Can you test the packages at http://people.debian.org/~adconrad/apache2-security/ for me? They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't be positive if they'll fix YOUR bug without testing. Thanks. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#329045: libapache-mod-perl: Apache segfaults when mod_perl is loaded
Jeff Williams wrote: Running gdb gave me: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 80872 (LWP 10668)] 0x0f9049c4 in boot_DynaLoader () from /usr/lib/apache/1.3/mod_perl.so Can you run that as apache -X in gdb, and get a backtrace? Do you have any other modules loaded, like php4 and any php modules? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#328212: Apache segfaults on Alpha
Atsuhito Kohda wrote: [Tue Sep 13 10:35:02 2005] [notice] Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.24 OpenSSL/0.9.7g DAV/1.0.3 configured -- resuming normal operations [Tue Sep 13 10:35:02 2005] [notice] Accept mutex: sysvsem (Default: sysvsem) [Tue Sep 13 10:49:01 2005] [notice] child pid 14211 exit signal Segmentation fault (11) Would it be possible for you to run apache -X in a gdb session, and backtrace the SEGV for me? If I had a look at how it was dying, I may have a clue as to why. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327796: apache: [m68k] FTBFS: Segmentation fault ./gen_test_char test_char.h
Christian T. Steigies wrote: ./gen_test_char test_char.h /bin/sh: line 1: 23424 Segmentation fault ./gen_test_char test_char.h Already spinning another build on another box to see if it was cosmic rays. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327796: apache: [m68k] FTBFS: Segmentation fault ./gen_test_char test_char.h
Adam Conrad wrote: Christian T. Steigies wrote: ./gen_test_char test_char.h /bin/sh: line 1: 23424 Segmentation fault ./gen_test_char test_char.h Already spinning another build on another box to see if it was cosmic rays. And just got the same failure on kullervo. Guess it's time to go toolchain bug hunting again. sigh ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sarge php4/debian problems
Andrew wrote: Hi All, I am getting these errors after running upgrading a system to sarge... Error: mod_auth_mysql.so does not have a corresponding .info file. Looks like mod_auth_mysql was installed by hand and doesn't have a .info file. Either create one for it, or (preferably) install the debian package libapache-mod-auth-mysql, which should overwrite it and clear up the issue. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327269: apache2 security update breaks ssl+svn
Andreas Jellinghaus wrote: On Friday 09 September 2005 02:37, Adam Conrad wrote: I would like a tarball of your /etc/apache2/ if there is anything else I can do to help, please let me know. Meh. Yeah, this is actually a neon or svn (not sure who) bug, where it can't do renogotiations when requested, and our fix for the security hole in apache2 removed a feature (that feature was the security hole) you were relying on with your configs. I need to set up a test case here and see if there's a good way to do this, so it still works how you want, without fixing neon/svn (which isn't really an option). The bug that you were taking advantage of is that if you had SSLVerifyClient optional in your VirtualHost, and SSLVerifyClient require in a Location statement, the latter would never be honoured, so I could actually get at your SVN repo by refusing to offer a client cert, and Apache would give me write access. Whoops. We've fixed that, but in fixing that, obviously you've tripped on the above issue. Could you try, for curiosity's sake, setting SSLVerifyClient none in the main VirtualHost, and keeping the rest the same, and seeing if that makes a difference for you at all? Over the weekend, I'll set up a test SVN site and follow some codepaths around in mod_ssl and see if there's still a way (short of you using seperate Vhosts for read access and read/write access, which has been considered by many the most secure option) to have apache behave the way you'd like it to. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#327269: apache2 security update breaks ssl+svn
Andreas Jellinghaus wrote: Package: apache2 Version: 2.0.54-5 Severity: critical After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken: subversion client (e.g. checkout): svn: PROPFIND request failed on '/svn/test' svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3 alert unexpected message (https://www.opensc.org) apache error log: [Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not accepted by client!? downgrade to 2.0.54-4 and everything is fine again. debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386, apache2 on 80 and 443, ssl with self signed certificate, accepting a list of self signed certificates, svn repository needs those for write access only. more configuration and any detail you need available on request. I would like a tarball of your /etc/apache2/, if that's not too much inconvenience. I suspect a combination of a longstanding subversion bug and a (mis)configuration of apache2 are biting you, and the recent apache2 bugfix just exposed the issue. I need to see how you have your sites set up to confirm this, though. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#326694: [ham] Re: Bug#326694: apache-ssl won't run .php files
Kristis Makris wrote: On Mon, 2005-09-05 at 17:45 +1000, Adam Conrad wrote: Is libapache-mod-php4 actually installed on your system? Do you get any output in apache's error log when you start it? You didn't answer this bit ---^ Yes it is. In fact, apache runs drupal, written in php, with no errors. But apache-ssl just doesn't. Alright, so the php4 module obviously works, it's the apache-ssl configuration that's breaking for you. Which is what would occur if the php4 module isn't being loaded at all, since then apache doesn't know how to process php_flag directives. That would make sense, but still, libapache-smod-php4 is installed. Right, installed, but most obviously not being loaded by apache-ssl. If there's nothing terribly sensitive in your configuration, could you perhaps forward me a tarball of /etc/apache/ and /etc/apache-ssl/ ? (removing any SSL certs you may have in those directories, though I tend to keep mine in /etc/ssl/, everyone is different). :) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#326435: CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter
Moritz Muehlenhoff wrote: Package: apache2 Severity: important Tags: security CAN-2005-2728 describes a DoS vulnerability through overly long values in the Range field. Please see http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 for a more complete description and a patch. An update it already in the works for this, and should be released very soon. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CAN-2005-1344: Buffer overflow in htdigest
Martin Schulze wrote: Umh... Did anybody bother to check yet? That's what all of these uploads were about. Did the woody when never actually get uploaded? http://cerberus.0c3.net/~adconrad/apache-sec/ ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#316342: Acknowledgement (apache2-util must depend on libtasn1-0 and libgcrypt1)
Uhm, these dependencies are pulled in via our use if libldap2, which depends on libgnutls which, in turn, depends on those libs. It's definitely not an apache2 bug. Furthermore, I'm completely baffled about the libgnutls.so.7 output in your ldd call, since libldap2 in all of Sarge, Etch, and Sid depends on libgnutls11. Are you running an out-of-date system, which is perhaps contributing to your goofy dependency issues? (ie: a transitive bug that's since been fixed?) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Regarding ASF Bugzilla Bug 35555 and Debian Apache package
Nicklas Bondesson wrote: I just want to make sure that nothing hinders this submition (licence etc.). Debian's general take on patching upstream packages is to license it under the same license as upstream, whatever that may be, specifically to make it easier to get patches accepted upstream, so we can stop maintaining them. While I'm not sure who was responsible for this specific patch, as a Debian Apache maintainer, and I can be fairly sure that no one intended to license it incompatibly (as was suggested in the bug, where someone surmised that it was probably GPL... Not sure where they'd get that idea from). All of THAT aside, so little code is changed, and it's mostle just shuffling header includes, I'd question if the patch was even copyrightable in the first place. We've submitted many patches upstream in the past, and will continue to do so in the future. If this one slipped through the cracks, it's only because it was so small and insignificant, not because of the license. By all means, take it, give it a new home in ASF SVN, let us stop carrying it around in our package. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316303: apache2-common: apache2ctl -k stop not being used - faulty init.d/apache2 logic
Jason Rhinelander wrote: if `apache2 -t /dev/null 21`; then will always be false, due to being in backticks. lucifer:~# if `apache2 -t 2/dev/null`; then echo YAY, IT WORKS; else echo BROKEN; fi YAY, IT WORKS lucifer:~# echo RANDOM CRAP /etc/apache2/apache2.conf lucifer:~# if `apache2 -t 2/dev/null`; then echo YAY, IT WORKS; else echo BROKEN; fi BROKEN lucifer:~# It seems to work fine to me. Sure, it's weird to have it in backticks, but it DOES seem to work, as the subshell invoked with the backticks will exit with the correct error code. After fixing this, I also noticed and added a fix for bug 290060, which is that `apache2 -k stop' is being called inside this if statement instead of `apache2ctl -k stop'. apache2ctl stop just calls apache2 -k stop anyway, but I agree that the init script should be consistent in calling apache2ctl everywhere, rather than apache2ctl sometimes, and apache2 directly at other times. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
Steve Kemp wrote: Can I be the first to say that I don't understand the nature of this issue? The description sounds reasonably straightforward, though I'd classify this as a vulnerability of pretty low importance, from a will people be exploited by this viewpoint. Is this also present in 2.0.54 which is the latest stable release? There's no mention of it in the changelog there.. It looks like it's in 2.0.54, and there's a backport in SVN for the 2.0.55 release, but the backport looks more like a massive feature backport, not just a small security patch, so I may look at if there's a way to fix this a bit less intrusively. Actually, it's worth nothing that we muck with Content-Length at another point, thanks to a Debian-specific patch, so we may accidentally not be vulnerable to this anyway. I'll follow the code around a little later today and see if that's the case. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315927: apache(-common?): postrm may only use essential stuff on purge
Lars Wirzenius wrote: In the source package the file debian/pkgtemplates/flavours.postrm contains calls to ucf, but when the package is purged, ucf might not be on the system anymore. (This may apply to other packages built from the apache source package. I didn't check.) Thanks for the catch. I have a feeling you'll run into this particular bug a lot, as unregistering ucf-registered conffiles in postrm is almost certainly a common thing. I'll rework our postrm to use ucf iff it's installed, and fall back gracefully to just manually deleting the conffiles if it's not. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: upgrade from woody to sarge
Mario Ohnewald wrote: Warning: Illegal offset type in /usr/share/phpmyadmin/libraries/grab_globals.lib.php on line 71 I give twenty-to-one odds that you have the ZendOptimizer installed, and it needs to be updated to match the current version of PHP on your system. I can't really do anything to support binary-only modules from other vendors, so you're pretty much on your own if that's the case (but the fix is easy enough). ... Adam (The other possible cause could be a PHP cache of some sort, which would probably just need to be flushed out, then everything may be happy). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#286138: same for mod_disk_cache
severity 286138 wishlist retitle 286138 better module dependency handling needed merge 286138 273929 kthxbye martin f krafft wrote: seamus% /usr/sbin/apache2ctl configtest Syntax error on line 1 of /etc/apache2/mods-enabled/disk_cache.load: Cannot load /usr/lib/apache2/modules/mod_disk_cache.so into server: /usr/lib/apache2/modules/mod_disk_cache.so: undefined symbol: ap_cache_cacheable_hdrs_out The fix in both your cases is to 'a2enmod cache' as well. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#312810: Apache2 consumes 100% CPU after several LDAP authenticated requests
Geert Nijpels wrote: It looks like this problem is related to bug #307567. Apache starts consuming 100% CPU after some requests. Restarting Apache lets it serve pages for a few minutes again. Downgrading to apache* 2.0.54-2 fixed the problem. We use apache2-mpm-prefork on an up-to-date sarge installation. Well, that's just bizarre, since 2.0.54-2 is the version with the new util_ldap code from upstream, while 2.0.54-4 is completely reverted to the tried and tested code from 2.0.53 and previous. Everyone else (so far) has found 2.0.54-4 to be much more stable and useable. Are you pushing a LOT of LDAP requests through apache2? If so, I could see how the 2.0.53 (2.0.54-4) code might eventually lead to a bunch of hung connections (though, it's always been like this), but you'd have to be pushing a LOT of LDAP requests through, or have a serious CPU/RAM shortage for it to spike your system really badly. At any rate, given everyone else's track record so far with these versions, I think it's safe to say that the version in Sarge will stay as it is, however in Sid we will be getting apache2 2.0.55 soon, which has the newer code (with LDAP connection timeouts), but it's actually meant to work now, rather than randomly segfaulting and spiking the CPU. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: problems removing libapache-mod-perl
Jacob Bresciani wrote: Error: java.so does not have a corresponding .info file. So, where did /usr/lib/apache/1.3/java.so come from? If it's from a package, is there an updated package somewhere that had a proper .info file? If it was compiled by hand, can you create an .info file for it? (See /usr/share/doc/apache-dev/README.modules). If you move java.so out of the way, the installation should complete just fine. But you probably want a .info file that matches java.so anyway. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache modules (Error: mod_macro.so does not have a corresponding .info file.)
Mark Lowe wrote: Error: mod_macro.so does not have a corresponding .info file. If you read the list archives, you'd notice we've addressed this a few times. /usr/lib/apache/1.3/mod_macro.so was either hand-compiled, or came from a broken package. If the former, please see /usr/share/doc/apache-dev/README.modules, if the latter, please find the packager responsible and get it fixed. ... Adam (If you want the dpkg postinst of your other modules to succeed in the interim, just move mod_macro.so out of the way, and retry the installation) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#311968: apache2-common: can't be accessed from ipv4 clients in default configuration
Torok Edwin wrote: If I run apache2 using it's default config, it binds to the ipv6 address, even though I haven't set up an ipv6 connection (sit0 is down, only eth0, ppp0, and lo is up). This is definitely a new one on me. Given that no one else has ever reported this bug before, and pretty much everyone out there has setups similar to your (ipv4-only, no ipv6 configured), I'd be curious to know what's special/different about your setup. Is there any information you can give us about the oddity of your configuration that could shed some light on your very unique issue? After a default apache2 installation, what does lsof -i TCP | grep apache show you? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Apache upload speed
Cliff wrote: My DSL can do 256k upload but I can only get 30k upload with Apache. Is there a way to control the upload speed of apache or does it have to be done in the OS? If so does anyone know how to do that? Apache will happily saturate your available bandwidth, if there's no other contention. Of course, my first suspicion here would be that you're not having troubles with a congested connection, but just with math and the different between bits and bytes. My DSL connection has an upload speed of 256 kbits/s. Most web browsers will display download speeds in kBytes/s. 256 bits is 32 Bytes. So, if you're downloading from your webserver at 30 kBytes/s, you're getting 240 kbits/s, which is pretty darn close to your line speed, especially when you factor in TCP overhead. If simple math isn't the issue, I suggest you look for other applications running on your network (like file sharing apps) that are causing bandwidth contention. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#310650: Acknowledgement (apache2-mpm-prefork: SSLUserName directive does not change REMOTE_USER)
forwarded 310650 http://issues.eu.apache.org/bugzilla/show_bug.cgi?id=31418 thanks Eric Jonas wrote: REMOTE_USER = Erica H Peterson Apache/2.0.52 (Debian GNU/Linux) DAV/2 SVN/1.1.4 mod_ssl/2.0.52 REMOTE_USER = /C=US/ST=Massachusetts/O=Massachusetts Institute of Technology/OU=Client CA v1/CN=Erica H Peterson/[EMAIL PROTECTED] Apache/2.0.54 (Debian GNU/Linux) DAV/2 SVN/1.1.4 mod_ssl/2.0.54 I've forwarded this upstream, hopefully someone there will have a look at it before I have a chance to. Unless the Sarge freeze gets rolled back (which I doubt), a fix for this most likely won't make it into Sarge, however. :/ ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298689: Bug with Debian Apache2 logrotate script
Heiko Stbner wrote: While obtaining another certificate I found the perfect example :-) Take a rented server (cheaper traffic than hosting it yourself) for an online-shop, hosted somewhere and no one knows who can get access to it directly on the console (like root=/bin/bash kernel command line) and to the certificate files. If someone has console access to your machine, you should already consider it compromised (this is, for instance, why one should never keep a PGP/GPG private key on a co-located machine). They can also get a keylogger on your machine, trip a reboot (Oh, I mean power failure), and wait for you to come along and restart apache. As soon as you do, they have your cert passphrase. They can even just grab a copy of the excrypted cert and go brute force it on their own time with a small cluster. But still, the attacks you mentioned don't require one to have access to the cert anyway, they only need to have access to the webserver to alter your content, which the server will happily continue to sign and serve as always. But if a security update of apache in 6 months tells me there are differences between the files in the package and in the filesystem I have to guess why (or look it up why I did it) and apache is not the only package. So looking through notes on many packages checking if these changes are correct takes time and is error prone. It's easier (and safer) to stay near the original :-). A security update of apache2 shouldn't change the logrotate script. And, if we don't change OUR copy, dpkg doesn't bug you to change YOURS. It's only when ours changes that it expects you might want to merge changes locally. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298689: Bug with Debian Apache2 logrotate script
Heiko St?wrote: Basically the problem is the postrotate command which calls /etc/init.d/apache2 restart and since version 2.0.53-5 this fully stops apache und then starts it again, killing the whole thing if the apache uses an SSL certificate with passphrase since nobody can enter it. There are valid reasons we do it this way, as some modules have been known to crash on any other type of restart. It was the lesser of two evils (or, the lesser of two unavoidable bug reports). I will be revisiting the fragility of apache's various restart/reload/graceful processes in relation to 3rd party modules after Sarge releases, but for Sarge, this is what we're stuck with. Perhaps the more interesting question for you is: Why do you use passphrases on your SSL certs? If they're only readable by root, what have you gained with a passphrase? If I'm root, I can do arbitrary things to your webserver anyway, including mucking with user sessions, inserting unwanted content, and hijacking sensitive data, so I fail to see how a passphrase does anything but make it more of a pain to both boot the machine and restart apache. The day someone comes up with a valid use case for passphrases on SSL certs is perhaps the day I care more about this bug than some others. :) I know it's trivial to correct by myself but I try to keep the divergence to the debian packages real low Everything in /etc/logrotate.d/ should be a conffile, so there's no harm in you editing it. Your changes won't be overwritten. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#307567: apache2-common: Apache processes locks up after some queries
tags 307567 pending thanks Gabor Lenart wrote: In case of pages which require a few seconds to responds (because of active content complex enough to generate in only seconds) often locks, eating 100% of idle CPU. After some hours, many dead processes causes to rise load above eg 70, and server starts to become unusable. According to debian bug database, I've found a similar bug namely #307567. And yes, after removing loading of ldap modules from apache config, the problem went away! (modules /usr/lib/apache2/modules/mod_ldap.so and /usr/lib/apache2/modules/mod_auth_ldap.so). It's interesting, that there was no configuration for using ldap auth just loading the modules. Pages which were simply static content was served without problem anyway. This will be fixed in the next upload, which will make it into Sarge. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#307584: apache2-common: Rename /etc/apache2/conf.d/apache2-doc to apache2-doc.conf
Matthias Julius wrote: Now I have investigated that issue and found out that this change in the apache2 config has been made by the phpmyadmin package. There a bug has already been filed under #307275. I apologise for being short with you. I was not aware of #307275 until it was brought to my attention earlier today. If I had been, I would have pointed you in that direction, rather than raving about local changes. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#235653: Status of Bug 235653?
Mike McCallister wrote: What is the status of bug 235653 (http://bugs.debian.org/235653), to enable mod_auth_ldap to use TLS/SSL? Based on the response from March 1 2004, it sounds like it was intended to be fixed in short order, but this bug is still open. Is it likely to be fixed any time soon? Note that the page you pointed to states that SSL is supported via the Netscape SDK *OR* TLS is supported via OpenLDAP. I would read that to mean that the LDAP: SSL support unavailable message would be expected when using OpenLDAP. Have you tried the LDAPTrustedCA and LDAPTrustedCAType directives which are pointed out at: http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html#usingtls The way I read that would be that you shouldn't use ldaps:// with OpenLDAP, but rather just ldap://; with the two directives above. If you can try that out and let me know if it works out of the box, then perhaps I can close this bug. :) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#305302: apache2: segfaults when a websvn repository URL is accessed
robin wrote: I have apache2 installed along with PHP and WebSVN (all from testing). Currently, when I access a websvn URL, the apache instance crashes with a segmentation fault. And what versions of libapache2-mod-php4 and websvn do you have installed? If you upgrade everything to unstable versions (if you upgrade apache2 and happen to use suexec, watch out for bug #305242, which I'm uploading a fix for right now) does the problem magically go away? If not, can you run apache2 -X in gdb, make it segfault, and get us a backtrace? That should help narrow down which package is at fault, and start giving me hints as to where it's broken. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#285337: Large file support disabled in this build
Ian Chiew said: The following line in debian/rules is commented out: #AP2_CONFLAGS += -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 We know. Without it, the apr_off_t type used internally by Apache will be only 32-bits wide, thus causing the reported problem. We know. I realize that this will break the module ABI (and force a rebuild of all already-packaged Apache2 modules). But releasing Sarge with its flagwhip webserver sans large file support seems a bit silly. This just isn't going to happen. We already did this dance once (turning on LFS, then turning it back off when a few interesting bugs cropped up as a result). We'll have LFS in Apache 2.1 and libapr1, not before. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#304427: apache: Segfault after upgrade
Csillag Kristof said: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1209165632 (LWP 23260)] 0xb782d324 in ERR_add_error_data () from /usr/lib/i686/cmov/libcrypto.so.0.9.7 Do you have both php4-pgsql and php4-imap installed? What happens if you swap the order of extension=pgsql.so and extension=imap.so in your /etc/php4/apache/php.ini? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#301756: horde2: Horde doesn't start; just a blank page. Apache log: 'child pid **** exit signal Segmentation fault (11)'
Ola Lundqvist said: On Mon, Mar 28, 2005 at 01:42:02AM -0300, Luis Nogueira wrote: Apache and MySQL run ok, but horde doesn't start. Just a blank page. On Apache log: child pid exit signal Segmentation fault (11) for every attempt of reloading http://website/horde2/, while /horde2/test.php loads ok. This is a problem with either apache or php. Probably PHP. If you upgrade all php4-related packages (libapache-mod-php4, php4-mysql, etc) to 4.3.10-10 from unstable, does that clear up your problems? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#301266: Always advertises 'Debian GNU/Linux'
Robert Millan said: Why don't we just put (Debian) in instead? There's a reason because hardcoding Linux is wrong: Debian supports (or at least intends to support) other kernels. I can't see a reason why hardcoding GNU would be wrong, though. So in this case maybe you want to make it Debian/GNU as it used to be in 1.x? I agree with willy that using just Debian seems more reasonable to me. I've heard 1001 argument about why we should and shouldn't have GNU in our system name, and they're all mostly moot to me. If we have a Debian *BSD port that uses a BSD libc rather than glibc, is it still a GNU system?.. Perhaps one can argue it is because of the plethora of GNU tools on the system, other may argue it isn't from Apache's POV, since Apache isn't really making use of a whole bunch of GNU utilities, mostly just the kernel and libc, really. The bottom line is that if we scrap the kernel name, we can likely scrap the GNU as well, since most people who insist on using GNU are complaining that Linux withou GNU/Linux misrepresents Linux as a complete OS. TO be fair, though, the complete OS in our case is Debian, not GNU, Linux or anything else. But really I think it should mention the kernel too. This way scanner tools or services like netcraft can determine how many servers with each Debian kernel are used around. Kernel detection by systems like Netcraft uses TCP fingerprinting, not server banners. That's how they get neat results like Microsoft IIS runniing on Linux (IIS servers behind a Linux reverse proxy). Most vendors don't include kernel info in their server banners, but this doesn't seem to stop scanners from figuring out what system they're using. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#301400: apache2 is started upon package update
Martin Godisch said: apache2 is started upon package update even if it wasn't running before because /etc/rcx.d/S91apache2 was removed. This shouldn't happen, as we use invoke-rc.d in our postinst, which checks the current runlevel, and won't start apache2 unless the symlink is present for that runlevel, as I understand it. If you removed ALL the symlinks (including the K links), however, they would be replaced on upgrade, and apache2 would be started. Also, I suppose, if you don't have an executable /usr/sbin/invoke-rc.d, then the init script will be called directly. Do any of these situations match yours? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Precautions? On Installing apache2 with source.
watssabb wathavy said: I have just start using it and I recognized that I have to rebuild it from source in case I want to install more modules afterwards, so I wanted to know if I have to follow any certain procedures to accomodate debain specific things or not. What do the Debian packages not provide that you feel you need to rebuild from source to use? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#298269: apache php mysql: can not remove
Nafed said: Error: mysql.so does not have a corresponding .info file. The above errors might cause apache to not work properly or start Please refer to the documentation on how to fix it or report it to Debian Apache Mailing List debian-apache@lists.debian.org if in doubt on how to proceed And where, exactly, did /usr/lib/apache/1.3/mysql.so come from? Can you search for the owning package (if any) with dpkg -S. I suspect it was placed there by hand, and certainly does't represent a bug in any of the packages you've filed a bug against. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#295428: FTBFS: autoconf bug?
tags 295428 pending thanks Jeroen van Wolffelaar said: That doesn't sound to me like the correct solution to this bug, though. The problem is that autoconf gets invoked without making sure the right autoconf is invoked. I assume you got appropriately schooled about how the autoconf wrapper works on IRC. :) ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#295428: FTBFS: autoconf bug?
Martin Orr said: ***BUG in Autoconf--please report*** AC_LANG_PROGRAM Does it build if you remove autoconf2.13? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#294395: apache2-threaded-dev: Can't build php5 module
Piotr Roszatycki said: PHP5 can't compile with Apache 2.0.53 and compiles well with previous version. I know. Working on it right now. Upload later tonight, I hope. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: php database woes
Graham Smith said: No such luck. Both php4-pgsql and php4-mysql are installed (and I have re-installed them just in case something was broken). 'dpkg-reconfigure php4-pgsql php4-mysql' Alternately, manually add the extension=foo.so lines to /etc/apache2/php.ini Currently, the packages don't handle the many-to-many relationship required when switching SAPIs, so extensions aren't automatically reconfigured when a new SAPI is installed. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291856: acknowledged by developer (Bug#291856: fixed in apache2 2.0.53-1)
Olaf van der Spek said: Did you also remove the duplicate ErrorLog? The same applies to ErrorLog /var/log/apache2/error.log but that should be in the default vhost. No, because I don't view it as a duplicate, per se. The ErrorLog in the main config could be seen as the main error log, while the one in the default vhost will pick up errors from the vhost itself. While we, by default, set these to be the same file, one could easily change them to be different (in which case, some things would go to the first, like segfaults and start/stop messages, and others to the second, like 404s and such), or if we removed the main one, they could disable the one in the vhost (leading them to have no error log at all). So, I don't see this half of the bug as a bug at all. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache2 not processing php
Graham Smith said: http://www.crazysquirrel.com/index.php it still tries to give you the unprocessed file back. How do I stop that behaviour? It works from here when I load that page. Are you sure you're not suffering from an overactive browser cache, proxy server, or some other such oddity? ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293156: apache: segfaults when started, strace shows failure after or during reading file pkg's magic.mime
Adam Conrad said: Also, what version of libc6 do you currently have installed? Nevermind. Your original bug report stated you have version 2.3.2.ds1-13 installed. The backtrace blowing up in libssl's init looks suspiciously like a bug that was fixed in libc6 2.3.2.ds1-17 (In september, last year!) Can you try upgrading libc6 (better yet, if you have the bandwidth, update the whole system), and let me know if this bug goes away? Thanks. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293831: apache2-mpm-prefork: Apache goes into infinite loop when __db.ssl_scache exists but ssl_scache doesn't.
tags 293831 pending thanks Russell Coker said: Here's the strace output of trying to start apache2: [...] This continues indefinately, for hours sometimes. This bug can prevent the system from booting correctly as /etc/init.d/apache2 hangs. Ouch. Nice catch. Will be fixed in the next upload. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#293156: apache: segfaults when started, strace shows failure after or during reading file pkg's magic.mime
On Tue, Feb 01, 2005 at 06:30:35AM -0800, Dustin Harriman wrote: An strace shows interesting output near the end when running the command strace apache -X: Can I get a backtrace of that as well? If you don't know how to do this, just do the following: $ gdb apache (gdb) run -X wait for it to segfault (gdb) bt And give me that output. Thanks. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#291944: Moving 'extension=imap.so' include in php.ini fixed segfault
[EMAIL PROTECTED] said: We had segfault problems in both apache and apache-ssl. Commenting out one line (extension=imap.so) from php.ini made both servers start normally. This line was the last one in the php.ini configuration file. Moving it furher up, so that it was not the last module to be loaded, fixed this problem. Can I get the installed versions of libc6 apache, libapache-mod-php4, php4-imap, and any other extensions you have installed? This may not be the same bug as the original submitter's, but it's also one that's supposed to be fixed, and I'll be rather miffed if it just came back. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#286225: apache2: environment corruption bug
[EMAIL PROTECTED] said: This bug also occurs in production when running dokuwiki[1], which uses php4, together with subversion[2] in apache2. The umask settings done in dokuwiki php script is propagated to subversion, which makes dangerous access right settings on its own files and makes them unreadable. I have a patch for this, and it will be fixed in the next php4 upload. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#285599: Status of CAN-2003-0987 in Woody?
Christian Hammers wrote: I cannot find a reference to CAN-2003-0987 for Debian Woody. It has been fixed in unstable/sarge in version 1.3.29.0.2-5. While it appears to be true that this hasn't been fixed in Woody, it's also pretty low risk, since mod_digest doesn't even work with modern browsers, and hence is rarely used. (mod_auth_digest, which does work with modern browsers, doesn't have the security hole) ... Adam
RE: Question about maintaining the unofficial/parallel apache-lingerd package.
Alexis Sukrieh wrote: Reading the INSTALL file of lingerd, only mod_ssl would need a particular patch, so we could imagine an apache-ssl-lingerd flavour. As there is an apache-perl flavour we also might think to an apache-perl-lingerd flavour. Better off just having users install apache-lingerd + mod_ssl + mod_perl (and working with the mod_ssl maintainer to make sure it has the support patches required to support lingerd properly). Adding three new flavours for the sake of one piece of functionality is a support nightmare. Notice that there's no apache-ssl-perl package either. ... Adam
