Bug#416611: mailing list discussion
On the mod_perl list it has been considered a DOS attack, and not an exploit. It's also only in Apache::PerlRun - so doesn't affect users using the more popular Apache::Registry (was fixed mid-2000). Nor does it affect users using pure-handlers. I'd also point out that the release also fixes a handful of bugs that whilst not urgent have been floating around since the last release back in Oct 2003. Carl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#272686: include mod_deflate with apache 1.3
Package: apache Version: 1.3.31-5 Severity: wishlist Could this be included with the debian apache package? http://sysoev.ru/en/ It's an alternative to mod_gzip, which seems to be much more mature - it also links with zlib rather than including it's own version. Carl
RE: Bug#242543: More information
Can you give us the patch directly since you have it working? I'm actually a little concerned that it might break something else! I've been working with a clean (non Debian) apache source, so it's really an upstream problem. What is their policy regarding regular bugs in 1.3? Are they still fixing them? It might be better to forward this to upstream - to somebody that knows mod_include better than me - and let them consider it. Carl GMG Regional Digital is part of the Guardian Media Group plc. CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended only for [EMAIL PROTECTED], [EMAIL PROTECTED] It may contain privileged and confidential information that is exempt from disclosure by law and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, you may notify us by telephone on 44 (0)161 832 7200. E-mail transmission cannot be guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Bug#242543: More information
I've managed to track down why QUERY_STRING works and PATH_INFO doesn't.
In src/modules/standard/mod_include.c around line 2181 mod_include fixes up
the QUERY_STRING. If I add similar code to fixup PATH_INFO ie:
if (r-path_info) {
ap_table_setn(r-subprocess_env, PATH_INFO, r-path_info);
}
Then it fixes my problem with PATH_INFO not being set correctly.
I think what's happening is that mod_include is setting up the subrequest
using the values from the parent (main?) request. Then code has been
specifically added to correct the QUERY_STRING based on the subrequest, but
not the PATH_INFO.
If I setup a mod_perl that looks up a URI and then runs the subrequest, it
behaves as I expect with the QUERY_STRING and PATH_INFO set according to the
subrequest.
Carl
RE: Apache2 VirtualHosts
Hi, The debian way is the standard Apache way - check out the documentation on the Apache web site - specifically here's the URL for the virtual host docs. http://httpd.apache.org/docs-2.0/vhosts/ Carl PS This is the apache-development mailing list for discussing apache development. You'll probably find that the folks over in the debian-user mailing list are better at answering any questions and a lot less grumpy than us developers :-) -Original Message- From: Salvatore [mailto:[EMAIL PROTECTED] Sent: 02 June 2004 11:15 To: debian-apache@lists.debian.org Subject: Apache2 VirtualHosts Hi, I am a new Debian Apache2 user. I used Apache2 with him original .conf version, now I see that Debianized version split it in more files. I need to configure VirtualHosts, I heared that there a Debian bin to configure it or it must be configured manually ? If manually, somebody can explain me how to do it ? I don't find any doc abouth that Debian method. Thanks GMG Regional Digital is part of the Guardian Media Group plc. CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended only for [EMAIL PROTECTED], [EMAIL PROTECTED] It may contain privileged and confidential information that is exempt from disclosure by law and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, you may notify our helpdesk by telephone on 44 (0)161 211 . E-mail transmission cannot be guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
RE: Bug#243918: apache adds webmaster alias but forget newaliases
I wonder if we should reassign this bug to all the MTA since some of the ship newaliases in /usr/bin and others in /usr/sbin (that apache uses). You don't need to run newaliases with exim - which is Debian's recommended MTA. How do other packages handle adding email aliases? Might be a question for debian-dev. Carl GMG Regional Digital is part of the Guardian Media Group plc. CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended only for [EMAIL PROTECTED], [EMAIL PROTECTED] It may contain privileged and confidential information that is exempt from disclosure by law and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, you may notify our helpdesk by telephone on 44 (0)161 211 . E-mail transmission cannot be guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Bug#242543: apache: PATH_INFO not set for !--#include virtual=page.html/path?query --
Package: apache Version: 1.3.29.0.2-4 Severity: normal test.html !--#echo var=PATH_INFO -- !--#echo var=QUERY_STRING -- --- test2.html - !--#include virtual=test.html/path?query -- - Requesting http://site/test.html/path?query gives me: path query Requesting http://site/test2.html gives me: (none) query They should match. I've tested this on a vanilla apache install, so it looks like an upsteam problem. Carl -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.25-1-686-smp Locale: LANG=C, LC_CTYPE=C Versions of packages apache depends on: ii apache-common 1.3.29.0.2-4 Support files for all Apache webse ii debconf 1.4.16 Debian configuration management sy ii dpkg1.10.20 Package maintenance system for Deb ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an ii libdb4.24.2.52-8 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libmagic1 4.07-2 File type determination library us ii libpam0g0.76-15 Pluggable Authentication Modules l ii logrotate 3.6.5-2 Log rotation utility ii mime-support3.26-1 MIME files 'mime.types' 'mailcap ii perl5.8.3-3 Larry Wall's Practical Extraction -- debconf information: apache/server-name: localhost apache/document-root: /var/www apache/server-port: * apache/enable-suexec: false apache/init: true
Bug#242543: apache: PATH_INFO not set for !--#include virtual=page.html/path?query --
No, they shouldn't! PATH_INFO '... holds the additional path
information
that remains after the URI has been translated into a file path.' [1]
So, if your URI is 'http://site/test2.html'
1) URI to file translation:
http://site/test2.html = {DOCUMENT ROOT}/test2.html
2) All of the URI is used for the file translation, no path
information is
left.
That's the main request. #include is supposed to perform an internal
sub-request for the new URL, with the environment setup accordingly.
If I wanted the *original* query string and path_info I would be using
#exec-cgi rather than #include virtual.
The second section of this email :
http://www.mail-archive.com/dev@httpd.apache.org/msg17597.html
on the apache-dev mailing list, suggests that what I've tested should work.
Carl
GMG Regional Digital is part of the Guardian Media Group plc.
CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended
only for [EMAIL PROTECTED], [EMAIL PROTECTED] It may contain privileged and
confidential information that is exempt from disclosure by law and if you are
not an intended recipient, you must not copy, distribute or take any action in
reliance on it. If you have received this e-mail in error, you may notify our
helpdesk by telephone on 44 (0)161 211 . E-mail transmission cannot be
guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore
does not accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required please request a hard-copy version.
RE: Bug#233538: apache: dotfiles not skipped, scanning /etc/apache/conf.d
While you're at it ;-) please also skip files matching '*.dpkg-*'. That a good point - dpkg/apt etc will be dropping conffiles into /etc/apache/conf.d and -dpkg- files may be left behind due to this. Carl GMG Regional Digital is part of the Guardian Media Group plc. CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended only for [EMAIL PROTECTED] It may contain privileged and confidential information that is exempt from disclosure by law and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, you may notify our helpdesk by telephone on 44 (0)161 211 . E-mail transmission cannot be guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Bug#229117: apache2-common: multiple instances of apache
The security benefits of the experimental perchild module can be approximated by running multiple instances of apache2, you can't run two instances of apache on the same server using the same port as it's always been possible to run multiple copies of apache as different users, being able to run them all off the same port is the major benefit the perchild core brings to apache so I'd like to do that. It appears non-trivial with the current Debian scripts and configuration. If there is in fact an easy way to do it, it would be nice to have this documented somewhere. you would need to copy the apache config file to another location, and change the port number, scoreboard file locaiton, any lock file locations etc Then you run apache using your alternate config file: aapche2 -f /path/to/newhttpd.conf Carl GMG Regional Digital is part of the Guardian Media Group plc. CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended only for [EMAIL PROTECTED] It may contain privileged and confidential information that is exempt from disclosure by law and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, you may notify our helpdesk by telephone on 44 (0)161 211 . E-mail transmission cannot be guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Bug#227997: mod_usertrack causes segfault
Two separate apache installs both exhibit the same problem - one of which is a fairly clean re-install I did recently for testing purposes. I assumed it would be easy to reproduce :-) Just re-installed apache from scrach again, and apache exhibits the same problem - wierd! Carl
Bug#227997: mod_usertrack causes segfault
Package: apache-common Version: 1.3.29.0.1-3 Severity: grave Enabling mod_usertrack causes apache to Segfault. Carl
RE: sarge package transition
Recently sarge has received a new version of perl but apache and mod-perl packages in sarge are old. Until the sid packages will not enter sarge there is no way for us to fix this problem since it is already fixed since a while in sid. We have no control over the package flow from sid to sarge, the only way is to wait. Would it not be better to make the apache-mod-perl package depend on exactly the version of perl it was built with? That way users should get something that warns them that somethings going on... Carl GMG Regional Digital is part of the Guardian Media Group plc. CONFIDENTIALITY NOTICE. The information contained in this e-mail is intended only for [EMAIL PROTECTED] It may contain privileged and confidential information that is exempt from disclosure by law and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, you may notify our helpdesk by telephone on 44 (0)161 211 . E-mail transmission cannot be guaranteed to be secure or error-free. The sender ([EMAIL PROTECTED]) therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
