Bug#501497: apache2-utils: htpasswd may block indefinitely on /dev/random

2008-10-07 Thread Joseph Birr-Pixton
Package: apache2-utils
Version: 2.2.9-7
Severity: minor

Greetings,

Having recently upgraded from a relatively old apache 1.3-era package I have 
found
a quick script I wrote to periodically syncronise passwords had become 
unreliable.
Further investigation reveals that htpasswd invoked from this script around 50 
times
blocks for long periods.  It previously took trivial time (very much less than 
one
second).  Running strace, I see:

  $ strace htpasswd -c -b testfile testuser testpass
  [much output]
  getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
  uname({sys=Linux, node=gamma, ...}) = 0
  brk(0)  = 0x804c000
  brk(0x806d000)  = 0x806d000
  stat64(testfile, 0xbfb4f970)  = -1 ENOENT (No such file or 
directory)
  open(testfile, O_WRONLY|O_CREAT|O_LARGEFILE, 0666) = 3
  close(3)= 0
  open(/dev/random, O_RDONLY)   = 3
  read(3, 

Clearly I'm entropy-starved.  However, I'd question whether a tool such as 
htpasswd
cannot do with /dev/urandom.  Delving into the code, it uses it to seed rand(3) 
so
it clearly does not use /dev/random for any purpose where pure entropy is 
required.  
Previously it had used time(2) -- this change to use a blocking function in the 
APR
is the source of the regression.

Cheers,
Joseph

-- System Information:
Debian Release: lenny/sid
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2-utils depends on:
ii  libapr11.2.12-4  The Apache Portable Runtime Librar
ii  libaprutil11.2.12+dfsg-8 The Apache Portable Runtime Utilit
ii  libc6  2.7-13GNU C Library: Shared libraries
ii  libssl0.9.80.9.8g-13 SSL shared libraries

apache2-utils recommends no packages.

apache2-utils suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



New upstream mod_layout supports apache 2.0 and 2.2

2007-10-02 Thread Joseph Neal
Apache2.2 has been supported in mod_layout 5.0 since
February. I'd really like to see it packaged and ideally
backported to stable.  

http://lists.tangent.org/pipermail/mod_layout/2007-February/002230.html

There is also a new version out for 1.3

http://lists.tangent.org/pipermail/mod_layout/2007-April/002255.html

I'd be glad to help with testing if someone were to make this happen.

Is the maintainer even active?



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Bug#397310: our workaround

2006-11-08 Thread Joseph F. Miklojcik III
We had to add in our appropriate apache2 .conf file:

  AuthBasicProvider ldap
  require ldap-filter (uid=*)



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Too Late to get a Diploma? Not Anymore!

2005-09-15 Thread Joseph Diaz
University Degrees and Diplomas

Get a Bachelors, Masters, MBA, or Doctorate (PhD)

We are able to send your certificate to all countries (WORLDWIDE)

Consider a more prosperous future with more money earning power!

No testing, studying, or interviews required.

Discreet and affordable.  Everyone is eligible.

You can call us 24 hours a day, 7 days a week.

1-940-991-7883

Thank you for your time,

Craig Diaz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: DarkMailer 1.90 pro - 249$

2004-04-13 Thread joseph



instruction manuels do you 
supplyjoseph


Re: DarkMailer 1.90 pro - 249$

2004-04-13 Thread joseph