You have written enable it by default in the changelog, but AFAICS,
you have missed the postinst change that actually enables the module.
You may want to merge the NEWS.Debian entry, too.
--
[FFE] apache2 DoS attack using slowloris
https://bugs.launchpad.net/bugs/392759
You received this bug
Kenneth: Enabling php in the userdirs is a security hazard: It allows
every local user on a machine to execute arbitrary code as user www-
data. As this is non-obvious to most admins, the default was changed.
In any case, this is not Zalzadore's problem:
http://localhost/bean/index.php the page
Kenneth: Enabling php in the userdirs is a security hazard: It allows
every local user on a machine to execute arbitrary code as user www-
data. As this is non-obvious to most admins, the default was changed.
In any case, this is not Zalzadore's problem:
http://localhost/bean/index.php the page
I am not sure how wise it is to make a release that is supported for 5
years and does not contain the fix for CVE-2009-3555 (unless you mean to
add it later). Clients may change their behaviour and refuse to connect
to insecure servers at some time in the future.
The improved protection for
I am not sure how wise it is to make a release that is supported for 5
years and does not contain the fix for CVE-2009-3555 (unless you mean to
add it later). Clients may change their behaviour and refuse to connect
to insecure servers at some time in the future.
The improved protection for
Public bug reported:
Binary package hint: apache2
Apache2 in an LTS release would greatly benefit from some recent changes
in the Debian package:
In 2.2.14-6:
* Add a hook to apache2.2-common's postrm script that may come in handy
when upgrading to 2.4.
This may allow to do the 2.2 - 2.4
Public bug reported:
Binary package hint: apache2
Apache2 in an LTS release would greatly benefit from some recent changes
in the Debian package:
In 2.2.14-6:
* Add a hook to apache2.2-common's postrm script that may come in handy
when upgrading to 2.4.
This may allow to do the 2.2 - 2.4
The patch is a backport from upstream trunk (2.3.x).
The correct fix would be to use apr_file_open() with APR_OS_DEFAULT
permissions instead of apr_file_mktemp() to create the temp file.
Unfortunately, I don't think I will have time to fix it in the next week
or so.
--
Apache Web DAV incorrect
The patch is a backport from upstream trunk (2.3.x).
The correct fix would be to use apr_file_open() with APR_OS_DEFAULT
permissions instead of apr_file_mktemp() to create the temp file.
Unfortunately, I don't think I will have time to fix it in the next week
or so.
--
Apache Web DAV incorrect
Since 2.2.14-2, RemoveType also works for types coming from
/etc/mime.types
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Fix Committed
--
Mimetypes coming from package mime-support cannot be removed
https://bugs.launchpad.net/bugs/225105
You received this bug notification because
This has been fixed in 2.2.8-1
** Changed in: apache2 (Ubuntu)
Status: Triaged = Fix Released
--
logrotate, apache2, PidFile hardcoded
https://bugs.launchpad.net/bugs/73363
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2
t3rmin4t0r: This works as intended and as documented, see:
http://httpd.apache.org/docs/2.2/logs.html#virtualhost
dananarama: Can you please post the configuration excerpt where you put
the custom logging inside the virtualhost block and it still does not
work?
--
Apache CustomLog and
You can and should edit apache2.conf in this case. I think the number of
users who profit from a fall back access log is much higher than the
number of users who want to disable the access log altogether
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Invalid
--
CustomLog directive
What file system do you use for your root partition? ext4?
--
apache2.2-common: /etc/init.d/apache2 script is empty
https://bugs.launchpad.net/bugs/392532
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
--
This has been fixed in 2.2.8-5
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Fix Released
--
package update-manager 1:0.87.24 failed to install/upgrade: ErrorMessage:
SystemError in cache.commit(): E:Sub-process /usr/bin/dpkg returned an error
code (1)
It looks like some file corrupion. Please provide the output of these
two commands:
file /var/lib/dpkg/info/apache2.2-common.postinst
head -1 /var/lib/dpkg/info/apache2.2-common.postinst
You could also try aptitude reinstall apache2.2-common
--
package gnome-user-share 2.28.0-0ubuntu1 failed
I suspect that logrotate chokes on the '}' that is in the postrotate
script in /etc/logrotate.d/apache2. Normally it works fine, but maybe if
there is a configuration parse error before the script, something goes
wrong.
Please provide the output from
ls -l /etc/logrotate.d
and the contents of
The output of
logrotate -d /etc/logrotate.conf
(run as root) would be interesting, too. Especially if it mentions
errors or the file /etc/init.d/apache2.
BTW, you can restore the file with
cd /tmp
aptitude download apache2.2-common
dpkg --extract apache2.2-common_*.deb apache2.2-common
sudo
Thanks for your help, Matt.
I think you changed the directory name and that caused the bug to
appear. But it is definitely a grave bug in logrotate that it mis-parses
the config file and clobbers random files if the log directory does not
exist.
Uhh, can somebody with more launchpad foo please
** Bug watch added: Debian Bug tracker #571033
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571033
** Also affects: logrotate (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571033
Importance: Unknown
Status: Unknown
--
apache2.2-common: /etc/init.d/apache2
Since 2.2.14-2, RemoveType also works for types coming from
/etc/mime.types
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Fix Committed
--
Mimetypes coming from package mime-support cannot be removed
https://bugs.launchpad.net/bugs/225105
You received this bug notification because
This has been fixed in 2.2.8-1
** Changed in: apache2 (Ubuntu)
Status: Triaged = Fix Released
--
logrotate, apache2, PidFile hardcoded
https://bugs.launchpad.net/bugs/73363
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
t3rmin4t0r: This works as intended and as documented, see:
http://httpd.apache.org/docs/2.2/logs.html#virtualhost
dananarama: Can you please post the configuration excerpt where you put
the custom logging inside the virtualhost block and it still does not
work?
--
Apache CustomLog and
You can and should edit apache2.conf in this case. I think the number of
users who profit from a fall back access log is much higher than the
number of users who want to disable the access log altogether
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Invalid
--
CustomLog directive
What file system do you use for your root partition? ext4?
--
apache2.2-common: /etc/init.d/apache2 script is empty
https://bugs.launchpad.net/bugs/392532
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
This has been fixed in 2.2.8-5
** Changed in: apache2 (Ubuntu)
Status: Confirmed = Fix Released
--
package update-manager 1:0.87.24 failed to install/upgrade: ErrorMessage:
SystemError in cache.commit(): E:Sub-process /usr/bin/dpkg returned an error
code (1)
It looks like some file corrupion. Please provide the output of these
two commands:
file /var/lib/dpkg/info/apache2.2-common.postinst
head -1 /var/lib/dpkg/info/apache2.2-common.postinst
You could also try aptitude reinstall apache2.2-common
--
package gnome-user-share 2.28.0-0ubuntu1 failed
I suspect that logrotate chokes on the '}' that is in the postrotate
script in /etc/logrotate.d/apache2. Normally it works fine, but maybe if
there is a configuration parse error before the script, something goes
wrong.
Please provide the output from
ls -l /etc/logrotate.d
and the contents of
The output of
logrotate -d /etc/logrotate.conf
(run as root) would be interesting, too. Especially if it mentions
errors or the file /etc/init.d/apache2.
BTW, you can restore the file with
cd /tmp
aptitude download apache2.2-common
dpkg --extract apache2.2-common_*.deb apache2.2-common
sudo
Thanks for your help, Matt.
I think you changed the directory name and that caused the bug to
appear. But it is definitely a grave bug in logrotate that it mis-parses
the config file and clobbers random files if the log directory does not
exist.
Uhh, can somebody with more launchpad foo please
** Bug watch added: Debian Bug tracker #571033
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571033
** Also affects: logrotate (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571033
Importance: Unknown
Status: Unknown
--
apache2.2-common: /etc/init.d/apache2
A workaround may be to add MaxRequestsPerChild 1000 (or an even lower
value) to your configuration.
That wouldn't really help since long-running children just hold onto
memory no matter what it seems.
A lower MaxRequestsPerChild should make the children terminate earlier.
Does the
A workaround may be to add MaxRequestsPerChild 1000 (or an even lower
value) to your configuration.
That wouldn't really help since long-running children just hold onto
memory no matter what it seems.
A lower MaxRequestsPerChild should make the children terminate earlier.
Does the
Is the parameter -f TLS1 necessary to reproduce the problem?
Is the URL / of your webserver a php page? If yes, why is the content
length of the page 0, what does the php script do? If not php, what is
it? A simple redirect?
A workaround may be to add MaxRequestsPerChild 1000 (or an even lower
Is the parameter -f TLS1 necessary to reproduce the problem?
Is the URL / of your webserver a php page? If yes, why is the content
length of the page 0, what does the php script do? If not php, what is
it? A simple redirect?
A workaround may be to add MaxRequestsPerChild 1000 (or an even lower
Some comments:
- All Apache MPMs are affected. The sole exception may be if you use the
event MPM without SSL.
- The slowloris attack leaves plenty of error 400 entries in the access
log.
- Using iptables connlimit with a reasonable maximum number of
connections per IP (like 1/5 or 1/10 of what
Some comments:
- All Apache MPMs are affected. The sole exception may be if you use the
event MPM without SSL.
- The slowloris attack leaves plenty of error 400 entries in the access
log.
- Using iptables connlimit with a reasonable maximum number of
connections per IP (like 1/5 or 1/10 of what
Where exactly did you put the CustomLog and TransferLog directives? They
need to be inside the virtualhost block(s) in your virtual host config
file(s) in .../sites-enabled .
--
Apache CustomLog and TransferLog directives leave blank logfiles
https://bugs.launchpad.net/bugs/347992
You received
This looks like https://issues.apache.org/bugzilla/show_bug.cgi?id=44381
which is fixed in 2.2.9.
--
Mod_ssl randomly causes apache threads to use 100% of CPU
https://bugs.launchpad.net/bugs/306293
You received this bug notification because you are a member of Ubuntu
Server Team, which is
This looks like https://issues.apache.org/bugzilla/show_bug.cgi?id=44381
which is fixed in 2.2.9.
--
Mod_ssl randomly causes apache threads to use 100% of CPU
https://bugs.launchpad.net/bugs/306293
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Setting up apache2.2-common (2.2.9-7ubuntu3) ...
ERROR: Module alias not properly enabled: /etc/apache2/mods-enabled/alias.load
is a real file, not touching it
dpkg: error processing apache2.2-common (--configure):
subprocess post-installation script returned error exit status 1
This means you
Since 2.2.9-2, /etc/init.d/apache2 restart does a hard (non-graceful)
restart again, so this should already be fixed in Intrepid.
James, do you also experience hangs with the default action
/etc/init.d/apache2 reload during logrotate? If the problem is only
with restart, you could just get the
Since 2.2.9-2, /etc/init.d/apache2 restart does a hard (non-graceful)
restart again, so this should already be fixed in Intrepid.
James, do you also experience hangs with the default action
/etc/init.d/apache2 reload during logrotate? If the problem is only
with restart, you could just get the
Anything other than AllowOverride None has a negative impact on
performance and should only be enabled on those directories where it is
necessary. Therefore AllowOverride None is a sensible default.
--
Apace2 default configuration incorrect for allowoverride
This is documented in NEWS.Debian. Maybe an entry in the release notes
is needed, too?
--
[Intrepid Alpha 5] NameVirtualHost entry in ports.conf causes NameVirtualHost
*:80 has no VirtualHosts warning
https://bugs.launchpad.net/bugs/268868
You received this bug notification because you are a
This is documented in NEWS.Debian. Maybe an entry in the release notes
is needed, too?
--
[Intrepid Alpha 5] NameVirtualHost entry in ports.conf causes NameVirtualHost
*:80 has no VirtualHosts warning
https://bugs.launchpad.net/bugs/268868
You received this bug notification because you are a
You can use apache2ctl to pass arbitrary options to apache2. Things like
apache2ctl -S
apache2ctl -DSOMETHING -X
work without sourcing the envvars file. Probably this should be
documented more clearly in README.Debian and/or the man page.
The alternatives to using envvars for the run user and
Most current version control systems (like SVN, git, hg) use files or
dirs starting with a dot to store their data. These files are already
ignored. The same is true for RCS because the filenames contain a comma.
CVS is the only VCS I know that does not use special chars in its file
name. We could
Some ideas to narrow down the problem:
- configure the ldap-status url and see if it gives any useful information
while the problem appears
(see http://httpd.apache.org/docs/2.2/mod/mod_ldap.html )
- increase apache loglevel
- use netstat to watch the number of connections from apache to slapd
-
Some ideas to narrow down the problem:
- configure the ldap-status url and see if it gives any useful information
while the problem appears
(see http://httpd.apache.org/docs/2.2/mod/mod_ldap.html )
- increase apache loglevel
- use netstat to watch the number of connections from apache to slapd
-
101 - 150 of 150 matches
Mail list logo
