Bug#483111: apache's mod_mime_magic does not support newer libmagic functionality

2009-07-07 Thread John Morrissey 
mod_mime_magic's parse() does not grok the search/[[:digit:]]\{1,\} magic
type and emits errors:

[error] mod_mime_magic: type search/400\tsetlength\ttext/x-tex invalid

for every line in /usr/share/file/magic.mime that uses it (6 lines in
file=4.26-1). In addition, mime_magic logs errors:

mod_mime_magic: invalid type 0 in mconvert()., referer: [...]

for every request it's invoked on, one error per invalid line in
magic.mime.

It seems #483111 could be folded into #366023, and the latter assigned to
apache2.2-common, since they share a root cause.

As Reuben Thomas r...@sc3d.org mentions, mod_mime_magic probably shouldn't
be reading /usr/share/file/magic.mime, as libmagic may be updated with new
functionality that mod_mime_magic won't be able to grok. I'm not sure if
it's appropriate/best to link mod_mime_magic against libmagic for parsing
duty; upstream apache2 trunk is still parsing the file itself.

john
-- 
John Morrissey  _o/\   __o
j...@horde.net_- \_  /  \   \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__



-- 
To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#419720: apache2.2-common: unaligned trap in mod_ssl on alpha

2007-04-17 Thread John Morrissey 
Package: apache2.2-common
Version: 2.2.3-4
Severity: minor

mod_ssl is causing unaligned traps on alpha (backtrace is below). Here's the
offending section of code:

 1153 shmcb_safe_clear(idx, sizeof(SHMCBIndex));
 1154 shmcb_set_safe_time((idx-expires), expiry_time);
 1155 shmcb_set_safe_uint((idx-offset), new_offset);
 1156 
 1157 /* idx-removed = (unsigned char)0; */ /* Not needed given the 
memset above. */
 1158 idx-s_id2 = session_id[1];
 1159 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
 1160  session_id[0]=%u, idx-s_id2=%u,
 1161  session_id[0], session_id[1]);

I'm pretty new to the alpha, but I'm guessing the access to session_id[1] is
causing the trap, since session_id is an unsigned char * and idx-s_id2 seems
to be aligned on a 4- or 8-byte boundary.

I'm not sure of the best way to fix this. If there is anything I can do
(patch testing, etc.), please let me know!

Also, there seem to be a couple other less-frequent unaligned traps in
apache2 that I'm also trying to track down. Should I append them to this
bug, or is a separate one for each trap better?

Thanks!

#0  0x0200017ffe54 in shmcb_insert_encoded_session (s=0x12023e428,
queue=0x11fef8b00, cache=0x11fef8b20,
encoded=0x11fef8b40 0\201\221\002\001\001\002\002\003\001\004\002,
encoded_len=148,
session_id=0x1205e6b28 \217\236�\234\210��߭u�\020!w�6�taaй\024rU|G� , 
expiry_time=1176822685)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_scache_shmcb.c:1158
#1  0x0200017fe8a0 in shmcb_store_session (s=0x12023e428,
shm_segment=0x20003c94008,
id=0x1205e6b28 \217\236�\234\210��߭u�\020!w�6�taaй\024rU|G� ,
idlen=32, pSession=0x1205e6ae0, timeout=1176822685)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_scache_shmcb.c:697
#2  0x0200017fd68c in ssl_scache_shmcb_store (s=0x12023e428,
id=0x1205e6b28 \217\236�\234\210��߭u�\020!w�6�taaй\024rU|G� ,
idlen=32, timeout=1176822685, pSession=0x1205e6ae0)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_scache_shmcb.c:411
#3  0x0200017fb4e4 in ssl_scache_store (s=0x12023e428,
id=0x1205e6b28 \217\236�\234\210��߭u�\020!w�6�taaй\024rU|G� ,
idlen=32, expiry=1176822685, sess=0x1205e6ae0)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_scache.c:99
#4  0x0200017f0294 in ssl_callback_NewSessionCacheEntry (ssl=0x1205cbbe0,
session=0x1205e6ae0)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_engine_kernel.c:1638
#5  0x0280af98 in ssl_update_cache () from /usr/lib/libssl.so.0.9.8
#6  0x027f0e20 in ssl3_accept () from /usr/lib/libssl.so.0.9.8
#7  0x0280a890 in SSL_accept () from /usr/lib/libssl.so.0.9.8
#8  0x027fbb18 in ssl23_get_client_hello ()
   from /usr/lib/libssl.so.0.9.8
#9  0x027fc750 in ssl23_accept () from /usr/lib/libssl.so.0.9.8
#10 0x0280a890 in SSL_accept () from /usr/lib/libssl.so.0.9.8
#11 0x0200017ea408 in ssl_io_filter_connect (filter_ctx=0x120506490)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_engine_io.c:1047
#12 0x0200017eaeac in ssl_io_filter_input (f=0x1205d1308, bb=0x1205c71c0, 
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at /home/jwm/apache2-2.2.3/modules/ssl/ssl_engine_io.c:1292
#13 0x00012005bb98 in ap_get_brigade (next=0x1205d1308, bb=0x1205c71c0, 
mode=AP_MODE_GETLINE, block=APR_BLOCK_READ, readbytes=0)
at /home/jwm/apache2-2.2.3/server/util_filter.c:489
#14 0x00012002f458 in ap_rgetline_core (s=0x1205c5c78, n=8192, 
read=0x11fefb868, r=0x1205c5c48, fold=0, bb=0x1205c71c0)
at /home/jwm/apache2-2.2.3/server/protocol.c:231
#15 0x00012002ff0c in read_request_line (r=0x1205c5c48, bb=0x1205c71c0)
at /home/jwm/apache2-2.2.3/server/protocol.c:596
#16 0x000120030e04 in ap_read_request (conn=0x120505b88)
at /home/jwm/apache2-2.2.3/server/protocol.c:891
#17 0x000120061468 in ap_process_http_connection (c=0x120505b88)
at /home/jwm/apache2-2.2.3/modules/http/http_core.c:177
#18 0x000120055918 in ap_run_process_connection (c=0x120505b88)
at /home/jwm/apache2-2.2.3/server/connection.c:43
#19 0x000120055fa8 in ap_process_connection (c=0x120505b88, 
csd=0x120505998) at /home/jwm/apache2-2.2.3/server/connection.c:178
#20 0x00012006d894 in child_main (child_num_arg=0)
at /home/jwm/apache2-2.2.3/server/mpm/prefork/prefork.c:640
#21 0x00012006db58 in make_child (s=0x1200a6970, slot=0)
at /home/jwm/apache2-2.2.3/server/mpm/prefork/prefork.c:736
#22 0x00012006dc00 in startup_children (number_to_start=5)
at /home/jwm/apache2-2.2.3/server/mpm/prefork/prefork.c:754
#23 0x00012006e2dc in ap_mpm_run (_pconf=0x1200a0208, plog=0x1200d43a8, 
s=0x1200a6970) at /home/jwm/apache2-2.2.3/server/mpm/prefork/prefork.c:975
#24 0x000120022e28 in main (argc=3, argv=0x11fefbcb8)
at /home/jwm/apache2-2.2.3/server/main.c:717

-- System Information:
Debian Release: 4.0
  APT prefers

Bug #326435 - CAN-2005-2728: DoS through overly long Range values passed to the byte-range filter

2006-08-10 Thread John Morrissey 
Hi everyone--

I'm having a problem with Apache children randomly leaking several hundred
megabytes of memory. This happens suddenly (over the course of just a few
minutes) and the affected children usually continue to serve requests while
they're leaking.

Here's the thread from httpd-users with more information on our particular
situation, including configuration information, symptoms, and backtraces:

http://marc.theaimsgroup.com/?l=apache-httpd-usersm=114960657316006w=2

We eventually worked around it by using this configuration, which is a
workaround for CAN-2005-2728:

RequestHeader unset Range
Header unset Accept-Ranges

It's strange that we're running 2.0.54-5, which patches for this
vulnerability, and does so by applying the exact patch from the
corresponding Apache bug
(http://issues.apache.org/bugzilla/show_bug.cgi?id=29962).

Is this problem due to another bug that coincidentally has the same
workaround? Since applying this configuration, not a single Apache child has
leaked. Any thoughts?

thanks,
john
-- 
John Morrissey  _o/\   __o
[EMAIL PROTECTED]_- \_  /  \   \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

RFS: libapache2-mod-ldap-userdir - An Apache2 module that provides UserDir lookups via LDAP

2004-06-08 Thread John Morrissey 
I maintain mod_ldap_userdir and am interested in packaging it for Debian. It
allows UserDir URLs to be looked up based on homeDirectory attributes in an
LDAP directory instead of from local user accounts.

In the past year or two, several Debian users have mentioned using it, so
I'd like to package it. I'm also using Debian more and more in the server
environment, so I have a vested interest in maintaining the package. :-)

I do have one question about the packaging: lintian(1) complains that the
.so module defines RPATH, but I don't have any control over that since
compilation is handled entirely by apxs. Should I try to eliminate this, or
just add an override for it?

Package files are available from http://horde.net/~jwm/debian/. Thanks!

* Package name  : libapache2-mod-ldap-userdir
  Version   : 1.1.4
  Upstream Author   : John Morrissey [EMAIL PROTECTED]
* URL   : http://horde.net/~jwm/software/mod_ldap_userdir/
* License   : GPL version 2 or above
  Description   : Apache2 module that provides UserDir lookups via LDAP

  This module implements UserDir (~/public_html/) directory lookups using
  data from an LDAP directory.
  .
  This package provides the module for the Apache 2.0 server.

john
-- 
John Morrissey  _o/\   __o
[EMAIL PROTECTED]_- \_  /  \   \,
www.horde.net/__(_)/_(_)/\___(_) /_(_)__