Bug#256713: marked as done (Apache security update made my website disappear)
Your message dated Sun, 1 Aug 2004 08:06:40 +0200 (CEST) with message-id <[EMAIL PROTECTED]> and subject line Closing. has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2004 17:07:58 + >From [EMAIL PROTECTED] Mon Jun 28 10:07:58 2004 Return-path: <[EMAIL PROTECTED]> Received: from chiark.greenend.org.uk [193.201.200.170] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bezbp-0002RP-00; Mon, 28 Jun 2004 10:07:57 -0700 Received: by chiark.greenend.org.uk (Debian Exim 3.35 #1) with local for [EMAIL PROTECTED] id 1Bezbo-0001km-00; Mon, 28 Jun 2004 18:07:56 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: <[EMAIL PROTECTED]> Date: Mon, 28 Jun 2004 18:07:56 +0100 From: [EMAIL PROTECTED] (Ian Jackson) To: [EMAIL PROTECTED] X-Debian-CC: Jacob Nevins <[EMAIL PROTECTED]> Subject: Apache security update made my website disappear X-Mailer: VM 7.03 under Emacs 19.34.1 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache Version: 1.3.26-0woody5 The security update to apache changed my httpd.conf and srm.conf in a way that meant my system's website disappeared. I did get offered `Save these changes to the configuration files? [Y/n]= ' and said yes, but: * Security updates should be safe. In particular, security updates should be doable with less care, checking, presence of mind, etc. etc. than an elective upgrade. * The default should not be to override a user-changed configuration. * The default should not be to disable an existing website by changing the DocumentRoot to the Debian default. * The question was preceded by a large amount of largely irrelevant messages. Transcript below. Ian. Do you want to install the files fetched [y]: Installing files... (Reading database ... 71673 files and directories currently installed.)= Preparing to replace apache-doc 1.3.26-0woody3 (using .../apache-doc_1.= 3.26-0woo dy5_all.deb) ... Unpacking replacement apache-doc ... Preparing to replace apache-common 1.3.26-0woody3 (using .../apache-com= mon_1.3.2 6-0woody5_i386.deb) ... Unpacking replacement apache-common ... Preparing to replace apache 1.3.26-0woody3 (using .../apache_1.3.26-0wo= ody5_i386 .deb) ... Unpacking replacement apache ... Setting up apache-doc (1.3.26-0woody5) ... Setting up apache-common (1.3.26-0woody5) ... Setting up apache (1.3.26-0woody5) ... update-rc.d: warning: /etc/rc2.d/S75apache is not a link to ../init.d/a= pache update-rc.d: warning: /etc/rc3.d/S75apache is not a link to ../init.d/a= pache - update-rc.d: warning: /etc/rc4.d/S75apache is not a link to ../init.d/a= pache Apache has switched to using logrotate. However, some of your logs are stored outside the /var/log/apache directory, so you should edit /etc/logrotate.d/apache to have them automatically rotated. Adding alias /doc/ -> /usr/share/doc/ to srm.conf (for Debian docs). Your config files will not be modified until you select Y at "save chan= ges." The DocumentRoot is set to /var/www. Leaving existing site /var/www/index.html untouched. Finding DSO mods...found. # LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so # LoadModule env_module /usr/lib/apache/1.3/mod_env.so = | LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so # LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so LoadModule status_module /usr/lib/apache/1.3/mod_status.so # LoadModule info_module /usr/lib/apache/1.3/mod_info.so LoadModule includes_module /usr/lib/apache/1.3/mod_include.so LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so # LoadModule action_module /usr/lib/apache/1.3/mod_actions.so # LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so LoadModule userdir_
Bug#256713: marked as done (Apache security update made my website disappear)
Your message dated Tue, 6 Jul 2004 09:22:37 +0200 (CEST) with message-id <[EMAIL PROTECTED]> and subject line Bug#256713: Apache security update made my website disappear has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 28 Jun 2004 17:07:58 + >From [EMAIL PROTECTED] Mon Jun 28 10:07:58 2004 Return-path: <[EMAIL PROTECTED]> Received: from chiark.greenend.org.uk [193.201.200.170] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bezbp-0002RP-00; Mon, 28 Jun 2004 10:07:57 -0700 Received: by chiark.greenend.org.uk (Debian Exim 3.35 #1) with local for [EMAIL PROTECTED] id 1Bezbo-0001km-00; Mon, 28 Jun 2004 18:07:56 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: <[EMAIL PROTECTED]> Date: Mon, 28 Jun 2004 18:07:56 +0100 From: [EMAIL PROTECTED] (Ian Jackson) To: [EMAIL PROTECTED] X-Debian-CC: Jacob Nevins <[EMAIL PROTECTED]> Subject: Apache security update made my website disappear X-Mailer: VM 7.03 under Emacs 19.34.1 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache Version: 1.3.26-0woody5 The security update to apache changed my httpd.conf and srm.conf in a way that meant my system's website disappeared. I did get offered `Save these changes to the configuration files? [Y/n]= ' and said yes, but: * Security updates should be safe. In particular, security updates should be doable with less care, checking, presence of mind, etc. etc. than an elective upgrade. * The default should not be to override a user-changed configuration. * The default should not be to disable an existing website by changing the DocumentRoot to the Debian default. * The question was preceded by a large amount of largely irrelevant messages. Transcript below. Ian. Do you want to install the files fetched [y]: Installing files... (Reading database ... 71673 files and directories currently installed.)= Preparing to replace apache-doc 1.3.26-0woody3 (using .../apache-doc_1.= 3.26-0woo dy5_all.deb) ... Unpacking replacement apache-doc ... Preparing to replace apache-common 1.3.26-0woody3 (using .../apache-com= mon_1.3.2 6-0woody5_i386.deb) ... Unpacking replacement apache-common ... Preparing to replace apache 1.3.26-0woody3 (using .../apache_1.3.26-0wo= ody5_i386 .deb) ... Unpacking replacement apache ... Setting up apache-doc (1.3.26-0woody5) ... Setting up apache-common (1.3.26-0woody5) ... Setting up apache (1.3.26-0woody5) ... update-rc.d: warning: /etc/rc2.d/S75apache is not a link to ../init.d/a= pache update-rc.d: warning: /etc/rc3.d/S75apache is not a link to ../init.d/a= pache - update-rc.d: warning: /etc/rc4.d/S75apache is not a link to ../init.d/a= pache Apache has switched to using logrotate. However, some of your logs are stored outside the /var/log/apache directory, so you should edit /etc/logrotate.d/apache to have them automatically rotated. Adding alias /doc/ -> /usr/share/doc/ to srm.conf (for Debian docs). Your config files will not be modified until you select Y at "save chan= ges." The DocumentRoot is set to /var/www. Leaving existing site /var/www/index.html untouched. Finding DSO mods...found. # LoadModule vhost_alias_module /usr/lib/apache/1.3/mod_vhost_alias.so # LoadModule env_module /usr/lib/apache/1.3/mod_env.so = | LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so # LoadModule mime_magic_module /usr/lib/apache/1.3/mod_mime_magic.so LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so LoadModule status_module /usr/lib/apache/1.3/mod_status.so # LoadModule info_module /usr/lib/apache/1.3/mod_info.so LoadModule includes_module /usr/lib/apache/1.3/mod_include.so LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so LoadModule cgi_module /usr/lib/apache/1.3/mod_cgi.so LoadModule asis_module /usr/lib/apache/1.3/mod_asis.so LoadModule imap_module /usr/lib/apache/1.3/mod_imap.so # LoadModule action_module /usr/lib/apache/1.3/mod_actions.so # LoadModule speling_module /u