Bug#625223: Please make the different MPMs co-installable

On Saturday 07 May 2011, Christoph Berg wrote: > Oh. We were completely missing the fact that the actual MPM is > shipped in apache2.2-bin and not in the apache2-mpm-* package. I > should have noticed that before, it was probably too surprising to > me as a design choice to ship only the symlink in

Bug#546759: apr-util: FTBFS: testreslist hangs

Hi, can you still reproduce that bug? If yes, can you try with version 1.3.12+dfsg-2? TIA. Cheers, Stefan -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110524

Re: segfault while simply get()ing a value from squeeze memcached

On Thursday 09 June 2011, Josip Rodin wrote: > > select(3147, [1024 1223 1224 1227 1230 1231 1235 1241 1242 1243 > Hah, I found the apparent problem. The number of fds in those > select() calls tipped me off to reexamine a change I recently did > as part of the squeeze upgrade - I enabled a large

Bug#616323: [php-maint] Bug#616323: segfaults when serving HTTP requests

On Sunday 12 June 2011, Robert Millan wrote: > Btw, as for #616323, could you consider uploading the same fix to > squeeze-proposed-updates Oh, I forgot about that one. Done: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630356 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian

Re: htaccess hell

On Wednesday 15 June 2011, Ian Zimmerman wrote: > I know that the .htaccess file is getting read, because when I drop > garbage there I get a server error upon loading that page. So > somehow the AuthName directive in the .htaccess is getting > ignored. Why?? AllowOverride seems to allow it. See

Bug#632884: apache2 upgrade does not upgrade libapr1

On Wednesday 06 July 2011, Mark Murawski wrote: > Upon manual upgrade of libapr1 to 1.4.5, this problem was fixed > Filename: pool/main/a/apr/libapr1_1.4.5-1_i386.deb Which was the old version of libapr1 that you were using? If you don't remember, /var/log/dpkg.log may still have the info. --

Bug#636562: libapr1: Apache child processes frequently segfault

On Thursday 04 August 2011, T McIntyre wrote: > Modules installed: > alias auth_basic authn_file authz_default authz_groupfile > authz_host authz_user autoindex cgi dir env mime negotiation php5 > reqtimeout rewrite rpaf setenvif status > > php-apc is also installed but when disabled the segfaults

Bug#636562: libapr1: Apache child processes frequently segfault

reassign 636562 libapache2-mod-rpaf thanks On Friday 05 August 2011, Thom McIntyre wrote: > Not a peep in the error log since mod_rpaf was disabled a day ago. ok, reassigning. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact

Bug#307298: Include patch that fixes the problem of CONNECT via SSL

On Monday 08 August 2011, Dmitry Katsubo wrote: > > But squeeze+1 will (hopefully) have v2.4, anyway. > > Stefan, unfortunately that did not happen: [sid] does not contain > 2.4. Nor 2.3. squeeze+1 == wheezy and that won't be released for another year or so. I still think that we will have 2.4 i

Bug#485413: apache2/lenny/amd64 eats up all RAM

On Monday 15 August 2011, Thorsten Glaser wrote: > Can please someone recommend a different ulimit, > or some other suggestion? You could provide some more information: - How much memory does your machine have, how much is actually available for apache (i.e. not used by other processes). - Which

Bug#639825: Apache2 seek broken

On Tuesday 30 August 2011, Takis Issaris wrote: > Package: apache2.2-common > Version: 2.2.9-10+lenny10 > > Yesterday evenings update broke our Apache server setup, which is > serving video files. Our application uses partial GET's (Range: > byte=...) to implement seeking in the video. Seeking sto

Bug#639825: Apache2 seek broken

On Tue, 30 Aug 2011, Stefan Fritsch wrote: What would be most interesting to me is the complete Range header your application sends to the server when seeking. Also, the HTTP status code returned for the requests both with 2.2.9-10+lenny9 and 2.2.9-10+lenny10 (probably either 200 or 206). Are

Bug#639825: Apache2 seek broken

#639825 + + -- Stefan Fritsch Thu, 01 Sep 2011 00:45:58 +0200 + apache2 (2.2.9-10+lenny10) lenny-security; urgency=high * Fix CVE-2011-3192: DoS by high memory usage for a large number of diff -u apache2-2.2.9/debian/patches/082_CVE-2011-3192.dpatch apache2-2.2.9/debian/patches/082_CVE-2011-319

Bug#639825: Apache2 seek broken

On Thursday 01 September 2011, Stefan Fritsch wrote: > Can you rebuild apache2 ...lenny10 with the attached patch and try > if it fixes your problem? If you use i386, you can get built packages here: http://people.debian.org/~sf/639825/ -- To UNSUBSCRIBE, email to debian-apach

Bug#639825: Apache2 seek broken

On Monday 05 September 2011, Takis Issaris wrote: > 2011/9/2 Julien Cristau : > > On Wed, Aug 31, 2011 at 16:03:47 +0200, Takis Issaris wrote: > > > > [...] > > > >> Then the log shows these syscalls happening over and over again > >> and it doesn't stop until I kill the client. > >> poll([{fd=37

Bug#641206: apache2: Implement init.d's stop and restart using graceful stop

tags 641206 wontfix thanks On Sunday 11 September 2011, Slaven Rezic wrote: > It would be nice if the init.d script would use this feature for > the stop and restart commands. We have tried this already, but sadly it didn't work reliably. The problem is that depending on the configuration, it ma

Re: Bug#636651: libapache2-mod-perl2: FTBFS with perl 5.14: -D_FILE_OFFSET_BITS stripped from CFLAGS

On Saturday 15 October 2011, Niko Tyni wrote: > retitle 636651 libapache2-mod-perl2: FTBFS with perl 5.14: > -D_FILE_OFFSET_BITS stripped from CFLAGS thanks > > On Thu, Aug 04, 2011 at 10:01:52PM +0100, Dominic Hargreaves wrote: > > Source: libapache2-mod-perl2 > > Version: 2.0.5-2 > > Severity: i

Bug#646208: RFH: apache2 -- Apache HTTP Server

Package: wnpp Severity: normal Hi, I am looking for co-maintainers for the apache2 package. The other co-maintainers are inactive. The package is not in a bad shape, but I am lacking time and there is significant work to be done in the near future. The new co-maintainer(s) should of course have

Re: Let's talk about SVN management

Hi, On Tue, 1 Nov 2011, Sandro Tosi wrote: That said, if we're restructuring the repository anyway, why don't move to git? I was setting up git-svn for the Apache repository earlier which allows me to commit patches even though I have no write access to repository yet. That's only one of the adv

Bug#649888: Hide /icons index

On Thursday 24 November 2011, Mathieu Parent wrote: > Currently, on any Debian-based apache2, anyone can browse the > /icons URL. > > Anyone can see that odf6* icons are present (-> this is Debian > specific) and the date of these icons correspond to the build date. > > So one can deduce the vers

Bug#650350: apr: testsuite hangs on testprocmutex

On Tuesday 29 November 2011, Hector Oron wrote: > Hi, > > 2011/11/29 Hector Oron : > > Source: apr > > Version: 1.4.5-1 > > Severity: important > > > > This bug is currently blocking armhf archive bootstrap as it > > should break a circular dependency cycle. Please if you have any > > hint or ar

Bug#650350: apr: testsuite hangs on testprocmutex

On Tuesday 29 November 2011, Hector Oron wrote: > When cmpiling apr under armhf architecture, testsuite seem to > hang at testprocmutex test with the followinf backtrace: I just noticed that there is a special configure flag concerning mutexes added for armel. Maybe you need the same for armhf

Bug#650350: apr: testsuite hangs on testprocmutex

On Wednesday 30 November 2011, Hector Oron wrote: > Hello, > > On Tue, Nov 29, 2011 at 11:57:16PM +0100, Stefan Fritsch wrote: > > On Tuesday 29 November 2011, Hector Oron wrote: > > > When compiling apr under armhf architecture, testsuite seem > > > to > &

Bug#650350: apr: testsuite hangs on testprocmutex

On Wednesday 30 November 2011, Konstantinos Margaritis wrote: > FWIW, maybe it helps, I just did some tests on this, it seems to > fail only on one of the subtests in testprocmutex, > APR_LOCK_PROC_PTHREAD test. Will look into this a bit more. Fixing the actual problem would be very welcome. But I

Re: Reworking the Apache package (with patches)

Hi Arno, first of all, thank you very much for your help. I won't have time to look at your patches in detail before next week-end, but here are some comments already. On Monday 05 December 2011, Arno Töll wrote: > This is a list of major changes: > > * I changes the source package type from 1

Re: Reworking the Apache package (with patches)

Hi Arno, On Wednesday 07 December 2011, Stefan Fritsch wrote: > On Monday 05 December 2011, Arno Töll wrote: > > * I reworked the rules file entirely. It is now using the short > > dh(1) syntax and (a lot of) overrides. Much magic still happens > > in custom targe

Bug#550840: UPD: apache2-mpm-prefork: reload does not work: childs hangs on FUTEX_WAIT_PRIVATE

On Saturday 17 December 2011, Claus Herwig wrote: > is this bug still (or again?) present in Debian Squeeze? > > I think I hit this problem multiple times during last week, getting > something like: > > hostname:/# strace -p 22854 > Process 22854 attached - interrupt to quit > futex(0x7f1dc6f9655

Bug#601033: apache2.2-common: AddOutputFilterByType is deprecated but used in deflate.conf

AddOutputFilterByType will be fixed and un-deprecated in 2.4. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112181142.04362...@sfritsch.de

Bug#497534: apache2.2-common: /etc/init.d/apache2 / apache2ctl not reporting error return code when apache2 segfaults

On Thursday 04 September 2008, Olivier Berger wrote: > Le mardi 02 septembre 2008 à 22:41 +0200, Stefan Fritsch a écrit : > > In this case, the segfault happens after apache has gone into the > > background. There is no way for the init script to learn about > > the crash o

Bug#497534: apache2.2-common: /etc/init.d/apache2 / apache2ctl not reporting error return code when apache2 segfaults

On Sunday 18 December 2011, Stefan Fritsch wrote: > However maybe we could put some logic in the init script that > follows the error log and waits for the "resuming normal > operations" line and only afterwards prints "OK" See also http://bugs.debian.org/cgi

Bug#528062: Supplied patch breaks working installations with php and suexec

tags 528062 -patch forwarded 528062 https://issues.apache.org/bugzilla/show_bug.cgi?id=49439 thanks On Sunday 23 January 2011, Witold Baryluk wrote: > I reported this problem with patch on Apache bugzilla, but nobody > from developers responds. :( > > Bug entry is here > https://issues.apache.or

Bug#296886: fixed in 2.3.10

This will be fixed in 2.4 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112181931.25426...@sfritsch.de

Bug#233047: fixed in 2.4

this will be fixed in 2.4 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112181933.05824...@sfritsch.de

Bug#519322: fixed in 2.4

this will be fixed in 2.4 -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112181932.36750...@sfritsch.de

Re: Let's talk about git management

Hi, let's try to make a plan how to proceed with git. On Saturday 19 November 2011, Sandro Tosi wrote: > > Is it > > necessary to import the complete upstream source with git? > > Following the usual workflow, yes, it should be imported the whole > tarball inside the repository (in a separate br

Re: Let's talk about git management

Hi Arno, I was somewhat busy last week. But I think we have an agreement here. On Mon, 19 Dec 2011, Arno Töll wrote: To summarize, what I'd prefer is: * A git repository * Having the full source in trunk * Managing orig.tar.gz tarballs with pristine-tar (thus having a pristine-tar branch which

Re: Let's talk about git management

On Monday 26 December 2011, Stefan Fritsch wrote: > I have already started to create an appropriate git repo, i.e. with > the upstream tarballs since 2.2.3 and an export of the pkg-apache > svn that has its files moved from debian/*. It's not completely > finished yet, and it

apache2 is now in git

On Saturday 31 December 2011, Arno Töll wrote: > > Should we change the > > tag names to the git-buildpackage defaults (upstream/* and > > debian/*)? Is there anything else that should be changed? > > There is --git-debian-tag which can override the default. However, > I think settling to git-bp's

Bug#652843: Patch

On Thursday 29 December 2011, william felipe_welter wrote: > There is a simple patch for the initialization script that resolve > this issue: > > 173a174 > > > APACHE_LOG_DIR=$(. $APACHE_ENVVARS && echo $APACHE_LOG_DIR) > > 174a176,182 > > > if [ ! -d $APACHE_LOG_DIR ]

Bug#654764: Mitigate B.E.A.S.T attack

On Thursday 05 January 2012, Mathieu Parent wrote: > The BEAST vulnerability [1] "can be prevented by removing all CBC > ciphers from your list of allowed ciphers—leaving only the RC4 > cipher". I don't think we want to do that. The normal RC4 algorithms (i.e. not ECDHE-*-RC4*) don't provide perf

Planning for 2.3/2.4

get: $ git log pristine-tar |head commit 875c37bcd5837f49be2673407799b308e32c8c5b (origin/pristine-tar, pristine-tar) Author: Stefan Fritsch Date: Tue Dec 27 19:43:24 2011 +0100 pristine-tar data for apache2_2.2.21.orig.tar.gz commit 7bb2f1029634aa4cbeec151b2f0dfde31228f6c7 ... Cheers, Ste

Re: Planning for 2.3/2.4

On Mon, 9 Jan 2012, Arno Töll wrote: I just did so. Feel free to edit the newly created page on [1]. Thanks, will do. Obviously this will be far from complete or usable. Do we need any push-policies regarding broken and/or incomplete stuff or shall we just do it(tm) and see how it goes [2]?

Bug#579609: Is this still an issue in current apache 2.2 releases?

On Monday 23 January 2012, Sven Hoexter wrote: > - add an alias and location with RemoveType and RemoveHandler for > .php to the default configuration > Alias /plain /var/www > > RemoveHandler .php > RemoveType .php > > > - service apache2 restart > > Result is that the .php

Re: Introducing Apache 2.3.x

Hi Arno, On Friday 27 January 2012, Arno Töll wrote: > It needs some explanations. > > *) Let me start with the most evident fact: The package is not even > close to be complete. It is just a random development snapshot you > can look and comment at, but please realize it might contain > random b

Bug#444048: CGI stopped working after upgrade to 2.2.16-6+squeeze6

On Wed, 8 Feb 2012, Andreas B. Mundt wrote: I run apache with the userdir module enabled. Users can have their own cgi-bin directory in ~/public_html. This worked fine until yesterday, where it stopped working. (Standard HTML code still works, but not the cgi-bin scripts.) The error reported i

Bug#631230: apache2 startup fails with missing log directory

On Sunday 05 February 2012, Jean-Michel Vourgère wrote: > While I agree there is a problem with missing log directory > repporting - see > https://issues.apache.org/bugzilla/show_bug.cgi?id=29941 - I don't > think creating this directory automatically would be wise. > > For exemple, if your direct

Re: How long will it take for 2.4 to enter SID?

On Tuesday 21 February 2012, Michelle Konzack wrote: > I am in a ongoing transition of my entired Network and like to > know how long it will take to get Apache 2.4 into SID. Thats difficult to say, there is still a lot to do and there certainly will be an upload to experimental before sid. Some

Comments about 'next' branch

Hi Arno, since you asked, here are some comments about the current state of the "next" branch. Sorry for the not very refined language ;) Stuff that should be done before the experimental upload: Have a single script for /usr/sbin/a2

Re: The status of ITK in Debian

Hi Steinar, On Wednesday 29 February 2012, Steinar H. Gunderson wrote: > On Wed, Feb 29, 2012 at 06:29:17PM +0100, Arno Töll wrote: > > we're close to upload an experimental 2.4 package to Debian. > > Maybe you could tell us what to do with the ITK MPM? Right now > > we dropped it completely. Do y

Re: The status of ITK in Debian

On Friday 02 March 2012, Steinar H. Gunderson wrote: > On Fri, Mar 02, 2012 at 11:06:47PM +0100, Stefan Fritsch wrote: > > There is now mod_privileges included upstream, which does > > something similar to mpm itk but using Solaris privileges. It > > would be interesting to c

Bug#663723: Critical memory leak with mod_rewrite in apache2 using german umlauts

severity 663723 wishlist tags 663723 -security retitle 663723 apache2 does not prevent DoS through .htaccess files thanks On Tuesday 13 March 2012, Patrick Matthäi wrote: > I noticed on a customers server, that apache periodical crashes the > whole system by using the whole available memory until

Bug#663723: Critical memory leak with mod_rewrite in apache2 using german umlauts

On Tuesday 13 March 2012, Patrick Matthäi wrote: > If the regular expression is wrong, okay, but what is about e.g. > the RedirectLimit? This also could cause server problems with > crafted configurations, but there is internal apache limit > available. You mean LimitInternalRecursion? That is to

Bug#664761: apache2/conf.d migration: what should webapp packagers do?

On Wednesday 21 March 2012, Paul Wise wrote: > On Wed, Mar 21, 2012 at 1:18 AM, Jonathan Nieder wrote: > > Upgrading apache2 to the version in experimental breaks my local > > gitweb installation. Gitweb ships the following snippet in > > /etc/apache2/conf.d/gitweb: > > > >Alias /gitweb /

Re: Bits from the Apache Maintainers / Upcoming apache2 2.4 transition

On Thursday 22 March 2012, Steinar H. Gunderson wrote: > On Thu, Mar 22, 2012 at 01:05:16AM +0100, Stefan Fritsch wrote: > > Beware: The ITK MPM is not included for the time being. This may > > or may not change until the freeze. > > Just to make sure; you are aware that the

Need help sorting out apt-get behavior during upgrade

Hi, we are testing upgrades from apache2 2.2 to 2.4 with apt-get, but it doesn't work as expected. apt-get's output with scores enabled is attached. Instead of upgrading the apache2 package, apt-get removes it. What is very strange is that apt-get installs the new apache2-data package but in

Re: Need help sorting out apt-get behavior during upgrade

Hi David, thanks for your response. On Wednesday 28 March 2012, David Kalnischkies wrote: > > But the main issue is why does apt-get remove apache2? > > apache2-bin conflicts&replaces apache2.2-bin. According to > > policy 7.6.2, this should allow apt to determine which package > > to keep and wh

Bug#666687: pu: package apr_1.4.2-6+squeeze4

repository corruption in some rare cases. Closes: #664451 -- Stefan Fritsch Sun, 01 Apr 2012 00:50:32 +0200 Debdiff is at http://people.debian.org/~sf/apr_1.4.2-6+squeeze4.debdiff Cheers, Stefan -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubs

MPM ITK (was: Bits from the Apache Maintainers ...)

Hi Steinar, On Friday 30 March 2012, Steinar H. Gunderson wrote: > On Thu, Mar 22, 2012 at 08:23:54AM +0100, Stefan Fritsch wrote: > > But this of course doesn't mean that ITK won't be included, just > > that it's not sure yet. > > Just so it's clear:

Bug#664299: Helping to update to packaging format 3.0

Hi Jari, On Friday 06 April 2012, jaalto wrote: > There is a reason for migrating away from dpatch. I don't see any urgency for migrating away from dpatch either. I am planning to migrate apr and apr-util to format 3.0 for wheezy, but even if it doesn't work out, dpatch will continue to work fo

Thoughts about the default auth/access configuration

Hi, I have made some experiments and spent some thoughts on the default authorization configuration. I will outline some things that have to be taken into account, first. The basic requirements are A) allow access to /var/www B) allow access to /usr/lib/cgi-bin C) webapp packages will want to

Re: web-based cert management in Debian?

Hi Daniel, On Sunday 08 April 2012, Daniel Pocock wrote: > I was just looking at package ssl-cert > > I'm packaging a SIP proxy that would benefit from SSL certs > > Has there been any discussion about doing something more than > ssl-cert, e.g. a simple web interface to invoke `openssl req', let

Bug#605123: apache2.2-common: "incorrect" definitions of Common Log Format and Combined Log Format

On Saturday 14 April 2012, you wrote: > Well than simply rename them? Or at least add a comment that this > is not what people (or 3rd party products) may expect. ok, I will add a comment. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Troub

Bug#668858: apache2: doesn't use UTF-8 by default

On Sunday 15 April 2012, Adam Borowski wrote: > Apache is one of the few things in Debian not configured to use > UTF-8 by default. Considering that UTF-8 has been the default > encoding for four releases already, GUI stuff doesn't really > support ancient locales anymore and there's talk about dr

Re: [xml/sgml-pkgs] Bug#670572: libxml2: missing link from /usr/lib

On Friday 27 April 2012, Aron Xu wrote: > clone 670572 -1 > retitle -1 not usable because libxml2.so.* are moved to Multi-Arch > path severity -1 serious > reassign -1 src:mod-proxy-html > block 670572 by -1 > thanks > > On Thu, Apr 26, 2012 at 21:39, Francesco Potortì wrote: > > Package: libxml

Re: Bug#670572: [xml/sgml-pkgs] Bug#670572: libxml2: missing link from /usr/lib

On Sun, 29 Apr 2012, Julien Cristau wrote: On Sun, Apr 29, 2012 at 13:10:05 +0200, Stefan Fritsch wrote: "LoadFile /usr/lib/${DEB_HOST_MULTIARCH}/libxml2.so.2". This would break with non-multiarch versions of libxml2, but that's acceptable. A simple "LoadFile libxml2.so.

Re: Bug#670572: [xml/sgml-pkgs] Bug#670572: libxml2: missing link from /usr/lib

On Monday 30 April 2012, Stefan Fritsch wrote: > On Sun, 29 Apr 2012, Julien Cristau wrote: > > On Sun, Apr 29, 2012 at 13:10:05 +0200, Stefan Fritsch wrote: > >> "LoadFile /usr/lib/${DEB_HOST_MULTIARCH}/libxml2.so.2". This > >> would break with non-mult

Re: Bug#666816: mod-proxy-html: sourceful transition towards Apache 2.4

On Thursday 19 April 2012, Emmanuel Lacour wrote: > On Tue, Apr 03, 2012 at 04:13:45PM +0200, Arno Töll wrote: > > there is probably no reason to ship your module once apache2 2.4 > > is in Testing and thus it should be removed as an individual > > package. I'd suggest you to make it a transitional

Re: Chances to accept a fix for mpm-itk in stable-proposed-updates

On Monday 07 May 2012, Steinar H. Gunderson wrote: > On Mon, May 07, 2012 at 09:29:57PM +0200, Henrik Heil wrote: > > It is not a security issue. I think it could qualify as important > > > enough for stable-proposed-updates because: > FWIW, I don't think this is a security issue. I would not oppo

Apache2 2.4 transition postponed

Hi, we have decided to postpone the transition to apache2 2.4. The main blocker is that mod_perl needs a major new upstream release which very likely won't be ready in time for Wheezy and we don't want to release Wheezy without mod_perl. Cheers, Stefan -- To UNSUBSCRIBE, email to debian-apa

Bug#673401: task-web-server: Please remove mod_perl and mod_python from task-web-server

Package: task-web-server Version: 3.09 Severity: normal mod_python is obsoleted by mod_wsgi and basically dead upstream (last commit to svn was 3 years ago). And mod_perl is IMNSHO not so popular anymore that it needs to be installed by default. Of course, the mod_python and mod_perl maintainer

Bug#674598: make-ssl-cert fails on long-named hosts

On Friday 25 May 2012, Ben Howard wrote: > The 'make-ssl-cert' command fails on hosts with longer than > 64-characters as the FQDN. > https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1004682 It seems a better fix would be to use SubjAltName in that case because it has a 255 character limit

Re: Passing LDFLAGS to Apache modules for hardened build flags

On Tuesday 29 May 2012, Arno Töll wrote: > > Note, a few packages of my 2.4 test rebuild FTBFS because of > > hardening flags lately (#666839 and #666854 at least). > > And these packages now probably turned RC buggy as they fail to > build from source with hardening flags enabled. I will test tha

Re: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

On Thursday 31 May 2012, Christoph Anton Mitterer wrote: > So from my side I'd say the following: > > 1) IF a change like this happens,.. it definitely must go to the > NEWS file, as - in the case of Apache HTTPD Server - it can even > have security relevant outcomes. > So Brian, as long as this c

Re: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

On Friday 01 June 2012, Christoph Anton Mitterer wrote: > Release notes is a good idea, Stefan, Brian... can anyone of you > take care of this or should I (but I'm on vacation starting next > Tue, so that would take some time). There is still plenty of time. If you get to it first please cc: debi

Bug#676610: silently ignores config files with a colon in its name

On Friday 08 June 2012, Harald Dunkel wrote: > I would suggest either to accept config files with a > colon in its name, or to show a warning about the > unsupported file name. The details about which files are ignored are listed in README.Debian. Since the reason is mainly ignoring backup files

Bug#674142: make it possible to disable ssl compression in apache2 mod_ssl

On Wednesday 06 June 2012, Arno Töll wrote: > Hi, > > On 23.05.2012 12:17, Bjoern Jacke wrote: > > Please consider to add the patch from > > https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 to the > > Debian package. > > as you might have noticed Stefan was committing your patch > upstrea

pkg-apache-commits subject changes

FYI: In order to make the subjects more readable, I have just removed the [Pkg-apache-commits] prefix and shortened the repository descriptions. Cheers, Stefan -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists

Bug#677086: apache2-mpm-prefork: apache2 sends "400 bad request" on POST from some firefox browsers

On Monday 11 June 2012, Thomas Voelkl wrote: > Affected Webservers/Operating Systems (server side): > - only apache <= 2.2.16 (squeeze) seems to be affected. (Apache > 2.2.9, Debian; Apache 2.2.10, SUSE) You mean that this problem also occurs with 2.2.9? > - the affected clients also have this pr

Bug#677086: apache2-mpm-prefork: apache2 sends "400 bad request" on POST from some firefox browsers

On Sunday 17 June 2012, Thomas Voelkl wrote: > I have collected some statistical data (by analysing the apache > logs) on how often this problem occurs on our webserver: > ~38% of our users upload files by using a firefox browser > ~6% of these firefox users get the error (400 bad request) when > u

Bug#677086: apache2-mpm-prefork: apache2 sends "400 bad request" on POST from some firefox browsers

On Monday 18 June 2012, Thomas Voelkl wrote: > Here are two captures from an upload of a 512K large testfile: > 2.2.16: http://uploadtest.puzzleandplay.de/capture-a2-2-16-512K.cap > 2.2.22: http://uploadtest.puzzleandplay.de/capture-a2-2-22-512K.cap The 2.2.16 dump was done with Firefox 12, the 2.

Bug#677086: apache2-mpm-prefork: apache2 sends "400 bad request" on POST from some firefox browsers

On Tuesday 19 June 2012, Thomas Voelkl wrote: > @SF: Can you apply this patch in the official debian squeeze stable > release? Yes, I think so. Hopefully in the next stable point release. -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Troubl

Bug#679522: apache2.2-common: Apache Common and Combined definition Vs. documentation disparity

On Friday 29 June 2012, Ryan Jones wrote: > The difference between them being that where in the vanilla version > we have ‘%b’ whilst in the apache2.2-common version we have ’%O’. > Whilst the data they return is similar they are not the same. %O has the advantage that it logs something reasonable

Bug#679522: apache2.2-common: Apache Common and Combined definition Vs. documentation disparity

On Friday 29 June 2012, Ryan Jones (UK) wrote: > I was unaware of the fact that %O logs something reasonable for > partial requests. However, the purpose of this bug was not to > argue for one or the other, only that the documentation should > match what is implemented. > > In my case I spent a lo

Bug#680993: libaprutil1-dbd-mysql: AuthDBDUserPWQuery (Module mod_dbd.c) for MySQL doesn't allow SQL statement with a stored procedure

On Monday 09 July 2012, pgr.sikkin wrote: > > The apache log > [Mon Jul 09 20:22:57 2012] [error] [client 192.168.2.241] Query > execution error looking up 'test.example' in database > Can you try the attached patch and see if it gives you a better error message in the log? Alternatively, I hav

Bug#682401: dbmmanage: please use Digest::SHA instead of Digest::SHA1

On Sunday 22 July 2012, Arno Töll wrote: > Evidently not too many people are using dbmmanage, even less with > SHA1 encryption since it is not the default option but nobody > noticed so far. Nonetheless the removal of Digest::SHA1 breaks the > application in a fatal way when SHA-1 encryption is exp

Re: Apache with TLS 1.2 support

On Tuesday 24 July 2012, Roman Pavlík wrote: > It would be very useful to have full tls 1.2 support in stable > Wheezy. I will look at it. > P.S.: Should I post it as bugreport ? Yes, please do. Cheers, Stefan -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject

Bug#684824: apr: FTBFS: rm: cannot remove `libtoolT': No such file or directory

Hi Lucas, On Tuesday 14 August 2012, Lucas Nussbaum wrote: > > WARNING: This is Linux but configure did not detect POSIX semaphores. > > ERROR: POSIX semaphores not usable and /dev/shm not mounted. > > ERROR: Aborting. > > HINT: If you are using pbuilder or cowbuilder, add /dev/shm to BINDMOUNTS >

Bug#670945: libapache2-mod-php5: Bug #589384 breaks default behaviour for MultiViews

FWIW, this bug has been open for 4 months. It would have been nice if you (or the php maintainers) could have sent a note to debian- apache@l.d.o a bit earlier. If mod_negotiation requires some mime-type for .php to work, then the obvious solution would be to add a non-magic type, for example "

Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

Thanks for coming up with some wording. On Wednesday 15 August 2012, Ondřej Surý wrote: > In order to avoid any problems when not using Apache PHP5 module, > and if you relied on MIME type definitions, read the README.Debian > from the php5-common package on how to correctly configure PHP 5 > run

Re: [php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

On Wednesday 15 August 2012, Christoph Anton Mitterer wrote: > On Wed, 2012-08-15 at 21:07 +0200, Stefan Fritsch wrote: > > Since we have gone to great pains to not use the magic MIME types > > anymore, I think we should not recommend them here. Or at least > > not as the firs

Re: Possible release note for systems running PHP through CGI.

On Monday 20 August 2012, Ondřej Surý wrote: > Ah, I see; it gets executed when there is no know handler or > mime-type for second extension. > > E.g. index.php.jpeg works as expected (e.g. returning PHP source > code), index.php.blubb but gets executed. I don't think there's any > harm in disabli

Bug#654764: Apache and BEAST

On Saturday 15 September 2012, Christoph Anton Mitterer wrote: > I wondered about the status of the BEAST attack in Debian, > especially: > > 1) Can I use any cipher suite and still be secure (e.g. use AES and > disable RC4; the later which is often claimed to secure things... > while there are ho

Re: Typo in sites-available/default-ssl ?

On Monday 01 October 2012, Diederik de Haas wrote: > It looke like the last BrowserMatch statement is filtering MSIE > version 17-9, but shouldn't that be "MSIE [7-9]" ? No, the regular expression is only filtering on the first digit of the version number, i.e. the 1 matches MSIE versions 10 to

Re: Fwd: [php-maint] Updating php5 to 5.4.4-5 broke FastCGI setup on my machine

Hi Ondřej, I also cannot think of any configuration that would make everyone happy. At the moment, I fear this can only be solved by more documentation. Maybe one could add such a paragraph to the NEWS entry of php5-cgi 5.4.4-5, e.g. before "The standard configuration now also..." : WARNI

Re: Fwd: [php-maint] Updating php5 to 5.4.4-5 broke FastCGI setup on my machine

On Thursday 11 October 2012, Charles Plessy wrote: > Le Mon, Oct 08, 2012 at 03:38:10PM +0200, Ondřej Surý a écrit : > > Just one last question which came to my mind. Would this all be > > fixed if we added non-magic type to mime-support (e.g. > > http://bugs.debian.org/670945) and reverting the ch

Bug#663971: apache2.2-common: /etc/init.d/apache2 requires facility $named, causing failed install/upgrade

On Friday 19 October 2012, Jean-Michel Vourgère wrote: > It seems to me this is exactly what the little known > "Should-Start:" from LSB is for. > > https://wiki.debian.org/LSBInitScripts Most other dns servers are listed in /etc/insserv.conf as optional. Maybe pdns should be listed there, too?

Bug#663971: $named dependency in init script and pdns

Hi insserv maintainers, there seems to be a problem with apache2's dependency on $named if pdns is installed but not enabled [1]. This does not seem to be a problem with other name servers. pdns ships /etc/insserv.conf.d/pdnsd with $named pdnsd Should this be fixed in pdnsd by adding

Bug#663971: $named dependency in init script and pdns

On Saturday 20 October 2012, Kel Modderman wrote: > > Hi insserv maintainers, > > > > there seems to be a problem with apache2's dependency on $named > > if pdns is installed but not enabled [1]. This does not seem to > > be a problem with other name servers. > > > > pdns ships /etc/insserv.conf.

Bug#693292: apache2.2-bin: False positives with mod_log_forensic and check_forensic

On Thursday 15 November 2012, Reinhard Brunzema wrote: > Since update 2.2.16-6+squeeze8 check_forensic reports much more > failed requests than before. Most of them are false positives. I > think, this is caused by mod_log_forensic, throwing in some > additional '-' from time to time. > > For inst

Re: Debian: apu-config and BDB

On Thursday 22 November 2012, Ben Reser wrote: > Since the change that was made in reaction to this bug report: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622081 > > apu-config on Debian has avoided returning the BDB library from > --libs. The bug suggests that BDB is related to the DBM s

<    2   3   4   5   6   7   8   9   >