On Friday 02 April 2010, Julian Gilbey wrote:
I have installed this version of apache2 from testing, and now when
I try to connect to https://localhost/, I get the weird error
message:
If you have upgraded from a previous version, this is probably a
configuration problem. It may be related
reassign 575009 libapache2-mod-auth-sys-group
thanks
On Monday 22 March 2010, Ben Hildred wrote:
when seting up authentication using Require valid-user an
errormessage of the form GROUP: * not in required group(s). where
* is the name that is attempting to authenticate if
On Monday 15 March 2010, Bernhard Schiffner wrote:
Package: apache2.2-common
Version: 2.2.9-10+lenny6
Severity: normal
0.) The server did not resposne http://... requests.
1.) ps showed 110 sleeping apache2 instances, no other anormalities
(dmesg, free, du etc.)
2.) I did a normal
On Tuesday 23 March 2010, Roel Teuwen wrote:
Now that the bug is (finally) fixed upstream in TRUNK, is there any
chance of appying the patch to the current version ?
http://svn.apache.org/viewvc?view=revisionrevision=813178
You might want to apply the fix in r924455 too :
Package: ftp.debian.org
Severity: normal
AFAICS security-master's dak needs to be updated to support source format
3.0. This must happen before squeeze's release, therefore I file this bug
for tracking purposes.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
affects 575733 -release.debian.org
reassign 575733 release.debian.org,ftp.debian.org
severity 575733 serious
thanks
On Sunday 28 March 2010, Raphael Geissert wrote:
Why not use a RC severity then? (not intending to push people, just
to make it clear when checking the bugs list).
IIRC, the
On Wednesday 10 March 2010, Bastian Blank wrote:
It checks for POLLIN (aka for readable things) before writing the
request, which makes no sense at all.
Yes, the bug is that mod_reqtimeout handles the backend connection at
all. It should be restricted to the client connection.
--
To
On Tuesday 09 March 2010, Bastian Blank wrote:
The timeout is reported less then 30 seconds after the start, which
is much below the configured timeout.
Please try if disabling mod_reqtimeout fixes the problem.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Two questions:
- Shouldn't it be php_admin_flag instead of php_admin_value?
- Maybe it would be a good idea to put the info into a comment in the
config file? AFAIUI, if someone tries the obvious solution to set
php_admin_flag/value engine on, this would prevent users from setting
php_flag
On Thursday 25 February 2010, amarao wrote:
Commands like a2ensite, a2dissite, a2enmod, a2dismod right now
recommends:
Run '/etc/init.d/apache2 reload' to activate new configuration!
But it much safer to recommends run a 'apache2ctl graceful' or even
'apache2ctl configtest'
On Mon, 1 Mar 2010, Michael Tokarev wrote:
Stefen, can you please, this and next time you merely
increases severity, give at least some hint about your
justification?
I thought from the original report it was obvious that this makes kvm
unusable, therefore this bug is not only important. I
On Monday 01 March 2010, Michael Tokarev wrote:
Meanwhile, can you please try 0.12.3 package from my site as
I mentioned before (see the bug in question).
It works with 0.12.3. Thanks.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe.
Hi Paul,
On Tuesday 23 February 2010, Paul Martin wrote:
Could you try the following patch?
it fixes the problem with this particular config but I don't really
like it. It does not change the fact that the config parsing is
extremely fragile. If a postrotate script contains an unbalanced
On Saturday 20 February 2010, william estrada wrote:
localization added to httpd.conf is overriden by other includes.
You need to be more verbose. What do you want to achieve, what did you
do, what happened, and what do you think should have happened.
--
To UNSUBSCRIBE, email to
Package: logrotate
Version: 3.7.8-4
Severity: critical
Justification: breaks unrelated software
If the directory of a log file specification with wild cards does not exist,
logrotate may mis-parse the config file so badly that it will rotate arbitrary
files appearing in the postrotate script.
On Monday 22 February 2010, you wrote:
Please could you tell us what your /etc/logrotate.d/apache2
contains.
I guess the problem is that the postrotate script contains a '}':
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
Package: exim4-daemon-heavy
Version: 4.69-9
Severity: important
about once a month, I get a segfault in exim4:
exim4[21903]: segfault at 7fff5bbcc634 ip 41e95c sp 7fff5bbcc600 error 6 in
exim4[40+c8000]
exim4[6096]: segfault at 7fffe732d9f4 ip 41e95c sp 7fffe732d9c0 error 6 in
reassign 569672 linux-2.6
forcemerge 553503 569672
reopen 553503
fixed 553503 2.6.32-3
affects 553503 exim4-daemon-heavy
summary 553503 84
retitle 553503 bug in address space randomization causes exim4 crashes
thanks
On Saturday 13 February 2010, you wrote:
this looks like
On Tuesday 09 February 2010, Christian Gerbrandt wrote:
Version: 2.2.14-6
I got several vhosts configured on my machine. They were all
working fine until I updated to 2.2.14 (Debian). For some unknown
(for me) reason, one of the vhosts is not working anymore in the
way, that it will not
Hi Valentin,
On Wed, 10 Feb 2010, Valentin Vidic wrote:
www-data 2220 7.3 5.8 223840 30064 ?S13:10 0:01 \_ /usr/sbin/a
Apache child consumes 30MB of memory after accessing a PHP5 page (Horde/IMP).
Does the apache child grow without bounds when it serves more requests or
On Wednesday 03 February 2010, Paul Gevers wrote:
Not 100% sure if this is not caused by my set-up, but when I add a
new directory via webdav with the name of an existing file with the
extention subtracted, I get a 405 response. For example:
Is there something in the error log? Check that you
On Wednesday 27 January 2010, Andreas J. Guelzow wrote:
The php5.conf file attaches a mime-type via a FileMatch. That
appears to override ForceType.
In php4.conf the extension was mapped to a type. That works fine
with ForceType.
So by usingthe phpo4 version of attaching the extensions
On Thursday 21 January 2010, lluis gili wrote:
Increasing compile-time constant DEFAULT_LIMIT_REQUEST_LINE would
allow to increase LimitRequestLine over 8190 without having to
recompile apache. In apache2.conf could be established to 8190 by
default.
if it has no negative impacts on
Package: wnpp
Severity: normal
Denis V. Sirotkin, the maintainer of fortunes-ru has not been active in Debian
for nearly two years. I am therefore orphaning it now
If you want to be the new maintainer, please take it -- see
http://www.debian.org/devel/wnpp/index.html#howto-o for detailed
Package: wnpp
Severity: normal
Denis V. Sirotkin, the maintainer of polipo, has not been active in Debian
for nearly two years. I am therefore orphaning polipo now.
Polipo recently had some security issues that need to be fixed. As a network
daemon it needs an active maintainer. Polipo has
On Sunday 17 January 2010, Jeroen Hooyberghs wrote:
I am still having this problem. Can I provide any more information
about this in order to get it solved?
From this I gather that it still crashes with the newest openssl from
last weeks DSA? That update touched a code part that affected
On Saturday 28 November 2009, Kevin Fernandez wrote:
Same problem here with lenny fully updated. I tried unloading
modules like python, deflate, bw, but still getting the same
problem. Tried changing the apache config, with normal values,
extremely low or high ones, always the same.
It
Hi,
On Sun, 15 Nov 2009, Vitez Gabor wrote:
CacheIgnoreURLSessionIdentifiers fails to work properly, when two
session identifiers are used.
Do you know how to recompile the apache2 package? If yes, it would be nice
if you could try this patch and test if it fixes your problem:
On Sunday 10 January 2010, Gabor Vitez wrote:
This patch, applied on the previous one seems to have fixed it. I'm
no apache wizard, so it definitly needs a review.
Thanks. It seems that exiting the loop after the first session
identifier is found was included as an optimization. But it makes
severity 564324 grave
thanks
Here is a backtrace with xserver-xorg-core-dbg installed:
(gdb) bt full
#0 0xf7772430 in __kernel_vsyscall ()
tags 563688 pending
thanks
On Monday 04 January 2010, you wrote:
Now, according to the manual page, Complex regular expressions
that match the leading slash may not work correctly, but the
above expression in by no means complex.
Ups. I broke that in 2.3.1. Will be fixed in the next upload.
Package: libapache2-mod-fcgid
Severity: wishlist
mod_fcgid was donated to the ASF and is now maintained at
http://httpd.apache.org/mod_fcgid/
Version 2.3.4 is available.
The watch file should be updated, too.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
reassign 562006 libapache2-mod-php5
forcemerge 491928 562006
thanks
On Monday 21 December 2009, Paul Tagliamonte wrote:
FilesMatch \.php$
SetHandler application/x-httpd-php
/FilesMatch
This has been fixed in mod_php 5.2.11.dfsg.1-2. Probably you are using
an old version of
Package: dput
Version: 0.9.5.1
Severity: wishlist
It happens on a regular basis that people (even security-team members) upload
*-security uploads to ftp-master instead of security-master. This causes delays
for releasing security updates and additional work for the release team to clean
up the
Please see my original report. The behaviour doesn't appear to have changed:
% wget -q http://www.debian.org/ --header=Accept-Language: en-ca, fr -O - |
grep html\ lang
html lang=fr
% wget -q http://www.debian.org/ --header=Accept-Language: en, fr -O - | grep
html\ lang
html lang=en
We want
I can't reproduce this.
Do you mean that the apache parent process segfaults, or do the child
processes segfault when you do a request?
Please check if this was caused by the latest php security update. Replace
all php5 packages with the previous version. You can get a list with:
dpkg -l
Armor-signing the logs with gpg would also compress them and get rid
of the mail size limit problems. An openoffice buildlog is only 6 MB
when armor-signed. Of course this would break quite a few tools used
for dealing with the logs. But at least MUAs that support gpg would
display the logs
This is now CVE-2009-3305
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: doc-base
Version: 0.9.5
Severity: normal
There is currently no section suitable for the Apache documentation.
Network/Web Browsing only includes browsers, not servers.
I think a section for network daemons would be nice. Looking at [1],
at least the following servers don't fit into any
Hi,
this is not easily fixable with the current way of constructing the
download command, since the extra dists/ path component is added by the
commands in the config file. I am planning to redesign the
config file to fix this and various other issues, but this will not happen
soon (but
On Monday 07 December 2009, Hendrik Beneke wrote:
I tried this and it works fine.
Thanks for testing.
So what does it mean?
It means that Apache calls trac to process the error pages but trac
and/or mod_python seems to think it's a normal request.
Is it a bug
or do I have to add
Hi,
On Mon, 23 Nov 2009, Vitalie Lazu wrote:
Maybe this is because that apache does not start when system boot.
We disabled it because we need to enter ssl password by hand, so we start it
manually.
This is standard behaviour of Debian packages (because they all call
invoke-rc.d which does
On Fri, 27 Nov 2009, baenna...@gmx.de wrote:
Today I discvored the same issue on my system (ubuntu karmic). Luckily I
found this bug report. I removed localized-error-pages from conf.d and
it works fine now.
Yes that helped, thanks. You could help me even more by trying this:
Reenable the
: #542662).
+
+ -- Stefan Fritsch s...@debian.org Sat, 28 Nov 2009 20:41:03 +0100
+
conntrack (1:0.9.13-1) unstable; urgency=low
[ Max Kellermann ]
only in patch2:
unchanged:
--- conntrack-0.9.13.orig/debian/conntrackd.postinst
+++ conntrack-0.9.13/debian/conntrackd.postinst
@@ -0,0 +1,17
Hi Michael,
On Fri, 27 Nov 2009, Michael Gilbert wrote:
since there has been no debian activity on this bug for almost a year,
and upstream appears to be dead, i have forwarded the problem to gnome
since it is probably the most important downstream of libaudiofile.
they should have enough
.
Cheers,
Stefan
#! /bin/sh /usr/share/dpatch/dpatch-run
## 22_CVE-2008-5824.dpatch by Stefan Fritsch s...@debian.org
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Remove confusion between samples per block and frames perl block, to
## DP: avoid buffer overflow (probably
On Sat, 28 Nov 2009, Stefan Fritsch wrote:
Matthias was right, there is a confusion between samples and frames. I have
completed the patch and added a few sanity checks. Reviewers are wellcome.
Sorry, I attached the wrong file (a broken version). Now I have the right
one...#! /bin/sh /usr
tags 558399 patch
thanks
Hi,
normalize-audio must use afGetVirtualFrameSize instead of afGetFrameSize.
Otherwise the allocated buffer size will be too small if the wav file is
compressed.
Cheers,
Stefan--- normalize-audio-0.7.7.orig/src/adjust.c
+++ normalize-audio-0.7.7/src/adjust.c
@@
could you please check if this bug still appears in this version?
http://stuff.der-marv.de/tmp/mini-httpd_1.19-10_amd64.deb
When upgrading from a version before 1.19-10, you need to undo the
diversion before adding the new diversion, otherwise dpkg-divert will give
an error.
But I think
On Thursday 26 November 2009, Lucio Crusca wrote:
http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html
where I made changes only to paths and URIs.
-- Package-specific info:
Config file syntax check failed.
List of /etc/apache2/mods-enabled/*.load:
actions alias auth_basic
Package: nginx
Version: 0.7.63-1
Severity: important
Tags: security
Please upload version 0.7.64 which disables ssl renegotiation to fix
CVE-2009-3555.
Thanks.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Sunday 22 November 2009, Sam Morris wrote:
What architecture are you using
This says i386:
cd build-i486-linux-gnu/test ( ulimit -S -s 8192 ; ./testall -v
testatomic) testatomic : \Line 280: Failed creating
threads
//bin/bash: line 1: 7441 Segmentation fault ./testall
Package: dpkg
Version: 1.15.5.2
Severity: wishlist
Tags: patch
By using posix_fadvise with POSIX_FADV_WILLNEED on /var/dpkg/info/*.list, the
time needed to read the database can be reduced in the case where the files are
not yet in the buffer cache. The attached patch gives 20-30% time reduction
Package: openssl
Version: 0.9.8k-6
Severity: normal
With 0.9.8k-6, when one presses R cr in openssl s_client, it still says
RENEGOTIATING while it actually isn't renegotiating. This makes it hard
to test if a server is allowing client-initiated renegotiation.
-- System Information:
Debian
On Thursday 12 November 2009, Kurt Roeckx wrote:
On Wed, Nov 11, 2009 at 11:16:19PM +0100, Enrique D. Bosch wrote:
In particular, practical attacks exists against HTTPS and could
affect other protocols that use SSL/TLS.
It's my understanding that there is a patch for mod_ssl that
should
On Monday 09 November 2009, Manoj Srivastava wrote:
Because it violates the FHS -- and it would be at odds with
the forthcoming web applications policy. Are you sure access to
the document root is unavoidable?
Well, it has the document root compiled in, allows only one document
package: libapache2-mod-php5
severity: wishlist
On Tuesday 10 November 2009, sean finney wrote:
And my personal nitpick; PHP should be off by default so that
php scripts in configured data locations are not executed by
web servers by default. PHP files/dirs in webapp packages
should
On Monday 24 August 2009, Adam Cécile (Le_Vert) wrote:
I just found that enabling mod_includes breaks the vhost.
Disabling it make it work again. Any idea ?
Can you please try enabling mod_includes again and verify that it is
still broken. Then try disabling
severity 555129 wishlist
severity 553498 wishlist
thanks
On Sunday 08 November 2009, Julien Valroff wrote:
This is not one of the /var directories in the File Hierarchy
Standard and is under the control of the local administrator.
Manoj, both apache2-suexec and dspam-webfrontend are following
reopen 536697
severity 536697 serious
thanks
polarssl is now in squeeze/sid. Therefore xyssl should be removed.
Unless there is a compelling reason for xyssl to stay, please ask for
the removal of xyssl from sid.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
On Sunday 01 November 2009, Chris Lamb wrote:
Stefan Fritsch wrote:
apt-file supports downloading PDiff/Index patches out of the box
withoud additional configuration. Is it really worth the effort
to add rsync support?
Well, --rsyncable seems to be a far much cleaner solution
On Saturday 31 October 2009, Chris Lamb wrote:
Since a few days ago, Debian's dak generates Contents.gz files
using gzip's --rsyncable flag. In my rudimentary tests saves at
least 75% of the an update download at a cost of about 4% of the
initial download.
Not sure how well this will fit
On Sunday 25 October 2009, Alessio Treglia wrote:
This bug was orignally reported on Launchpad, please see LP:
#455654 for further details.
That bug is not public :-(
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
extracted from 7.62
diff -rpU10 nginx-0.7.61/src/http/ngx_http_parse.c nginx-0.7.62/src/http/ngx_http_parse.c
--- nginx-0.7.61/src/http/ngx_http_parse.c 2009-04-23 18:38:59.0 +0200
+++ nginx-0.7.62/src/http/ngx_http_parse.c 2009-09-07 13:11:24.0 +0200
@@ -732,33 +732,33 @@
On Tuesday 20 October 2009, Tobias Barth wrote:
see http://httpd.apache.org/security/vulnerabilities_22.html -
there is a mod_proxy DOS attack vulnerability that should be fixed
in some of the next revisions of the apache2 Debian packages
These are not very severe issues and will be fixed in
On Monday 19 October 2009, Pascal Weyprecht wrote:
I got the same problem, but I have no caching activated at all.
So deactivating is not a solution for me.
Please provide a backtrace as described
in /usr/share/doc/apache2.2-common/README.backtrace
--
To UNSUBSCRIBE, email to
On Tuesday 13 October 2009, Sergey B Kirpichev wrote:
Some related info goes below. If you point me how to get more
debug info I'll provide it.
Please provide a backtrace of a hanging process: Install
gdb apache2-dbg libapr1-dbg libaprutil1-dbg php5-dbg
Then:
gdb -p pid of a hanging
On Wednesday 14 October 2009, Hugo Villeneuve wrote:
Sorry for the long delay, here is what I've got for APR:
$ dpkg --list | grep apr
ii libaprutil1 1.2.7+dfsg-2+etch3 The Apache Portable
Strange. Do you have a self-compiled version of libaprutil somewhere,
possibly in /usr/local/lib?
On Thursday 08 October 2009, kwyxz wrote:
I seem to be experiencing a similar issue with apache2
2.2.9-10+lenny4, even though it does not crash the system the
memory exhaustion causes load average to skyrocket pretty high
(over 100 sometimes)
Can you please try the packages from
On Wednesday 07 October 2009, Hugo Villeneuve wrote:
However, when restarting Apache, I have the following error:
apache2: Syntax error on line 32 of /etc/apache2/apache2.conf:
Syntax error on line 2 of
/etc/apache2/mods-enabled/authnz_ldap.load: Cannot load
sending 304 NOT MODIFIED
responses for compressed content.
* mod_rewrite: Fix B flag breakage (closes: #524268)
* Properly declare that apache2-suexec* replace files in old versions of
apache2.2-common (closes: #528951).
* Remove other_vhosts_access.log on package purge.
-- Stefan
I forgot to add that you need to binNMU apache2-mpm-itk after apache2
has been accepted in s-p-u. (But there is no need to wait with the
binNMU for all apache2 builds. The apache2-src package is sufficient.)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject
severity 546759 important
thanks
since I can't reproduce this and the build daemons don't have a
problem either, I downgrade the serverity.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Thursday 17 September 2009, Josip Rodin wrote:
I'm moving this to apache2, the same issue exists there, it was
only filed on apache 1.x because that's what was used at the time
:) Please forward it upstream.
Can you please report which problems still apply with 2.2?
Problem 1: A user
On Tuesday 15 September 2009, Daniel Schepler wrote:
For me it happens about once in every two or three tries at running
the pbuilder build.
Does it happen only in pbuilder or also with a normal build with dpkg-
buildpackage. If the former, do you use pbuilder directly or some add-
on like
At the moment, the best defense is using iptables connlimit with a
reasonable maximum number of connections per IP (like 1/5 or 1/10 of
what your server can handle). This will give you good protection from
single attacking hosts. When the attacker has many hosts (i.e. a
botnet) you have lost
I intend to do a NMU for this issue in a few days.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: polipo
Version: 1.0.4-1
Severity: grave
Tags: patch
Justification: renders package unusable
When polipo receives a Cache-Control: max-age line without a value,
it logs a parsing error but then continues to use the not-parsed value,
resulting in a segfault. It does this in several places
On Tuesday 15 September 2009, Daniel Schepler wrote:
testreslist :
The build hangs there, and I have to stop the build manually. This
is not 100% reproducible, but happens at random in both amd64 and
i386 pbuilder chroots (on a dual core amd64 processor). The hung
testall
severity 514863 important
thanks
Different example:
$ bash -c 'set -e; (false); echo here'
$ dash -c 'set -e; (false); echo here'
here
This means dash's set -e is broken for many more complex shell
scripts.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a
Thanks for the info.
On Saturday 05 September 2009, Julian Mehnle wrote:
/etc/apache2/apache2.conf:NameVirtualHost *:80
/etc/apache2/apache2.conf:NameVirtualHost *:443
/etc/apache2/sites-enabled/00default:VirtualHost *:80
/etc/apache2/sites-enabled/00default:SSLEngine off
Hi,
On Wednesday 26 August 2009, Marc Dequènes (Duck) wrote:
Quoting Ondřej Surý ond...@debian.org:
That's an evil plan how to make more people test php 5.3.0 :)
:-)
But anyway it would be great if you can try 5.3.0-3 from
experimental. It needs as much testing as it could get.
My
On Friday 04 September 2009, Stefan Fritsch wrote:
egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)'
/etc/apache2/*conf* /etc/apache2/*enabled
One configuration where I see this error is with:
NameVirtualHost *:443
and several *:443 virtual hosts, where one of them has sslengine
Hi,
On Friday 14 August 2009, Marc Dequènes (Duck) wrote:
I just upgraded from 2.2.11-6 to 2.2.12-1, and my server failed to
start with the following error:
[error] Server should be SSL-aware but has no certificate
configured [Hint: SSLCertificateFile]
I can't reproduce that problem.
On Tue, 1 Sep 2009, Andreas Barth wrote:
Severity: serious
apache2 is no longer binNMU safe. This rendes currently this package
to be uninstallable on ia64:
apache2 hasn't been binNMU safe for a long time. Since when is this a RC
bug?
--
To UNSUBSCRIBE, email to
On Thursday 27 August 2009, Anthony L. Mendez wrote:
I installed Lenny on a spare computer last night and only installed
the standard packages from the tasksel dialog. From there I
installed apache and added `TraceEnable off` to
/etc/apache2/apache2.conf. I then telnet'd to myself and tested
On Wednesday 12 August 2009, Jiří Bendl wrote:
Version: 2.2.12-1
...
I'm using php5 and apache2 from repository lenny. Apache/2.2.11
(Debian) PHP/5.2.9-4 with Suhosin-Patch mod_ssl/2.2.11
Can you please clarify on which version(s) you see the problem? Lenny
has 2.2.9, squeeze has 2.2.11,
On Monday 10 August 2009, Michael S Gilbert wrote:
it has been dislosed that apache (and potentially other web
servers) can be used to port scan behind a firewall. i don't think
this issue issue too severe, but a firewall bypass nevertheless is
probably not a good thing. see [0].
[0]
On Tuesday 28 July 2009, Stefani Banerian wrote:
I am wondering if the run failure should be reported upstream, as
the changes needed to get pubcookie to work using apxs/libtool to
compile and link pretty clearly would need some changes.
Yes, you may want to contact the mod_pubcookie author.
reassign apache2-utils
retitle htpasswd should use a more secure password hash by default
severity wishlist
thanks
If you create a User/Password combination with htpasswd using the default
CRYPT encryption and a password with more than 8 chars, the Website still
gets you access by typing in
#5 0xb772ff5a in ENGINE_load_padlock ()
from /usr/lib/i686/cmov/libcrypto.so.0.9.8
Do you have different modules or different php extensions enabled on
the two servers?
No, I checked on 1 other server that is also serving the same services,
and therefor has exacly the same modules and
Which version of libapr1 are you using? It looks to me that you have a
self compiled version of libapr1 with APR_POOL_DEBUGGING defined, and the
bug is in the pool debugging code. Is that correct?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of
Using the ThreadLimit directive when configuring apache2 to use the
mpm_worker_module, the startup messages show that this directive is
ignored. Apache always maintains the value 64.
It seems the correct order is
IfModule mpm_worker_module
StartServers 2
MinSpareThreads
Hi,
It occurred to me that the problem might be related to one of the
symlinks having a name, .w/, to which Apache normally wouldn't allow
access, so I tested with:
ln -s ../work w; ln -s w/mine/toys toys
but /~eddy/toys/ was also 403. However, /~eddy/code/ has become
inaccessible too !
# Automatically generated email from bts, devscripts version 2.10.35lenny3
# the patch needs to be adjusted to the current version of the init script
tags 353450 - patch
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Hi Nicolas,
Here is my last bt full with apache not stripped, libapr1-dbg and
libaprutil1-dbg:
thanks, that helped me to reproduce the problem.
Can you please exchange
debian/patches/071_CVE-2009-1891.dpatch with the attached file and test if
that fixes the issue. It worked for me.
Cheers,
Package: libsqlite3-0
Version: 3.6.14.2-1
Severity: serious
Hi,
apr-util FTBFSs because the test suite fails with a SIGBUS in libsqlite3-0 on
sparc. This even happens to apr-util 1.3.4+dfsg-2, which is now in testing (and
built fine in May [1]). Since the build in May was with 3.6.13-1, I assume
* Stefan Fritsch s...@debian.org [2009-07-20 21:42]:
On Monday 20 July 2009, Nicolas Schodet wrote:
[Sun Jul 19 19:53:53 2009] [notice] child pid 12637 exit signal
Segmentation fault (11)
I can't reproduce this. Please post your mod_deflate configuration.
Thanks.
Here it is:
Thanks
On Tuesday 21 July 2009, Stefan Foerster wrote:
[warn] (103)Software caused connection abort: mod_fcgid:
ap_pass_brigade failed in handle_request function
Every time this error happens, a HTTP error code (500) is returned
to the client.
Do the clients actually get this error message or do
On Tuesday 21 July 2009, Stefan Foerster wrote:
This is weird. I can reproduce this bug by hitting my browsers
Stop button when the site is not completely loaded yet. Every
request aborted in that manner is logged in access log with a size
of 12080:
2001:6f8:1210:0:21f:d0ff:fe2e:d849 - -
601 - 700 of 1443 matches
Mail list logo