Bug#497362: /etc/apache2/conf.d/security: ServerTokens config file documentation wrong

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#497362: /etc/apache2/conf.d/security: ServerTokens config file documentation wrong
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 01 Sep 2008 09:41:51 +0200
Message-id: <[🔎] 20080901074151.3137.63228.reportbug@escher.loeki.tv>
Reply-to: Thijs Kinkhorst <thijs@debian.org>, 497362@bugs.debian.org

Package: apache2.2-common
Version: 2.2.9-7
Severity: minor
File: /etc/apache2/conf.d/security

Hi,

The file mentioned above has:

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.

The ordering not correct, Minimal and Minor should be switched.

OS gives: Apache/2.2.3 (Debian)
Minor gives: Apache/2.2
Minimal gives: Apache/2.2.3
Major gives: Apache/2

so it should read:
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod

cheers,
Thijs


-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env mime
  negotiation php5 setenvif status

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2.2-common depends on:
ii  apache2-utils          2.2.9-7           utility programs for webservers
ii  libapr1                1.2.12-4          The Apache Portable Runtime Librar
ii  libaprutil1            1.2.12+dfsg-8     The Apache Portable Runtime Utilit
ii  libc6                  2.7-13            GNU C Library: Shared libraries
ii  libmagic1              4.25-1            File type determination library us
ii  libssl0.9.8            0.9.8g-13         SSL shared libraries
ii  lsb-base               3.2-20            Linux Standard Base 3.2 init scrip
ii  mime-support           3.44-1            MIME files 'mime.types' & 'mailcap
ii  net-tools              1.60-19           The NET-3 networking toolkit
ii  perl                   5.10.0-13         Larry Wall's Practical Extraction 
ii  procps                 1:3.2.7-9         /proc file system utilities
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages apache2.2-common recommends:
ii  ssl-cert                      1.0.22     simple debconf wrapper for OpenSSL

Versions of packages apache2.2-common suggests:
pn  apache2-doc                   <none>     (no description available)
pn  apache2-suexec | apache2-suex <none>     (no description available)
ii  w3m [www-browser]             0.5.2-2+b1 WWW browsable pager with excellent

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event             <none>     (no description available)
pn  apache2-mpm-itk               <none>     (no description available)
ii  apache2-mpm-prefork           2.2.9-7    Apache HTTP Server - traditional n
pn  apache2-mpm-worker            <none>     (no description available)

-- no debconf information

Reply to:

Follow-Ups:
- Bug#497362: marked as done (/etc/apache2/conf.d/security: ServerTokens config file documentation wrong)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)