[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#363964: marked as done (apache2: timefmt config not working in SSI when using INCLUDES output filter and XBitHack on)

Your message dated Tue, 04 Aug 2009 10:32:16 +0000
with message-id <E1MYHJY-0005YQ-Bt@ries.debian.org>
and subject line Bug#363964: fixed in apache2 2.2.12-1
has caused the Debian Bug report #363964,
regarding apache2: timefmt config not working in SSI when using INCLUDES output filter and XBitHack on
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

363964: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363964
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2
Version: 2.0.54-5
Severity: normal

Using the following setup:
in apache2.conf, default setting for handling shtml files):
<FilesMatch "\.shtml(\..+)?$">
    SetOutputFilter INCLUDES

in Directory directive:
        <Directory /var/www/test>
                Options +Includes
                XBitHack On

following SSI code on a webpage:
cat /var/www/test/foo.shtml
<!--#config timefmt="%Y" -->
Today is <!--#echo var="DATE_LOCAL" -->

Web page is called .shtml and is executable:
chmod +x /var/www/test/foo.shtml

Output of this command is:
Today is Thursday, 20-Apr-2006 12:34:11 PDT

instead of correct
Today is 2006

Thus, SSI statements are parsed but timefmt is ignored.

Potential workarounds:
- Remove XBitHack On
- Replace shtml handling in apache2.conf with
  AddHandler server-parsed .shtml
- Remove executable flag on web page
- Rename web page to .html

The settings depend on the name of file containing the timefmt statement 
but the x bit of the file referenced in the URI.

User goes to http://localhost/test/foo2.html
foo2.html has x bit set
foo2.html contains: <!--#include virtual="foo.shtml" -->
foo.shtml contains above example code but does NOT have the x bit set
Problem still appears

Found one reference to the same or similar problem here:

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork           2.0.54-5   traditional model for Apache2

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.2.12-1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

  to pool/main/a/apache2/apache2-dbg_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2-doc_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2-mpm-itk_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2-suexec-custom_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2-suexec_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2.2-bin_2.2.12-1_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2_2.2.12-1.diff.gz
  to pool/main/a/apache2/apache2_2.2.12-1.dsc
  to pool/main/a/apache2/apache2_2.2.12-1_all.deb
  to pool/main/a/apache2/apache2_2.2.12.orig.tar.gz

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 363964@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Tue, 04 Aug 2009 11:02:34 +0200
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source i386 all
Version: 2.2.12-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 196795 272476 363964 451563 461917 465393 467004 483111 493252 495656 500885 511878 512084 512778
 apache2 (2.2.12-1) unstable; urgency=low
   * New upstream release:
     - Adds support for TLS Server Name Indication (closes: #461917 LP: #184131).
       (The Debian default configuration will be changed to use SNI in a later
     - Fixes timefmt config in SSI (closes: #363964).
     - mod_ssl: Adds SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
       to enable stricter checking of remote server certificates.
   * Make mod_deflate not compress the content for HEAD requests. This is a
     similar issue as CVE-2009-1891.
   * Enable hardening compile options.
   * Switch default LogFormat from %b (size of file sent) to %O (bytes actually
     sent) (closes: #272476 LP: #255124)
   * Add the default LANG=C to /etc/apache2/envvars and document it in
     README.Debian (closes: #511878).
   * Enable localized error pages by default if the necessary modules are
     loaded. Move the config for it from apache2.conf to
     /etc/apache2/conf.d/localized-error-pages (closes: #467004). Clarify the
     required order of the aliases in the comment (closes: #196795).
   * Change default for ServerTokens to 'OS', to not announce the exact module
     versions to the world (LP: #205996)
   * Make a2ensite and friends ignore the same filenames as apache does for
     included config files, even if LANG is not C.
   * Merge source packages apache2 and apache2-mpm-itk (current itk version is
     2.2.11-02). This removes the binNMU mess necessary for every apache2 upload
     (closes: #500885, #512084). Add Steinar to Uploaders. Remove apache2-src
     package, which is no longer necessary.
   * Ship our own version of the magic config file (taken from file 4.17-5etch3)
     which is still compatible with mod_mime_magic (closes: #483111).
   * Add ThreadLimit to the default config and put ThreadsPerChild and
     MaxClients into the correct order so that Apache does not complain
     (closes: #495656).
     Also add a configuration block for the event MPM in apache2.conf.
   * Fix HTTP PUT with mod_dav failing to detect an aborted connection
     (closes: #451563).
   * Change references to httpd.conf in apache2-doc to apache2.conf
     (closes: #465393).
   * Clarify the recommended permissions for SSL certificates in README.Debian
     (closes: #512778).
   * Document in README.Debian how to name files in conf.d to avoid conflicts
     with packages (closes: #493252)
   * Remove 2.0 -> 2.2 upgrade logic from maintainer scripts.
   * Remove other_vhosts_access.log on package purge.
 f98f07a372b48c6b798f603b698acf84dced27b3 1782 apache2_2.2.12-1.dsc
 eeded290f2258712ad1cc41a3b2300f1f5bd0980 6678149 apache2_2.2.12.orig.tar.gz
 a85c7c33bd5813977ebebc9eb31ecdde0caef56c 177912 apache2_2.2.12-1.diff.gz
 88a13192172c288d4012a14165f4812606205f35 1301174 apache2.2-bin_2.2.12-1_i386.deb
 a9e2247525f9ad368b84753ce7ea49b7d8b778e0 153246 apache2-utils_2.2.12-1_i386.deb
 48e04e9e3212c69ecea7bc2018051041f672936b 89754 apache2-suexec_2.2.12-1_i386.deb
 015824a4e912bb4bd29bc2f6ed468bc6248da035 91346 apache2-suexec-custom_2.2.12-1_i386.deb
 af99d3ecae3203d5f11ea386f91e6d677108c364 138194 apache2-prefork-dev_2.2.12-1_i386.deb
 301064b5e9944522f063c545fc606cba8253356d 139392 apache2-threaded-dev_2.2.12-1_i386.deb
 cf8cb1b13b4865772f23f385e8533236fbbaffff 2673960 apache2-dbg_2.2.12-1_i386.deb
 3909c843abe0d106d8c8ce0f70f14ea49d2e6b64 289442 apache2.2-common_2.2.12-1_all.deb
 90a5c99f75f4286f0a95dc45a714176434660f1d 2262 apache2-mpm-worker_2.2.12-1_all.deb
 692b17184e45448b98e18c06895043b86ede0e40 2318 apache2-mpm-prefork_2.2.12-1_all.deb
 719dd2e2d979824ff939f76d1329406d9dd992d3 2294 apache2-mpm-event_2.2.12-1_all.deb
 f799e777a185885b8945e947ca75f5d843cb4ce3 2318 apache2-mpm-itk_2.2.12-1_all.deb
 925ea9a52e69fa50ac3f12c1620b8a21cbefc0df 1374 apache2_2.2.12-1_all.deb
 87bbc96ed90615d07da8631cb19683cc5d143bed 2269096 apache2-doc_2.2.12-1_all.deb
 8b689723ee4eb906cd4023a38eb0766bec1c74f9dbc6b8b2a42b10d7ffc0ac0f 1782 apache2_2.2.12-1.dsc
 7f455ebb3ae13401e6e96b1caf9bf252292507371c75f1add96bb6349eef437f 6678149 apache2_2.2.12.orig.tar.gz
 4c7f48115380058c1657d8452904b6ea7b0aba3318c4b9674061e33b744ea560 177912 apache2_2.2.12-1.diff.gz
 d6208b018c3247ba8c1157c17b439c7b7c9a432aa2371a7a153ee0ac8d33a024 1301174 apache2.2-bin_2.2.12-1_i386.deb
 eb08ecf6ecdf63c88827ff56f1e5487723c5e710a4ac5661e0583a521845010d 153246 apache2-utils_2.2.12-1_i386.deb
 4cf55d8660fe6f5f92b265b31e676db7181900fd9c86bc4890db4a1fd6b22ce8 89754 apache2-suexec_2.2.12-1_i386.deb
 4f907f25e809a32533eb0f41d8a415a3e31301659085a0595c35446ac00ccc98 91346 apache2-suexec-custom_2.2.12-1_i386.deb
 8b95fdce67dccdb78143b9610f3a1a247c368dec2467aa886b1b8d67c66dade2 138194 apache2-prefork-dev_2.2.12-1_i386.deb
 0e9bd97359b29ad0fa467fa5c2d08fcf6cf539d8f132c8e6ab08cb6ff8a1b15f 139392 apache2-threaded-dev_2.2.12-1_i386.deb
 543afae6f1a94a333786b7f3b0e4987102deb3bf97ddfb60bc7b90717197c4c4 2673960 apache2-dbg_2.2.12-1_i386.deb
 de7eaa00831d2c8538e7b7611e28950e36b4bfce286a7e1e16d3bb9af0f61b15 289442 apache2.2-common_2.2.12-1_all.deb
 0eb8a3750e49f22303d37417aabfac00296300f6d86a6aca99666a0f21702c44 2262 apache2-mpm-worker_2.2.12-1_all.deb
 78eed19fc9477ffd965c7121c14c7204ec1c694bbb3bdd9157d2d61c9bc540c3 2318 apache2-mpm-prefork_2.2.12-1_all.deb
 72b8762fec59e2a322c054ec42e16529980bdd0a5ea46102733841f6eafb33e0 2294 apache2-mpm-event_2.2.12-1_all.deb
 ce1b518dc6d227d7c0dd83897603b7b9138ad2a8167f9d57c36664a98fdc936f 2318 apache2-mpm-itk_2.2.12-1_all.deb
 e44c33e73108926ff74095e68252db9b5613b9e9d94b9537f240f94c6b9f0f2c 1374 apache2_2.2.12-1_all.deb
 473285f856c49eabf4d4efa38257bff2b57f194fb5906d2f27b8a1bbb0b25791 2269096 apache2-doc_2.2.12-1_all.deb
 4c664aa2399ced694ee6b2e5097eada4 1782 httpd optional apache2_2.2.12-1.dsc
 17f017b571f88aa60abebfe2945d7caf 6678149 httpd optional apache2_2.2.12.orig.tar.gz
 88cebddb65bc3ad8e49d048af8b5c4fb 177912 httpd optional apache2_2.2.12-1.diff.gz
 b88e65ecb8136611aaeec300735fc04f 1301174 httpd optional apache2.2-bin_2.2.12-1_i386.deb
 9a994dcd26e0d34f5970622503dc4da5 153246 httpd optional apache2-utils_2.2.12-1_i386.deb
 8bab82ed23ae1eb43fea6b5f733c43ef 89754 httpd optional apache2-suexec_2.2.12-1_i386.deb
 515e0d715caea101ab8928cf91505a1b 91346 httpd extra apache2-suexec-custom_2.2.12-1_i386.deb
 2dbc3cffc4f040d051836e194afc12cd 138194 httpd extra apache2-prefork-dev_2.2.12-1_i386.deb
 ef761c2a9723476dae0d0975e3bb8b1d 139392 httpd extra apache2-threaded-dev_2.2.12-1_i386.deb
 a4787bf8d76b712d0e874bedd6f20132 2673960 debug extra apache2-dbg_2.2.12-1_i386.deb
 49dd04cacd9ad57a542762ef5004e5ef 289442 httpd optional apache2.2-common_2.2.12-1_all.deb
 d6bf77051d9074062015f46c50da958c 2262 httpd optional apache2-mpm-worker_2.2.12-1_all.deb
 0bd8b0e01bb19b2dc7a99c081cb68391 2318 httpd optional apache2-mpm-prefork_2.2.12-1_all.deb
 c4a86733ae47ba58ecc9721306009fcf 2294 httpd optional apache2-mpm-event_2.2.12-1_all.deb
 6e31b1d5827234fa3427350bfb491440 2318 httpd optional apache2-mpm-itk_2.2.12-1_all.deb
 e274bf1d5bc0c57cd975d352a2f3d014 1374 httpd optional apache2_2.2.12-1_all.deb
 6ea7e4ced980976def06fcff950f4481 2269096 doc optional apache2-doc_2.2.12-1_all.deb

Version: GnuPG v1.4.9 (GNU/Linux)


--- End Message ---

Reply to: