Package: apache2.2-common Version: 2.2.17-1 Severity: normal Hi, we just hit a situation where /etc/apache2/conf.d/security was edited by cfengine which left a backup file behind. Unfortunately, apache2 read the backup after the file itself, so any config changes were futile. /etc/apache2/conf.d# l total 7 drwxr-xr-x 2 root root 1024 2011-03-21 13:58 . drwxr-xr-x 7 root root 1024 2011-03-31 12:23 .. -rw-r--r-- 1 root root 269 2010-03-28 19:56 charset -rw-r--r-- 1 root root 1468 2011-03-21 13:58 security -rw-r--r-- 1 root root 1464 2010-03-28 19:56 security_1300712297_Mon_Mar_21_13_58_17_2011_.cfsaved I guess *.dpkg-old style files will have the same problem. The culprit is the "Include conf.d/" statement in /etc/apache2/apache2.conf. The apache2 docs explicitely warn about doing this: http://httpd.apache.org/docs/2.2/mod/core.html.en#include Shell-style (fnmatch()) wildcard characters can be used to include several files at once, in alphabetical order. In addition, if Include points to a directory, rather than a file, Apache will read all files in that directory and any subdirectory. But including entire directories is not recommended, because it is easy to accidentally leave temporary files in a directory that can cause httpd to fail. Please consider renaming charset/security to charset.conf/security.conf and using "Include conf.d/*.conf" in future package versions. Christoph -- cb@df7cb.de | http://www.df7cb.de/
Attachment:
signature.asc
Description: Digital signature