Bug in Apache 1.3.35 ... or something changed ... ?

Mon May 15 02:35:06 UTC 2006

On Mon, 15 May 2006, Chris wrote:

> On 13/05/06, Jeremy Chadwick <freebsd at jdc.parodius.com> wrote:
>> On Sat, May 13, 2006 at 12:39:47AM -0300, Marc G. Fournier wrote:
>> > Don't know if anyone else has noticed this, but I just installed apache
>> > 1.3.35 on one of my FreeBSD 6.x/amd64 servers, and it no longer appears 
>> to
>> > process my:
>> >
>> > Include etc/apache/virtual_hosts/*.conf
>> >
>> > directive ...
>> >
>> > {snip}
>> >
>> > Anyone?
>> 
>> Looks to me like the Apache team botched it up and didn't test
>> commits thoroughly -- AGAIN.  This has becoming a habit of theirs
>> in recent years.  :-)  I could be completely wrong with the
>> facts shown below, but CVS is CVS...
>> 
>> Here's the committed change and all associated files.  Note that
>> this is the 2nd-to-most-recent commit to the 1.3.x tree:
>> 
>> http://svn.apache.org/viewcvs.cgi?rev=396294&view=rev
>> 
>> The applicable source-code change is here, and I see absolutely no
>> support for wildcards in the code, which explains why it broke:
>> 
>> http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/1.3.x/src/main/http_config.c?rev=396294&view=diff&r1=396294&r2=396293&p1=httpd/httpd/branches/1.3.x/src/main/http_config.c&p2=/httpd/httpd/branches/1.3.x/src/main/http_config.c
>> 
>> The official "patch" submitted can be viewed here, and is the
>> responsibility of an Apache developer ("colm"):
>> 
>> http://people.apache.org/~colm/include_directive-1.3.patch
>> 
>> Someone obviously realised the mistake and backed out the commit,
>> as you can see in the commit reason here:
>> 
>> >>> "Back out 396294. This keeps HEAD in a non-regression state
>> >>> and allows us to re-add/fix the functionality "later on"
>> 
>> http://svn.apache.org/viewcvs.cgi?rev=405142&view=rev
>> 
>> So basically your options at this point are as follows:
>> 
>> * Upgrade to 2.0 or 2.2 (recommended unless you use Apache modules
>>  which don't support it)
>> * Stick with 1.3.34 (not recommended due to the security hole)
>> * Stop using wildcards in your Include directives (until they release
>>  1.3.36 or higher, of course) and specify individual files
>> * Use a trunk/CVS build (risky)
>> 
>> --
>> | Jeremy Chadwick                                 jdc at parodius.com |
>> | Parodius Networking                        http://www.parodius.com/ |
>> | UNIX Systems Administrator                   Mountain View, CA, USA |
>> | Making life hard for others since 1977.                             |
>> 
>> _______________________________________________
>> freebsd-ports at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
>> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>> 
>
>
> Apache really should release 1.3.35a or something but wouldnt surprise
> me if they leave a buggy version as latest release for a while.

I don't know how easy it is to fix, but maybe this is something that a 
patch could be added to the port itself by the Port Maintainer to fix, 
until 1.3.36 *is* released?

----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy at hub.org           Yahoo!: yscrappy              ICQ: 7615664