Bug in Apache 1.3.35 ... or something changed ... ?

Sat May 13 06:50:41 UTC 2006

On Sat, May 13, 2006 at 12:39:47AM -0300, Marc G. Fournier wrote:
> Don't know if anyone else has noticed this, but I just installed apache 
> 1.3.35 on one of my FreeBSD 6.x/amd64 servers, and it no longer appears to 
> process my:
> 
> Include etc/apache/virtual_hosts/*.conf
> 
> directive ...
>
> {snip}
> 
> Anyone?

Looks to me like the Apache team botched it up and didn't test
commits thoroughly -- AGAIN.  This has becoming a habit of theirs
in recent years.  :-)  I could be completely wrong with the
facts shown below, but CVS is CVS...

Here's the committed change and all associated files.  Note that
this is the 2nd-to-most-recent commit to the 1.3.x tree:

http://svn.apache.org/viewcvs.cgi?rev=396294&view=rev

The applicable source-code change is here, and I see absolutely no
support for wildcards in the code, which explains why it broke:

http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/1.3.x/src/main/http_config.c?rev=396294&view=diff&r1=396294&r2=396293&p1=httpd/httpd/branches/1.3.x/src/main/http_config.c&p2=/httpd/httpd/branches/1.3.x/src/main/http_config.c

The official "patch" submitted can be viewed here, and is the
responsibility of an Apache developer ("colm"):

http://people.apache.org/~colm/include_directive-1.3.patch

Someone obviously realised the mistake and backed out the commit,
as you can see in the commit reason here:

>>> "Back out 396294. This keeps HEAD in a non-regression state
>>> and allows us to re-add/fix the functionality "later on"

http://svn.apache.org/viewcvs.cgi?rev=405142&view=rev

So basically your options at this point are as follows:

* Upgrade to 2.0 or 2.2 (recommended unless you use Apache modules
  which don't support it)
* Stick with 1.3.34 (not recommended due to the security hole)
* Stop using wildcards in your Include directives (until they release
  1.3.36 or higher, of course) and specify individual files
* Use a trunk/CVS build (risky)

-- 
| Jeremy Chadwick                                 jdc at parodius.com |
| Parodius Networking                        http://www.parodius.com/ |
| UNIX Systems Administrator                   Mountain View, CA, USA |
| Making life hard for others since 1977.                             |