Debian Bug report logs -
#34099
apache: restrict /usr/doc to localhost
Reported by: <bhmit1@hobbes.resnet.wm.edu>
Date: Thu, 4 Mar 1999 17:03:00 UTC
Severity: wishlist
Found in version 1.3.3-7
Done: Johnie Ingram <johnie@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Johnie Ingram <johnie@debian.org>
:
Bug#34099
; Package apache
.
(full text, mbox, link).
Acknowledgement sent to <bhmit1@hobbes.resnet.wm.edu>
:
New bug report received and forwarded. Copy sent to Johnie Ingram <johnie@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: apache
Version: 1.3.3-7
Severity: wishlist
The following addition to /etc/apache/access.conf will do it:
<Directory /usr/doc>
AllowOverride None
order deny,allow
deny from all
allow from localhost
</Directory>
Yes it's a bit over restrictive, but the fact that anyone can get a list
of debian packages installed on a system running a web server seems
like a bad idea to me.
(This is my first attempt at the bug program instead of regular email,
reply to:
bmitch@atdot.org or bhmit1@mail.wm.edu)
-- System Information
Debian Release: 2.1
Kernel Version: Linux wm7-214.resnet.wm.edu 2.0.35 #3 Thu Jul 16 02:43:25 EDT 1998 i586 unknown
Versions of the packages apache depends on:
ii libc6 2.0.7.19981211 GNU C Library: shared libraries
ii libgdbmg1 1.7.3-25 GNU dbm database routines (runtime version).
ii mime-support 3.5-1 MIME files 'mime.types' & 'mailcap', and sup
ii perl 5.004.04-7 Larry Wall's Practical Extracting and Report
ii apache-common 1.3.3-7 Support files for all Apache webservers
ii apache-common 1.3.3-7 Support files for all Apache webservers
Reply sent to Johnie Ingram <johnie@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to <bhmit1@hobbes.resnet.wm.edu>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 34099-close@bugs.debian.org (full text, mbox, reply):
We believe that the bug you reported is fixed in the latest version of
apache, which has been installed in the Debian FTP archive:
apache-common_1.3.9-11_i386.deb
to dists/potato/main/binary-i386/web/apache-common_1.3.9-11.deb
replacing apache-common_1.3.9-10.deb
apache-common_1.3.9-11_i386.deb
to dists/woody/main/binary-i386/web/apache-common_1.3.9-11.deb
replacing apache-common_1.3.9-10.deb
apache_1.3.9-11.dsc
to dists/potato/main/source/web/apache_1.3.9-11.dsc
replacing apache_1.3.9-10.dsc
apache_1.3.9-11.dsc
to dists/woody/main/source/web/apache_1.3.9-11.dsc
replacing apache_1.3.9-10.dsc
apache_1.3.9-11_i386.deb
to dists/potato/main/binary-i386/web/apache_1.3.9-11.deb
replacing apache_1.3.9-10.deb
apache_1.3.9-11_i386.deb
to dists/woody/main/binary-i386/web/apache_1.3.9-11.deb
replacing apache_1.3.9-10.deb
apache-doc_1.3.9-11_all.deb
to dists/potato/main/binary-all/doc/apache-doc_1.3.9-11.deb
replacing apache-doc_1.3.9-10.deb
apache-doc_1.3.9-11_all.deb
to dists/woody/main/binary-all/doc/apache-doc_1.3.9-11.deb
replacing apache-doc_1.3.9-10.deb
apache-dev_1.3.9-11_i386.deb
to dists/potato/main/binary-i386/web/apache-dev_1.3.9-11.deb
replacing apache-dev_1.3.9-10.deb
apache-dev_1.3.9-11_i386.deb
to dists/woody/main/binary-i386/web/apache-dev_1.3.9-11.deb
replacing apache-dev_1.3.9-10.deb
apache_1.3.9-11.diff.gz
to dists/potato/main/source/web/apache_1.3.9-11.diff.gz
replacing apache_1.3.9-10.diff.gz
apache_1.3.9-11.diff.gz
to dists/woody/main/source/web/apache_1.3.9-11.diff.gz
replacing apache_1.3.9-10.diff.gz
Note that this package is not part of the released stable Debian
distribution. It may have dependencies on other unreleased software,
or other instabilities. Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 34099@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Johnie Ingram <johnie@debian.org> (supplier of updated apache package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.6
Date: Sat, 26 Feb 2000 13:49:08 -0600
Source: apache
Binary: apache-doc apache-dev apache-common apache
Architecture: source i386 all
Version: 1.3.9-11
Distribution: frozen unstable
Urgency: low
Maintainer: Johnie Ingram <johnie@debian.org>
Description:
apache - Versatile, high-performance HTTP server
apache-common - Support files for all Apache webservers
apache-dev - Apache webserver development kit
apache-doc - Apache webserver docs
Closes: 34099 49113 49849 51732 52683 53498 55750 56862 57333 58134 58168 58732
Changes:
apache (1.3.9-11) frozen unstable; urgency=low
.
* Reversed openldap2 patch, potato uses v1; closes: #49849, #58168.
* Added debhelper tag to apache-common postinst, so doc symlink
management works.
* Added info file for mod_auth_mysql, closes: #56862.
* Updated version of mod_throttle, closes: #52683.
* Fixed example logfile locations in httpd.conf, closes: #49113.
* Removed info files for modules not included in apache-common, closes:
#55750, #58732.
* Default srm.conf AddLanguage corrected from .jp to .ja, closes: #58134.
* Added sharutils to Build-Depends (due to uudecode in rules).
* Removed AuthAuthoritative from mod_auth_sys info (it duplicates
command in mod_auth), closes #45708.
* Cron script reloads apache with a -HUP, if possible, instead of using
apachectl which may have undesired side effects, closes: #57333.
* Disabled phf.apache.org error in default access.conf, closes: #51732.
* Group for new /var/www directory changed from www-data to root,
closes: #53498.
* Default srm.conf restricts /doc/ to localhost, closes: #34099.
Files:
e161557cbece26b3b0116151b5e2e8c8 756 web optional apache_1.3.9-11.dsc
ab8f64c2304193b0b9a4b34f290e04b4 314939 web optional apache_1.3.9-11.diff.gz
0f9001a86b9ab1971234c86528aec694 540966 doc optional apache-doc_1.3.9-11_all.deb
7f5f71abbf4a1b4899bb6c5e9feda616 356200 web optional apache_1.3.9-11_i386.deb
73a048deced19b83455025791ec4b76a 544708 web extra apache-dev_1.3.9-11_i386.deb
82ff3c7078e622ba64c8883d98384738 714716 web optional apache-common_1.3.9-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
iQCVAwUBOLhxJBCswmGWXGp9AQEWgAQAh/2yjJ0Gu8Sly7gNYfGJKb5oIXyM2SYD
ADjNG7zgKyTusCjkGFMATMmzwfOJUqOVosQfodzNyFDreF6FHF2fhwNQF5LJRFxm
lEhaA64hIJp8NkyYyxy8yFamjiTY7krxE4nLmZqQp9pubzIu9DgwkxN1807FbFgw
NiQEkfR0N4U=
=+Kx+
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Apr 25 15:07:05 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.