From owner-freebsd-ports@FreeBSD.ORG Sat May 13 06:50:41 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D51216A401 for ; Sat, 13 May 2006 06:50:41 +0000 (UTC) (envelope-from jdc@parodius.com) Received: from mx1.parodius.com (mx1.parodius.com [64.62.145.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 594DA43D45 for ; Sat, 13 May 2006 06:50:41 +0000 (GMT) (envelope-from jdc@parodius.com) Received: by mx1.parodius.com (Postfix, from userid 500) id 34B5E5FDB; Fri, 12 May 2006 23:50:41 -0700 (PDT) Date: Fri, 12 May 2006 23:50:41 -0700 From: Jeremy Chadwick To: freebsd-ports@freebsd.org Message-ID: <20060513065041.GA82761@pentarou.parodius.com> Mail-Followup-To: freebsd-ports@freebsd.org References: <20060513003616.Q1279@ganymede.hub.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060513003616.Q1279@ganymede.hub.org> X-PGP-Key: http://jdc.parodius.com/pubkey.asc User-Agent: Mutt/1.5.11 Subject: Re: Bug in Apache 1.3.35 ... or something changed ... ? X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 06:50:41 -0000 On Sat, May 13, 2006 at 12:39:47AM -0300, Marc G. Fournier wrote: > Don't know if anyone else has noticed this, but I just installed apache > 1.3.35 on one of my FreeBSD 6.x/amd64 servers, and it no longer appears to > process my: > > Include etc/apache/virtual_hosts/*.conf > > directive ... > > {snip} > > Anyone? Looks to me like the Apache team botched it up and didn't test commits thoroughly -- AGAIN. This has becoming a habit of theirs in recent years. :-) I could be completely wrong with the facts shown below, but CVS is CVS... Here's the committed change and all associated files. Note that this is the 2nd-to-most-recent commit to the 1.3.x tree: http://svn.apache.org/viewcvs.cgi?rev=396294&view=rev The applicable source-code change is here, and I see absolutely no support for wildcards in the code, which explains why it broke: http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/1.3.x/src/main/http_config.c?rev=396294&view=diff&r1=396294&r2=396293&p1=httpd/httpd/branches/1.3.x/src/main/http_config.c&p2=/httpd/httpd/branches/1.3.x/src/main/http_config.c The official "patch" submitted can be viewed here, and is the responsibility of an Apache developer ("colm"): http://people.apache.org/~colm/include_directive-1.3.patch Someone obviously realised the mistake and backed out the commit, as you can see in the commit reason here: >>> "Back out 396294. This keeps HEAD in a non-regression state >>> and allows us to re-add/fix the functionality "later on" http://svn.apache.org/viewcvs.cgi?rev=405142&view=rev So basically your options at this point are as follows: * Upgrade to 2.0 or 2.2 (recommended unless you use Apache modules which don't support it) * Stick with 1.3.34 (not recommended due to the security hole) * Stop using wildcards in your Include directives (until they release 1.3.36 or higher, of course) and specify individual files * Use a trunk/CVS build (risky) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. |