From owner-freebsd-apache@FreeBSD.ORG Mon Dec 18 11:07:15 2006 Return-Path: X-Original-To: apache@FreeBSD.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8A0E716A528 for ; Mon, 18 Dec 2006 11:07:15 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 398CC43C9F for ; Mon, 18 Dec 2006 11:07:08 +0000 (GMT) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBIB6tLb089174 for ; Mon, 18 Dec 2006 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBIB6rV8089168 for apache@FreeBSD.org; Mon, 18 Dec 2006 11:06:53 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Dec 2006 11:06:53 GMT Message-Id: <200612181106.kBIB6rV8089168@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: apache@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Dec 2006 11:07:15 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/89308 apache [patch] www/mod_accounting crash on request_timeout 1 problem total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/74907 apache [PATCH] www/mod_perl: cleanups o ports/89972 apache portupgrade apache+ssl fails on dependencies o ports/97385 apache www/mod_auth_kerb configure script faults with heimdal o ports/104465 apache port www/apache13-modperl: stale RcNG script o ports/104842 apache update www/mod_auth_kerb to version 5.1 o ports/106429 apache www/apache* ports install rc.d scripts which don't fol 6 problems total. From owner-freebsd-apache@FreeBSD.ORG Wed Dec 20 05:44:41 2006 Return-Path: X-Original-To: freebsd-apache@freebsd.org Delivered-To: freebsd-apache@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7385D16A415 for ; Wed, 20 Dec 2006 05:44:41 +0000 (UTC) (envelope-from steinex@nognu.de) Received: from shodan.nognu.de (shodan.nognu.de [85.14.216.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BAE243CAD for ; Wed, 20 Dec 2006 05:44:34 +0000 (GMT) (envelope-from steinex@nognu.de) Received: by shodan.nognu.de (Postfix, from userid 1002) id 1DCA3B822; Wed, 20 Dec 2006 06:18:21 +0100 (CET) Date: Wed, 20 Dec 2006 06:18:21 +0100 From: Frank Steinborn To: jm-79@hotmail.com Mail-Followup-To: jm-79@hotmail.com, freebsd-apache@freebsd.org References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: mutt-ng/devel-r804 (FreeBSD) Message-Id: <20061220051821.1DCA3B822@shodan.nognu.de> Cc: freebsd-apache@freebsd.org Subject: Re: apache root loader X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 05:44:41 -0000 jm-79@hotmail.com wrote: > > Hi, > > I wonder how many of you that use apache just straight from ports. I did a apache port install and discovered now by suprise that of course apache need root access to start. My question is how many of you guys has removed it if anyone have and why does no documents discuss this topic, is it assumed that this little root access can't do much harm so no need to make it run 100% ass the www user. > > Looking forward for some replies. > Jake! Apache will need root initially to bind to privileged port 80 (remember, ports 1-1024 are reserved for root). However, it will drop privileges and runs under uid 80 (www) then - assumed that you use the port. Frank From owner-freebsd-apache@FreeBSD.ORG Wed Dec 20 08:28:19 2006 Return-Path: X-Original-To: freebsd-apache@freebsd.org Delivered-To: freebsd-apache@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AEEB316A49E; Wed, 20 Dec 2006 08:28:19 +0000 (UTC) (envelope-from stefan.schablowski@prolificx.com) Received: from mercury.nz.prolificx.com (mail.prolificx.com [203.167.210.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 037CB43C9F; Wed, 20 Dec 2006 08:28:18 +0000 (GMT) (envelope-from stefan.schablowski@prolificx.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Wed, 20 Dec 2006 21:16:13 +1300 Message-ID: <048DAE2206FF0D45844991688ABAD648C9EDA2@Mercury.nz.prolificx.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD Port: mod_auth_kerb-5.0.r6_1 plus patch --> compile error Thread-Index: AcckDx0Nm7iD9PDlRGG8CZwfzbW9PA== From: "Stefan Schablowski" To: Cc: ports@FreeBSD.org, freebsd-apache@freebsd.org Subject: FreeBSD Port: mod_auth_kerb-5.0.r6_1 plus patch --> compile error X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 08:28:19 -0000 Hi all, =20 I am trying to kerberize my Apache 2.0.59 server running on FreeBSD 6.1 using mod_auth_kerb. I've followed the excellent tutorial on http://www.grolmsnet.de/kerbtut/ I maintain the FreeBSD system itself using portsnap and portmanager; all ports are current. =20 I tried to build mod_auth_kerb using the usual FreeBSD way cd /usr/ports/www/mod_auth_kerb/ && make install clean (see also http://www.freshports.org/www/mod_auth_kerb/), but that didn't work because the official current version mod_auth_kerb-5.0.r6_1 seems to require Apache 1.3 (see also http://www.freebsd.org/cgi/ports.cgi?query=3Dmod_auth_kerb+&stype=3Dall).= =20 I tried applying the patch from http://www.freebsd.org/cgi/getmsg.cgi?fetch=3D6513+11580+/usr/local/www/d= b /text/2006/freebsd-apache/20061029.freebsd-apache which only worked for 1 file, so I patched the remaining 2 manually. Now I get the following compile error: =20 (wrapped for readability) =20 /usr/local/share/apache2/build/libtool --silent --mode=3Dcompile cc -prefer-pic -O2 -fno-strict-aliasing -pipe -DAP_HAVE_DESIGNATED_INITIALIZER -D_REENTRANT -D_THREAD_SAFE -I/usr/local/include/apache2 -I/usr/local/include/apache2 -I/usr/local/include/apache2 -I/usr/local/include -I. -Ispnegokrb5 -I/usr/include -c -o spnegokrb5/asn1_MechType.lo spnegokrb5/asn1_MechType.c && touch spnegokrb5/asn1_MechType.slo In file included from spnegokrb5/asn1_MechType.c:11: /usr/local/include/der.h:77: error: syntax error before "heim_octet_string" /usr/local/include/der.h:85: error: syntax error before "heim_general_string" /usr/local/include/der.h:87: error: syntax error before "heim_octet_string" /usr/local/include/der.h:89: error: syntax error before "heim_oid" /usr/local/include/der.h:106: error: syntax error before "heim_general_string" /usr/local/include/der.h:108: error: syntax error before "heim_oid" /usr/local/include/der.h:110: error: syntax error before "heim_octet_string" /usr/local/include/der.h:114: error: syntax error before "heim_utf8_string" /usr/local/include/der.h:120: error: syntax error before '*' token /usr/local/include/der.h:122: error: syntax error before '*' token /usr/local/include/der.h:124: error: syntax error before '*' token =20 (many more) =20 /usr/local/include/der.h:173: error: syntax error before '*' token /usr/local/include/der.h:175: error: syntax error before '*' token /usr/local/include/der.h:176: error: syntax error before '*' token apxs:Error: Command failed with rc=3D65536 . gmake: *** [src/mod_auth_kerb.so] Error 1 *** Error code 2 =20 Stop in /usr/ports/www/mod_auth_kerb. =20 Why is there no official mod_auth_kerb version for Apache 2.x ? =20 I cannot be the only one who needs it. What am I doing wrong ? =20 TIA, =20 MCAHNY, =20 CU Stefan From owner-freebsd-apache@FreeBSD.ORG Wed Dec 20 08:28:19 2006 Return-Path: X-Original-To: apache@FreeBSD.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AEEB316A49E; Wed, 20 Dec 2006 08:28:19 +0000 (UTC) (envelope-from stefan.schablowski@prolificx.com) Received: from mercury.nz.prolificx.com (mail.prolificx.com [203.167.210.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 037CB43C9F; Wed, 20 Dec 2006 08:28:18 +0000 (GMT) (envelope-from stefan.schablowski@prolificx.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Wed, 20 Dec 2006 21:16:13 +1300 Message-ID: <048DAE2206FF0D45844991688ABAD648C9EDA2@Mercury.nz.prolificx.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD Port: mod_auth_kerb-5.0.r6_1 plus patch --> compile error Thread-Index: AcckDx0Nm7iD9PDlRGG8CZwfzbW9PA== From: "Stefan Schablowski" To: Cc: ports@FreeBSD.org, freebsd-apache@freebsd.org Subject: FreeBSD Port: mod_auth_kerb-5.0.r6_1 plus patch --> compile error X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 08:28:19 -0000 Hi all, =20 I am trying to kerberize my Apache 2.0.59 server running on FreeBSD 6.1 using mod_auth_kerb. I've followed the excellent tutorial on http://www.grolmsnet.de/kerbtut/ I maintain the FreeBSD system itself using portsnap and portmanager; all ports are current. =20 I tried to build mod_auth_kerb using the usual FreeBSD way cd /usr/ports/www/mod_auth_kerb/ && make install clean (see also http://www.freshports.org/www/mod_auth_kerb/), but that didn't work because the official current version mod_auth_kerb-5.0.r6_1 seems to require Apache 1.3 (see also http://www.freebsd.org/cgi/ports.cgi?query=3Dmod_auth_kerb+&stype=3Dall).= =20 I tried applying the patch from http://www.freebsd.org/cgi/getmsg.cgi?fetch=3D6513+11580+/usr/local/www/d= b /text/2006/freebsd-apache/20061029.freebsd-apache which only worked for 1 file, so I patched the remaining 2 manually. Now I get the following compile error: =20 (wrapped for readability) =20 /usr/local/share/apache2/build/libtool --silent --mode=3Dcompile cc -prefer-pic -O2 -fno-strict-aliasing -pipe -DAP_HAVE_DESIGNATED_INITIALIZER -D_REENTRANT -D_THREAD_SAFE -I/usr/local/include/apache2 -I/usr/local/include/apache2 -I/usr/local/include/apache2 -I/usr/local/include -I. -Ispnegokrb5 -I/usr/include -c -o spnegokrb5/asn1_MechType.lo spnegokrb5/asn1_MechType.c && touch spnegokrb5/asn1_MechType.slo In file included from spnegokrb5/asn1_MechType.c:11: /usr/local/include/der.h:77: error: syntax error before "heim_octet_string" /usr/local/include/der.h:85: error: syntax error before "heim_general_string" /usr/local/include/der.h:87: error: syntax error before "heim_octet_string" /usr/local/include/der.h:89: error: syntax error before "heim_oid" /usr/local/include/der.h:106: error: syntax error before "heim_general_string" /usr/local/include/der.h:108: error: syntax error before "heim_oid" /usr/local/include/der.h:110: error: syntax error before "heim_octet_string" /usr/local/include/der.h:114: error: syntax error before "heim_utf8_string" /usr/local/include/der.h:120: error: syntax error before '*' token /usr/local/include/der.h:122: error: syntax error before '*' token /usr/local/include/der.h:124: error: syntax error before '*' token =20 (many more) =20 /usr/local/include/der.h:173: error: syntax error before '*' token /usr/local/include/der.h:175: error: syntax error before '*' token /usr/local/include/der.h:176: error: syntax error before '*' token apxs:Error: Command failed with rc=3D65536 . gmake: *** [src/mod_auth_kerb.so] Error 1 *** Error code 2 =20 Stop in /usr/ports/www/mod_auth_kerb. =20 Why is there no official mod_auth_kerb version for Apache 2.x ? =20 I cannot be the only one who needs it. What am I doing wrong ? =20 TIA, =20 MCAHNY, =20 CU Stefan From owner-freebsd-apache@FreeBSD.ORG Wed Dec 20 19:44:42 2006 Return-Path: X-Original-To: freebsd-apache@freebsd.org Delivered-To: freebsd-apache@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8E94016A585 for ; Wed, 20 Dec 2006 19:44:42 +0000 (UTC) (envelope-from jm-79@hotmail.com) Received: from bay0-omc1-s27.bay0.hotmail.com (bay0-omc1-s27.bay0.hotmail.com [65.54.246.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BA5143CB0 for ; Wed, 20 Dec 2006 19:44:15 +0000 (GMT) (envelope-from jm-79@hotmail.com) Received: from BAY115-W6 ([65.54.250.106]) by bay0-omc1-s27.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 20 Dec 2006 11:32:00 -0800 X-Originating-IP: [81.227.171.16] X-Originating-Email: [jm-79@hotmail.com] Message-ID: From: To: Frank Steinborn Date: Wed, 20 Dec 2006 20:32:00 +0100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 20 Dec 2006 19:32:00.0448 (UTC) FILETIME=[84FBD400:01C7246D] Cc: freebsd-apache@freebsd.org Subject: RE: apache root loader X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Dec 2006 19:44:42 -0000 That Apache need root access to bind to port 80 is possible to go around by= using portacl and allow user www to bind to that port. I read up on the how the i= nit process works and it loads all conf files and then spawns childs that handle the rest. Bu= t i still wonder if that is the best way, is it not possible to gain root access since Apache has ro= ot privs to get root access with some exploit. I know it's not possible to go from child to moth= er so if it's like that it's not possible to get root but ... i just wonder :) ---------------------------------------- > Date: Wed, 20 Dec 2006 06:18:21 +0100 > From: steinex@nognu.de > To: jm-79@hotmail.com > CC: freebsd-apache@freebsd.org > Subject: Re: apache root loader >=20 > jm-79@hotmail.com wrote: > >=20 > > Hi, > >=20 > > I wonder how many of you that use apache just straight from ports. I di= d a apache port install and discovered now by suprise that of course apache= need root access to start. My question is how many of you guys has remove= d it if anyone have and why does no documents discuss this topic, is it ass= umed that this little root access can't do much harm so no need to make it = run 100% ass the www user. > >=20 > > Looking forward for some replies. > > Jake! >=20 > Apache will need root initially to bind to privileged port 80 > (remember, ports 1-1024 are reserved for root). However, it will drop > privileges and runs under uid 80 (www) then - assumed that you use the > port. >=20 > Frank=20 _________________________________________________________________ Prova Live.com - din snabba, personliga hemsida med allt du kan =F6nska dig= p=E5 ett enda st=E4lle. http://www.live.com/getstarted= From owner-freebsd-apache@FreeBSD.ORG Thu Dec 21 11:32:36 2006 Return-Path: X-Original-To: apache@FreeBSD.Org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6132E16A4CA for ; Thu, 21 Dec 2006 11:32:36 +0000 (UTC) (envelope-from fenner+portsurvey@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 385C613C48A for ; Thu, 21 Dec 2006 11:32:36 +0000 (UTC) (envelope-from fenner+portsurvey@FreeBSD.org) Received: from freefall.freebsd.org (fenner@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBLA0dqG019964 for ; Thu, 21 Dec 2006 10:00:39 GMT (envelope-from fenner+portsurvey@freefall.freebsd.org) Received: (from fenner@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBLA0dxd019963; Thu, 21 Dec 2006 10:00:39 GMT (envelope-from fenner+portsurvey) Date: Thu, 21 Dec 2006 10:00:39 GMT Message-Id: <200612211000.kBLA0dxd019963@freefall.freebsd.org> From: fenner@FreeBSD.Org (Bill "distfiles" Fenner) To: apache@FreeBSD.Org Cc: Subject: FreeBSD ports: 6 unfetchable distfiles: www/mod_accesscookie, www/mod_auth_mysql2, www/mod_log_data, www/mod_vdbh, www/mod_vhost_ldap, www/mod_webapp X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ports@FreeBSD.Org List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2006 11:32:36 -0000 Dear apache@freebsd.org, You are listed as the FreeBSD port maintainer for 6 ports whose distfiles are not fetchable from their MASTER_SITES. Could you please visit http://people.freebsd.org/~fenner/portsurvey/apache@freebsd.org.html and correct the problems listed there? The individual ports with problems are www/mod_accesscookie,www/mod_auth_mysql2,www/mod_log_data,www/mod_vdbh,www/mod_vhost_ldap,www/mod_webapp. If you have already corrected the problems and submitted a PR, please accept my thanks and apologies for the delay in getting the fixes into the tree. This reminder is created automatically and does not (yet) have a way to know if a PR fixing the problem has been submitted. Please do *NOT* send your response to me directly; I do not necessarily have time to commit your fix; please instead submit a PR via 'send-pr' so it doesn't get lost. Problems are usually of two types: 1. The software package has been upgraded and the version in the port has been removed. The best solution to this problem is to upgrade the port to the most current version of the software package. If you are a FreeBSD committer, then you can just upgrade the port directly. If not, you should create the updated port on your own machine, test it (and maybe even run "portlint" on it), and then use "send-pr" to submit a "diff -uNr old-port updated-port". If you added or deleted any files, please make an explicit note of it. 2. The mirror site being used no longer contains the software package in question, or no longer exists. Solutions include: a) If there are other mirror sites, just remove the bad site from the list. (Make sure that what appears to be a bad site isn't actually a problem of type 1, upgrade) b) If the README or other support files in the software documentation mention where to get the software package, use one of those sites. c) Use a search engine to find another place to get the original DISTFILES. Make sure that you don't pick a FreeBSD distfiles mirror -- if you can't find any other places where the file exists, it can be a LOCAL_PORT or you can simply comment out the MASTER_SITES= line, with a comment explaining why. Once you have a solution, use "send-pr" to submit a "diff -u" of the Makefile. Note that this isn't an urgent issue, as people who try to build the port now will just fall back to the FreeBSD distfiles mirror. Please just put it on your list to do and get to it when you have time. These messages will continue to arrive twice a month until the fix is committed, as a reminder. Thanks, Bill "distfiles" Fenner.