Debian Bug report logs -
#447764
libapache2-mod-php5: PHP5 should provide a LAMP test page
Reported by: Jamie Strandboge <jamie@strandboge.com>
Date: Tue, 23 Oct 2007 17:00:04 UTC
Severity: wishlist
Tags: patch
Found in versions php5/5.2.4-1, php5/5.2.4-2
Fixed in version 5.6.26+dfsg-1+rm
Done: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Jamie Strandboge <jamie@strandboge.com>:
New Bug report received and forwarded. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libapache2-mod-php5
Version: 5.2.4-1
Severity: wishlist
To make it easier for users to see that their LAMP installation is working,
PHP5 should provide a LAMP test page.
Please consider the attached diff for creating a /var/www/lamp-test/index.php
that tests PHP, MySQL and PostgreSQL.
[php5.debdiff (text/x-c, attachment)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Jamie Strandboge <jamie@strandboge.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 447764@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libapache2-mod-php5
Version: 5.2.4-2
Followup-For: Bug #447764
Attached is an updated debdiff for 5.2.4-2.
[php5_v2.debdiff (text/x-c, attachment)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #15 received at 447764@bugs.debian.org (full text, mbox, reply):
Hi Jamie,
On Fri, Dec 21, 2007 at 03:43:51PM -0500, Jamie Strandboge wrote:
> Package: libapache2-mod-php5
> Version: 5.2.4-2
> Followup-For: Bug #447764
> Attached is an updated debdiff for 5.2.4-2.
I have just a few small comments/questions about this patch:
- The page includes a message explaining how to install libapache2-mod-php5.
If that's the package that ships this page, why should that be given as
part of the instructions for getting php working? Perhaps that should be
omitted?
- Should the static content perhaps list mysql and postgresql as "not
tested" rather than "not working", so users aren't prematurely led to
think they need to debug a sql server problem?
- The page checks extension_loaded() without also trying to load the modules
with dl(). I know upstream's approach to extension loading is irrevocably
broken, but it would IMHO still be nice if the page would this way detect
the "php5-mysql installed, but not globally enabled" case.
- Any chance of a bit more color for the table? :-)
Overall, I think this is a reasonable thing to add to the package. Sean,
are you ok with it?
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to sean finney <seanius@seanius.net>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #20 received at 447764@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
hey folks,
On Monday 07 January 2008 10:39:01 am Steve Langasek wrote:
> Overall, I think this is a reasonable thing to add to the package. Sean,
> are you ok with it?
i'm surprised i didn't comment on this.. must have lost my draft or something.
anyway, i think the idea in theory is nice, i haven't actaully checked the
contents of the page itself. however:
- i don't think we should be dropping files in /var/www. we could accomplish
the same with an alias/scriptalias in a config file.
- i'm not sure if this is something we want enabled or at least globally
accessible by default. maybe a small wrapper script to enable/disable, or it
could be plugged into an existing framework (will a2enmod work for stuff
that's only .conf and not .load files maybe?).
sean
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #25 received at 447764@bugs.debian.org (full text, mbox, reply):
On Mon, Jan 07, 2008 at 11:14:39AM +0100, sean finney wrote:
> hey folks,
> On Monday 07 January 2008 10:39:01 am Steve Langasek wrote:
> > Overall, I think this is a reasonable thing to add to the package. Sean,
> > are you ok with it?
> i'm surprised i didn't comment on this.. must have lost my draft or something.
> anyway, i think the idea in theory is nice, i haven't actaully checked the
> contents of the page itself. however:
> - i don't think we should be dropping files in /var/www. we could accomplish
> the same with an alias/scriptalias in a config file.
Hmm, 54 packages in lenny still disagree with you. :) I'll admit I wasn't
happy with the idea of putting it in /var/www, but AFAIK if there's a new
"best practice" that should supersede this, it isn't published very widely?
> - i'm not sure if this is something we want enabled or at least globally
> accessible by default. maybe a small wrapper script to enable/disable, or it
> could be plugged into an existing framework (will a2enmod work for stuff
> that's only .conf and not .load files maybe?).
Well, I think it misses the target audience if it's not enabled by default.
I'm guessing you're concerned about this being a security problem by virtue
of being an information leak? It seems to me that the only information
being leaked is whether there's a mysql server or a postgresql server
available on the local machine. If someone is in a position to exploit this
fact, presumably they don't need the PHP test page to tell them it's there?
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to sean finney <seanius@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #30 received at 447764@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
hey steve,
On Tuesday 08 January 2008 10:29:29 am Steve Langasek wrote:
> Hmm, 54 packages in lenny still disagree with you. :) I'll admit I wasn't
> happy with the idea of putting it in /var/www, but AFAIK if there's a new
> "best practice" that should supersede this, it isn't published very widely?
ehem:
http://webapps-common.alioth.debian.org/draft/html/ch-issues.html#s-issues-fhs
which is, btw, linked from the developers' corner :)
> > - i'm not sure if this is something we want enabled or at least globally
> > accessible by default. maybe a small wrapper script to enable/disable,
> > or it could be plugged into an existing framework (will a2enmod work for
> > stuff that's only .conf and not .load files maybe?).
>
> Well, I think it misses the target audience if it's not enabled by default.
yeah, i suppose you're right. but still i'd prefer a way that it could be
turned on/off easily since rm'ing files installed by a package is less than
ideal :)
also, along the "out of the box" lines, perhaps it would be good to split out
the authentication information into an include file shipped in /etc (or maybe
dump the entire file in /etc...)? i.e. do we want to ship a default config
of attempting to connect to a pgsql database with the password "foobar"?
> I'm guessing you're concerned about this being a security problem by virtue
> of being an information leak? It seems to me that the only information
> being leaked is whether there's a mysql server or a postgresql server
> available on the local machine.
hopefully, yes the only potential is an information leak. but like the spate
of phpinfo() vulnerabilities a year ago or so, there's always the potential
that it could be used as leverage for something else. having read through
the file just now i don't really see any issue though (besides the one i
brought up above about auth info).
sean
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#447764; Package libapache2-mod-php5.
(full text, mbox, link).
Acknowledgement sent to Jamie Strandboge <jamie@strandboge.com>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(full text, mbox, link).
Message #35 received at 447764@bugs.debian.org (full text, mbox, reply):
On Thu, 10 Jan 2008, sean finney wrote:
> also, along the "out of the box" lines, perhaps it would be good to split out
> the authentication information into an include file shipped in /etc (or maybe
> dump the entire file in /etc...)? i.e. do we want to ship a default config
> of attempting to connect to a pgsql database with the password "foobar"?
>
What if rather than using 'foobar' it was just a blank password?
Added tag(s) patch.
Request was from Clint Byrum <clint@ubuntu.com>
to control@bugs.debian.org.
(Fri, 13 Aug 2010 06:03:03 GMT) (full text, mbox, link).
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility.
(Fri, 13 Jan 2017 13:06:22 GMT) (full text, mbox, link).
Notification sent
to Jamie Strandboge <jamie@strandboge.com>:
Bug acknowledged by developer.
(Fri, 13 Jan 2017 13:06:22 GMT) (full text, mbox, link).
Message #42 received at 447764-done@bugs.debian.org (full text, mbox, reply):
Version: 5.6.26+dfsg-1+rm
Dear submitter,
as the package php5 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/841781
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 11 Feb 2017 07:34:40 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 02:12:05 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.