Debian Bug report logs - #467480
apache2: default autoindex.conf uses bomb icon for file called score

version graph

Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@lists.debian.org>; Source for apache2 is src:apache2.

Reported by: eddy@opera.com

Date: Mon, 25 Feb 2008 19:42:02 UTC

Severity: minor

Tags: patch

Found in version apache2/2.2.8-1

Fixed in version apache2/2.2.8-2

Done: Stefan Fritsch <sf@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#467480; Package apache2. Full text and rfc822 format available.

Acknowledgement sent to eddy@opera.com:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Edward Welbourne <eddy@opera.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2: default autoindex.conf uses bomb icon for file called score
Date: Mon, 25 Feb 2008 20:39:56 +0100
Package: apache2
Version: 2.2.8-1
Severity: minor
Tags: patch


I saw occasional files and directories showing up with a bomb icon; I
guessed they were broken symlinks or some such glitch, but closer
investigation revealed no problem.  Eventually, I noticed their names
all ended in "core" and guessed what was happening.  Sure enough,
AddIcon is tested as a wild-card or a suffix of the name, so deems
(for example) score to be a match for core, so displays it as a bomb.
Likewise dual-core, quad-core and so on.

<patch>

--- /etc/apache2/mods-available/autoindex.conf.orig	2008-01-17 21:13:45.000000000 +0100
+++ /etc/apache2/mods-available/autoindex.conf	2008-02-25 20:19:01.000000000 +0100
@@ -36,7 +36,8 @@
 AddIcon /icons/uuencoded.gif .uu
 AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
 AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
+# It's a suffix rule, so simply matching "core" matches "score" as well !
+AddIcon /icons/bomb.gif /core
 AddIcon (SND,/icons/sound2.gif) .ogg
 AddIcon (VID,/icons/movie.gif) .ogm
 
</patch>

To my mild surprise, I found that matching isn't only done on the name
of the file (relative to its directory); it includes enough of the
path that /core does indeed match a file called simply "core".
So it proved easy enough to fix the problem :-)

The documentation at
/doc/apache2-doc/manual/en/mod/mod_autoindex.html#addicon
is also, consequently, mildly inaccurate when it ends the list of
things that name can be with "or a complete filename."  It's always
matched against suffixes, so the only way to make it *only* match as a
complete filename is to include a leading / (and I don't know whether
there are any limitations on that).

Ideally, there'd be some way to ensure the AddIcon rule for the bomb
would only match a *file* named (exactly) core; a directory of the
same name should just be displayed as a directory.  However, I
couldn't immediately see how to fix that and don't happen to have any
directories with this name in my local webspace, so didn't look
harder.

-- Package-specific info:
Config file syntax check failed.
List of /etc/apache2/mods-enabled/*.load:
  alias auth_basic authn_file authnz_ldap authz_default authz_host
  authz_user autoindex cgid dir* env ldap mime negotiation perl
  setenvif ssl status userdir
  (A * means that the .conf file for that module is not enabled in
   /etc/apache2/mods-enabled/)

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages apache2 depends on:
ii  apache2-mpm-worker            2.2.8-1    High speed threaded model for Apac

apache2 recommends no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#467480; Package apache2. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 467480@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@debian.org>
To: control@bugs.debian.org
Cc: 467480@bugs.debian.org, 469145@bugs.debian.org
Subject: setting package to apache2-doc apache2-mpm-perchild apache2 apache2-mpm-event apache2.2-common apache2-utils apache2-threaded-dev apache2-prefork-dev apache2-src apache2-mpm-prefork apache2-dbg apache2-mpm-worker ... ...
Date: Mon, 03 Mar 2008 22:11:10 +0100
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# apache2 (2.2.8-2) UNRELEASED; urgency=low
#
#  * Don't ship empty /var/www/apache2-default in apache2-doc.
#    (Closes: #469145)
#  * mod_autoindex: Use the bomb icon only for the name 'core', not for
#    '*core'. (Closes: #467480)
#

package apache2-doc apache2-mpm-perchild apache2 apache2-mpm-event apache2.2-common apache2-utils apache2-threaded-dev apache2-prefork-dev apache2-src apache2-mpm-prefork apache2-dbg apache2-mpm-worker
tags 467480 + pending
tags 469145 + pending





Tags added: pending Request was from Stefan Fritsch <sf@debian.org> to control@bugs.debian.org. (Mon, 03 Mar 2008 21:12:14 GMT) Full text and rfc822 format available.

Reply sent to Stefan Fritsch <sf@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to eddy@opera.com:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #17 received at 467480-close@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@debian.org>
To: 467480-close@bugs.debian.org
Subject: Bug#467480: fixed in apache2 2.2.8-2
Date: Sat, 08 Mar 2008 12:17:04 +0000
Source: apache2
Source-Version: 2.2.8-2

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.8-2_i386.deb
apache2-doc_2.2.8-2_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.8-2_all.deb
apache2-mpm-event_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.8-2_i386.deb
apache2-mpm-perchild_2.2.8-2_all.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.2.8-2_all.deb
apache2-mpm-prefork_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.8-2_i386.deb
apache2-mpm-worker_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.8-2_i386.deb
apache2-prefork-dev_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.8-2_i386.deb
apache2-src_2.2.8-2_all.deb
  to pool/main/a/apache2/apache2-src_2.2.8-2_all.deb
apache2-threaded-dev_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.8-2_i386.deb
apache2-utils_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.8-2_i386.deb
apache2.2-common_2.2.8-2_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.8-2_i386.deb
apache2_2.2.8-2.diff.gz
  to pool/main/a/apache2/apache2_2.2.8-2.diff.gz
apache2_2.2.8-2.dsc
  to pool/main/a/apache2/apache2_2.2.8-2.dsc
apache2_2.2.8-2_all.deb
  to pool/main/a/apache2/apache2_2.2.8-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 467480@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 08 Mar 2008 12:28:14 +0100
Source: apache2
Binary: apache2.2-common apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-perchild apache2-utils apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-src apache2-dbg
Architecture: source i386 all
Version: 2.2.8-2
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Next generation, scalable, extendable web server
 apache2-dbg - Apache debugging symbols
 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD
 apache2-mpm-worker - High speed threaded model for Apache HTTPD
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 apache2.2-common - Next generation, scalable, extendable web server
Closes: 313430 410334 461341 461462 466367 467480 469145 469271
Changes: 
 apache2 (2.2.8-2) unstable; urgency=low
 .
   * Provide a fallback access log (other_vhosts_access.log) and a suitable
     LogFormat (vhost_combined) for VirtualHosts that don't define their own
     log file. (Closes: #313430)
   * Fix broken symlink to README.Debian.gz and typos in the file
     (closes: #461462).
   * Improve generation of password salts in htpasswd (closes: #469271).
   * Point VCS tags in debian control to trunk, to make them useful with
     debcheckout.
   * Add missing ${APACHE_ARGUMENTS} to *) case in apache2ctl.
   * In upgrades from etch, replace /etc/apache2/default without asking also in
     the NO_START=1 case, in order to not break piuparts (closes: #466367).
   * Print file name where "Useless use of AllowOverride" occured.
     (Closes: #410334)
   * Make bugreport script source /etc/apache2/envvars before calling apache2.
   * Add note about MSIE SSL workaround to README.Debian.
   * Don't ship empty /var/www/apache2-default in apache2-doc.
     (Closes: #469145)
   * mod_autoindex: Use the bomb icon only for the name 'core', not for
     '*core'. (Closes: #467480)
   * Include module name in a2enmod error messages (closes: #461341).
Files: 
 a1f05dddd60996a2f399b71e2c35a25e 1297 web optional apache2_2.2.8-2.dsc
 ff7de31843013c97313ab82b71576201 130296 web optional apache2_2.2.8-2.diff.gz
 cac952c3b8d4afebe5915cae2597bd20 758988 web optional apache2.2-common_2.2.8-2_i386.deb
 e07b86f9ee1a677f83fa7028f6f676e9 233162 web optional apache2-mpm-worker_2.2.8-2_i386.deb
 b0be6f5d848643165a91542d6f7ee411 229054 web optional apache2-mpm-prefork_2.2.8-2_i386.deb
 2282c602ebf393b170f5f36450f4ee4e 233798 web optional apache2-mpm-event_2.2.8-2_i386.deb
 5a2b59da31ac8382e1c72cbe8d589434 138564 web optional apache2-utils_2.2.8-2_i386.deb
 8ac53ff225fb1c992ddaf80287467ce3 206730 devel extra apache2-prefork-dev_2.2.8-2_i386.deb
 74f6c22e37a5e8938e97cb8c5219b069 207330 devel extra apache2-threaded-dev_2.2.8-2_i386.deb
 c61ddc70f5d41b679be64b707c6f86e9 2304028 libdevel extra apache2-dbg_2.2.8-2_i386.deb
 83c970ec77b0e64a085dc31d65f17b68 71518 web optional apache2-mpm-perchild_2.2.8-2_all.deb
 3dc25364253a3a90e621803f94edc29c 44408 web optional apache2_2.2.8-2_all.deb
 8ba916bab48e1325b447d36c08afab73 1939424 doc optional apache2-doc_2.2.8-2_all.deb
 7b61453a178776230eb9eb0fa6d9f3d6 6400498 devel extra apache2-src_2.2.8-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH0n8qbxelr8HyTqQRAtIVAKCqKebLrvGQkZhXT2zdCWdl2pPPLACePPND
l5E3h+OkPCipoM9/4XI2JJA=
=kHSy
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 06 Apr 2008 07:37:37 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 04:29:47 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.