Debian Bug report logs - #669813
automatically configure Apache

Package: mailman; Maintainer for mailman is Mailman for Debian <[email protected]>; Source for mailman is src:mailman (PTS, buildd, popcon).

Reported by: [email protected]

Date: Sat, 21 Apr 2012 13:06:38 UTC

Severity: wishlist

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#669813: Debian bug: mailman: Re: Archives not-->now working (need Require all granted in <Directory /var/lib/mailman/archives/public/>)
Reply-To: "Michael Paoli" <[email protected]>, [email protected]
Resent-From: "Michael Paoli" <[email protected]>
Resent-To: [email protected]
Resent-CC: Mailman for Debian <[email protected]>
X-Loop: [email protected]
Resent-Date: Tue, 11 Jul 2017 14:45:04 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: followup 669813
X-Debian-PR-Package: mailman
X-Debian-PR-Keywords: 
X-Debian-PR-Source: mailman
Received: via spool by [email protected] id=B669813.14997841233088
          (code B ref 669813); Tue, 11 Jul 2017 14:45:04 +0000
Received: (at 669813) by bugs.debian.org; 11 Jul 2017 14:42:03 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.0-bugs.debian.org_2005_01_02
	(2014-02-07) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=4.0 tests=BAYES_00,MURPHY_DRUGS_REL8,
	RCVD_IN_DNSWL_NONE,URIBL_CNKR autolearn=no autolearn_force=no
	version=3.4.0-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 37; hammy, 150; neutral, 164; spammy,
	0. spammytokens: hammytokens:0.000-+--deb8u1, 0.000-+--pipermail,
	0.000-+--work-around, 0.000-+--x86_64, 0.000-+--amd64
Received: from shell1.rawbw.com ([198.144.192.42] ident=root)
	by buxtehude.debian.org with esmtp (Exim 4.84_2)
	(envelope-from <[email protected]>)
	id 1dUwMV-0000nd-En
	for [email protected]; Tue, 11 Jul 2017 14:42:03 +0000
Received: from mail1.rawbw.com (mail1.rawbw.com [198.144.192.43])
	by shell1.rawbw.com (8.15.1/8.15.1) with ESMTP id v6BEN1Hd004630;
	Tue, 11 Jul 2017 07:23:02 -0700 (PDT)
	(envelope-from [email protected])
Received: from tigger.mpaoli.net (tigger.mpaoli.net [198.144.194.235]) by
	webmail.rawbw.com (Horde Framework) with HTTP; Tue, 11 Jul 2017 07:23:01
	-0700
Message-ID: <[email protected]>
Date: Tue, 11 Jul 2017 07:23:01 -0700
From: "Michael Paoli" <[email protected]>
To: BALUG-Test <[email protected]>
Cc: [email protected]
References: <[email protected]>
	<[email protected]>
	<[email protected]>
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=UTF-8;
	DelSp="Yes";
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.2.1-RC1)
X-Greylist: delayed 1140 seconds by postgrey-1.35 at buxtehude; Tue, 11 Jul 2017 14:42:03 UTC

Most relevant bit found among Debian bugs:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669813#36
The new apache security model requires adding this to the
Directory stanza for mailman:
             Require all granted

But that's not particularly detailed, most notably omits
mention of
/etc/mailman/apache.conf
and the
<Directory /var/lib/mailman/archives/public/>
section within.

Recommended to (mostly) fix mailman 1:2.1.18-2+deb8u1 amd64:

$ diff -U 5 etc/mailman/apache.conf.bug_669813 etc/mailman/apache.conf
--- etc/mailman/apache.conf.bug_669813  2016-09-14 23:05:02.000000000 -0700
+++ etc/mailman/apache.conf     2017-07-11 07:01:29.116879436 -0700
@@ -26,10 +26,11 @@
 <Directory /var/lib/mailman/archives/public/>
     Options FollowSymlinks
     AllowOverride None
     Order allow,deny
     Allow from all
+    Require all granted
 </Directory>
 <Directory /usr/share/images/mailman/>
     AllowOverride None
     Order allow,deny
     Allow from all
$

At least that's the case for Jessie (presently oldstable)
(
Debian GNU/Linux 8.8 (jessie) x86_64
mailman 1:2.1.18-2+deb8u1 amd64
apache2 2.4.10-10+deb8u9 amd64
)

I haven't (at least yet) checked to see if there's patch applied
yet for newer than mailman 1:2.1.18-2+deb8u1 amd64 that may cover
that fix.

In the meantime, for work-around for at least those versions,
in Apache configuration, in addition to (which I added):
Include ../mailman/apache.conf
(or
Include /etc/mailman/apache.conf
or equivalent
)
also add (and if the above is used via Include, use this *after* the above):
<Directory /var/lib/mailman/archives/public/>
    Options FollowSymlinks
    AllowOverride None
    Order allow,deny
    Allow from all
    Require all granted
</Directory>

> From: "Michael Paoli" <[email protected]>
> Subject: Archives now working: BALUG-Test list
> Date: Tue, 11 Jul 2017 00:36:28 -0700

> Archives are now working.
> Relevant bit ... I ought (when I get around to it) check if there's
> bug filed (it may already be fixed even - but not yet to stable).

> The missing bit ... I'd (rather than redundantly copied/maintain) used:
> (relative to /etc/apache2):
> Include ../mailman/apache.conf
> in file sites-available/Include/temp.balug.org
> that was almost all well fine and good (I'd reviewed
> ./mailman/apache.conf earlier).  But it left out one key needed bit,
> it has:
> <Directory /var/lib/mailman/archives/public/>
>     Options FollowSymlinks
>     AllowOverride None
>     Order allow,deny
>     Allow from all
> </Directory>
> but needs:
> <Directory /var/lib/mailman/archives/public/>
>     Options FollowSymlinks
>     AllowOverride None
>     Order allow,deny
>     Allow from all
>     Require all granted
> </Directory>
> My relatively simple fix,
> add to file
> sites-available/Include/temp.balug.org
> <Directory /var/lib/mailman/archives/public/>
>     Options FollowSymlinks
>     AllowOverride None
>     Order allow,deny
>     Allow from all
>     Require all granted
> </Directory>
> after:
> Include ../mailman/apache.conf
> ... Apache doesn't seem to care about the same
> <Directory /var/lib/mailman/archives/public/>
> appearing twice, and seems in that case to just use the latter fine,

> So ... /etc/mailman/apache.conf
> should have included but failed to include, in it's section:
> <Directory /var/lib/mailman/archives/public/>
> the line:
>     Require all granted
> So ... I think I'd call that a "bug" - even if it's documentation
> errata.  Might be a Debian specific patch needed, as other
> distributions and/or Apache may have different defaults on
> that security.

https://temp.balug.org/pipermail/balug-test/2017-July/000004.html
temp.balug.org will in future be moved to lists.balug.org, so that
will become:
https://lists.balug.org/pipermail/balug-test/2017-July/000004.html

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Thu May 15 18:44:50 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.