| [01:04:55] | * shaneonabike1 has joined #aegir |
| [01:31:15] | * shaneonabike1 has left #aegir () |
| [02:52:15] | * theMusician has joined #aegir |
| [03:59:00] | * jonpugh has changed the topic to Aegir hosting system 3.17.2 released! http://docs.aegirproject.org/en/3.x/release-notes/3.17/ | Planning for AegirNG has begun: https://gitlab.com/aegir/aegir | IRC Logs: https://hefring.aegirproject.org/bot/log/aegir | Scrum/Coop: Thursday's 18:00 UTC |
| [03:59:21] | <jonpugh> | 3.17.2 has been released to the debian repositories! My first Aegir release! |
| [03:59:40] | <viashimo> | jonpugh: w00t |
| [03:59:58] | <jonpugh> | big thanks to helmo42[m] for mentoring me through the process |
| [04:00:02] | <jonpugh> | helmo42[m]++ |
| [04:03:34] | <jonpugh> | memtkmcc[m]: We were in the middle of the release when you started pushing those last NGINX fixes directly to 7.x-3.x... Please make an issue and an issue branch next time. Thanks! |
| [04:16:50] | <memtkmcc[m]> | Ah, sorry, was not aware that it's perhaps too late to commit updates, but I did this in response to already opened issue, since D8 support didn't actually work with Nginx, the checks were wrong and deprecated a long time ago in BOA. |
| [04:19:40] | <memtkmcc[m]> | jonpugh: I will be more careful next time! |
| [05:33:08] | * theMusician has quit (Quit: theMusician) |
| [05:45:35] | <memtkmcc[m]> | Looks like the most important Nginx updates got included at the last moment, the other fixes are more cosmetic, and to allow merging any future changes without conflicts. |
| [07:23:49] | <helmo42[m]> | memtkmcc[m]: we were working on the 7.x-3.17.x branch ... so those commits are not included in provision 3.17.2 |
| [07:30:45] | <memtkmcc[m]> | helmo42[m]: Mhm, OK, I wasn't aware that these days we release from a branch and no longer from tagged head. I was away for a long time, apparently. |
| [08:48:33] | * darthsteven has joined #aegir |
| [08:49:59] | <darthsteven> | Hello! |
| [08:49:59] | <hefring> | hi |
| [08:50:38] | <darthsteven> | Maybe I’m missing something with today’s security release, but the change to the Satisfy directive in https://cgit.drupalcode.org/provision/commit/?h=7.x-3.17.x&id=804a3fee35... breaks my sites :( |
| [08:52:02] | <viashimo> | darthsteven: what version of apache do you have? |
| [08:52:07] | <darthsteven> | 2.2 |
| [08:52:09] | <darthsteven> | configuration error: couldn't perform authentication. AuthType not set! |
| [08:52:14] | <darthsteven> | is the error message |
| [08:52:39] | <darthsteven> | We’ve got an old Redhat server |
| [08:52:43] | <viashimo> | hmm |
| [08:53:11] | <viashimo> | that may be it? the access directives changed a faire bit between 2.2 and 2.4 |
| [08:53:19] | <darthsteven> | From looking at the doc, Satisfy All is only needed if I’ve got http authentication and IP restrictions? |
| [08:54:04] | <darthsteven> | https://httpd.apache.org/docs/2.2/en/mod/core.html#satisfy |
| [08:54:13] | <viashimo> | hmm, I think it's part of a security fix to prevent sites from accessing files of other sites in the same platform |
| [08:54:36] | <viashimo> | or it's just the code-leak from the platform one, can't recall |
| [08:55:14] | <darthsteven> | it’s the one where you can view the source code of the site |
| [08:55:25] | <darthsteven> | not the files access |
| [08:56:56] | <darthsteven> | oh okay, I see what the patch is trying to do |
| [08:57:11] | <darthsteven> | we have `Allow from all` |
| [08:57:55] | <darthsteven> | and the `Satisfy Any` will stop the `Require all denied` in the drupal htaccess file from working |
| [08:57:59] | <darthsteven> | ah okay |
| [08:58:10] | <darthsteven> | maybe I don’t have mod_authz_core |
| [08:58:47] | * viashimo has to run |
| [08:58:59] | <viashimo> | darthsteven: good luck |
| [08:59:49] | <darthsteven> | Ah okay |
| [08:59:50] | <darthsteven> | so |
| [09:01:23] | <darthsteven> | Changing to Satisfy All is not compatible with Apache 2.2 |
| [09:01:40] | <darthsteven> | But then the bug is only exposed in Apache 2.4 anyway |
| [09:01:50] | <darthsteven> | at least, I can’t access the site source code |
| [09:30:12] | <anarcat> | hey darthsteven ! |
| [09:30:21] | <darthsteven> | Hello! |
| [09:30:21] | <hefring> | hey |
| [09:30:51] | <anarcat> | i think this is one of my most highly rated SO answers :) https://stackoverflow.com/questions/21265191/apache-authtype-not-set-500... |
| [09:31:07] | <anarcat> | funny that i didn't think of that in the patch, but TBH, Apache 2.2 is pretty old at this point |
| [09:31:53] | <darthsteven> | hah |
| [09:32:18] | <darthsteven> | I think the Drupal core way is nice too, detecting a module that came in with Apache 2.3 |
| [09:32:35] | <darthsteven> | I wasn’t aware that Aegir was dropping support for 2.2 is all |
| [09:32:59] | <darthsteven> | We have an ‘enterprise’ customer |
| [09:33:33] | <darthsteven> | anyway, I think the correct resolution for 2.2 is to not have a Satisfy or Require directive there at all |
| [09:33:46] | <darthsteven> | then you don’t really change anything as far as I can see |
| [09:33:58] | <darthsteven> | gotta dash |
| [09:34:14] | <darthsteven> | anarcat++ for chipping in :) |
| [09:34:20] | * darthsteven has quit (Quit: darthsteven) |
| [09:36:18] | <anarcat> | i wasn't aware apache dropped support for 2.2 either :p |
| [09:36:33] | <anarcat> | that might have been non-intentional, and the SO answer above provides a patch |
