[Pkg-roundcube-maintainers] Bug#500202: cron job removes file shipped in package
Vincent Bernat
bernat at debian.org
Fri Sep 26 07:04:54 UTC 2008
OoO En ce doux début de matinée du vendredi 26 septembre 2008, vers
08:09, Michal Čihař <nijel at debian.org> disait :
> cron job installed as /etc/cron.daily/roundcube-core silently removes
> file /var/lib/roundcube/temp/.htaccess, which is shipped with package.
> This make later fail integrity check using debsums and allows access to
> the files in cache. Attached patch fixes cron job to ignore .htaccess
> file.
Hi Michal!
The lighttpd config file contains:
$HTTP["url"] =~ "^/roundcube/config|/roundcube/temp|/roundcube/logs" {
url.access-deny = ( "" )
}
Therefore, the directory should not be accessible. Maybe the file is not
clear enough about what to modify when changing roundcube location.
In fact, .htaccess should not be shipped with roundcube.
Thanks for the report.
--
I WAS NOT TOLD TO DO THIS
I WAS NOT TOLD TO DO THIS
I WAS NOT TOLD TO DO THIS
-+- Bart Simpson on chalkboard in episode 5F13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20080926/e894595d/attachment.pgp
More information about the Pkg-roundcube-maintainers
mailing list