Comment out the "<directory /> deny from all ..." block, as this will break other packages

(I found 7, but there may be more). Let's do this for lenny+1.


git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/apache2@742 01b336ce-410b-0410-9a02-a0e7f243c266

2 files changed, 8 insertions, 10 deletions

diff --git a/debian/changelog b/debian/changelog
index 7241bd7c..a3089827 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,11 +12,6 @@ apache2 (2.2.9-3) UNRELEASED; urgency=low
     - Add ssl-cert to Recommends.
   * Add a new config file /etc/apache2/conf.d/security with some vaguely
     security related diectives. (Closes: #260063)
-  * Disable access to the root directory / by default (closes: #341022).
-    If you use Aliases or Symlinks that point to directories outside the
-    DocumentRoot, you need to explicitly allow access to those directories
-    (Or you can revert to the old behaviour by commenting out the
-    <Directory /> block in /etc/apache2/conf.d/security .
   * Adjust mod_userdir accordingly. Also add "AllowOverride Indexes" for the
     home directories.
   * Disable SSLv2 by default. It is insecure. Also only enable ciphers with
diff --git a/debian/config-dir/conf.d/security b/debian/config-dir/conf.d/security
index a83920a1..58c8d7e9 100644
--- a/debian/config-dir/conf.d/security
+++ b/debian/config-dir/conf.d/security
@@ -2,11 +2,14 @@
 # Disable access to the entire file system except for the directories that
 # are explicitly allowed later.
 #
-<Directory />
-	AllowOverride None
-	Order Deny,Allow
-	Deny from all
-</Directory>
+# This currently breaks the configurations that come with some web application
+# Debian packages. It will be made the default for the release after lenny.
+#
+#<Directory />
+#	AllowOverride None
+#	Order Deny,Allow
+#	Deny from all
+#</Directory>
 
 
 # Changing the following options will not really affect the security of the