1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1103710: lighttpd-mod-webdav: Regression 1.4.79-1 webdav PUT gives

    From Ximin Luo@21:1/5 to All on Sun Apr 20 23:40:01 2025
    Package: lighttpd-mod-webdav
    Version: 1.4.79-1
    Severity: important

    Dear Maintainer,

    PUT on a webdav share gives HTTP 500 since 1.4.79-1.

    I have rebuilt 1.4.77-1 from source and verified the problem does not exist there.

    Best,
    Ximin

    -- System Information:
    Debian Release: trixie/sid
    APT prefers testing
    APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-security'), (300, 'unstable'), (100, 'experimental'), (1, 'experimental-debug')
    Architecture: amd64 (x86_64)
    Foreign Architectures: i386

    Kernel: Linux 6.12.9-amd64 (SMP w/12 CPU threads; PREEMPT)
    Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
    Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages lighttpd-mod-webdav depends on:
    ii libc6 2.41-7
    ii libsqlite3-0 3.46.1-3
    ii libxml2 2.12.7+dfsg+really2.9.14-0.4
    ii lighttpd 1.4.77-1

    lighttpd-mod-webdav recommends no packages.

    lighttpd-mod-webdav suggests no packages.

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Glenn Strauss@21:1/5 to Ximin Luo on Mon Apr 21 06:00:01 2025
    On Sun, Apr 20, 2025 at 10:37:54PM +0100, Ximin Luo wrote:
    Package: lighttpd-mod-webdav
    Version: 1.4.79-1
    Severity: important

    Dear Maintainer,

    PUT on a webdav share gives HTTP 500 since 1.4.79-1.

    I have rebuilt 1.4.77-1 from source and verified the problem does not exist there.

    lighttpd 1.4.79 added hardening to systemd lighttpd.service. https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/doc/systemd/lighttpd.service
    One of the changes in lighttpd.service adds
    ProtectHome=read-only

    To where are you trying to PUT files using lighttpd mod_webdav?
    Is it to someplace underneath a home directory?

    If so, you may install lighttpd-mod-webdav with lighttpd 1.4.79
    and create a systemd override to the lighttpd.service.
    To create an override, `systemctl edit lighttpd` and edit /etc/systemd/system/lighttpd.service.d/override.conf to add
    ProtectHome=no

    If the above does not solve your issue, please try overriding the
    systemd hardening additions (or comment them out in /usr/lib/systemd/system/lighttpd.service and `systemcl daemon-reload`)
    one by one to identify the ones which affect your config. Then, please
    post the results in your lighttpd.conf (with private information xxxx-d
    out) `lighttpd -f /etc/lighttpd/lighttpd.conf -p`

    Cheers, Glenn

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ximin Luo@21:1/5 to All on Wed Apr 23 01:50:01 2025
    Hi Glenn,

    Yes it was a symlink into my home directory. Your override made things work again, thanks.

    However, it would have been easier for users to figure this out on their own, if there was better error reporting about the problem. I could not see anything in my system logs even after enabling debug logging for lighttpd.

    Best,
    Ximin

    Glenn Strauss:
    On Sun, Apr 20, 2025 at 10:37:54PM +0100, Ximin Luo wrote:
    Package: lighttpd-mod-webdav
    Version: 1.4.79-1
    Severity: important

    Dear Maintainer,

    PUT on a webdav share gives HTTP 500 since 1.4.79-1.

    I have rebuilt 1.4.77-1 from source and verified the problem does not exist there.

    lighttpd 1.4.79 added hardening to systemd lighttpd.service. https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/doc/systemd/lighttpd.service
    One of the changes in lighttpd.service adds
    ProtectHome=read-only

    To where are you trying to PUT files using lighttpd mod_webdav?
    Is it to someplace underneath a home directory?

    If so, you may install lighttpd-mod-webdav with lighttpd 1.4.79
    and create a systemd override to the lighttpd.service.
    To create an override, `systemctl edit lighttpd` and edit /etc/systemd/system/lighttpd.service.d/override.conf to add
    ProtectHome=no

    If the above does not solve your issue, please try overriding the
    systemd hardening additions (or comment them out in /usr/lib/systemd/system/lighttpd.service and `systemcl daemon-reload`)
    one by one to identify the ones which affect your config. Then, please
    post the results in your lighttpd.conf (with private information xxxx-d
    out) `lighttpd -f /etc/lighttpd/lighttpd.conf -p`

    Cheers, Glenn


    --
    GPG: ed25519/56034877E1F87C35
    https://github.com/infinity0/pubkeys.git

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)