While doing a system upgrade to the new gcc (4.5.3) I also upgraded mod_authnz_external to 3.2.6 and then did an emerge -ave world which completed successfully. After that I couldn't access the secured sections of my website. After some research I downgraded mod_authnz_external (3.1.0) and everything was fine again. During the failures I noticed the system log contained: system-auth[25420]: Error opening fd 3: Bad file descriptor system-auth[25420]: Exiting with status 2 Apache calls the program the same way qmail-smtp and courier-imapd-ssl do and that program was never changed so it can't be it. /usr/bin/checkpassword-pam -s system-auth /bin/true It has to be the Apache module and the way it calls checkpassword-pam which seems to hold true in the log files as it expects the $USER and $PASS to be sent to it in file descriptor 3 which doesn't appear to be opened by the module for the checkpassword-pam program to read from. More information available upon request here, email, or on IRC as RiverRat
1) Don't CC maintainers when you cannot assign bugs. 2) Please post your `emerge --info www-apache/mod_authnz_external' output too. 2) Please post your `emerge --info www-servers/apache' output too.
(In reply to comment #1) > 2) Please post your `emerge --info www-servers/apache' output too. That should read: 3) Please post your `emerge -vpq www-servers/apache' output too. Sorry for the trouble.
Thanks Rej. I thought since being a former Arch tester and knowing what herd is responsible for the package it would save time and effort to CC the Apache herd. Anyway, here is the info you requested: 2) Please post your `emerge --info www-apache/mod_authnz_external' output too. https://greendragontavern.com/~RiverRat/Public/files/Gentoo/emerge--info--mod_authnz_external.txt 2) Please post your `emerge --info www-servers/apache' output too. https://greendragontavern.com/~RiverRat/Public/files/Gentoo/emerge--info--apache.txt 3) Please post your `emerge -vpq www-servers/apache' output too. https://greendragontavern.com/~RiverRat/Public/files/Gentoo/emerge-vpq--apache.txt Thanks, RiverRat
Er, this isn't about Keywording and stabilisation. 3.2.6 is stable already. Please attach the requested information so this bug report will remain self-consistent in the future.
Created attachment 291675 [details] emerge --info apache
Created attachment 291677 [details] emerge --info mod_authnz_external
Created attachment 291679 [details] emerge -pvq apache The 'q' might not have been a wise suggestion but here it is.
Looks like an upstream bug: http://code.google.com/p/mod-auth-external/issues/detail?id=1
This is an upstream bug. Until they resolve it would it be possible to add 3.1.0 back into the tree? It is the last known good version.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6574d28a51b357fdcb79a8578e41e20a2247933f commit 6574d28a51b357fdcb79a8578e41e20a2247933f Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-03-31 08:15:27 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-03-31 08:16:22 +0000 package.mask: Last rite www-apache/mod_authnz_external Bug: https://bugs.gentoo.org/389391 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 7 +++++++ 1 file changed, 7 insertions(+)
The "pipe" authentication method is unaffected by this bug. It looks like this bug still exists upstream; the developer accidentally changed the target file descriptor to stdin in 3.2.0 and tried to fix it in 3.2.5 by changing it to stderr. I don't know how to fix it portably. The current maintainer is probably unaware of this bug. The comments about it not being fixed were added months after the issue was closed. The maintainer at the time, Jan Wolter, died in 2015.
This issue was fixed years ago. :)
