Description of problem: In /etc/httpd/conf.d/viewvc.conf, there is no <Directory> definition for the /usr/share/viewvc/templates/docroot (aka /viewvc-static) directory. This causes Apache to use default configuration. This is OK using the default Apache setup, but fails if Apache security is enforced (i.e.: by setting "Deny from all" in httpd.conf as default config.). Version-Release number of selected component (if applicable): viewvc-httpd-1.1.3-2 How reproducible: Always Steps to Reproduce: 1. Edit /etc/httpd/conf/httpd.conf and set "Order deny,allow" and "Deny from all" as default configuration. Reload Apache configuration. 2. From a Web browser, visit your viewvc top page: icons are not displayed. Actual results: Icons are not displayed, "forbidden" errors appear in httpd/error_log Expected results: Icons displayed and no error in httpd/error_log Additional info: I would suggest to include the following lines in the viewvc.conf file: <Directory /usr/share/viewvc/templates/docroot> Options -Indexes Order allow,deny Allow from 127.0.0.1 </Directory>
Problem still present in 1.1.6-1
I don't know how I missed this bug all this time. Sorry.
viewvc-1.1.7-1.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/viewvc-1.1.7-1.fc12
viewvc-1.1.7-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update viewvc'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/viewvc-1.1.7-1.fc12
viewvc-1.1.7-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.