Processed: found 879996 in 1.5.4-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 879996 1.5.4-1
Bug #879996 {Done: Stefan Fritsch } [src:apr-util] apr-util: 
CVE-2017-12618
Marked as found in versions apr-util/1.5.4-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
879996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 879708 in 1.5.1-3

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 879708 1.5.1-3
Bug #879708 {Done: Stefan Fritsch } [src:apr] apr: 
CVE-2017-12613
Marked as found in versions apr/1.5.1-3.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
879708: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Wheezy update of apr and apr-util?

[Chris Lamb]

Hi Stefan,

> > Would you like to take care of this yourself?
> 
> No, I won't have time for wheezy. Note that both issues are of rather low 
> severity. But go ahead if you wish.

Thanks for letting us know. I'll upload this tonight or early tomorrow.


Best wishes,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-

Re: Wheezy update of apr and apr-util?

[Stefan Fritsch]

Hi Markus,

On Friday, 3 November 2017 22:40:02 CET Markus Koschany wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apr and apr-util:
> https://security-tracker.debian.org/tracker/source-package/apr
> https://security-tracker.debian.org/tracker/source-package/apr-util
> 
> Would you like to take care of this yourself?

No, I won't have time for wheezy. Note that both issues are of rather low 
severity. But go ahead if you wish.

Cheers,
Stefan

Bug#879708: marked as done (apr: CVE-2017-12613)

[Debian Bug Tracking System]

Your message dated Mon, 06 Nov 2017 19:34:09 +
with message-id 
and subject line Bug#879708: fixed in apr 1.6.3-1
has caused the Debian Bug report #879708,
regarding apr: CVE-2017-12613
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879708: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apr-util
Severity: important
Tags: security

I'm sure you're aware, but filing for completeness in the BTS anyway:
http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
 

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: apr
Source-Version: 1.6.3-1

We believe that the bug you reported is fixed in the latest version of
apr, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch  (supplier of updated apr package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 06 Nov 2017 20:07:42 +0100
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source amd64
Version: 1.6.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Stefan Fritsch 
Description:
 libapr1- Apache Portable Runtime Library
 libapr1-dbg - Apache Portable Runtime Library - Debugging Symbols
 libapr1-dev - Apache Portable Runtime Library - Development Headers
Closes: 879708
Changes:
 apr (1.6.3-1) unstable; urgency=medium
 .
   * New upstream version
 - Fixes CVE-2017-12613: Out-of-bounds array deref in apr_time_exp*
   functions. Closes: #879708
   * Replace obsolete priority extra with optional.
Checksums-Sha1:
 7548e0ff3d9d67b894681daf411d13114381eb85 2319 apr_1.6.3-1.dsc
 4f3aa8d8204a2674868b9d485c11349e1848987d 854100 apr_1.6.3.orig.tar.bz2
 96e88e4f07335053be605bf6f3983103b6da6926 801 apr_1.6.3.orig.tar.bz2.asc
 45a03eae5cedd38d055fd9f577c85d6fb48c4e28 212956 apr_1.6.3-1.debian.tar.xz
 48a20b6f0906b0c5c97ec538d6495db1df558fa1 6831 apr_1.6.3-1_amd64.buildinfo
 5ae8a697e3ed1b5a34d9cd574aa9740e073cb542 288080 libapr1-dbg_1.6.3-1_amd64.deb
 43d76fa2ddf1eea56c6cc863087339f7bcdbeb1b 704048 libapr1-dev_1.6.3-1_amd64.deb
 c15c2efe778f03c19d01769d998daf0bf298696a 100436 libapr1_1.6.3-1_amd64.deb
Checksums-Sha256:
 4053fe879e73b58b85b9faef47f88f3f2f5b416ea57df2eb9617e6313e16b33d 2319 
apr_1.6.3-1.dsc
 131f06d16d7aabd097fa992a33eec2b6af3962f93e6d570a9bd4d85e95993172 854100 
apr_1.6.3.orig.tar.bz2
 33db39162f7ca9acdccaa4f19630a67045542791b262116d3512c8b5d7c3fca1 801 
apr_1.6.3.orig.tar.bz2.asc
 81c13e7277db373f6b72279caa576c9cd91a9902c8798d628e2c2d504962eb8e 212956 
apr_1.6.3-1.debian.tar.xz
 13c8fdd1eb75a3712388efd0c324fa522b255fa554b8c0c8510a08bc0f2e7926 6831 
apr_1.6.3-1_amd64.buildinfo
 2c3c43573a2c3129b44faa38ba133c436d199004e946ca1d19671efba4936a05 288080 
libapr1-dbg_1.6.3-1_amd64.deb
 798203f30e4b0c4ee40b499f901e9c9919fea116b40b641b64d913f1756288b2 704048 
libapr1-dev_1.6.3-1_amd64.deb
 db7f608eec6e3354aeb559ac7072bfee5ad0aa982bccf67fa6491eab7cdb0e51 100436 
libapr1_1.6.3-1_amd64.deb
Files:
 5af4f8274f37af1136be6b8053538c62 2319 libs optional apr_1.6.3-1.dsc
 12f2a349483ad6f12db49ba01fbfdbfa 854100 libs optional apr_1.6.3.orig.tar.bz2
 51443db1316879ba2e0c1ad1f6ca263f 801 libs optional apr_1.6.3.orig.tar.bz2.asc
 f093d07190bbd8bee385bee6b7dddf95 212956 libs optional apr_1.6.3-1.debian.tar.xz
 3b6c62d602bcf2e9749fc1c6513e1280 6831 libs optional apr_1.6.3-1_amd64.buildinfo
 f99c9f4f7ec5af80ec67e138bf4949fc 288080 debug optional 
libapr1-dbg_1.6.3-1_amd64.deb
 4a449641e30594303c232feb2461be01 704048 libdevel optional 
libapr1-dev_1.6.3-1_amd64.deb
 1502781e8eb5ab32c9154d3b4bde9e7c 100436 libs optional libapr1_1.6.3-1_amd64.deb

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAloAs74ACgkQxodfNUHO
/eAAJRAAsxO2r+9JW31AYB7W18EjBrnj/MtiKOD1KYY2rHf7Pqe+H8dWP4dUjiOK
nIpk9egNJLYS+C78D8DTeFmijdvGw2lTis5cmsh6xYRDpHWklNR+5W2p5xPS+3rI

Processing of apr_1.6.3-1_amd64.changes

[Debian FTP Masters]

apr_1.6.3-1_amd64.changes uploaded successfully to localhost
along with the files:
  apr_1.6.3-1.dsc
  apr_1.6.3.orig.tar.bz2
  apr_1.6.3.orig.tar.bz2.asc
  apr_1.6.3-1.debian.tar.xz
  apr_1.6.3-1_amd64.buildinfo
  libapr1-dbg_1.6.3-1_amd64.deb
  libapr1-dev_1.6.3-1_amd64.deb
  libapr1_1.6.3-1_amd64.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

apr-util_1.6.1-1_amd64.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 06 Nov 2017 19:48:34 +0100
Source: apr-util
Binary: libaprutil1 libaprutil1-ldap libaprutil1-dbd-mysql 
libaprutil1-dbd-sqlite3 libaprutil1-dbd-odbc libaprutil1-dbd-pgsql 
libaprutil1-dev libaprutil1-dbg
Architecture: source amd64
Version: 1.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Stefan Fritsch 
Description:
 libaprutil1 - Apache Portable Runtime Utility Library
 libaprutil1-dbd-mysql - Apache Portable Runtime Utility Library - MySQL Driver
 libaprutil1-dbd-odbc - Apache Portable Runtime Utility Library - ODBC Driver
 libaprutil1-dbd-pgsql - Apache Portable Runtime Utility Library - PostgreSQL 
Driver
 libaprutil1-dbd-sqlite3 - Apache Portable Runtime Utility Library - SQLite3 
Driver
 libaprutil1-dbg - Apache Portable Runtime Utility Library - Debugging Symbols
 libaprutil1-dev - Apache Portable Runtime Utility Library - Development Headers
 libaprutil1-ldap - Apache Portable Runtime Utility Library - LDAP Driver
Closes: 879996
Changes:
 apr-util (1.6.1-1) unstable; urgency=medium
 .
   * New upstream release
 - Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database.
   Closes: #879996
Checksums-Sha1:
 fe26d463c1d95a9319e0b0187aacdc49703e43d7 2865 apr-util_1.6.1-1.dsc
 4cc73bc36ca697419f555476f2fc1c63df6069f4 428595 apr-util_1.6.1.orig.tar.bz2
 e0803c3de11cf90a7be5429a7f4756b3867bf056 801 apr-util_1.6.1.orig.tar.bz2.asc
 e1dac4f76f079abe53bbd7ce1a014bb3f7666329 210872 apr-util_1.6.1-1.debian.tar.xz
 9d2232cdab37e4062822c5aff9ba62393662235f 9570 apr-util_1.6.1-1_amd64.buildinfo
 b0a05f92ee3f05916afc13aed9862267daf053ab 20272 
libaprutil1-dbd-mysql_1.6.1-1_amd64.deb
 6cad02399709f42fcab78609c2d76e55f23eb49e 23876 
libaprutil1-dbd-odbc_1.6.1-1_amd64.deb
 3f8ed97a398914e7ca5cfbc50452eb81285129b2 20136 
libaprutil1-dbd-pgsql_1.6.1-1_amd64.deb
 b1e3146a83d899242f2cc524da326e9b2c0c1b46 18172 
libaprutil1-dbd-sqlite3_1.6.1-1_amd64.deb
 5a0cf339da68baa7b8ceae8d62ee89499d0141d8 338152 
libaprutil1-dbg_1.6.1-1_amd64.deb
 b1572965719a95b8f8312c6f4256fce623f0c1f1 403288 
libaprutil1-dev_1.6.1-1_amd64.deb
 34ef435fb0a10b4fb891bed45869e05448f957bc 16292 
libaprutil1-ldap_1.6.1-1_amd64.deb
 edf494bd93a5b7ee4d5d25192907590495fbed80 91112 libaprutil1_1.6.1-1_amd64.deb
Checksums-Sha256:
 4c9f454e9750b5acda7e8959700b725a0f6256d7da0cb54ae6d5a4b61aac8deb 2865 
apr-util_1.6.1-1.dsc
 d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b 428595 
apr-util_1.6.1.orig.tar.bz2
 47837b605290c0d7659b73734e4a9d5e6c0c24c13185cd4d91837afe63c07ca4 801 
apr-util_1.6.1.orig.tar.bz2.asc
 5d0446d5832a62d6428ff408c571ff693f2aba604b2606c8f2463b2a6d8ae217 210872 
apr-util_1.6.1-1.debian.tar.xz
 f12ca8edca5d45be22f6091bde0a0bd94837fe2a856a602c46138d65a25d1892 9570 
apr-util_1.6.1-1_amd64.buildinfo
 ac491b8e63ad8bca0adcde6bea93681b4e8660fb2ef00c9aedcda12ced878569 20272 
libaprutil1-dbd-mysql_1.6.1-1_amd64.deb
 d4db2325ab0acd673dc24cd9cfa43a8df11b0d600275cb5e07dc17400af4f2fb 23876 
libaprutil1-dbd-odbc_1.6.1-1_amd64.deb
 e4ccf7ce480744411f94a0984da73a6d83e3493cc3827d8092a213a5e3d08a82 20136 
libaprutil1-dbd-pgsql_1.6.1-1_amd64.deb
 5f757d0fec95c1534dbd4bcf575deb9dab43c288ce3003622008c59f22de1818 18172 
libaprutil1-dbd-sqlite3_1.6.1-1_amd64.deb
 6fb15f3e6a96d5b5ec64e5547954b3d3f44ab4c7eb6311520b30a6207047865a 338152 
libaprutil1-dbg_1.6.1-1_amd64.deb
 489015d6835d1299a3706230a5d05d456d08e83149946a7e0cfcc20f120af678 403288 
libaprutil1-dev_1.6.1-1_amd64.deb
 8de42337352f1c94b68d9e26dd8f843e3ca5f90c9f2019a8171f1e14c024a75a 16292 
libaprutil1-ldap_1.6.1-1_amd64.deb
 3972d00a4a89b995d2156bbcc2d13888b6e70bf05dabc541ee97575e69986dba 91112 
libaprutil1_1.6.1-1_amd64.deb
Files:
 40acdbde7deffe5f0b62bdbb5aacdadc 2865 libs optional apr-util_1.6.1-1.dsc
 8ff5dc36fa39a2a3db1df196d3ed6086 428595 libs optional 
apr-util_1.6.1.orig.tar.bz2
 56d1c76f41e658277444bb744d67d43e 801 libs optional 
apr-util_1.6.1.orig.tar.bz2.asc
 72f6597d8e5e82f79ad0692743a7c029 210872 libs optional 
apr-util_1.6.1-1.debian.tar.xz
 da46a7b3b7e7eef53d4c19b452efd448 9570 libs optional 
apr-util_1.6.1-1_amd64.buildinfo
 c1497f99d59b3c0af056b12d81424491 20272 libs optional 
libaprutil1-dbd-mysql_1.6.1-1_amd64.deb
 7edbdeb2086e2ee9b61053e84398026e 23876 libs optional 
libaprutil1-dbd-odbc_1.6.1-1_amd64.deb
 cf3b67e362e0f072a67e37e0742ce006 20136 libs optional 
libaprutil1-dbd-pgsql_1.6.1-1_amd64.deb
 cdc0a8c3d753cd3d250e5ca74ca910c3 18172 libs optional 
libaprutil1-dbd-sqlite3_1.6.1-1_amd64.deb
 6b789690235d5121bb2700c92cd89106 338152 debug optional 
libaprutil1-dbg_1.6.1-1_amd64.deb
 da3bbc4168862e27ea0dd88b3d9e3df1 403288 libdevel optional 
libaprutil1-dev_1.6.1-1_amd64.deb
 6974d5d4746d14c627d0cb74334f179f 16292 libs optional 
libaprutil1-ldap_1.6.1-1_amd64.deb
 b82530fef5dc3ff4accbd64f20f3bd4c 91112 libs optional 
libaprutil1_1.6.1-1_amd64.deb

-BEGIN PGP 

Processing of apr-util_1.6.1-1_amd64.changes

[Debian FTP Masters]

apr-util_1.6.1-1_amd64.changes uploaded successfully to localhost
along with the files:
  apr-util_1.6.1-1.dsc
  apr-util_1.6.1.orig.tar.bz2
  apr-util_1.6.1.orig.tar.bz2.asc
  apr-util_1.6.1-1.debian.tar.xz
  apr-util_1.6.1-1_amd64.buildinfo
  libaprutil1-dbd-mysql_1.6.1-1_amd64.deb
  libaprutil1-dbd-odbc_1.6.1-1_amd64.deb
  libaprutil1-dbd-pgsql_1.6.1-1_amd64.deb
  libaprutil1-dbd-sqlite3_1.6.1-1_amd64.deb
  libaprutil1-dbg_1.6.1-1_amd64.deb
  libaprutil1-dev_1.6.1-1_amd64.deb
  libaprutil1-ldap_1.6.1-1_amd64.deb
  libaprutil1_1.6.1-1_amd64.deb

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#879996: marked as done (apr-util: CVE-2017-12618)

[Debian Bug Tracking System]

Your message dated Mon, 06 Nov 2017 19:19:15 +
with message-id 
and subject line Bug#879996: fixed in apr-util 1.6.1-1
has caused the Debian Bug report #879996,
regarding apr-util: CVE-2017-12618
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
879996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: apr-util
Severity: important
Tags: security

I'm sure you're aware, but filing for completeness in the BTS anyway:
http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
 

Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: apr-util
Source-Version: 1.6.1-1

We believe that the bug you reported is fixed in the latest version of
apr-util, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch  (supplier of updated apr-util package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 06 Nov 2017 19:48:34 +0100
Source: apr-util
Binary: libaprutil1 libaprutil1-ldap libaprutil1-dbd-mysql 
libaprutil1-dbd-sqlite3 libaprutil1-dbd-odbc libaprutil1-dbd-pgsql 
libaprutil1-dev libaprutil1-dbg
Architecture: source amd64
Version: 1.6.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers 
Changed-By: Stefan Fritsch 
Description:
 libaprutil1 - Apache Portable Runtime Utility Library
 libaprutil1-dbd-mysql - Apache Portable Runtime Utility Library - MySQL Driver
 libaprutil1-dbd-odbc - Apache Portable Runtime Utility Library - ODBC Driver
 libaprutil1-dbd-pgsql - Apache Portable Runtime Utility Library - PostgreSQL 
Driver
 libaprutil1-dbd-sqlite3 - Apache Portable Runtime Utility Library - SQLite3 
Driver
 libaprutil1-dbg - Apache Portable Runtime Utility Library - Debugging Symbols
 libaprutil1-dev - Apache Portable Runtime Utility Library - Development Headers
 libaprutil1-ldap - Apache Portable Runtime Utility Library - LDAP Driver
Closes: 879996
Changes:
 apr-util (1.6.1-1) unstable; urgency=medium
 .
   * New upstream release
 - Fixes CVE-2017-12618: Out-of-bounds access in corrupted SDBM database.
   Closes: #879996
Checksums-Sha1:
 fe26d463c1d95a9319e0b0187aacdc49703e43d7 2865 apr-util_1.6.1-1.dsc
 4cc73bc36ca697419f555476f2fc1c63df6069f4 428595 apr-util_1.6.1.orig.tar.bz2
 e0803c3de11cf90a7be5429a7f4756b3867bf056 801 apr-util_1.6.1.orig.tar.bz2.asc
 e1dac4f76f079abe53bbd7ce1a014bb3f7666329 210872 apr-util_1.6.1-1.debian.tar.xz
 9d2232cdab37e4062822c5aff9ba62393662235f 9570 apr-util_1.6.1-1_amd64.buildinfo
 b0a05f92ee3f05916afc13aed9862267daf053ab 20272 
libaprutil1-dbd-mysql_1.6.1-1_amd64.deb
 6cad02399709f42fcab78609c2d76e55f23eb49e 23876 
libaprutil1-dbd-odbc_1.6.1-1_amd64.deb
 3f8ed97a398914e7ca5cfbc50452eb81285129b2 20136 
libaprutil1-dbd-pgsql_1.6.1-1_amd64.deb
 b1e3146a83d899242f2cc524da326e9b2c0c1b46 18172 
libaprutil1-dbd-sqlite3_1.6.1-1_amd64.deb
 5a0cf339da68baa7b8ceae8d62ee89499d0141d8 338152 
libaprutil1-dbg_1.6.1-1_amd64.deb
 b1572965719a95b8f8312c6f4256fce623f0c1f1 403288 
libaprutil1-dev_1.6.1-1_amd64.deb
 34ef435fb0a10b4fb891bed45869e05448f957bc 16292 
libaprutil1-ldap_1.6.1-1_amd64.deb
 edf494bd93a5b7ee4d5d25192907590495fbed80 91112 libaprutil1_1.6.1-1_amd64.deb
Checksums-Sha256:
 4c9f454e9750b5acda7e8959700b725a0f6256d7da0cb54ae6d5a4b61aac8deb 2865 
apr-util_1.6.1-1.dsc
 d3e12f7b6ad12687572a3a39475545a072608f4ba03a6ce8a3778f607dd0035b 428595 
apr-util_1.6.1.orig.tar.bz2
 47837b605290c0d7659b73734e4a9d5e6c0c24c13185cd4d91837afe63c07ca4 801 
apr-util_1.6.1.orig.tar.bz2.asc
 5d0446d5832a62d6428ff408c571ff693f2aba604b2606c8f2463b2a6d8ae217 210872 
apr-util_1.6.1-1.debian.tar.xz
 f12ca8edca5d45be22f6091bde0a0bd94837fe2a856a602c46138d65a25d1892 9570 
apr-util_1.6.1-1_amd64.buildinfo
 ac491b8e63ad8bca0adcde6bea93681b4e8660fb2ef00c9aedcda12ced878569 20272 
libaprutil1-dbd-mysql_1.6.1-1_amd64.deb
 

Bug#880993: enable http2 protocol when http2 module is enabled

[Antoine Beaupre]

Source: apache2
Version: 2.4.25-3+deb9u3
Severity: wishlist

It's unclear to me why the http2 module in the Apache2 debian package
doesn't *actually* enable the http2 *protocol*.

Maybe I don't understand this right, but it seems to me that to enable
http2 in apache/Debian, you  need to do the following:

a2enmod http2

But then also add some configuration blurb like this somewhere:

Protocols h2 h2c http/1.1

The above configuration will enable HTTP/2 over TLS (h2) and HTTP/2
over TCP (h2c, cleartext) then keep the http/1.1 as a
backwards-compatibility option.

Why isn't this part of /etc/apache2/mods-available/http2.conf? It
seems to me if you want to enable HTTP2 on the server, you'd expect
this to just turn on as well. I can imagine that people may want to
enable only on *some* virtual hosts, but then that config can be
commented out or disabled and added to virtual host as needed. Or it
can be disabled in the relevant vhosts as well.

It could also be a good place to have, commented out, sample H2Push
configurations as well... e.g.

# # HTTP/2 push configuration
#
# H2Push  on
#
# # Default Priority Rule
#
# H2PushPriority * After 16
#
# # More complex ruleset:
#
# H2PushPriority  *   after
# H2PushPriority  text/cssbefore
# H2PushPriority  image/jpeg  after   32
# H2PushPriority  image/png   after   32
# H2PushPriority  application/javascript  interleaved
#
# # Configure some stylesheet and script to be pushed by the webserver
#
# 
# Header add Link "; rel=preload; as=style"
# Header add Link "; rel=preload; as=script"
# 

More sample configs are here:
https://httpd.apache.org/docs/2.4/mod/mod_http2.html#h2pushpriority

What do you think?

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Bug#872036: Acknowledgement (AH00060: seg fault or similar nasty error detected in the parent process)

[Athanasius]

  Apparently this can be caused by something like logrotate sending many
"reload" signals to apache in quick succession:



I experienced such an apache crash this morning when the logs were
rotated.  I've now adjusted my logrotate config to only reload apache
once (despite many sections for different web site's logs, some of which
have specifically different user/group settings for the files) and will
see if that avoids another crash tomorrow.