Bug#925061: apache2: Cannot disabled old TLS Versions (prior to TLS1.2)
Hi, On Tue, Mar 19, 2019 at 05:18:49PM +0100, Thomas Knaller wrote: > Therefore I edited /etc/apache2/mods-enabled/ssl.conf so that it > states "SSLProtocol TLSv1.2", which should disable all SSLProtocols > except for TLS1.2, but TLS1.0 und TLS1.1 are still active, as seen > with nmap: > > # nmap --script ssl-enum-ciphers -p 443 127.0.0.1 | grep TLSv > | TLSv1.0: > | TLSv1.1: > | TLSv1.2: > I could not reproduce this, either with 2.4.25-3+deb9u7 on stretch nor with 2.4.38-3 on buster. It's not very likely that this was fixed between 2.4.38-2 and 2.4.38-3, so it's probably something in your configuration. Maybe you have another sslprotocol directive somewhere else in the config? You can check with: a2enmod info apache2ctl -t -D DUMP_CONFIG|grep -i ssl a2dismod info # if it hasn't been enabled before > On Apache Bugtracker it appears that apache itself does not have that > problem but it has something to do with the deb-Package for Debian and > Ubuntu: https://bz.apache.org/bugzilla/show_bug.cgi?id=60739 That report mentions some weird interaction with SSLCipherSuite. Maybe you have that in another config file? Cheers, Stefan
Bug#902658: marked as done (graceful/restart results in segfault if libcap-ng0 is loaded)
Your message dated Mon, 22 Apr 2019 17:01:53 +0200 with message-id <20190422150153.v4e56hjh5m3di...@manul.sfritsch.de> and subject line Bug#902658: graceful/restart results in segfault if libcap-ng0 is loaded has caused the Debian Bug report #902658, regarding graceful/restart results in segfault if libcap-ng0 is loaded to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 902658: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902658 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.33-3+b1 Severity: grave Tags: a11y Justification: renders package unusable Dear Maintainer, when i do an "apachectl graceful" or "apachectl restart", i get segfaults. [Fri Jun 29 10:22:38.726688 2018] [mpm_prefork:notice] [pid 31097] AH00163: Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.0.10 Perl/v5.26.2 configured -- resuming normal operations [Fri Jun 29 10:22:38.726720 2018] [core:notice] [pid 31097] AH00094: Command line: '/usr/sbin/apache2' [Fri Jun 29 10:22:49.076807 2018] [mpm_prefork:notice] [pid 31097] AH00171: Graceful restart requested, doing restart [Fri Jun 29 10:22:49.168509 2018] [mpm_prefork:notice] [pid 31097] AH00163: Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.0.10 Perl/v5.26.2 configured -- resuming normal operations [Fri Jun 29 10:22:49.168527 2018] [core:notice] [pid 31097] AH00094: Command line: '/usr/sbin/apache2' [Fri Jun 29 10:22:50.172451 2018] [core:notice] [pid 31097] AH00051: child pid 32163 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176057 2018] [mpm_prefork:warn] [pid 31097] AH00167: long lost child came home! (pid 32163) [Fri Jun 29 10:22:50.176139 2018] [core:notice] [pid 31097] AH00051: child pid 32165 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176158 2018] [core:error] [pid 31097] AH00546: no record of generation 0 of exiting child 32165 [Fri Jun 29 10:22:50.176214 2018] [core:notice] [pid 31097] AH00051: child pid 32167 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176225 2018] [core:error] [pid 31097] AH00546: no record of generation 0 of exiting child 32167 [Fri Jun 29 10:22:50.176272 2018] [core:notice] [pid 31097] AH00051: child pid 32169 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176304 2018] [core:error] [pid 31097] AH00546: no record of generation 0 of exiting child 32169 [Fri Jun 29 10:22:50.176362 2018] [core:notice] [pid 31097] AH00051: child pid 32171 exit signal Segmentation fault (11), possible coredump in /etc/apache2 if i then do a /etc/init.d/apache2 restart, it works normally /etc/init.d/apache2 restart and systemctl restart apache2 do NOT result in a segfault. here's a backtrace: coredumpctl gdb 20261 PID: 20261 (/usr/sbin/apach) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Thu 2018-06-28 19:47:53 CEST (4min 18s ago) Command Line: /usr/sbin/apache2 -k start Executable: /usr/sbin/apache2 Control Group: /system.slice/apache2.service Unit: apache2.service Slice: system.slice Boot ID: fb5bb58db2c4417db6cce49bb7b04435 Machine ID: 6eb9f0854f630f342494ccf2000a Hostname: sunnyserver Storage: /var/lib/systemd/coredump/core.\x2fusr\x2fsbin\x2fapach.0.fb5bb58db2c4417db6cce49bb7b04435.20261.153020807300.lz4 Message: Process 20261 (/usr/sbin/apach) of user 0 dumped core. Stack trace of thread 20261: #0 0x7fa235131677 n/a (libcap-ng.so.0) #1 0x7fa2429e2a25 n/a (mod_mpm_prefork.so) #2 0x7fa2429e3a0e n/a (mod_mpm_prefork.so) #3 0x561918c4cb7e ap_run_mpm (apache2) #4 0x561918c4546b main (apache2) #5 0x7fa247386a87 __libc_start_main (libc.so.6) #6 0x561918c4556a _start (apache2) GNU gdb (Debian 7.12-6+b2) 7.12.0.20161007-git Copyright © 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type “show copying” and “show warranty” for details. This GDB was configured as “x86_64-linux-gnu”. Type “show configuration” for configuration details. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/. Find the GDB manual and other documentation resources online at: http://www.gnu.org/software/gdb/documentation/. For hel
Bug#902657: marked as done (graceful/restart results in segfault if libcap-ng0 is loaded)
Your message dated Mon, 22 Apr 2019 17:01:53 +0200 with message-id <20190422150153.v4e56hjh5m3di...@manul.sfritsch.de> and subject line Bug#902658: graceful/restart results in segfault if libcap-ng0 is loaded has caused the Debian Bug report #902658, regarding graceful/restart results in segfault if libcap-ng0 is loaded to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 902658: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902658 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.33-3+b1 Severity: grave Tags: a11y Justification: renders package unusable Dear Maintainer, when i do an "apachectl graceful" or "apachectl restart", i get segfaults. [Fri Jun 29 10:22:38.726688 2018] [mpm_prefork:notice] [pid 31097] AH00163: Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.0.10 Perl/v5.26.2 configured -- resuming normal operations [Fri Jun 29 10:22:38.726720 2018] [core:notice] [pid 31097] AH00094: Command line: '/usr/sbin/apache2' [Fri Jun 29 10:22:49.076807 2018] [mpm_prefork:notice] [pid 31097] AH00171: Graceful restart requested, doing restart [Fri Jun 29 10:22:49.168509 2018] [mpm_prefork:notice] [pid 31097] AH00163: Apache/2.4.33 (Debian) mpm-itk/2.4.7-04 OpenSSL/1.1.0h mod_perl/2.0.10 Perl/v5.26.2 configured -- resuming normal operations [Fri Jun 29 10:22:49.168527 2018] [core:notice] [pid 31097] AH00094: Command line: '/usr/sbin/apache2' [Fri Jun 29 10:22:50.172451 2018] [core:notice] [pid 31097] AH00051: child pid 32163 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176057 2018] [mpm_prefork:warn] [pid 31097] AH00167: long lost child came home! (pid 32163) [Fri Jun 29 10:22:50.176139 2018] [core:notice] [pid 31097] AH00051: child pid 32165 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176158 2018] [core:error] [pid 31097] AH00546: no record of generation 0 of exiting child 32165 [Fri Jun 29 10:22:50.176214 2018] [core:notice] [pid 31097] AH00051: child pid 32167 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176225 2018] [core:error] [pid 31097] AH00546: no record of generation 0 of exiting child 32167 [Fri Jun 29 10:22:50.176272 2018] [core:notice] [pid 31097] AH00051: child pid 32169 exit signal Segmentation fault (11), possible coredump in /etc/apache2 [Fri Jun 29 10:22:50.176304 2018] [core:error] [pid 31097] AH00546: no record of generation 0 of exiting child 32169 [Fri Jun 29 10:22:50.176362 2018] [core:notice] [pid 31097] AH00051: child pid 32171 exit signal Segmentation fault (11), possible coredump in /etc/apache2 if i then do a /etc/init.d/apache2 restart, it works normally /etc/init.d/apache2 restart and systemctl restart apache2 do NOT result in a segfault. here's a backtrace of a coredump: coredumpctl gdb 20261 PID: 20261 (/usr/sbin/apach) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Thu 2018-06-28 19:47:53 CEST (4min 18s ago) Command Line: /usr/sbin/apache2 -k start Executable: /usr/sbin/apache2 Control Group: /system.slice/apache2.service Unit: apache2.service Slice: system.slice Boot ID: fb5bb58db2c4417db6cce49bb7b04435 Machine ID: 6eb9f0854f630f342494ccf2000a Hostname: sunnyserver Storage: /var/lib/systemd/coredump/core.\x2fusr\x2fsbin\x2fapach.0.fb5bb58db2c4417db6cce49bb7b04435.20261.153020807300.lz4 Message: Process 20261 (/usr/sbin/apach) of user 0 dumped core. Stack trace of thread 20261: #0 0x7fa235131677 n/a (libcap-ng.so.0) #1 0x7fa2429e2a25 n/a (mod_mpm_prefork.so) #2 0x7fa2429e3a0e n/a (mod_mpm_prefork.so) #3 0x561918c4cb7e ap_run_mpm (apache2) #4 0x561918c4546b main (apache2) #5 0x7fa247386a87 __libc_start_main (libc.so.6) #6 0x561918c4556a _start (apache2) GNU gdb (Debian 7.12-6+b2) 7.12.0.20161007-git Copyright © 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type “show copying” and “show warranty” for details. This GDB was configured as “x86_64-linux-gnu”. Type “show configuration” for configuration details. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/. Find the GDB manual and other documentation resources online at: http://www.gnu.org/software/gdb/docume
