Processed: reassign
Processing commands for cont...@bugs.debian.org: > reassign 1004275 php Bug #1004275 [php apache2] php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd Bug reassigned from package 'php apache2' to 'php'. Ignoring request to alter found versions of bug #1004275 to the same values previously set Ignoring request to alter fixed versions of bug #1004275 to the same values previously set > End of message, stopping processing here. Please contact me if you need assistance. -- 1004275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#951067: marked as done (apache2: unable to disable TLSv1)
Your message dated Fri, 2 Dec 2022 22:46:35 +0100 with message-id <20221202224635.17fcf...@frustcomp.hnjs.home.arpa> and subject line Closed due to incorrect use of the option has caused the Debian Bug report #951067, regarding apache2: unable to disable TLSv1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 951067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951067 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.38-3+deb10u3 Severity: important Dear Maintainer, it is not possible to get rid of TLS v1. This is no duplicate of #925061, I think. What I tried: removed /etc/letsencrypt/options-ssl-apache.conf, see #950735 edited /etc/apache2/mods-enabled/ssl.conf: "SSLProtocol -all +TLSv1.3 +TLSv1.2" edited etc/apache2/conf-enabled/local.conf: "SSLProtocol -all +TLSv1.3 +TLSv1.2" Result: # apache2ctl -t -D DUMP_CONFIG|grep SSLProtocol SSLProtocol -all +TLSv1.3 +TLSv1.2 SSLProtocol -all +TLSv1.3 +TLSv1.2 SSLProtocol all -SSLv2 -SSLv3 Syntax OK => something is enabling TLSv1 again after all config files were parsed. So... # find /etc/apache2/ | xargs grep SSLProtocol grep: /etc/apache2/: Is a directory grep: /etc/apache2/mods-enabled: Is a directory /etc/apache2/mods-enabled/ssl.conf: SSLProtocol -all +TLSv1.3 +TLSv1.2 grep: /etc/apache2/sites-enabled: Is a directory grep: /etc/apache2/conf-available: Is a directory /etc/apache2/conf-available/local.conf:SSLProtocol -all +TLSv1.3 +TLSv1.2 grep: /etc/apache2/mods-available: Is a directory /etc/apache2/mods-available/ssl.conf: SSLProtocol -all +TLSv1.3 +TLSv1.2 grep: /etc/apache2/sites-available: Is a directory grep: /etc/apache2/conf-enabled: Is a directory /etc/apache2/conf-enabled/local.conf:SSLProtocol -all +TLSv1.3 +TLSv1.2 => TLSv1 is re-enabled no matter what the config files say. -- Package-specific info: -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-8-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.38-3+deb10u3 ii apache2-data 2.4.38-3+deb10u3 ii apache2-utils 2.4.38-3+deb10u3 ii dpkg 1.19.7 ii lsb-base 10.2019051400 ii mime-support 3.62 ii perl 5.28.1-6 ii procps 2:3.3.15-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-4 ii libaprutil1-dbd-sqlite3 1.6.1-4 ii libaprutil1-ldap 1.6.1-4 ii libbrotli1 1.0.7-2 ii libc62.28-10 ii libcurl4 7.64.0-4 ii libjansson4 2.12-1 ii libldap-2.4-22.4.47+dfsg-3+deb10u1 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-141.36.0-2+deb10u1 ii libpcre3 2:8.39-12 ii libssl1.11.1.1d-0+deb10u2 ii libxml2 2.9.4+dfsg1-7+b3 ii perl 5.28.1-6 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.38-3+deb10u3 ii apache2-bin 2.4.38-3+deb10u3 -- Configuration Files: /etc/apache2/conf-available/security.conf changed: ServerTokens Prod ServerSignature Off TraceEnable Off /etc/apache2/mods-available/ssl.conf changed: # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if
Bug#1000627: apache2: missing dependency setting
Control: tags -1 upstream Hi On Fri, 3 Jun 2022 23:53:50 +0200 Michael Biebl wrote: > I'd like to refer to https://systemd.io/NETWORK_ONLINE/ as well. > Especially to "Should network-online.target be used?" which suggest > better and more robust options then using network-online.target AFAICT there is an upstream bugreport for implementing IP_FREEBIND: https://bz.apache.org/bugzilla/show_bug.cgi?id=58725 This seems to have already been implemented, at least in 2.5/trunk: https://httpd.apache.org/docs/trunk/mod/mpm_common.html#listen Since this bug only occurs when the user specifies an IP address to listen on, our default config is not affected AFAIU. So the easiest way to fix this bug is to wait and maybe add a comment before the default 'Listen' directives to add the freebind option when changing the 'Listen' to a specific IP address. This can only be done once we package a release containing that option, though. In the meantime the only workaround seems to be to wait for the network-online.target but since this is not necessary for the stock config, I don’t really want to do that.
Processed: Re: Bug#1000627: apache2: missing dependency setting
Processing control commands: > tags -1 upstream Bug #1000627 [apache2] apache2: missing dependency setting Added tag(s) upstream. -- 1000627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000627 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed (with 1 error): Re: php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd
Processing control commands: > tags -1 moreinfo Bug #1004275 [php apache2] php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd Added tag(s) moreinfo. > reassign php Unknown command or malformed arguments to command. -- 1004275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1004275: php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd
Control: tags -1 moreinfo Control: reassign php Hi Thank you for your report. On Mon, 24 Jan 2022 01:33:24 +0100 wrote: > After apt update & upgrade a new php update appear but the upgrade also > installed apache2. Can you provide a log of your commands and outputs? Which php package(s) were updated from which version to which version? > I am running lighttpd server and apache2 it's not neccesary on my system. Makes sense. Which version of lighthttpd is installed? I’m reassigning this package to php, exclusively, because I don’t think any change in the apache2 package(s) can fix the issue. Cheers henk
Bug#714083: default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost
Control: retitle -1 default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost Control: severity -1 normal Control: tags -1 help Increased severity because this does easily cause problems, unexpected behaviour, confusion, and support requests when an ssl vhost is put in a config with a filename that is sorted before 'default-ssl.conf', e.g. 'custom-vhost.conf' or 'a-vhost.conf'. There is already a pull request [1] that was already merged but then reverted because changing this config file’s name is not trivial and I had not thought of how to do this migration on productive systems. Concrete questions are: * how to deal with this on all variations of systems ** unchanged, not activated (will dpkg/ucf/whatever-handles-these-config-files do the right thing? I guess the old file will be removed and the new file placed, but how to be certain?) ** changed, not activated (what do we do? move the existing file? remove it, install the new?) ** unchanged, activated (similar to first variant, but how to deal with the symlink in sites-enabled/?) ** changed, activated (do we even do anything in this case or just assume that it’s working as intended and leave the admin to it?) Concrete suggestions, patches, references to relevant docs, merge requests, etc. welcome! Cheers henk
Bug#745605: please retest
Control: tags -1 -fixed-upstream It seems this bugreport was tagged 'fixed-upstream' automatically after the upstream bug was closed automatically due to age or inactivity. AFAICT the bug is not fixed, the change proposed in [1] / [2] does not seem to be applied, see [3]. Someone would need to retest this (as described in upstream’s bugtracker’s closing comment), report back, and depending on result either close this bug or reopen upstream’s bug; or alternatively provide a minimal example how to reproduce it for someone else to test. Thanks! [1]: https://bz.apache.org/bugzilla/show_bug.cgi?id=35049#c1 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745605#55 [3]: https://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?view=markup#l80
Processed: please retest
Processing control commands: > tags -1 -fixed-upstream Bug #745605 [apache2] Please enable AddDefaultCharset for javascript Removed tag(s) fixed-upstream. -- 745605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost
Processing control commands: > retitle -1 default-ssl.conf should also be prefixed with 000- to be sure to > be first ssl virtualhost Bug #714083 [apache2] apache2.2-common: a2enmod does not prefix 000- to default-ssl site Changed Bug title to 'default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost' from 'apache2.2-common: a2enmod does not prefix 000- to default-ssl site'. > severity -1 normal Bug #714083 [apache2] default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost Severity set to 'normal' from 'minor' > tags -1 help Bug #714083 [apache2] default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost Added tag(s) help. -- 714083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714083 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: please retest
Processing control commands: > tags -1 -fixed-upstream Bug #393646 [apache2] PATH_TRANSLATED: 'redirect:/~jablko/gallery2/main.php' Removed tag(s) fixed-upstream. -- 393646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393646 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: your mail
Processing commands for cont...@bugs.debian.org: > notfound 925061 apache2/2.4.38-2 Bug #925061 {Done: Hendrik Jäger } [apache2] apache2: Cannot disabled old TLS Versions (prior to TLS1.2) No longer marked as found in versions apache2/2.4.38-2. > End of message, stopping processing here. Please contact me if you need assistance. -- 925061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: your mail
Processing commands for cont...@bugs.debian.org: > fixed 844351 2.4.40 Bug #844351 {Done: Hendrik Jäger } [apache2] apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue There is no source info for the package 'apache2' at version '2.4.40' with architecture '' Unable to make a source version for version '2.4.40' Marked as fixed in versions 2.4.40. > fixed 925061 2.4.38-2 Bug #925061 {Done: Hendrik Jäger } [apache2] apache2: Cannot disabled old TLS Versions (prior to TLS1.2) Marked as fixed in versions apache2/2.4.38-2. > tags 986537 wontfix Bug #986537 {Done: Hendrik Jäger } [apache2] apache2: Reinstall fails due to missing conf files Added tag(s) wontfix. > fixed 995961 2.4.52-1~deb11u2 Bug #995961 {Done: Hendrik Jäger } [apache2] libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 Marked as fixed in versions apache2/2.4.52-1~deb11u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 844351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844351 925061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061 986537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986537 995961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#995961: marked as done (libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1)
Your message dated Fri, 2 Dec 2022 14:56:52 +0100 with message-id <20221202145652.263cb...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #995961, regarding libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 995961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libapache2-mpm-itk Version: 2.4.7-04-1+b1 Severity: important Dear Maintainer, After installing the 2.4.51-1~deb11u1 security update the error log starts to get flilled with lines like: [core:notice] [pid 3115298] AH00052: child pid 3133160 exit signal Segmentation fault (11) Downgrading back to 2.4.48-3.1 made the errors disappear again. Disabling mpm_itk on 2.4.51-1~deb11u1 also stops the errors. The issue normally does not prevent pages from being loaded and they are still assigned the correct uid/gid. The problematic part lies in that it seems to cause issues with properly closing the connections. This lead to mod_qos limits being hit in my case, but I suspect it may also lead to hitting worker or thread pool limits in other cases. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/24 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mpm-itk depends on: ii apache2-bin [apache2-api-20120211] 2.4.48-3.1 ii libc6 2.31-13 ii libcap2 1:2.44-1 libapache2-mpm-itk recommends no packages. libapache2-mpm-itk suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Control: -1 fixed 2.4.52-1~deb11u2--- End Message ---
Bug#986537: marked as done (apache2: Reinstall fails due to missing conf files)
Your message dated Fri, 2 Dec 2022 14:53:19 +0100 with message-id <20221202145319.0185b...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #986537, regarding apache2: Reinstall fails due to missing conf files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 986537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.46-4 Severity: important X-Debbugs-Cc: patrickjrdunf...@gmail.com Description: If apache2 is uninstalled and then reinstalled, the reinstallation will fail if the user has removed conf files in /etc/apache2 directory. The script does not copy these files for reinstallation in the same way as it does for first time installation. Therefore it is nearly impossible for a user to perform a clean reinstallation of apache2 using the package installer. Steps to reproduce: apt install apache2 apt remove apache2 cd /etc/apache2 rm -rf * apt install apache2 The installation fails when apache2.service is unable to start due to missing apache2.conf file in /etc/apache2. A check of this directory reveals the reinstallation only copied in some of the files that are present in a full installation. -- Package-specific info: -- System Information: Debian Release: bullseye/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.46-4 ii apache2-data 2.4.46-4 ii apache2-utils2.4.46-4 ii dpkg 1.20.7.1 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii mime-support 3.66 ii perl 5.32.1-3 ii procps 2:3.3.17-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.0 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]78.9.0esr-1 ii konqueror [www-browser] 4:20.12.0-4 Versions of packages apache2-bin depends on: ii libapr1 1.7.0-6 ii libaprutil1 1.6.1-5 ii libaprutil1-dbd-sqlite3 1.6.1-5 ii libaprutil1-ldap 1.6.1-5 ii libbrotli1 1.0.9-2+b2 ii libc62.31-11 ii libcrypt11:4.4.17-1 ii libcurl4 7.74.0-1.1 ii libjansson4 2.13.1-1.1 ii libldap-2.4-22.4.57+dfsg-2 ii liblua5.3-0 5.3.3-1.1+b1 ii libnghttp2-141.43.0-1 ii libpcre3 2:8.39-13 ii libssl1.11.1.1k-1 ii libxml2 2.9.10+dfsg-6.3+b1 ii perl 5.32.1-3 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]78.9.0esr-1 ii konqueror [www-browser] 4:20.12.0-4 Versions of packages apache2 is related to: ii apache2 2.4.46-4 ii apache2-bin 2.4.46-4 -- no debconf information --- End Message --- --- Begin Message --- Control: -1 tags wontfix--- End Message ---
Bug#925061: marked as done (apache2: Cannot disabled old TLS Versions (prior to TLS1.2))
Your message dated Fri, 2 Dec 2022 14:48:05 +0100 with message-id <20221202144805.523e3...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #925061, regarding apache2: Cannot disabled old TLS Versions (prior to TLS1.2) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.38-2 Severity: important Dear Maintainer, I wanted to get an A+ rating on ssllabs.com so I tried to disable all SSLProtocols except for TLS1.2 Therefore I edited /etc/apache2/mods-enabled/ssl.conf so that it states "SSLProtocol TLSv1.2", which should disable all SSLProtocols except for TLS1.2, but TLS1.0 und TLS1.1 are still active, as seen with nmap: # nmap --script ssl-enum-ciphers -p 443 127.0.0.1 | grep TLSv | TLSv1.0: | TLSv1.1: | TLSv1.2: On Apache Bugtracker it appears that apache itself does not have that problem but it has something to do with the deb-Package for Debian and Ubuntu: https://bz.apache.org/bugzilla/show_bug.cgi?id=60739 Tried with stretch-stable first, updated to testing because reportbug told me there is a newer version. I would really appreciate it if someone else is able to reproduce this problem and figure out what is going on. Best, Thomas -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 4.9.0-8-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.38-2 ii apache2-data 2.4.38-2 ii apache2-utils 2.4.38-2 ii dpkg 1.18.25 ii lsb-base 10.2019031300 ii mime-support 3.62 ii perl 5.24.1-3+deb9u5 ii procps 2:3.3.12-3+deb9u1 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii w3m [www-browser]0.5.3-34+deb9u1 Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-3+b2 ii libaprutil1-dbd-sqlite3 1.6.1-3+b2 ii libaprutil1-ldap 1.6.1-3+b2 ii libbrotli1 1.0.7-2 ii libc62.28-8 ii libcurl4 7.64.0-1 ii libjansson4 2.12-1 ii libldap-2.4-22.4.47+dfsg-3 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-141.36.0-2 ii libpcre3 2:8.39-12 ii libssl1.11.1.1b-1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii perl 5.24.1-3+deb9u5 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii w3m [www-browser]0.5.3-34+deb9u1 Versions of packages apache2 is related to: ii apache2 2.4.38-2 ii apache2-bin 2.4.38-2 -- Configuration Files: /etc/apache2/mods-available/ssl.conf changed: # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt
Bug#844351: marked as done (apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue)
Your message dated Fri, 2 Dec 2022 14:40:23 +0100 with message-id <20221202144023.4d9b4...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #844351, regarding apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.10-10+deb8u7 Severity: important Tags: upstream Dear Maintainer, * What led up to the situation? a backend with correct 100 continue support and a web client which expects 100-continue * What exactly did you do (or not do) that was effective (or ineffective)? Reverse Proxy a backend. * What was the outcome of this action? Premature 100-continue response from apache, before backend responds. * What outcome did you expect instead? No 100-continue unless backend responds with 100-continue https://bz.apache.org/bugzilla/show_bug.cgi?id=60330 As a reverse proxy, a 100 continue response is sent prematurely when a request contains expects: 100-continue. This causes the requesting client to send a body. The apache httpd proxy will then read the body and attempt to send it to the backend, but the backend already sent an error and should be allowed to NOT read the remaining request body, which never should have existed. When the backend does not read the request body mod_proxy_http errors and returns a 500 error to the client. The client never receives the correct error message. -- Package-specific info: -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-45-generic (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.10-10+deb8u7 ii apache2-data 2.4.10-10+deb8u7 ii apache2-utils 2.4.10-10+deb8u7 ii dpkg 1.17.27 ii lsb-base 4.1+Debian13+nmu1 ii mime-support 3.58 ii perl 5.20.2-3+deb8u6 ii procps 2:3.3.9-9 Versions of packages apache2 recommends: ii ssl-cert 1.0.35 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.5.1-3 ii libaprutil1 1.5.4-1 ii libaprutil1-dbd-sqlite3 1.5.4-1 ii libaprutil1-ldap 1.5.4-1 ii libc62.19-18+deb8u6 ii libldap-2.4-22.4.40+dfsg-1+deb8u2 ii liblua5.1-0 5.1.5-7.1 ii libpcre3 2:8.35-3.3+deb8u4 ii libssl1.0.0 1.0.1t-1+deb8u3 ii libxml2 2.9.1+dfsg1-5+deb8u3 ii perl 5.20.2-3+deb8u6 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.10-10+deb8u7 ii apache2-bin 2.4.10-10+deb8u7 -- no debconf information --- End Message --- --- Begin Message --- Control: -1 fixed 2.4.40--- End Message ---
Bug#807120: marked as done (Deprecate mod_rpaf, transition to mod_remoteip)
Your message dated Fri, 2 Dec 2022 14:33:06 +0100 with message-id <20221202143306.10f59...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #807120, regarding Deprecate mod_rpaf, transition to mod_remoteip to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 807120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Severity: important mod_rpaf module has dead upstream (there are alternative at https://github.com/gnif/mod_rpaf/) and has a good candidate for replacement in the core modules: http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html Probably, we must coordinate transition from mod_rpaf to mod_remoteip and then remove mod_rpaf. Default rpaf.conf could be replaced with: RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 In general, this mapping should work: RPAFheader <-> RemoteIPHeader RPAFproxy_ips <-> RemoteIPTrustedProxy To get CLF-type logs with proper client addresses we should use %a instead of %h. Could we alter the default common log format entry? --- End Message --- --- Begin Message --- Control: tag -1 fixed-upstream mod_rpaf is in a separate package and current apache2 packages contain mod_remoteip. The bug in the logformat hostname has been fixed upstream. Therefore this bug is considered fixed.--- End Message ---