Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Sun, 05 May 2024 19:17:41 + with message-id and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb11u1 has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1~deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:08:04 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb11u1) bullseye-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Drop 2.4.56-regression patches * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Install NOTICE files * Update test framework * Refresh patches Checksums-Sha1: b0c553ee2f9076ab255d36f6f77a4155e8f5180d 3539 apache2_2.4.59-1~deb11u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 8d3d9c0ec949faa3683bc395b0955584347323a6 895172 apache2_2.4.59-1~deb11u1.debian.tar.xz 651b4de4722fb3cf7331e0df7147738b7015bf89 3308712 apache2-bin-dbgsym_2.4.59-1~deb11u1_amd64.deb 46176b8ad83ca0e991d575f498d67871b2c2e1d6 1447660 apache2-bin_2.4.59-1~deb11u1_amd64.deb 2cd7eef5039ed029710efc9edb1c8b8d3822381b 160212 apache2-data_2.4.59-1~deb11u1_all.deb 7ae879f3f9fd07d0b0faff14e40af9d955e11a3d 374820 apache2-dev_2.4.59-1~deb11u1_amd64
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Sun, 05 May 2024 18:47:10 + with message-id and subject line Bug#1068412: fixed in apache2 2.4.59-1~deb12u1 has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1~deb12u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 16:02:26 +0400 Source: apache2 Binary: apache2 apache2-bin apache2-bin-dbgsym apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-custom-dbgsym apache2-suexec-pristine apache2-suexec-pristine-dbgsym apache2-utils apache2-utils-dbgsym libapache2-mod-md libapache2-mod-proxy-uwsgi Architecture: source amd64 all Version: 2.4.59-1~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) libapache2-mod-md - transitional package libapache2-mod-proxy-uwsgi - transitional package Closes: 1068412 Changes: apache2 (2.4.59-1~deb12u1) bookworm-security; urgency=medium . * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * New upstream version 2.4.59 (Closes: #1068412 CVE-2024-27316 CVE-2024-24795 CVE-2023-38709) * Refresh patches * Update test framework Checksums-Sha1: 0ff1bbe49e7266429e3ea5f8df651776b961902e 3520 apache2_2.4.59-1~deb12u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 59cd2b140a3e313345acb675f4792a63ecad7403 820804 apache2_2.4.59-1~deb12u1.debian.tar.xz d854f4e07f350cf3b067caf1ed78edbde3c76031 3734744 apache2-bin-dbgsym_2.4.59-1~deb12u1_amd64.deb f6a264c3f91353e88233eaec66f997d86be150ad 1379912 apache2-bin_2.4.59-1~deb12u1_amd64.deb 16d3d3d8aa25fea0c7755efc8b9685e70cc70b21 160264 apache2-data_2.4.59-1~deb12u1_all.deb 5b643339c2a9ec14872873e41772a91f73031c3d 312108 apache2-dev_2.4.59-1~deb12u1_amd64.deb 4ec40752b1f22964802957e6a59187ec7dce83ea 4022328 apache2-doc_2.4.
Processed: affects 1069748
Processing commands for cont...@bugs.debian.org: > affects 1069748 + release.debian.org,security.debian.org Bug #1069748 [apache2] mod_ssl: warning about compilation against OpenSSL 3.0.13 instead of 3.0.11 on bookworm Added indication that 1069748 affects release.debian.org and security.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 1069748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069748 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: dh_apache2: please output reproducible module package pre/post scripts.
Processing control commands: > affects -1 mod-mono Bug #1069907 [apache2-dev] dh_apache2: please output reproducible module package pre/post scripts. Added indication that 1069907 affects mod-mono -- 1069907: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069907 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1068412: marked as done (apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709)
Your message dated Fri, 5 Apr 2024 21:00:46 +0200 with message-id and subject line [ftpmas...@ftp-master.debian.org: Accepted apache2 2.4.59-1 (source) into unstable] has caused the Debian Bug report #1068412, regarding apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2024-27316[0]: https://www.kb.cert.org/vuls/id/421644 https://www.openwall.com/lists/oss-security/2024/04/04/4 CVE-2024-24795[1]: https://www.openwall.com/lists/oss-security/2024/04/04/5 CVE-2023-38709[2]: https://www.openwall.com/lists/oss-security/2024/04/04/3 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27316 https://www.cve.org/CVERecord?id=CVE-2024-27316 [1] https://security-tracker.debian.org/tracker/CVE-2024-24795 https://www.cve.org/CVERecord?id=CVE-2024-24795 [2] https://security-tracker.debian.org/tracker/CVE-2023-38709 https://www.cve.org/CVERecord?id=CVE-2023-38709 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1 - Forwarded message from Debian FTP Masters - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl QuaBcwIAy+0EATBhjaVY7sHtM9SydJNr1f4DBBD9kEB2DKEE9n7/iFxcFfSMd52Y xwJ4fPk1fe1ki7k/qn0VULpzf1iM3JDQE19uXyE29cSW4eJhiWvH1v+NZzzxNo+t NtDhSIEEnUkGZSsYyg2qg5NH3e3PJMadc1nTRY6hVNzGpJlsUrCKnMOZbJsBQM6S cNCY48ux8ziQmJNowvBVbXf6/+SH9h2+CYFRw9GZagaNe1yfErNglbn78KZqJUHw YcXIFc96qeznRJ9zRhPdHGGeqa+nETH1lWBp6eitihkKhDjCF48= =dQDE -END PGP SIGNATURE- - End forwarded message End Message ---
Processed: found 1068412 in 2.4.57-2, found 1068412 in 2.4.56-1~deb11u2
Processing commands for cont...@bugs.debian.org: > found 1068412 2.4.57-2 Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Marked as found in versions apache2/2.4.57-2. > found 1068412 2.4.56-1~deb11u2 Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Marked as found in versions apache2/2.4.56-1~deb11u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1054564: marked as done (apache2: mod_proxy_connect insecure default server-wide AllowCONNECT value)
Your message dated Fri, 05 Apr 2024 04:34:28 + with message-id and subject line Bug#1054564: fixed in apache2 2.4.59-1 has caused the Debian Bug report #1054564, regarding apache2: mod_proxy_connect insecure default server-wide AllowCONNECT value to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1054564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.56-1~deb11u2 Severity: normal X-Debbugs-Cc: raphael.d...@gmail.com Dear Maintainer, # Context For years, one of my SSL vhost (on :443) has been relying mod_proxy_http to (safely) forward some requests to a backend, acting as a reverse-proxy. ``` # Something like ProxyRequests On SSLProxyEngine On RewriteRule ^/.well-known/.*$ "https://gitlab-foobar/%{REQUEST_URI}; [P,L] ``` Recently, I experienced the need to (safely) forward some requests (from another server I own) through this server (because of some network/geoblocking problem). I enabled `mod_proxy_connect` and (safely) configured a forward-proxy on :80 (using `Require valid-user / ip`). ``` # Something like ProxyRequests On Authtype Basic AuthUserFile ... p Require valid-user Require ip ... ``` # Problem While this :80 forward-proxy vhost was secure, I later discovered, that the original (and almost forgotten) vhost had incidentally become an open-proxy (!) The reasons are: - mod_proxy_connect is globally enabled (affects all vhosts) - AllowCONNECT defaults to "443 563" (affects all vhosts) Said otherwise, *any* secure reverse-proxy vhost configuration become de-facto an insecure open forward-proxy vhost as soon as `mod_proxy_connect` is globally enabled. This sounds contrary to best security practices. (and I bet more than one server out there is silently affected by this insecure-by-default configuration) # Proposed solution I suggest to add a server-wide `AllowCONNECT 0` directive inside `/etc/apache2/mods-available/proxy_connect.load` (virtually disabling CONNECT) so that individual vhosts relying on it would have to explicitely set the value at the vhost-level. It would be more logical (scope/side-effects) and avoid holes being punched into existing (and otherwise secure) reverse-proxy vhosts. # Additional notes To cap it all my proxy-enabled vhost was the first one (lexicographically speaking) making it the destination of all the random internet SSL traffic scanners. Google-friendly list of typical log messages that should raise flags: > AH00898: Connect to remote machine blocked returned by... > AH00939: CONNECT: attempt to connect to ...:443 (...) failed > AH10221: proxy: CONNECT: client flushing failed (-102) > AH10221: proxy: CONNECT: origin flushing failed (-102) -- Package-specific info: -- System Information: Debian Release: bullseye Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.2.0-35-generic (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.56-1~deb11u2 ii apache2-data 2.4.56-1~deb11u2 ii apache2-utils2.4.56-1~deb11u2 Versions of packages apache2 recommends: pn ssl-cert Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec Versions of packages apache2 is related to: ii apache2 2.4.56-1~deb11u2 ii apache2-bin 2.4.56-1~deb11u2 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] -- no debconf information -- GPG id: 0xF41572CEBD4218F4 --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1054...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archiv
Bug#1032628: marked as done (please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2)
Your message dated Fri, 05 Apr 2024 04:34:28 + with message-id and subject line Bug#1032628: fixed in apache2 2.4.59-1 has caused the Debian Bug report #1032628, regarding please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libapache2-mod-proxy-uwsgi Version: 2.4.56-1 Severity: normal user: qa.debian@packages.debian.org usertags: transitional Please drop the transitional package libapache2-mod-proxy-uwsgi (from the source package apache2) after the release of bookworm, it has been released with buster and bullseye already... Description: transitional package Package: libapache2-mod-proxy-uwsgi Version: 2.4.38-3+deb10u8 Version: 2.4.54-1~deb11u1 Version: 2.4.56-1 Thanks for maintaining apache2! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Try to imagine a future where paying for your morning coffee involved smashing an iPhone and burning enough fossil fuels to run your entire household for 60 days. That's the environmental cost of the "revolutionary" technology behind Bitcoin in a nutshell. https://twitter.com/smdiehl/status/1350869944888664064 signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.59-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1032...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 08:08:11 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.59-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032628 1054564 Changes: apache2 (2.4.59-1) unstable; urgency=medium . [ Stefan Fritsch ] * Remove old transitional packages libapache2-mod-md and libapache2-mod-proxy-uwsgi. Closes: #1032628 . [ Yadd ] * mod_proxy_connect: disable AllowCONNECT by default (Closes: #1054564) * Refresh patches * New upstream version 2.4.59 * Refresh patches * Update patches * Update test framework Checksums-Sha1: f1cf18103ca23c57beaa2985bbbe4eee1e8dff87 3334 apache2_2.4.59-1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc 3e1cad5ee1fc66d350465c1e81d7e0f88221bc01 820300 apache2_2.4.59-1.debian.tar.xz Checksums-Sha256: 25e6990e65cb685f3172143648806ab0fd263a18cd412155f0d14d7ef9987428 3334 apache2_2.4.59-1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 1e869a5024215a2a9b69603daf1395840774640f7b2701ca4b7971452a0641d1 820300 apache2_2.4.59-1.debian.tar.xz Files: 3f3ee286b583f22ec5cb3efc1f0a5016 3334 httpd optional apache2_2.4.59-1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 4da024370ede9c5a75a0df725be0cdc5 820300 httpd optional apache2_2.4.59-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmYPec8ACgkQ9tdMp8mZ 7umCiw//TB1rIA1czwHsUrdeOIT3HG9qERzBJsmsP8nyg+cIrytiGfhlt2eOmLYO X+Wo19J98VuCmTbJClb6opAfSpvJG2AmNUl/PYAqOBzvDgR+QlEMmVXVgxUp9+Tv 0e0P2H+8U0pO3dE51VIXqYtCLTLQnLaci763ewB0oRlSWuzoVNDDahUS3iJ5e58o btwUQQwq+2F+RBclRhuXca3dOI93UBZDsv56mxR+p2o0vpo+pQRZjHDv8tzT3bOq /PyWusXKPDf9MXYZqwY2TgYx8v/YdDVYqzgr6Tj/VXgXEKC22pudzSv9/J5iGfHh VHmf02Gh+0wNWmxajqK2KlxjMON/Qn6kyoAok9w5vv4HtOXBZimzdq0kDsc8EjJl QuaBcwIAy+0EATBhjaVY7sHtM9SydJNr1f4DBBD9k
Processed: tagging 1068412
Processing commands for cont...@bugs.debian.org: > tags 1068412 + upstream Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Added tag(s) upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: found 1068412 in 2.4.58-1
Processing commands for cont...@bugs.debian.org: > found 1068412 2.4.58-1 Bug #1068412 [src:apache2] apache2: CVE-2024-27316 CVE-2024-24795 CVE-2023-38709 Marked as found in versions apache2/2.4.58-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1068412: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 1032628
Processing commands for cont...@bugs.debian.org: > tags 1032628 + pending Bug #1032628 [libapache2-mod-proxy-uwsgi] please drop transitional package libapache2-mod-proxy-uwsgi from src:apache2 Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1032628: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032628 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1031034: marked as done (apr: Missing LFS support triggers FTBFS on other packages)
Your message dated Tue, 19 Mar 2024 11:28:35 +0100 with message-id and subject line Re: Bug#1031034: apr: Missing LFS support triggers FTBFS on other packages has caused the Debian Bug report #1031034, regarding apr: Missing LFS support triggers FTBFS on other packages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1031034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031034 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apr Tags: ftbfs, hppa, lfs Version: 1.7.2-2 On 32-bit platforms it's necessary to compile programs and libraries with Large File Support (LFS) in order to allow them to function correctly on filesystems with > 2GB or 4GB size. This can be solved by adding "-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" to the CFLAGS variable when compiling. apr is currently missing this LFS support and as such it triggers build-from-source errors in other packages like "subversion" or "devscripts" on such 32-bit platforms. There are various possibilities how to add those two defines, e.g. adding DEB_BUILD_MAINT_OPTIONS = future=+lfs or by manually adding the output of getconf LFS_CFLAGS to the CFLAGS variable. Please note, on 64-bit platforms the return value will be empty which is correct as those flags are not needed on 64-bit arches. Here is one suggested patch for apr from me: diff -up ./debian/rules.org ./debian/rules --- ./debian/rules.org 2023-02-10 16:20:07.911340588 + +++ ./debian/rules 2023-02-10 15:54:17.992511554 + @@ -11,6 +11,9 @@ DEB_HOST_ARCH_OS?= $(shell dpkg-arch DEB_HOST_ARCH_BITS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_BITS) DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +# Enable Large File Support (LFS) if necessary: -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 +CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(shell getconf LFS_CFLAGS) + # The 'build' target needs special handling because there there is a directory # named 'build'. .PHONY: build Please apply this (or another patch) to allow apr to build with LFS support. Thanks, Helge --- End Message --- --- Begin Message --- version: 1.7.2-3.2 Am 20.06.23 um 20:27 schrieb Stefan Fritsch: It seems a large transition will be needed for 64bit time_t, anyway. And glibc enforces _FILE_OFFSET_BITS=64 if _TIME_BITS=64 is set. apr should do both transitions at the same time. It seems there won't be a transition for i386 but the whole point of i386 is running old binaries. https://wiki.debian.org/ReleaseGoals/64bit-time This is fixed now as apr has been rebuilt with 64bit time_t, which implies 64 bit ino_t.--- End Message ---
Bug#1067035: marked as done (apache2-bin: rebuild for the 64-bit time_t migration is uninstallable)
Your message dated Mon, 18 Mar 2024 21:01:39 +0100 with message-id and subject line Re: Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable has caused the Debian Bug report #1067035, regarding apache2-bin: rebuild for the 64-bit time_t migration is uninstallable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1067035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2-bin Version: 2.4.58-1+b2 Severity: serious Justification: uninstallable Dear Maintainer, Attempting to upgrade apache2-bin from rebuild 2.4.58-1+b1 to the rebuild 2.4.58-1+b2 leads to the following error: $ sudo apt upgrade apache2-bin Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: apache2-bin : Depends: libaprutil164 (>= 1.2.7+dfsg) but it is not installable E: Broken packages libaprutil164 (note the missing 't' for "t64") is not available in unstable. The dependency looks typoed and duplicated, as libaprutil1t64 (>= 1.6.0) is also present as needed in the Depends field, Otherwise, have a nice Sunday, :) Étienne. -- Package-specific info: -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.9-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2-bin depends on: ii libapr1t64 [libapr1] 1.7.2-3.2 ii libaprutil1-dbd-sqlite3 1.6.3-1.1+b1 ii libaprutil1-ldap 1.6.3-1.1+b1 ii libaprutil1t64 [libaprutil1] 1.6.3-1.1+b1 ii libbrotli11.1.0-2+b3 ii libc6 2.37-15.1 ii libcrypt1 1:4.4.36-4 ii libcurl4t64 [libcurl4]8.6.0-4 ii libjansson4 2.14-2+b2 ii libldap-2.5-0 2.5.16+dfsg-2 ii liblua5.3-0 5.3.6-2+b2 ii libnghttp2-14 1.59.0-1+b1 ii libpcre2-8-0 10.42-4+b1 ii libssl3t64 [libssl3] 3.1.5-1.1 ii libxml2 2.9.14+dfsg-1.3+b2 ii perl 5.38.2-3.2 ii zlib1g1:1.3.dfsg-3.1 apache2-bin recommends no packages. Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]115.8.0esr-1+b1 ii lynx [www-browser] 2.9.0rel.0-2+b1 ii surf [www-browser] 2.1+git20221016-6+b1 ii w3m [www-browser]0.5.3+git20230121-2+b3 Versions of packages apache2 depends on: ii apache2-data 2.4.58-1 ii apache2-utils2.4.58-1+b1 ii init-system-helpers 1.66 ii media-types 10.1.0 ii perl 5.38.2-3.2 ii procps 2:4.0.4-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]115.8.0esr-1+b1 ii lynx [www-browser] 2.9.0rel.0-2+b1 ii surf [www-browser] 2.1+git20221016-6+b1 ii w3m [www-browser]0.5.3+git20230121-2+b3 Versions of packages apache2-bin is related to: ii apache2 2.4.58-1+b1 ii apache2-bin 2.4.58-1+b1 -- no debconf information -- .''`. Étienne Mollier : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/4, please excuse my verbosity `-on air: Antony Kalugin - Key signature.asc Description: PGP signature --- End Message --- --- Begin Message --- version: 1.6.3-2 Am 17.03.24
Processed: tagging 1067035, tagging 1066821
Processing commands for cont...@bugs.debian.org: > tags 1067035 + pending Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Added tag(s) pending. > tags 1066821 + pending Bug #1066821 {Done: Stefan Fritsch } [src:apr-util] apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/::*$//'`" ./$prog -v Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 1066821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066821 1067035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1066821: marked as done (apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRA
Your message dated Mon, 18 Mar 2024 19:49:13 + with message-id and subject line Bug#1066821: fixed in apr-util 1.6.3-2 has caused the Debian Bug report #1066821, regarding apr-util: FTBFS on arm{el,hf}: /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/::*$//'`" ./$prog -v to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1066821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066821 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apr-util Version: 1.6.3-1.1 Severity: serious Tags: ftbfs Justification: fails to build from source (but built successfully in the past) X-Debbugs-Cc: sramac...@debian.org https://buildd.debian.org/status/fetch.php?pkg=apr-util=armhf=1.6.3-1.1=1709086833=0 testldap: SUCCESS testdbd : SUCCESS testdate: SUCCESS testmemcache: Error 111 occurred attempting to reach memcached on localhost:11211. Skipping apr_memcache tests... SUCCESS testredis : Error 111 occurred attempting to reach Redis on localhost:6379. Skipping apr_redis tests... SUCCESS testxml : SUCCESS testxlate : SUCCESS testrmm : SUCCESS testdbm : BDB1565 DB->put: method not permitted before handle's open method /bin/bash: line 3: 3132384 Segmentation fault LD_LIBRARY_PATH="`echo "../crypto/.libs:../dbm/.libs:../dbd/.libs:../ldap/.libs:$LD_LIBRARY_PATH" | sed -e 's/::*$//'`" ./$prog -v Programs failed: testall make[2]: *** [Makefile:60: check] Error 139 Cheers -- Sebastian Ramacher --- End Message --- --- Begin Message --- Source: apr-util Source-Version: 1.6.3-2 Done: Stefan Fritsch We believe that the bug you reported is fixed in the latest version of apr-util, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1066...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated apr-util package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 18 Mar 2024 20:21:56 +0100 Source: apr-util Architecture: source Version: 1.6.3-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Stefan Fritsch Closes: 1066821 Changes: apr-util (1.6.3-2) unstable; urgency=medium . * Incorporate NMU. Thanks to all the 64-bit time_t transition people. * Bump libapr1-dev Build-Dep to 1.7.2-3.2. Hopefully closes: #1066821 * Add more 64-bit time_t patches from Simon McVittie. Thanks. Closes: #1066821 Checksums-Sha1: e54da49c48a25eaa47c11c1649122dde4996948d 2790 apr-util_1.6.3-2.dsc 0a3ba0d15d92ea2a6b4743fa84bcdfcbb9dfb0ac 341028 apr-util_1.6.3-2.debian.tar.xz 8e751c5f1abc1d5eeb09c253c51e5eca51d74d0d 8920 apr-util_1.6.3-2_source.buildinfo Checksums-Sha256: ec0980c33c48706d28ee3894c543f2f2fe4a6e0f4b7b233f6448205934b2079f 2790 apr-util_1.6.3-2.dsc 5dd4abc7e74af270900b953523ee50ebc44bb794fba64a08111f3c1ac9942fb4 341028 apr-util_1.6.3-2.debian.tar.xz 0060c54212516ee4f898e3dceff0c339586f6a10f645866b91e28f732a9f1914 8920 apr-util_1.6.3-2_source.buildinfo Files: 2bd4a9312509ac42206b46bbbc4d60ff 2790 libs optional apr-util_1.6.3-2.dsc 132c383916b36665b64db1820a859540 341028 libs optional apr-util_1.6.3-2.debian.tar.xz ef4a4a49dd973d32bcce3d1e9f688cbd 8920 libs optional apr-util_1.6.3-2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAmX4lSIACgkQxodfNUHO /eBDZA//Qc15ucwrvI0uXk3SqY/sywk0Jac/wGxx5nUrnM1gYoU1jK1JIsJ5ade3 DqwzxVrOZs/Q5/OT/B2thDmW07WFvWyud2LZeGMipc0ztBRzkB6mRPH5uonLR1/y ACTUuDfPdfiDxdNx5i943FRNe4Yiqk121LMdFzrRfFkbtb9ZlGjZdvBbPjN8U1Bf 9rEfRA8UCnemGMyczI2TJY2lOWix6rbBspHAqCoCxOMazLRRdH8QPYbCCfmBal6K 3yP/ZHA/utVENUOU3QfmmqNHY0/Kkekqr7SIJVjAeFJRQUDoABp0k4FkyxZuHA5H g9iYM71txAsrZ6Cup+ez6WJlbYRcswOGeB23BhCAjlyGza8deLkd8KeFFa2h1fh0 alYIf4WHOtal5dGNPx6LPvK4uWaTUSqqwG7WeoCZA5U43pDPj9P6G6nzzNaX+NPg 7eF4JzZ0w9/8sD9eB4GxoE22sLvgBFeswc7GRG1iOLmZuRPd6csFjsGRPqVwI+o5 Da6W7uNjlcjDIR4t4BA77j3n4
Processed: Re: Bug#1067035: apache2-bin: rebuild for the 64-bit time_t migration is uninstallable
Processing control commands: > reassign -1 libaprutil1t64 Bug #1067035 [apache2-bin] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Bug reassigned from package 'apache2-bin' to 'libaprutil1t64'. No longer marked as found in versions apache2/2.4.58-1. Ignoring request to alter fixed versions of bug #1067035 to the same values previously set > found -1 1.6.3-1.1 Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Marked as found in versions apr-util/1.6.3-1.1. > affects -1 + apache2-bin Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Added indication that 1067035 affects apache2-bin > tags -1 + patch Bug #1067035 [libaprutil1t64] apache2-bin: rebuild for the 64-bit time_t migration is uninstallable Added tag(s) patch. -- 1067035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067035 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign 1067031 to src:apache2
Processing commands for cont...@bugs.debian.org: > reassign 1067031 src:apache2 Bug #1067031 [src:apache2-bin] apache2-bin: Probably wrong dependency. Warning: Unknown package 'src:apache2-bin' Bug reassigned from package 'src:apache2-bin' to 'src:apache2'. No longer marked as found in versions apache2-bin/2.4.58-1. Ignoring request to alter fixed versions of bug #1067031 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 1067031: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067031 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1064950: marked as done (apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds.)
Your message dated Wed, 13 Mar 2024 22:29:55 +0100 with message-id and subject line Re: AW: AW: Bug#1064950: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds. has caused the Debian Bug report #1064950, regarding apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds. to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1064950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064950 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Subject: apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds. Source: apache2 X-Debbugs-Cc: christof.warl...@siemens.com Version: 2.4.57-2 Severity: serious Justification: fails to build from source (but built successfully in the past) Tags: patch ftbfs Dear Maintainer, (re)building apache2 as binNMU (i.e. with appending "+b to the package version") works, but installation of the resulting apache2 package fails due to the following dependency in debian/control: Depends: apache2-data (= ${source:Version}), It causes apt-get to look for the dependency "apache2-data" (= 2.4.57-2) which does not exist in the newly built packages. Instead, the dependency should be satisfied by "apache2-data (= 2.4.57-2+b)". The folliwing patch fixes the issue: diff --git a/debian/control b/debian/control index 2eddc60..31121fa 100644 --- a/debian/control +++ b/debian/control @@ -34,7 +34,7 @@ Rules-Requires-Root: binary-targets Package: apache2 Architecture: any Depends: apache2-bin (= ${binary:Version}), - apache2-data (= ${source:Version}), + apache2-data (= ${binary:Version}), apache2-utils (= ${binary:Version}), lsb-base, media-types, Please consider applying the patch. Best regards, Christof Warlich P.S.: Note that the information below, being produced by "reportbug", is irrelevant as I executed "reportbug" on WSL2 on Windows 10. The actual Debian version is "bookworm". -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Kernel: Linux 5.10.102.1-microsoft-standard-WSL2+ (SMP w/16 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On 2024-03-04 12:33:39 +, Warlich, Christof wrote: > Sebastian Ramacher wrote: > > Christof Warlich wrote: > > > If this assumption is true, then why is the Debian build system (i.e. > > > dpkg-buildpackage) not smart enough to simply ignore an existing +bX > > > extension for Architecture: all binary packages? IMHO, this would > > > simplify matters, as it would have avoided the pitfall that I stumbled > > > into altogether. > > > > binNMUs are handled a layer above. sbuild will pass the correct options to > > dpkg-buildpackage to build binNMUs. If you are interested in having binNMU > > builds for your own infrastructure, you'll probably need to take a look at > > the sbuild source to see how it is implemented. > > Ok, so I'd better start using sbuild instead. Again, thanks for the valuable > info and your time. Closing this bug. Cheers -- Sebastian Ramacher--- End Message ---
Processed: Bug#1064950 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1064950 [src:apache2] apache2: (Legacy?) "Depends: apache2-data (= ${source:Version})," in debian/control breaks binNMU builds. Added tag(s) pending. -- 1064950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064950 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1061893: marked as done (apr-util: NMU diff for 64-bit time_t transition)
Your message dated Wed, 28 Feb 2024 02:05:20 + with message-id and subject line Bug#1061893: fixed in apr-util 1.6.3-1.1 has caused the Debian Bug report #1061893, regarding apr-util: NMU diff for 64-bit time_t transition to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1061893: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061893 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apr-util Version: 1.6.3-1 Severity: serious Tags: patch pending Justification: library ABI skew on upgrade User: debian-...@lists.debian.org Usertags: time-t Dear maintainer, As part of the 64-bit time_t transition required to support 32-bit architectures in 2038 and beyond (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified apr-util as a source package shipping runtime libraries whose ABI either is affected by the change in size of time_t, or could not be analyzed via abi-compliance-checker (and therefore to be on the safe side we assume is affected). To ensure that inconsistent combinations of libraries with their reverse-dependencies are never installed together, it is necessary to have a library transition, which is most easily done by renaming the runtime library package. Since turning on 64-bit time_t is being handled centrally through a change to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is important that libraries affected by this ABI change all be uploaded close together in time. Therefore I have prepared a 0-day NMU for apr-util which will initially be uploaded to experimental if possible, then to unstable after packages have cleared binary NEW. Please find the patch for this NMU attached. If you have any concerns about this patch, please reach out ASAP. Although this package will be uploaded to experimental immediately, there will be a period of several days before we begin uploads to unstable; so if information becomes available that your package should not be included in the transition, there is time for us to amend the planned uploads. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru apr-util-1.6.3/debian/changelog apr-util-1.6.3/debian/changelog --- apr-util-1.6.3/debian/changelog 2023-02-03 20:15:18.0 + +++ apr-util-1.6.3/debian/changelog 2024-01-30 00:55:31.0 + @@ -1,3 +1,10 @@ +apr-util (1.6.3-1.1) experimental; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. + + -- Steve Langasek Tue, 30 Jan 2024 00:55:31 + + apr-util (1.6.3-1) unstable; urgency=medium [ Stefan Fritsch ] diff -Nru apr-util-1.6.3/debian/control apr-util-1.6.3/debian/control --- apr-util-1.6.3/debian/control 2023-02-02 22:42:28.0 + +++ apr-util-1.6.3/debian/control 2024-01-30 00:55:31.0 + @@ -22,7 +22,10 @@ Vcs-Git: https://salsa.debian.org/apache-team/apr-util.git Homepage: https://apr.apache.org/ -Package: libaprutil1 +Package: libaprutil1t64 +Provides: ${t64:Provides} +Replaces: libaprutil1 +Breaks: libaprutil1 (<< ${source:Version}) Architecture: any Multi-Arch: same Depends: ${shlibs:Depends}, diff -Nru apr-util-1.6.3/debian/libaprutil1.docs apr-util-1.6.3/debian/libaprutil1.docs --- apr-util-1.6.3/debian/libaprutil1.docs 2023-02-01 21:35:51.0 + +++ apr-util-1.6.3/debian/libaprutil1.docs 1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -NOTICE diff -Nru apr-util-1.6.3/debian/libaprutil1.install apr-util-1.6.3/debian/libaprutil1.install --- apr-util-1.6.3/debian/libaprutil1.install 2023-02-01 21:35:51.0 + +++ apr-util-1.6.3/debian/libaprutil1.install 1970-01-01 00:00:00.0 + @@ -1,3 +0,0 @@ -usr/lib/*/libaprutil-1.so.* -usr/lib/*/apr-util-1/apr_dbm*.so* -usr/lib/*/apr-util-1/apr_crypt*.so* diff -Nru apr-util-1.6.3/debian/libaprutil1.lintian-overrides apr-util-1.6.3/debian/libaprutil1.lintian-overrides --- apr-util-1.6.3/debian/libaprutil1.lintian-overrides 2023-02-01 21:35:51.0 + +++ apr-util-1.6.3/debian/libaprutil1.lintian-overrides 1970-01-01 00:00:00.0 + @@ -1,2 +0,0 @@ -libaprutil1: symbols-declares-dependency-on-other-package -libaprutil1: packag
Bug#1061894: marked as done (apr: NMU diff for 64-bit time_t transition)
Your message dated Wed, 28 Feb 2024 02:05:09 + with message-id and subject line Bug#1061894: fixed in apr 1.7.2-3.1 has caused the Debian Bug report #1061894, regarding apr: NMU diff for 64-bit time_t transition to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1061894: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061894 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apr Version: 1.7.2-3 Severity: serious Tags: patch pending Justification: library ABI skew on upgrade User: debian-...@lists.debian.org Usertags: time-t Dear maintainer, As part of the 64-bit time_t transition required to support 32-bit architectures in 2038 and beyond (https://wiki.debian.org/ReleaseGoals/64bit-time), we have identified apr as a source package shipping runtime libraries whose ABI either is affected by the change in size of time_t, or could not be analyzed via abi-compliance-checker (and therefore to be on the safe side we assume is affected). To ensure that inconsistent combinations of libraries with their reverse-dependencies are never installed together, it is necessary to have a library transition, which is most easily done by renaming the runtime library package. Since turning on 64-bit time_t is being handled centrally through a change to the default dpkg-buildflags (https://bugs.debian.org/1037136), it is important that libraries affected by this ABI change all be uploaded close together in time. Therefore I have prepared a 0-day NMU for apr which will initially be uploaded to experimental if possible, then to unstable after packages have cleared binary NEW. Please find the patch for this NMU attached. If you have any concerns about this patch, please reach out ASAP. Although this package will be uploaded to experimental immediately, there will be a period of several days before we begin uploads to unstable; so if information becomes available that your package should not be included in the transition, there is time for us to amend the planned uploads. -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-14-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) diff -Nru apr-1.7.2/debian/changelog apr-1.7.2/debian/changelog --- apr-1.7.2/debian/changelog 2023-02-26 20:51:24.0 + +++ apr-1.7.2/debian/changelog 2024-01-30 00:57:09.0 + @@ -1,3 +1,10 @@ +apr (1.7.2-3.1) experimental; urgency=medium + + * Non-maintainer upload. + * Rename libraries for 64-bit time_t transition. + + -- Steve Langasek Tue, 30 Jan 2024 00:57:09 + + apr (1.7.2-3) unstable; urgency=medium * Add more fixes for atomics from upstream, in particular for diff -Nru apr-1.7.2/debian/control apr-1.7.2/debian/control --- apr-1.7.2/debian/control2023-02-03 16:18:13.0 + +++ apr-1.7.2/debian/control2024-01-30 00:57:09.0 + @@ -19,7 +19,10 @@ Homepage: https://apr.apache.org/ Rules-Requires-Root: no -Package: libapr1 +Package: libapr1t64 +Provides: ${t64:Provides} +Replaces: libapr1 +Breaks: libapr1 (<< ${source:Version}) Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} diff -Nru apr-1.7.2/debian/libapr1.docs apr-1.7.2/debian/libapr1.docs --- apr-1.7.2/debian/libapr1.docs 2023-02-02 21:18:42.0 + +++ apr-1.7.2/debian/libapr1.docs 1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -NOTICE diff -Nru apr-1.7.2/debian/libapr1.install apr-1.7.2/debian/libapr1.install --- apr-1.7.2/debian/libapr1.install2023-02-02 21:18:42.0 + +++ apr-1.7.2/debian/libapr1.install1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -usr/lib/*/libapr-1.so.* diff -Nru apr-1.7.2/debian/libapr1.lintian-overrides apr-1.7.2/debian/libapr1.lintian-overrides --- apr-1.7.2/debian/libapr1.lintian-overrides 2023-02-02 21:18:42.0 + +++ apr-1.7.2/debian/libapr1.lintian-overrides 1970-01-01 00:00:00.0 + @@ -1 +0,0 @@ -libapr1: package-name-doesnt-match-sonames libapr-1-0 diff -Nru apr-1.7.2/debian/libapr1.symbols apr-1.7.2/debian/libapr1.symbols --- apr-1.7.2/debian/libapr1.symbols2023-02-02 21:18:42.0 + +++ apr-1.7.2/debian/libapr1.symbols1970-01-01 00:00:00.0 + @@ -1,2 +0,0 @@ -here for the purpose of tr
Processed: tagging 1061866, tagging 1061872, tagging 1061873, tagging 1061874, tagging 1061875, tagging 1061878 ...
Processing commands for cont...@bugs.debian.org: > tags 1061866 + sid trixie Bug #1061866 [src:adns] adns: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061872 + sid trixie Bug #1061872 [src:adolc] adolc: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061873 + sid trixie Bug #1061873 [src:afflib] afflib: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061874 + sid trixie Bug #1061874 [src:colpack] colpack: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061875 + sid trixie Bug #1061875 [src:afterstep] afterstep: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061878 + sid trixie Bug #1061878 [src:agg] agg: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061881 + sid trixie Bug #1061881 [src:akonadi-search] akonadi-search: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061883 + sid trixie Bug #1061883 [src:alberta] alberta: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061889 + sid trixie Bug #1061889 [src:angelscript] angelscript: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061890 + sid trixie Bug #1061890 [src:anthy] anthy: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061891 + sid trixie Bug #1061891 [src:apbs] apbs: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061892 + sid trixie Bug #1061892 [src:apophenia] apophenia: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061893 + sid trixie Bug #1061893 [src:apr-util] apr-util: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061894 + sid trixie Bug #1061894 [src:apr] apr: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061897 + sid trixie Bug #1061897 [src:aribb24] aribb24: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061900 + sid trixie Bug #1061900 [src:comedilib] comedilib: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061901 + sid trixie Bug #1061901 [src:compiz] compiz: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061903 + sid trixie Bug #1061903 [src:coolkey] coolkey: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061905 + sid trixie Bug #1061905 [src:cpp-hocon] cpp-hocon: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061908 + sid trixie Bug #1061908 [src:cppdb] cppdb: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061909 + sid trixie Bug #1061909 [src:croaring] croaring: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061911 + sid trixie Bug #1061911 [src:csmith] csmith: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061913 + sid trixie Bug #1061913 [src:ctpl] ctpl: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061914 + sid trixie Bug #1061914 [src:cuneiform] cuneiform: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061915 + sid trixie Bug #1061915 [src:cups-filters] cups-filters: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061921 + sid trixie Bug #1061921 [src:asl] asl: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061922 + sid trixie Bug #1061922 [src:astrometry.net] astrometry.net: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061928 + sid trixie Bug #1061928 [src:avro-c] avro-c: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061929 + sid trixie Bug #1061929 [src:bamf] bamf: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061932 + sid trixie Bug #1061932 [src:blitz++] blitz++: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061934 + sid trixie Bug #1061934 [src:boinc] boinc: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061943 + sid trixie Bug #1061943 [src:forge] forge: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061945 + sid trixie Bug #1061945 [src:fpgatools] fpgatools: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061953 + sid trixie Bug #1061953 [src:freewnn] freewnn: NMU diff for 64-bit time_t transition Added tag(s) sid and trixie. > tags 1061954 + sid trixie Bug #1061954 [src:frog] frog: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061955 + sid trixie Bug #1061955 [src:fsplib] fsplib: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061957 + sid trixie Bug #1061957 [src:funtools] funtools: NMU diff for 64-bit time_t transition Added tag(s) trixie and sid. > tags 1061961 + sid trixie Bug #1061961 {Done: Bas Couwenberg } [src:fyba] fyba: NMU diff for 64-bit
Processed: found 1057126 2.4.58-1
Processing commands for cont...@bugs.debian.org: > found 1057126 2.4.58-1 Bug #1057126 [apache2] "AH03490: scoreboard is full" after nightly maintenance Marked as found in versions apache2/2.4.58-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1057126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057126 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1054564 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1054564 [apache2] apache2: mod_proxy_connect insecure default server-wide AllowCONNECT value Added tag(s) pending. -- 1054564: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054564 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1050870: marked as done (apache2: Provide dh-sequence-apache2)
Your message dated Thu, 19 Oct 2023 11:19:30 + with message-id and subject line Bug#1050870: fixed in apache2 2.4.58-1 has caused the Debian Bug report #1050870, regarding apache2: Provide dh-sequence-apache2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1050870: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050870 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.57-2 Severity: normal Tags: patch Dear Maintainer, The apache2-dev package should provide dh-sequence-apache2 to automatically enable the sequence instead of using dh --with apache2. The attached patch adds dh-sequence-apache2 to the Provides of apache2-dev. Kind Regards, Bas diff -Nru apache2-2.4.57/debian/changelog apache2-2.4.57/debian/changelog --- apache2-2.4.57/debian/changelog 2023-04-13 05:26:51.0 +0200 +++ apache2-2.4.57/debian/changelog 2023-08-30 17:37:55.0 +0200 @@ -1,3 +1,10 @@ +apache2 (2.4.57-2.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Provide dh-sequence-apache2. + + -- Bas Couwenberg Wed, 30 Aug 2023 17:37:55 +0200 + apache2 (2.4.57-2) unstable; urgency=medium * Revert debian/* changes (Bookworm freeze) diff -Nru apache2-2.4.57/debian/control apache2-2.4.57/debian/control --- apache2-2.4.57/debian/control 2023-04-13 05:14:09.0 +0200 +++ apache2-2.4.57/debian/control 2023-08-30 17:37:22.0 +0200 @@ -157,7 +157,8 @@ openssl, ${misc:Depends}, ${perl:Depends} -Provides: dh-apache2 +Provides: dh-apache2, + dh-sequence-apache2 Description: Apache HTTP Server (development headers) The Apache HTTP Server Project's goal is to build a secure, efficient and extensible HTTP server as standards-compliant open source software. The --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.58-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1050...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 19 Oct 2023 14:56:29 +0400 Source: apache2 Architecture: source Version: 2.4.58-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1050870 Changes: apache2 (2.4.58-1) unstable; urgency=medium . [ Bas Couwenberg ] * Provide dh-sequence-apache2 (Closes: #1050870) . [ Yadd ] * Drop dependency to obsolete lsb-base * New upstream version 2.4.58 (Closes: CVE-2023-31122, CVE-2023-43622, CVE-2023-45802) * Refresh patches Checksums-Sha1: d4bf1fd9119ed0e22e4ce4c47f09c5834a9ae117 3488 apache2_2.4.58-1.dsc cd04721a2d9abfc634c895853cd555ac659b81e8 9825177 apache2_2.4.58.orig.tar.gz ca97b8482b73b024c9a245fb41eead6ef76eb4d3 874 apache2_2.4.58.orig.tar.gz.asc 079551983cbb0dcbab42a059d32d219af50f457b 899684 apache2_2.4.58-1.debian.tar.xz Checksums-Sha256: 8c4fdaef8f9635001ee410654e103b25d659fbd9d8f7d803e36efe73d5262d04 3488 apache2_2.4.58-1.dsc 503a7da4a4a27fd496037998b17078dc9fe004db32c657c96cce8356b8aa2eb6 9825177 apache2_2.4.58.orig.tar.gz a6fe3398476f57233f623a083cc6dcc4ee12b1677e18bc592b4450ecb2d450d8 874 apache2_2.4.58.orig.tar.gz.asc 66b41a6dbd1fe2e21817b48f54201b2595d0b2142abe43893d624780c44bec1d 899684 apache2_2.4.58-1.debian.tar.xz Files: 3221aa89040599a3cc8f971415125b01 3488 httpd optional apache2_2.4.58-1.dsc 2b9283d78fe42070d1385508fb31fbe5 9825177 httpd optional apache2_2.4.58.orig.tar.gz 96fe65789a4b6893dd80005a038816c9 874 httpd optional apache2_2.4.58.orig.tar.gz.asc 25f036eafbfdc0750c4136d89d209479 899684 httpd optional apache2_2.4.58-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmUxDKcACgkQ9tdMp8mZ 7un1Lg//VrMIlBfOQlRT7FngYvFjIv76RGJbDUyCeW1gGLNUNAjCigAtxvaWMHJE ufTCVibQuSN0a1gi0AI5/jXJtL3AClY3x/xYKA24xhY3AnxlTKhc+3eZ5T36xZNl gkwFmHU5Xlh0G6ESKZCf60vuxY+rkqFMRcX9/A4lGaJh1hREWbPvCrMoXpjeMaNe
Processed: Bug#1050870 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1050870 [src:apache2] apache2: Provide dh-sequence-apache2 Added tag(s) pending. -- 1050870: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050870 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#837346: marked as done (apache2: FTBFS on kfreebsd-i386: i586-kfreebsd-gnu-ar: command not found)
Your message dated Sat, 7 Oct 2023 17:13:41 +0300 with message-id and subject line kFreeBSD has been removed from Debian ports has caused the Debian Bug report #837346, regarding apache2: FTBFS on kfreebsd-i386: i586-kfreebsd-gnu-ar: command not found to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 837346: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837346 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.23-4 Severity: important Hi, apache2 FTBFS on on kfreebsd-i386: https://buildd.debian.org/status/fetch.php?pkg=apache2=kfreebsd-i386=2.4.23-4=1471042791 make[4]: Entering directory '/«PKGBUILDDIR»/os/unix' /usr/share/apr-1.0/build/libtool --no-silent --mode=compile i586-kfreebsd-gnu-gcc -pthread -pipe -g -O2 -fdebug-prefix-map=/«PKGBUILDDIR»=. -fstack-protector-strong -Wformat -Werror=format-security-D_REENTRANT -D_GNU_SOURCE -DPLATFORM='"Debian"' -DBUILD_DATETIME='"2016-08-12T19:44:31"' -Wdate-time -D_FORTIFY_SOURCE=2 -I. -I/«PKGBUILDDIR»/os/unix -I/«PKGBUILDDIR»/include -I/usr/include/apr-1.0 -I/usr/include -I/«PKGBUILDDIR»/modules/aaa -I/«PKGBUILDDIR»/modules/cache -I/«PKGBUILDDIR»/modules/core -I/«PKGBUILDDIR»/modules/database -I/«PKGBUILDDIR»/modules/filters -I/«PKGBUILDDIR»/modules/ldap -I/«PKGBUILDDIR»/server -I/«PKGBUILDDIR»/modules/loggers -I/«PKGBUILDDIR»/modules/lua -I/«PKGBUILDDIR»/modules/proxy -I/«PKGBUILDDIR»/modules/session -I/«PKGBUILDDIR»/modules/ssl -I/«PKGBUILDDIR»/modules/test -I/«PKGBUILDDIR»/server -I/«PKGBUILDDIR»/modules/arch/unix -I/«PKGBUILDDIR»/modules/dav/main -I/«PKGBUILDDIR»/modules/generators -I/«PKGBUILD DIR»/modules/mappers -fPIE -prefer-non-pic -static -c unixd.c && touch unixd.lo libtool: compile: i586-kfreebsd-gnu-gcc -pthread -pipe -g -O2 -fdebug-prefix-map=/«PKGBUILDDIR»=. -fstack-protector-strong -Wformat -Werror=format-security -D_REENTRANT -D_GNU_SOURCE -DPLATFORM=\"Debian\" -DBUILD_DATETIME=\"2016-08-12T19:44:31\" -Wdate-time -D_FORTIFY_SOURCE=2 -I. -I/«PKGBUILDDIR»/os/unix -I/«PKGBUILDDIR»/include -I/usr/include/apr-1.0 -I/usr/include -I/«PKGBUILDDIR»/modules/aaa -I/«PKGBUILDDIR»/modules/cache -I/«PKGBUILDDIR»/modules/core -I/«PKGBUILDDIR»/modules/database -I/«PKGBUILDDIR»/modules/filters -I/«PKGBUILDDIR»/modules/ldap -I/«PKGBUILDDIR»/server -I/«PKGBUILDDIR»/modules/loggers -I/«PKGBUILDDIR»/modules/lua -I/«PKGBUILDDIR»/modules/proxy -I/«PKGBUILDDIR»/modules/session -I/«PKGBUILDDIR»/modules/ssl -I/«PKGBUILDDIR»/modules/test -I/«PKGBUILDDIR»/server -I/«PKGBUILDDIR»/modules/arch/unix -I/«PKGBUILDDIR»/modules/dav/main -I/«PKGBUILDDIR»/modules/generators -I/«PKGBUILDDIR»/modules/mappers -c unixd.c -fPIE -o unixd.o /usr/share/apr-1.0/build/libtool --no-silent --mode=link i586-kfreebsd-gnu-gcc -pthread -pipe -g -O2 -fdebug-prefix-map=/«PKGBUILDDIR»=. -fstack-protector-strong -Wformat -Werror=format-security -pie -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -o libos.la -static unixd.lo libtool: link: i586-kfreebsd-gnu-ar cru .libs/libos.a unixd.o /usr/share/apr-1.0/build/libtool: line 1088: i586-kfreebsd-gnu-ar: command not found /«PKGBUILDDIR»/build/library.mk:22: recipe for target 'libos.la' failed make[4]: *** [libos.la] Error 127 Andreas --- End Message --- --- Begin Message --- kFreeBSD has been removed from Debian ports: https://lists.debian.org/debian-bsd/2023/07/msg3.html cu Adrian--- End Message ---
Bug#1050458: marked as done (apache2: given is deprecated at /usr/sbin/a2enmod)
Your message dated Tue, 29 Aug 2023 08:49:17 + with message-id and subject line Bug#1050458: fixed in apache2 2.4.57-3 has caused the Debian Bug report #1050458, regarding apache2: given is deprecated at /usr/sbin/a2enmod to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1050458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.57-2 Severity: important Tags: trixie sid User: debian-p...@lists.debian.org Usertags: perl-5.38-transition autopkgtest Control: affects -1 munin Installing this package spews warnings with Perl 5.38 (currently in experimental) because a2enmod uses the deprecated 'given' and 'when' Perl keywords. Setting up apache2 (2.4.57-2) ... given is deprecated at /usr/sbin/a2enmod line 577. when is deprecated at /usr/sbin/a2enmod line 578. when is deprecated at /usr/sbin/a2enmod line 586. Enabling module mpm_event. given is deprecated at /usr/sbin/a2enmod line 577. when is deprecated at /usr/sbin/a2enmod line 578. when is deprecated at /usr/sbin/a2enmod line 586. [...] This breaks at least the munin autopkgtest checks as seen at https://ci.debian.net/data/autopkgtest/unstable/amd64/m/munin/37098324/log.gz 429s master-cgi-systemd FAIL stderr: given is deprecated at /usr/sbin/a2enmod line 577. so filing at 'important' (but feel free to adjust.) -- Niko Tyni nt...@debian.org --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.57-3 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1050...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 29 Aug 2023 11:39:32 +0400 Source: apache2 Architecture: source Version: 2.4.57-3 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1050458 Changes: apache2 (2.4.57-3) unstable; urgency=medium . * Update a2enmod to drop given/when (Closes: #1050458) * Restore changes not included in Bookworm (set -e in apache2ctl) Checksums-Sha1: 4ea609f43f6f10666e86b418b280785e3befb7f3 3488 apache2_2.4.57-3.dsc 98e5d527ad782c7d85967fd84bfec99315d1eaac 899784 apache2_2.4.57-3.debian.tar.xz Checksums-Sha256: 409ea748712decab935ff9d0d4b86d8d6ca168a127b31ad683c93381012fd990 3488 apache2_2.4.57-3.dsc 7018c02fa3c2d7bbc8a095460fd7e0095ce153c73830c9fdabb5ed62fc466bde 899784 apache2_2.4.57-3.debian.tar.xz Files: b898e9e1d332776e57497e41c6fe8eec 3488 httpd optional apache2_2.4.57-3.dsc cf90fac50bae2ce4f3aef890467f2264 899784 httpd optional apache2_2.4.57-3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmTtoZgACgkQ9tdMp8mZ 7ulfDw//fTQQ25XFv07BVK20X00mhxo+lwyf+QZtrptS0za9/BF+X/l2Tp4KWYS9 MUd7ZZJfZnLV1SldqI6YaZOQCNIR91qm9yDQbzNq06OK0oUhI5gSbwVcoinehC4j JVeJvwim7FG0Yh9idMFklNERrKn8PyJ5sZ9j5FsobUeMYNJ/HO/9mek2LqluPUxI LBGg7ltag+D7YV5PbIA24tI6BGryjGyvlD5Ug4jk3KVqmV4dTgZU3qBHfj4kmUts NumPk6jSVMHvnANL4IbczouUYuqNIUBNUTAvEcORngcqQK0+mjRONzFY7wdvhyCh oa50KUWAy66RmgwqpgCA6ZrDyw1AclaaY0VRPoMvHdoKGRTVHQMsdngTvz95oF7e UVtpNTKlPXAarZnoy2LsKE0i3PH4XSLop6FrcQdC7I09ZkpFpYGEovLi08/Ug5RF 8uGbrsYtKiGenXN4sWi6vZZF6588skUZO5JcJwpaJKr4Mc31IY9LQhIXSy/KUf/6 IIgrp5jGlLuObIJBxrIVWrkLUriYLlrTDMrO4JbkFvYSjWZjkstHx9qh4k2LliKI V++TsKzmJzbe6tcRZtp/rBgO6GXUzU+AVDJpzC/1EzSXO3JvqpoZDhhXDt+0JeG1 hcjLppxIwAminmwSL2LaJX06YtoKadlJGt4UdhOCJ7UV9EJpqtI= =Onyl -END PGP SIGNATURE End Message ---
Processed: Bug#1050458 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1050458 [apache2] apache2: given is deprecated at /usr/sbin/a2enmod Added tag(s) pending. -- 1050458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: apache2: given is deprecated at /usr/sbin/a2enmod
Processing control commands: > affects -1 munin Bug #1050458 [apache2] apache2: given is deprecated at /usr/sbin/a2enmod Added indication that 1050458 affects munin -- 1050458: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050458 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#967010: marked as done (apache2: last debian 10.4 , last apache avail from repo hangs on install (and start phase))
Your message dated Sat, 29 Jul 2023 13:45:57 +0200 with message-id <498b57b77752be9de201b362bb64fdf3f641d296.ca...@debian.org> and subject line Re: apache2: last debian 10.4 , last apache avail from repo hangs on install (and start phase) has caused the Debian Bug report #967010, regarding apache2: last debian 10.4 , last apache avail from repo hangs on install (and start phase) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 967010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.38-3+deb10u3 Severity: grave Justification: renders package unusable Dear Maintainer, * What led up to the situation? package installing * What exactly did you do (or not do) that was effective (or ineffective)? apt-get install apache2 * What was the outcome of this action? packages did not start * What outcome did you expect instead? packages will start ok I have fresh debian 10 install, OS after full upgrade with: `apt-get upgrade` and `apt-get dist-upgrade` I want to install apache2 packages, it hang on install (on post-install phase when apache starts): (*my findings why is below) apt-get install apache2 Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libbrotli1 libjansson4 liblua5.2-0 Suggested packages: apache2-doc apache2-suexec-pristine | apache2-suexec-custom The following NEW packages will be installed: apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libbrotli1 libjansson4 liblua5.2-0 0 upgraded, 11 newly installed, 0 to remove and 1 not upgraded. Need to get 0 B/2,606 kB of archives. After this operation, 8,885 kB of additional disk space will be used. Do you want to continue? [Y/n] y Selecting previously unselected package libapr1:amd64. (Reading database ... 85650 files and directories currently installed.) Preparing to unpack .../00-libapr1_1.6.5-1+b1_amd64.deb ... Unpacking libapr1:amd64 (1.6.5-1+b1) ... Selecting previously unselected package libaprutil1:amd64. Preparing to unpack .../01-libaprutil1_1.6.1-4_amd64.deb ... Unpacking libaprutil1:amd64 (1.6.1-4) ... Selecting previously unselected package libaprutil1-dbd-sqlite3:amd64. Preparing to unpack .../02-libaprutil1-dbd-sqlite3_1.6.1-4_amd64.deb ... Unpacking libaprutil1-dbd-sqlite3:amd64 (1.6.1-4) ... Selecting previously unselected package libaprutil1-ldap:amd64. Preparing to unpack .../03-libaprutil1-ldap_1.6.1-4_amd64.deb ... Unpacking libaprutil1-ldap:amd64 (1.6.1-4) ... Selecting previously unselected package libbrotli1:amd64. Preparing to unpack .../04-libbrotli1_1.0.7-2_amd64.deb ... Unpacking libbrotli1:amd64 (1.0.7-2) ... Selecting previously unselected package libjansson4:amd64. Preparing to unpack .../05-libjansson4_2.12-1_amd64.deb ... Unpacking libjansson4:amd64 (2.12-1) ... Selecting previously unselected package liblua5.2-0:amd64. Preparing to unpack .../06-liblua5.2-0_5.2.4-1.1+b2_amd64.deb ... Unpacking liblua5.2-0:amd64 (5.2.4-1.1+b2) ... Selecting previously unselected package apache2-bin. Preparing to unpack .../07-apache2-bin_2.4.38-3+deb10u3_amd64.deb ... Unpacking apache2-bin (2.4.38-3+deb10u3) ... Selecting previously unselected package apache2-data. Preparing to unpack .../08-apache2-data_2.4.38-3+deb10u3_all.deb ... Unpacking apache2-data (2.4.38-3+deb10u3) ... Selecting previously unselected package apache2-utils. Preparing to unpack .../09-apache2-utils_2.4.38-3+deb10u3_amd64.deb ... Unpacking apache2-utils (2.4.38-3+deb10u3) ... Selecting previously unselected package apache2. Preparing to unpack .../10-apache2_2.4.38-3+deb10u3_amd64.deb ... Unpacking apache2 (2.4.38-3+deb10u3) ... Setting up libbrotli1:amd64 (1.0.7-2) ... Setting up libapr1:amd64 (1.6.5-1+b1) ... Setting up libjansson4:amd64 (2.12-1) ... Setting up liblua5.2-0:amd64 (5.2.4-1.1+b2) ... Setting up apache2-data (2.4.38-3+deb10u3) ... Setting up libaprutil1:amd64 (1.6.1-4) ... Setting up libaprutil1-ldap:amd64 (1.6.1-4) ... Setting up libaprutil1-dbd-sqlite3:amd64 (1.6.1-4) ... Setting up apache2-utils (2.4.38-3+deb10u3) ... Setting up apache2-bin (2.4.38-3+deb10u3) ... Setting up apache2 (2.4.38-3+deb10u3) ... Enabling module mpm_event. Enabling module authz_core. Enabling module authz_host. Enabling module authn_core. Enabling module auth_basic. Enabling
Processed: reassign 650741 to gnome-session-flashback, reassign 714631 to gnome-session-flashback ...
0: seg fault or similar nasty error detected in the parent process Warning: Unknown package 'apache2-mpm-event' Bug reassigned from package 'apache2-mpm-event' to 'src:apache2'. No longer marked as found in versions apache2/2.4.10-10+deb8u10. Ignoring request to alter fixed versions of bug #872036 to the same values previously set Bug #872036 [src:apache2] AH00060: seg fault or similar nasty error detected in the parent process Marked as found in versions apache2/2.4.10-10+deb8u10. > thanks Stopping processing here. Please contact me if you need assistance. -- 318432: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318432 455191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=455191 620276: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620276 622235: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622235 649310: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649310 650741: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650741 654545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654545 654717: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654717 655583: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655583 714631: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714631 717035: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717035 751847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751847 751855: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751855 754147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754147 777595: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777595 779986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779986 782101: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782101 797653: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797653 798940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798940 805966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805966 808071: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808071 820550: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820550 823158: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823158 872036: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872036 963586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963586 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033408: marked as done (apache2: Segmentation fault + 503 on frontpage on 2.4.56-1)
Your message dated Sat, 08 Apr 2023 16:17:08 + with message-id and subject line Bug#1033408: fixed in apache2 2.4.56-1~deb11u2 has caused the Debian Bug report #1033408, regarding apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.56-1~deb11u1 Severity: important X-Debbugs-Cc: t...@security.debian.org Unattended-upgrades applied this new version on 22 march @ 6AM. Had Segmentation faults since then, 503 for customers on websites. Since we reverted back to 2.4.54, we've no more issues. Couldn't make any sense of coredump but can provide one if necessary. -- Package-specific info: -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-18-amd64 (SMP w/32 CPU threads) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.56-1~deb11u1 ii apache2-data 2.4.56-1~deb11u1 ii apache2-utils2.4.56-1~deb11u1 ii dpkg 1.20.12 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii mime-support 3.66 ii perl 5.32.1-4+deb11u2 ii procps 2:3.3.17-5 Versions of packages apache2 recommends: ii ssl-cert 1.1.0+nmu1 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 Versions of packages apache2-bin depends on: ii libapr1 1.7.0-6+deb11u2 ii libaprutil1 1.6.1-5+deb11u1 ii libaprutil1-dbd-sqlite3 1.6.1-5+deb11u1 ii libaprutil1-ldap 1.6.1-5+deb11u1 ii libbrotli1 1.0.9-2+b2 ii libc62.31-13+deb11u5 ii libcrypt11:4.4.18-4 ii libcurl4 7.74.0-1.3+deb11u7 ii libjansson4 2.13.1-1.1 ii libldap-2.4-22.4.57+dfsg-3+deb11u1 ii liblua5.3-0 5.3.3-1.1+b1 ii libnghttp2-141.43.0-1 ii libpcre3 2:8.44-2+0~20210301.9+debian11~1.gbpa278ad ii libssl1.11.1.1n-0+deb11u4 ii libxml2 2.9.14+dfsg-0+0~20220524.12+debian11~1.gbpc5dc45 ii perl 5.32.1-4+deb11u2 ii zlib1g 1:1.2.11.dfsg-2+deb11u2 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 Versions of packages apache2 is related to: ii apache2 2.4.56-1~deb11u1 ii apache2-bin 2.4.56-1~deb11u1 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] /etc/apache2/mods-available/mpm_event.conf changed [not included] /etc/apache2/ports.conf changed [not included] /etc/apache2/sites-available/000-default.conf changed [not included] -- no debconf information --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-1~deb11u2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 07:06:01 +0400 Source: apache2 Architecture: source Version: 2.4.56-1~deb11u2 Distribution: bullseye Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1018718 1033284 1033408 Changes: apache2 (2.4.56-1~deb11u2) bullseye; urgency=medium . [ Hendrik Jäger ] * Don't
Bug#1033284: marked as done (apache2 2.4.56-1 redirects not normal working appeared %3f)
Your message dated Sat, 08 Apr 2023 16:17:08 + with message-id and subject line Bug#1033284: fixed in apache2 2.4.56-1~deb11u2 has caused the Debian Bug report #1033284, regarding apache2 2.4.56-1 redirects not normal working appeared %3f to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.56-1 Hello. I used to redirect RewriteRule ^test\.php$https://www.test.com/? [R=301,L] Result test.com/test.php 301 >https://www.test.com/ After upgrading to the 2.4.56-1 Result test.com/test.php 301 >https://www.test.com/%3f What is the problem can you fix it? --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-1~deb11u2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 07:06:01 +0400 Source: apache2 Architecture: source Version: 2.4.56-1~deb11u2 Distribution: bullseye Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1018718 1033284 1033408 Changes: apache2 (2.4.56-1~deb11u2) bullseye; urgency=medium . [ Hendrik Jäger ] * Don't automatically enable apache2-doc.conf (Closes: #1018718) . [ Yadd ] * Fix regression in mod_rewrite introduced in version 2.4.56 (Closes: #1033284) * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408) Checksums-Sha1: 89d02fe86e3ebc78ff891696d693cf3a14dc33f6 3539 apache2_2.4.56-1~deb11u2.dsc 29ea0a273a403079320c83888e14b45e5c65c80d 895464 apache2_2.4.56-1~deb11u2.debian.tar.xz Checksums-Sha256: b8ac3c048efb9ef96a2a4ab1975b89d202d8d9b0f3683e752df721537dc50cc9 3539 apache2_2.4.56-1~deb11u2.dsc 0be84882d86464d4882334f0939411bbec335b64b7062d372e3e898e9033cc0b 895464 apache2_2.4.56-1~deb11u2.debian.tar.xz Files: 79911bbab259494333aa95609c9eabbd 3539 httpd optional apache2_2.4.56-1~deb11u2.dsc 64fbb75abf882e7de027b5d6abe67c83 895464 httpd optional apache2_2.4.56-1~deb11u2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmQw2sYACgkQ9tdMp8mZ 7umUuA//a+g5qa6XkJPfTu78dUMFKqoDbxx06ap586Ai4Iy3WOs38BeA7vViNYGb 92XmZDAiDj+2f2To3mLH4eqNELGkhHDBhF+ikxwc1CtVlDHdlqGMiEL3/HEl8GyL bvosCZTk/8Gg/hMIfAIGBN6XGeyqo2OIibTeNKtU4VD3evxSA7O8e7aTHLWgGeU3 cJwcMtuhtI2ju8PzOl94otqjydmkSIbegdce+OUh2Ytp072nSePHppIrDgWCt8Oq JjcrUl+TYXZMY/leLxF3sk/Lp2kjegQuaoMTTUeTtxPbqlLqhi2dUp0yAobhriHR Zgdg+iPoDxB3hVh2qD831nQNM2GvDyD2JMoRWd7FV5+48R+e++P+mWLvIwB/OSFj RMBUx+jY8Zz9VzmPjpDLe4eTh7KXbg8/7e/Z3HqaF2741RpdRnOdQbK3Zb5jsb7c MNVLz2ke1LTZ3igfJc13/WuRzjd+Wh1rOx63CU/vRdZMzhQhcBu4DdDXHtTTa8cf UKBeoI3XYrBBu6oC1QUBGTQQTwe0Ki8uZ/ZfEjElJ6fGfNmD69OZ4irjhjfOskBd MC3oNmqAgdy/jlNnuniAkof8/XlZO6hmcRha6G0MPMOMAKMnRvZxwx6OjBYs6+9a GZNLAGZ74E3RkzS8kiPmNc1bubDms/Tq3OiNih7yYsBiMuLSEOc= =NyVi -END PGP SIGNATURE End Message ---
Bug#1018718: marked as done (apache2-doc: despite having been disabled, apache2-doc.conf gets rather silently re-enabled automatically)
Your message dated Sat, 08 Apr 2023 16:17:08 + with message-id and subject line Bug#1018718: fixed in apache2 2.4.56-1~deb11u2 has caused the Debian Bug report #1018718, regarding apache2-doc: despite having been disabled, apache2-doc.conf gets rather silently re-enabled automatically to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1018718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018718 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2-doc Version: 2.4.54-1~deb11u1 Severity: important Hey. Unfortunately #977014 has been ignored so far, but no I just noted that even when one explicitly disabled apache2-doc.conf via a2disconf, it still gets rather silently re-enabled on upgrading the package, which is IMO quite unfortunate. Please fix at least that, or even better #977014, in which case this bug here would become obsolete. Thanks :-) Chris. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-1~deb11u2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1018...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 07:06:01 +0400 Source: apache2 Architecture: source Version: 2.4.56-1~deb11u2 Distribution: bullseye Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1018718 1033284 1033408 Changes: apache2 (2.4.56-1~deb11u2) bullseye; urgency=medium . [ Hendrik Jäger ] * Don't automatically enable apache2-doc.conf (Closes: #1018718) . [ Yadd ] * Fix regression in mod_rewrite introduced in version 2.4.56 (Closes: #1033284) * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408) Checksums-Sha1: 89d02fe86e3ebc78ff891696d693cf3a14dc33f6 3539 apache2_2.4.56-1~deb11u2.dsc 29ea0a273a403079320c83888e14b45e5c65c80d 895464 apache2_2.4.56-1~deb11u2.debian.tar.xz Checksums-Sha256: b8ac3c048efb9ef96a2a4ab1975b89d202d8d9b0f3683e752df721537dc50cc9 3539 apache2_2.4.56-1~deb11u2.dsc 0be84882d86464d4882334f0939411bbec335b64b7062d372e3e898e9033cc0b 895464 apache2_2.4.56-1~deb11u2.debian.tar.xz Files: 79911bbab259494333aa95609c9eabbd 3539 httpd optional apache2_2.4.56-1~deb11u2.dsc 64fbb75abf882e7de027b5d6abe67c83 895464 httpd optional apache2_2.4.56-1~deb11u2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmQw2sYACgkQ9tdMp8mZ 7umUuA//a+g5qa6XkJPfTu78dUMFKqoDbxx06ap586Ai4Iy3WOs38BeA7vViNYGb 92XmZDAiDj+2f2To3mLH4eqNELGkhHDBhF+ikxwc1CtVlDHdlqGMiEL3/HEl8GyL bvosCZTk/8Gg/hMIfAIGBN6XGeyqo2OIibTeNKtU4VD3evxSA7O8e7aTHLWgGeU3 cJwcMtuhtI2ju8PzOl94otqjydmkSIbegdce+OUh2Ytp072nSePHppIrDgWCt8Oq JjcrUl+TYXZMY/leLxF3sk/Lp2kjegQuaoMTTUeTtxPbqlLqhi2dUp0yAobhriHR Zgdg+iPoDxB3hVh2qD831nQNM2GvDyD2JMoRWd7FV5+48R+e++P+mWLvIwB/OSFj RMBUx+jY8Zz9VzmPjpDLe4eTh7KXbg8/7e/Z3HqaF2741RpdRnOdQbK3Zb5jsb7c MNVLz2ke1LTZ3igfJc13/WuRzjd+Wh1rOx63CU/vRdZMzhQhcBu4DdDXHtTTa8cf UKBeoI3XYrBBu6oC1QUBGTQQTwe0Ki8uZ/ZfEjElJ6fGfNmD69OZ4irjhjfOskBd MC3oNmqAgdy/jlNnuniAkof8/XlZO6hmcRha6G0MPMOMAKMnRvZxwx6OjBYs6+9a GZNLAGZ74E3RkzS8kiPmNc1bubDms/Tq3OiNih7yYsBiMuLSEOc= =NyVi -END PGP SIGNATURE End Message ---
Processed: closing 977014
Processing commands for cont...@bugs.debian.org: > close 977014 Bug #977014 [apache2-doc] apache2-doc: please do not enable apache2-doc site (or even better: remove it at all) Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 977014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977014 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fixed 977014 in 2.4.54-3
Processing commands for cont...@bugs.debian.org: > fixed 977014 2.4.54-3 Bug #977014 [apache2-doc] apache2-doc: please do not enable apache2-doc site (or even better: remove it at all) Marked as fixed in versions apache2/2.4.54-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 977014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977014 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1033408: marked as done (apache2: Segmentation fault + 503 on frontpage on 2.4.56-1)
Your message dated Sun, 02 Apr 2023 03:19:14 + with message-id and subject line Bug#1033408: fixed in apache2 2.4.56-2 has caused the Debian Bug report #1033408, regarding apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.56-1~deb11u1 Severity: important X-Debbugs-Cc: t...@security.debian.org Unattended-upgrades applied this new version on 22 march @ 6AM. Had Segmentation faults since then, 503 for customers on websites. Since we reverted back to 2.4.54, we've no more issues. Couldn't make any sense of coredump but can provide one if necessary. -- Package-specific info: -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-18-amd64 (SMP w/32 CPU threads) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.56-1~deb11u1 ii apache2-data 2.4.56-1~deb11u1 ii apache2-utils2.4.56-1~deb11u1 ii dpkg 1.20.12 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii mime-support 3.66 ii perl 5.32.1-4+deb11u2 ii procps 2:3.3.17-5 Versions of packages apache2 recommends: ii ssl-cert 1.1.0+nmu1 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 Versions of packages apache2-bin depends on: ii libapr1 1.7.0-6+deb11u2 ii libaprutil1 1.6.1-5+deb11u1 ii libaprutil1-dbd-sqlite3 1.6.1-5+deb11u1 ii libaprutil1-ldap 1.6.1-5+deb11u1 ii libbrotli1 1.0.9-2+b2 ii libc62.31-13+deb11u5 ii libcrypt11:4.4.18-4 ii libcurl4 7.74.0-1.3+deb11u7 ii libjansson4 2.13.1-1.1 ii libldap-2.4-22.4.57+dfsg-3+deb11u1 ii liblua5.3-0 5.3.3-1.1+b1 ii libnghttp2-141.43.0-1 ii libpcre3 2:8.44-2+0~20210301.9+debian11~1.gbpa278ad ii libssl1.11.1.1n-0+deb11u4 ii libxml2 2.9.14+dfsg-0+0~20220524.12+debian11~1.gbpc5dc45 ii perl 5.32.1-4+deb11u2 ii zlib1g 1:1.2.11.dfsg-2+deb11u2 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii lynx [www-browser] 2.9.0dev.6-3~deb11u1 Versions of packages apache2 is related to: ii apache2 2.4.56-1~deb11u1 ii apache2-bin 2.4.56-1~deb11u1 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] /etc/apache2/mods-available/mpm_event.conf changed [not included] /etc/apache2/ports.conf changed [not included] /etc/apache2/sites-available/000-default.conf changed [not included] -- no debconf information --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 06:54:25 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.56-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1033284 1033408 Changes: apache2 (2.4.56-2) unstable; urgency=medium . * Fix regression in mod_rewrite introduced in version
Bug#1033284: marked as done (apache2 2.4.56-1 redirects not normal working appeared %3f)
Your message dated Sun, 02 Apr 2023 03:19:14 + with message-id and subject line Bug#1033284: fixed in apache2 2.4.56-2 has caused the Debian Bug report #1033284, regarding apache2 2.4.56-1 redirects not normal working appeared %3f to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.56-1 Hello. I used to redirect RewriteRule ^test\.php$https://www.test.com/? [R=301,L] Result test.com/test.php 301 >https://www.test.com/ After upgrading to the 2.4.56-1 Result test.com/test.php 301 >https://www.test.com/%3f What is the problem can you fix it? --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 02 Apr 2023 06:54:25 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.56-2 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1033284 1033408 Changes: apache2 (2.4.56-2) unstable; urgency=medium . * Fix regression in mod_rewrite introduced in version 2.4.56 (Closes: #1033284) * Fix regression in http2 introduced by 2.4.56 (Closes: #1033408) Checksums-Sha1: 4a286e72a3b69731def0c4af16aec5dd0bb21d7c 3488 apache2_2.4.56-2.dsc cb1a7fc896f4622212958781c8d5d7dfb82114be 900304 apache2_2.4.56-2.debian.tar.xz Checksums-Sha256: a9203bc8c91ff3ae1a1e8e52ce257d53e6f22d2d1a5304681aeaa34a78409229 3488 apache2_2.4.56-2.dsc 1d37e426e6158f41b1c6e3bc4d50709dc0d717dc7bf0ee2b0b47cbeac059b295 900304 apache2_2.4.56-2.debian.tar.xz Files: 3bcd284597557bf631e8e5e7da4d9da1 3488 httpd optional apache2_2.4.56-2.dsc 009e795899f02e5b5ae40b688c84149f 900304 httpd optional apache2_2.4.56-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmQo798ACgkQ9tdMp8mZ 7umWgQ/+L7o0kYgLVjsXEhQjF4NfVw5cQ/NLntlBGp6LAAfpZKPrlcFroWwOI+A8 9XugZiONV4Oru50M6YTRd9cUNzhvODh2/+Mddv32vuBaPuBJknQTUUhE16FOwXbJ gQXY/VLR74O/xQPd5/xFUzRpnVUoW9nyM1PQxK/B7zVbrMpfKItjAEi/IWAoivH0 0kagVp9O18kcki2PxAjQMlE3rwt2hfH6S5doSsqCjc66jId0JD1EpSpgSUXfsrpU 2vGKKJBPGPmWmUZBT41JlIt4H7FS9GEnItM6zv7YhNV8xUi62lAl/uhGg/VgzP1c L8h9s+KCxp2QW7qKMDG4bf7LqwXp5CeMA8QmkyeV1QWUYbL9iv0w26PticDtlucE BMqpDSX1yHzSEef2GFdzlbSh580CgPeoqWiuHFhms7Op7wOrHkoghdvI725zsr2b a9MBh2rd5eZG2TAWodORN2q4RE5xwrGdX9U9VXs24IOwuVsSKSPWdLNPQ636Uqm2 LsKVZyBjgc0FV/0bI/qILCy4/8pee1KvfTJNONe2ZZ9Z2su3cALAjOcG98BJnFsi ubrPL8XScirmTS3RRNPAraoWLaN9chQ8Z/nrzcHU02w3TkgmiQb/q8xz1fUvdwxV P6UhL58wO1qW3qwJjF9dZ8WobpY6ib6s7flA17ghBjJdDe76EKw= =e/Zc -END PGP SIGNATURE End Message ---
Processed: Bug#1033408 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1033408 [apache2] apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 Added tag(s) pending. -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1018718 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1018718 [apache2-doc] apache2-doc: despite having been disabled, apache2-doc.conf gets rather silently re-enabled automatically Added tag(s) pending. -- 1018718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018718 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1033284 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1033284 [apache2] apache2 2.4.56-1 redirects not normal working appeared %3f Ignoring request to alter tags of bug #1033284 to the same tags previously set -- 1033284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1033284 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1033284 [apache2] apache2 2.4.56-1 redirects not normal working appeared %3f Ignoring request to alter tags of bug #1033284 to the same tags previously set -- 1033284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1033284 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1033284 [apache2] apache2 2.4.56-1 redirects not normal working appeared %3f Added tag(s) pending. -- 1033284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: severity of 1033408 is serious
Processing commands for cont...@bugs.debian.org: > severity 1033408 serious Bug #1033408 [apache2] apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 Severity set to 'serious' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: affects 1033284
Processing commands for cont...@bugs.debian.org: > affects 1033284 + security.debian.org,release.debian.org Bug #1033284 [apache2] apache2 2.4.56-1 redirects not normal working appeared %3f Added indication that 1033284 affects security.debian.org and release.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 1033284: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: found 1033408 in 2.4.56-1
Processing commands for cont...@bugs.debian.org: > found 1033408 2.4.56-1 Bug #1033408 [apache2] apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 Marked as found in versions apache2/2.4.56-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: bug 1033408 is forwarded to https://bz.apache.org/bugzilla/show_bug.cgi?id=66539
Processing commands for cont...@bugs.debian.org: > forwarded 1033408 https://bz.apache.org/bugzilla/show_bug.cgi?id=66539 Bug #1033408 [apache2] apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 Set Bug forwarded-to-address to 'https://bz.apache.org/bugzilla/show_bug.cgi?id=66539'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: affects 1033408
Processing commands for cont...@bugs.debian.org: > affects 1033408 + security.debian.org,release.debian.org Bug #1033408 [apache2] apache2: Segmentation fault + 503 on frontpage on 2.4.56-1 Added indication that 1033408 affects security.debian.org and release.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 1033408: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032476: marked as done (apache2: CVE-2023-25690 CVE-2023-27522)
Your message dated Thu, 23 Mar 2023 16:02:08 + with message-id and subject line Bug#1032476: fixed in apache2 2.4.56-1~deb11u1 has caused the Debian Bug report #1032476, regarding apache2: CVE-2023-25690 CVE-2023-27522 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.55-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for apache2. CVE-2023-25690[0]: | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 | through 2.4.55 allow a HTTP Request Smuggling attack. Configurations | are affected when mod_proxy is enabled along with some form of | RewriteRule or ProxyPassMatch in which a non-specific pattern matches | some portion of the user-supplied request-target (URL) data and is | then re-inserted into the proxied request-target using variable | substitution. For example, something like: RewriteEngine on | RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1;; [P] | ProxyPassReverse /here/ http://example.com:8080/ Request | splitting/smuggling could result in bypass of access controls in the | proxy server, proxying unintended URLs to existing origin servers, and | cache poisoning. Users are recommended to update to at least version | 2.4.56 of Apache HTTP Server. CVE-2023-27522[1]: | HTTP Response Smuggling vulnerability in Apache HTTP Server via | mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 | through 2.4.55. Special characters in the origin response header can | truncate/split the response forwarded to the client. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25690 https://www.cve.org/CVERecord?id=CVE-2023-25690 [1] https://security-tracker.debian.org/tracker/CVE-2023-27522 https://www.cve.org/CVERecord?id=CVE-2023-27522 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-1~deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1032...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 Mar 2023 07:05:04 +0400 Source: apache2 Architecture: source Version: 2.4.56-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032476 Changes: apache2 (2.4.56-1~deb11u1) bullseye-security; urgency=medium . * New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690) Checksums-Sha1: fa79c57c23aa3b9e8b4dfa4ba78564f1780fb513 3539 apache2_2.4.56-1~deb11u1.dsc 9789aaa2eae1bea4a538b960b25f27e6d20398df 9769650 apache2_2.4.56.orig.tar.gz 45d0c75499398e06ef3be013611c30a7f5e05deb 833 apache2_2.4.56.orig.tar.gz.asc 0e663e42c1785559e0a0126833f4f194b7213ae7 894512 apache2_2.4.56-1~deb11u1.debian.tar.xz Checksums-Sha256: 751eea360cd53cc4186c64a621390f9f4fd721d366cc809ff110109bb14a8f1d 3539 apache2_2.4.56-1~deb11u1.dsc db0d4c76007b231fd3ab41b580548dc798ae3844bb7c3d5ce1e4174ca2364698 9769650 apache2_2.4.56.orig.tar.gz b53aaa7b05c6888a9cacbbeb100790772f8a8b042f0f308f4aeee60a21e8e44c 833 apache2_2.4.56.orig.tar.gz.asc 37fda9dab3acfe683ff88aa472372eafb1c651a31f03dac5882d13c94bb93e32 894512 apache2_2.4.56-1~deb11u1.debian.tar.xz Files: bf739573df7d3724a410864fe9223c49 3539 httpd optional apache2_2.4.56-1~deb11u1.dsc f3791f1a6a17291dacfd8c7efea4a79f 9769650 httpd optional apache2_2.4.56.orig.tar.gz e4bd6ccc0f685465a02006d8c183e3ed 833 httpd optional apache2_2.4.56.orig.tar.gz.asc 077b17fca0897f07268f9f70b007adae 894512 httpd optiona
Processed: Re: apache2-doc: despite having been disabled, apache2-doc.conf gets rather silently re-enabled automatically
Processing control commands: > severity -1 serious Bug #1018718 [apache2-doc] apache2-doc: despite having been disabled, apache2-doc.conf gets rather silently re-enabled automatically Severity set to 'serious' from 'important' -- 1018718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018718 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032476: marked as done (apache2: CVE-2023-25690 CVE-2023-27522)
Your message dated Wed, 08 Mar 2023 03:19:22 + with message-id and subject line Bug#1032476: fixed in apache2 2.4.56-1 has caused the Debian Bug report #1032476, regarding apache2: CVE-2023-25690 CVE-2023-27522 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.55-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Hi, The following vulnerabilities were published for apache2. CVE-2023-25690[0]: | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 | through 2.4.55 allow a HTTP Request Smuggling attack. Configurations | are affected when mod_proxy is enabled along with some form of | RewriteRule or ProxyPassMatch in which a non-specific pattern matches | some portion of the user-supplied request-target (URL) data and is | then re-inserted into the proxied request-target using variable | substitution. For example, something like: RewriteEngine on | RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1;; [P] | ProxyPassReverse /here/ http://example.com:8080/ Request | splitting/smuggling could result in bypass of access controls in the | proxy server, proxying unintended URLs to existing origin servers, and | cache poisoning. Users are recommended to update to at least version | 2.4.56 of Apache HTTP Server. CVE-2023-27522[1]: | HTTP Response Smuggling vulnerability in Apache HTTP Server via | mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 | through 2.4.55. Special characters in the origin response header can | truncate/split the response forwarded to the client. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25690 https://www.cve.org/CVERecord?id=CVE-2023-25690 [1] https://security-tracker.debian.org/tracker/CVE-2023-27522 https://www.cve.org/CVERecord?id=CVE-2023-27522 Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.56-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1032...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 Mar 2023 06:44:05 +0400 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.56-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1032476 Changes: apache2 (2.4.56-1) unstable; urgency=medium . * New upstream version (Closes: #1032476, CVE-2023-27522, CVE-2023-25690) Checksums-Sha1: 58eb00c009fd93b0985da5ab956de026dbb466e3 3488 apache2_2.4.56-1.dsc 9789aaa2eae1bea4a538b960b25f27e6d20398df 9769650 apache2_2.4.56.orig.tar.gz 45d0c75499398e06ef3be013611c30a7f5e05deb 833 apache2_2.4.56.orig.tar.gz.asc d8856bb27ad6485fb9a61f780944d75e683a0cc4 899848 apache2_2.4.56-1.debian.tar.xz Checksums-Sha256: 7d201ab7d4f0047d03bf254c28b5aef12f9b8722bf1741ba9d4ac4ae903dd53a 3488 apache2_2.4.56-1.dsc db0d4c76007b231fd3ab41b580548dc798ae3844bb7c3d5ce1e4174ca2364698 9769650 apache2_2.4.56.orig.tar.gz b53aaa7b05c6888a9cacbbeb100790772f8a8b042f0f308f4aeee60a21e8e44c 833 apache2_2.4.56.orig.tar.gz.asc 51bd3a570b9cb6df6a78a9c328433847059b0594b32d26e2b708a545ef6088fe 899848 apache2_2.4.56-1.debian.tar.xz Files: f84901cc8b922cb9a7b2f6b885726001 3488 httpd optional apache2_2.4.56-1.dsc f3791f1a6a17291dacfd8c7efea4a79f 9769650 httpd optional apache2_2.4.56.orig.tar.gz e4bd6ccc0f685465a02006d8c183e3ed 833 httpd optional apache2_2.4.56.orig.tar.gz.asc 7c4c4e6cee0a1e0c3267e6415b365038 899848 httpd optional apache2_2.4.56-1.debian.tar.xz -BEGIN PGP SIGNATURE-
Processed: Bug#1032476 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1032476 [src:apache2] apache2: CVE-2023-25690 CVE-2023-27522 Added tag(s) pending. -- 1032476: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: subversion blocked by apr
Processing commands for cont...@bugs.debian.org: > block 990560 by 1031034 Bug #990560 [subversion] Error message "Value too large for defined data type" 990560 was not blocked by any bugs. 990560 was not blocking any bugs. Added blocking bug(s) of 990560: 1031034 > End of message, stopping processing here. Please contact me if you need assistance. -- 990560: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990560 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1028435: marked as done (apr-util: please include changes from 1.6.1-5.2 NMU)
Your message dated Fri, 03 Feb 2023 21:04:21 + with message-id and subject line Bug#1028435: fixed in apr-util 1.6.3-1 has caused the Debian Bug report #1028435, regarding apr-util: please include changes from 1.6.1-5.2 NMU to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1028435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028435 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apr-util Version: 1.6.1-5.1 Severity: normal Dear Maintainer, please include the attached changes from my 1.6.1-5.1 NMU. Thank you for maintaining apr-util! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ Smart things make us dumb. diff -Nru apr-util-1.6.1/debian/changelog apr-util-1.6.1/debian/changelog --- apr-util-1.6.1/debian/changelog 2020-08-29 11:51:07.0 +0200 +++ apr-util-1.6.1/debian/changelog 2022-12-29 19:37:54.0 +0100 @@ -1,3 +1,11 @@ +apr-util (1.6.1-5.1) unstable; urgency=medium + + * Non-maintainer upload by the Reproducible Builds team. + * debian/rules: Remove the build path from apt-1-config, based on a patch by +Vagrant Cascadian. Closes: #1006865. + + -- Holger Levsen Thu, 29 Dec 2022 19:37:54 +0100 + apr-util (1.6.1-5) unstable; urgency=medium [ Jelmer Vernooij ] diff -Nru apr-util-1.6.1/debian/rules apr-util-1.6.1/debian/rules --- apr-util-1.6.1/debian/rules 2020-08-29 11:24:55.0 +0200 +++ apr-util-1.6.1/debian/rules 2022-12-29 19:29:07.0 +0100 @@ -105,6 +105,8 @@ override_dh_auto_install: dh_auto_install --destdir=debian/tmp perl -p -i -e "s,^dependency_libs=.*,dependency_libs=''," debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libaprutil-1.la + # Remove the buildpath: https://reproducible-builds.org/docs/build-path/ + perl -p -i -e "s,$(CURDIR),$(shell basename $(CURDIR))," debian/tmp/usr/bin/apu-1-config override_dh_strip: dh_strip --dbgsym-migration='libaprutil1-dbg (<= 1.6.1-3)' signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: apr-util Source-Version: 1.6.3-1 Done: Stefan Fritsch We believe that the bug you reported is fixed in the latest version of apr-util, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1028...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated apr-util package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 Feb 2023 21:15:18 +0100 Source: apr-util Architecture: source Version: 1.6.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Stefan Fritsch Closes: 1028435 Changes: apr-util (1.6.3-1) unstable; urgency=medium . [ Stefan Fritsch ] * Incorporate NMUs. Closes: #1028435 * New upstream version: - CVE-2022-25147: Fix Integer Overflow or Wraparound vulnerability in apr_base64 * Bump libapr1-dev Build-Dep to 1.7.2-1 . [ Debian Janitor ] * Use secure URI in Homepage field. * Set debhelper-compat version in Build-Depends. * Drop unnecessary dh arguments: --parallel * Rely on pre-initialized dpkg-architecture variables. * Remove constraints unnecessary since buster (oldstable): + libaprutil1: Drop conflict with removed package libapr1 (<< 1.4.8-2~) in Breaks. . [ Jelmer Vernooij ] * Set Repository and Repository-Browse fields in debian/upstream/metadata. * Drop transition for old debug package migration. * Update standards version to 4.6.1, no changes needed. Checksums-Sha1: b8412fd0b99a174c08c39f801504657f59713136 2760 apr-util_1.6.3-1.dsc 8c6293a787b69986ce43bc49c7c247d4ff5fc828 432692 apr-util_1.6.3.orig.tar.bz2 2dc47748963f988922fc96e60612a15d42769c48 833 apr-util_1.6.3.orig.tar.bz2.asc 98bc651682dc6483b39ec435269160d9852e651d 340808 apr-util_1.6.3-1.debian.tar.xz 54abdaec0572076db1b132fb08ae2b7f788db617 8197 apr-util_1.6.3-1_source.buildinfo Checksums-Sha256: e43ecafbe39a8d47fbe5faee705295435ac753e6b40c9b4c8d483a769a
Processed: Re: apr-util: please include changes from 1.6.1-5.1 NMU
Processing control commands: > retitle -1 apr-util: please include changes from 1.6.1-5.2 NMU Bug #1028435 [apr-util] apr-util: please include changes from 1.6.1-5.1 NMU Changed Bug title to 'apr-util: please include changes from 1.6.1-5.2 NMU' from 'apr-util: please include changes from 1.6.1-5.1 NMU'. -- 1028435: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028435 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: retitle 1023030 to pysha3: CVE-2022-37454, fixed 995961 in 2.4.53-1, notfixed 844351 in 2.4.40 ...
Processing commands for cont...@bugs.debian.org: > retitle 1023030 pysha3: CVE-2022-37454 Bug #1023030 {Done: Ben Finney } [src:pysha3] pysha3: Affected by CVE-2022-37454, unmaintained, remove from Debian? Changed Bug title to 'pysha3: CVE-2022-37454' from 'pysha3: Affected by CVE-2022-37454, unmaintained, remove from Debian?'. > fixed 995961 2.4.53-1 Bug #995961 {Done: Hendrik Jäger } [apache2] libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 Marked as fixed in versions apache2/2.4.53-1. > notfixed 844351 2.4.40 Bug #844351 {Done: Hendrik Jäger } [apache2] apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue There is no source info for the package 'apache2' at version '2.4.40' with architecture '' Unable to make a source version for version '2.4.40' No longer marked as fixed in versions 2.4.40. > fixed 844351 2.4.41-1 Bug #844351 {Done: Hendrik Jäger } [apache2] apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue Marked as fixed in versions apache2/2.4.41-1. > tags 1028514 + sid bookworm Bug #1028514 [apper] apper depends on the removed software-properties-kde Added tag(s) bookworm and sid. > thanks Stopping processing here. Please contact me if you need assistance. -- 1023030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023030 1028514: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028514 844351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844351 995961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1006865: marked as done (apr-util: reproducible-builds: build path embedded in /usr/bin/apu-1-config)
Your message dated Sun, 08 Jan 2023 19:34:40 + with message-id and subject line Bug#1006865: fixed in apr-util 1.6.1-5.1 has caused the Debian Bug report #1006865, regarding apr-util: reproducible-builds: build path embedded in /usr/bin/apu-1-config to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1006865: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006865 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apr-util Severity: normal Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: buildpath X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org The build path is embedded in /usr/bin/apu-1-config: │ │ │ ├── ./usr/bin/apu-1-config ... │ │ │ │ -APU_SOURCE_DIR="/tmp/reprotest.jdjFQN/const_build_path" │ │ │ │ -APU_BUILD_DIR="/tmp/reprotest.jdjFQN/const_build_path/debian/build" │ │ │ │ +APU_SOURCE_DIR="/tmp/reprotest.jdjFQN/build-experiment-1" │ │ │ │ +APU_BUILD_DIR="/tmp/reprotest.jdjFQN/build-experiment-1/debian/build" The attached patch fixes this by replacing the build path with "BUILDPATH" from debian/rules in the dh_auto_install override. With this patch applied apr-util should build reproducibly on tests.reproducible-builds.org! Thanks for maintaining apr-util! live well, vagrant From b9630fd99bc03933dae86606a5dd94429ebf9aa1 Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Mon, 7 Mar 2022 01:23:37 + Subject: [PATCH] debian/rules: Remove the build path from apt-1-config. https://reproducible-builds.org/docs/build-path/ --- debian/rules | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/rules b/debian/rules index 6b0ed29..510610c 100755 --- a/debian/rules +++ b/debian/rules @@ -105,6 +105,8 @@ endif override_dh_auto_install: dh_auto_install --destdir=debian/tmp perl -p -i -e "s,^dependency_libs=.*,dependency_libs=''," debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libaprutil-1.la + # Remove the buildpath: https://reproducible-builds.org/docs/build-path/ + perl -p -i -e "s,$(CURDIR),BUILDPATH," debian/tmp/usr/bin/apu-1-config override_dh_strip: dh_strip --dbgsym-migration='libaprutil1-dbg (<= 1.6.1-3)' -- 2.35.1 signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: apr-util Source-Version: 1.6.1-5.1 Done: Holger Levsen We believe that the bug you reported is fixed in the latest version of apr-util, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1006...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen (supplier of updated apr-util package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Dec 2022 19:37:54 +0100 Source: apr-util Architecture: source Version: 1.6.1-5.1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Holger Levsen Closes: 1006865 Changes: apr-util (1.6.1-5.1) unstable; urgency=medium . * Non-maintainer upload by the Reproducible Builds team. * debian/rules: Remove the build path from apt-1-config, based on a patch by Vagrant Cascadian. Closes: #1006865. Checksums-Sha1: e69ffa6d8ade880ceecd23b7abf8b8933eaa7fb2 2762 apr-util_1.6.1-5.1.dsc 619ac1190b6ae54b5981cfedfeb8f2de98b35d8c 342204 apr-util_1.6.1-5.1.debian.tar.xz e734d6b831ff55dfc784daf80e1a96be4d895adc 7666 apr-util_1.6.1-5.1_source.buildinfo Checksums-Sha256: 5b130871bb06fd84a821a68b1aaf295f257c549c24cf589446b5eb976803c8a6 2762 apr-util_1.6.1-5.1.dsc 0a6e2615eabe0b28f90493efe08643cb11a44ac8960559137c8db7a3cb15fa83 342204 apr-util_1.6.1-5.1.debian.tar.xz dbf4fed8e0d5ff688810c9d77c8836cc9a59d51937270ccc0c6ba38244a60a7b 7666 apr-util_1.6.1-5.1_source.buildinfo Files: c7183242b9a24d627c1d4ad2deab40e7 2762 libs optional apr-util_1.6.1-5.1.dsc c04d7a429fd46eadccfef4fa2e524d7f 342204 libs optional apr-util_1.6.1-5.1.debian.tar.xz a0c47a1ab73bbf7dd70a2f30903139d9 7666 libs optional apr-util_1.6.1-5.1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmOt3vIACgkQCRq4Vgaa qhyEvA//bRl9x+JiqiLQGyoGbzi6eBQMnJuLgWnRlMwkelDz
Bug#853981: marked as done (apache2-bin: mod_http2 together with mod_ruid2 breaks the server)
Your message dated Mon, 19 Dec 2022 23:33:20 + with message-id and subject line Bug#1026363: Removed package(s) from unstable has caused the Debian Bug report #853981, regarding apache2-bin: mod_http2 together with mod_ruid2 breaks the server to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 853981: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853981 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2-bin, libapache2-mod-ruid2 Version: 2.4.25-3, 0.9.8-3 Severity: normal I enabled the http2 and ruid2 modules. I have had the ruid2 module running fine for ages without a problem, and just tried enabling http2. I left http2 switched off by explicitly writing "Protocols http/1.1" in apache2.conf (the same behaviour happens when I write "Protocols h2 h2c http/1.1"), and any attempt to connect to my server yields lots of error messages of the form: [Thu Feb 02 18:14:44.630796 2017] [core:notice] [pid 3650] AH00052: child pid 3696 exit signal Aborted (6) and my site simply fails to load on a browser. Disabling ruid2 and enabling http2 allows the server to run fine. I'm not sure which module is at fault. Best wishes, Julian -- Package-specific info: -- System Information: Debian Release: 9.0 APT prefers jessie APT policy: (500, 'jessie'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2-bin depends on: ii libapr1 1.5.2-5 ii libaprutil1 1.5.4-3 ii libaprutil1-dbd-sqlite3 1.5.4-3 ii libaprutil1-ldap 1.5.4-3 ii libc62.24-8 ii libldap-2.4-22.4.44+dfsg-3 ii liblua5.2-0 5.2.4-1.1+b1 ii libnghttp2-141.18.1-1 ii libpcre3 2:8.39-2 ii libssl1.0.2 1.0.2j-5 ii libxml2 2.9.4+dfsg1-2.2 pn perl:any ii zlib1g 1:1.2.8.dfsg-4 apache2-bin recommends no packages. Versions of packages apache2-bin suggests: ii apache2-doc 2.4.25-3 pn apache2-suexec-pristine | apache2-suexec-custom ii elinks [www-browser] 0.12~pre6-12 ii epiphany-browser [www-browser] 3.22.5-1 ii firefox-esr [www-browser]45.7.0esr-1 ii google-chrome-stable [www-browser] 56.0.2924.87-1 ii links [www-browser] 2.14-2 ii links2 [www-browser] 2.14-2 ii lynx [www-browser] 2.8.9dev11-1 ii w3m [www-browser]0.5.3-34 Versions of packages apache2 depends on: ii apache2-data 2.4.25-3 ii apache2-utils2.4.25-3 ii dpkg 1.18.18 ii init-system-helpers 1.47 ii lsb-base 9.20161125 ii mime-support 3.60 ii perl 5.24.1-1 pn perl:any ii procps 2:3.3.12-3 Versions of packages apache2 recommends: ii ssl-cert 1.0.38 Versions of packages apache2 suggests: ii apache2-doc 2.4.25-3 pn apache2-suexec-pristine | apache2-suexec-custom ii elinks [www-browser] 0.12~pre6-12 ii epiphany-browser [www-browser] 3.22.5-1 ii firefox-esr [www-browser]45.7.0esr-1 ii google-chrome-stable [www-browser] 56.0.2924.87-1 ii links [www-browser] 2.14-2 ii links2 [www-browser] 2.14-2 ii lynx [www-browser] 2.8.9dev11-1 ii w3m [www-browser]0.5.3-34 Versions of packages apache2-bin is related to: ii apache2 2.4.25-3 ii apache2-bin 2.4.25-3 -- no debconf information --- End Message --- --- Begin Message --- Version: 0.9.8-4+rm Dear submitter, as the package libapache2-mod-ruid2 has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1026363 The version of this package that was in Debian prior to this removal can still be found using https://snapshot.debian.org/. Please note that the ch
Processed: your mail
Processing commands for cont...@bugs.debian.org: > tags 528062 upstream Bug #528062 [apache2] apache2: mod_userdir is broken with respect to suexec support. patch included Added tag(s) upstream. > tags 967010 buster Bug #967010 [apache2] apache2: last debian 10.4 , last apache avail from repo hangs on install (and start phase) Added tag(s) buster. > End of message, stopping processing here. Please contact me if you need assistance. -- 528062: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528062 967010: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=967010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: reassign
Processing commands for cont...@bugs.debian.org: > reassign 1004275 php Bug #1004275 [php apache2] php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd Bug reassigned from package 'php apache2' to 'php'. Ignoring request to alter found versions of bug #1004275 to the same values previously set Ignoring request to alter fixed versions of bug #1004275 to the same values previously set > End of message, stopping processing here. Please contact me if you need assistance. -- 1004275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#951067: marked as done (apache2: unable to disable TLSv1)
Your message dated Fri, 2 Dec 2022 22:46:35 +0100 with message-id <20221202224635.17fcf...@frustcomp.hnjs.home.arpa> and subject line Closed due to incorrect use of the option has caused the Debian Bug report #951067, regarding apache2: unable to disable TLSv1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 951067: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951067 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.38-3+deb10u3 Severity: important Dear Maintainer, it is not possible to get rid of TLS v1. This is no duplicate of #925061, I think. What I tried: removed /etc/letsencrypt/options-ssl-apache.conf, see #950735 edited /etc/apache2/mods-enabled/ssl.conf: "SSLProtocol -all +TLSv1.3 +TLSv1.2" edited etc/apache2/conf-enabled/local.conf: "SSLProtocol -all +TLSv1.3 +TLSv1.2" Result: # apache2ctl -t -D DUMP_CONFIG|grep SSLProtocol SSLProtocol -all +TLSv1.3 +TLSv1.2 SSLProtocol -all +TLSv1.3 +TLSv1.2 SSLProtocol all -SSLv2 -SSLv3 Syntax OK => something is enabling TLSv1 again after all config files were parsed. So... # find /etc/apache2/ | xargs grep SSLProtocol grep: /etc/apache2/: Is a directory grep: /etc/apache2/mods-enabled: Is a directory /etc/apache2/mods-enabled/ssl.conf: SSLProtocol -all +TLSv1.3 +TLSv1.2 grep: /etc/apache2/sites-enabled: Is a directory grep: /etc/apache2/conf-available: Is a directory /etc/apache2/conf-available/local.conf:SSLProtocol -all +TLSv1.3 +TLSv1.2 grep: /etc/apache2/mods-available: Is a directory /etc/apache2/mods-available/ssl.conf: SSLProtocol -all +TLSv1.3 +TLSv1.2 grep: /etc/apache2/sites-available: Is a directory grep: /etc/apache2/conf-enabled: Is a directory /etc/apache2/conf-enabled/local.conf:SSLProtocol -all +TLSv1.3 +TLSv1.2 => TLSv1 is re-enabled no matter what the config files say. -- Package-specific info: -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-8-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.38-3+deb10u3 ii apache2-data 2.4.38-3+deb10u3 ii apache2-utils 2.4.38-3+deb10u3 ii dpkg 1.19.7 ii lsb-base 10.2019051400 ii mime-support 3.62 ii perl 5.28.1-6 ii procps 2:3.3.15-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-4 ii libaprutil1-dbd-sqlite3 1.6.1-4 ii libaprutil1-ldap 1.6.1-4 ii libbrotli1 1.0.7-2 ii libc62.28-10 ii libcurl4 7.64.0-4 ii libjansson4 2.12-1 ii libldap-2.4-22.4.47+dfsg-3+deb10u1 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-141.36.0-2+deb10u1 ii libpcre3 2:8.39-12 ii libssl1.11.1.1d-0+deb10u2 ii libxml2 2.9.4+dfsg1-7+b3 ii perl 5.28.1-6 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.38-3+deb10u3 ii apache2-bin 2.4.38-3+deb10u3 -- Configuration Files: /etc/apache2/conf-available/security.conf changed: ServerTokens Prod ServerSignature Off TraceEnable Off /etc/apache2/mods-available/ssl.conf changed: # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device w
Processed: Re: Bug#1000627: apache2: missing dependency setting
Processing control commands: > tags -1 upstream Bug #1000627 [apache2] apache2: missing dependency setting Added tag(s) upstream. -- 1000627: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000627 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed (with 1 error): Re: php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd
Processing control commands: > tags -1 moreinfo Bug #1004275 [php apache2] php upgrade apache2: After upgrade php install apache2 and i have intalled lighttpd Added tag(s) moreinfo. > reassign php Unknown command or malformed arguments to command. -- 1004275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: please retest
Processing control commands: > tags -1 -fixed-upstream Bug #745605 [apache2] Please enable AddDefaultCharset for javascript Removed tag(s) fixed-upstream. -- 745605: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost
Processing control commands: > retitle -1 default-ssl.conf should also be prefixed with 000- to be sure to > be first ssl virtualhost Bug #714083 [apache2] apache2.2-common: a2enmod does not prefix 000- to default-ssl site Changed Bug title to 'default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost' from 'apache2.2-common: a2enmod does not prefix 000- to default-ssl site'. > severity -1 normal Bug #714083 [apache2] default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost Severity set to 'normal' from 'minor' > tags -1 help Bug #714083 [apache2] default-ssl.conf should also be prefixed with 000- to be sure to be first ssl virtualhost Added tag(s) help. -- 714083: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714083 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: please retest
Processing control commands: > tags -1 -fixed-upstream Bug #393646 [apache2] PATH_TRANSLATED: 'redirect:/~jablko/gallery2/main.php' Removed tag(s) fixed-upstream. -- 393646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393646 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: your mail
Processing commands for cont...@bugs.debian.org: > notfound 925061 apache2/2.4.38-2 Bug #925061 {Done: Hendrik Jäger } [apache2] apache2: Cannot disabled old TLS Versions (prior to TLS1.2) No longer marked as found in versions apache2/2.4.38-2. > End of message, stopping processing here. Please contact me if you need assistance. -- 925061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: your mail
Processing commands for cont...@bugs.debian.org: > fixed 844351 2.4.40 Bug #844351 {Done: Hendrik Jäger } [apache2] apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue There is no source info for the package 'apache2' at version '2.4.40' with architecture '' Unable to make a source version for version '2.4.40' Marked as fixed in versions 2.4.40. > fixed 925061 2.4.38-2 Bug #925061 {Done: Hendrik Jäger } [apache2] apache2: Cannot disabled old TLS Versions (prior to TLS1.2) Marked as fixed in versions apache2/2.4.38-2. > tags 986537 wontfix Bug #986537 {Done: Hendrik Jäger } [apache2] apache2: Reinstall fails due to missing conf files Added tag(s) wontfix. > fixed 995961 2.4.52-1~deb11u2 Bug #995961 {Done: Hendrik Jäger } [apache2] libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 Marked as fixed in versions apache2/2.4.52-1~deb11u2. > thanks Stopping processing here. Please contact me if you need assistance. -- 844351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844351 925061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061 986537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986537 995961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#995961: marked as done (libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1)
Your message dated Fri, 2 Dec 2022 14:56:52 +0100 with message-id <20221202145652.263cb...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #995961, regarding libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 995961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libapache2-mpm-itk Version: 2.4.7-04-1+b1 Severity: important Dear Maintainer, After installing the 2.4.51-1~deb11u1 security update the error log starts to get flilled with lines like: [core:notice] [pid 3115298] AH00052: child pid 3133160 exit signal Segmentation fault (11) Downgrading back to 2.4.48-3.1 made the errors disappear again. Disabling mpm_itk on 2.4.51-1~deb11u1 also stops the errors. The issue normally does not prevent pages from being loaded and they are still assigned the correct uid/gid. The problematic part lies in that it seems to cause issues with properly closing the connections. This lead to mod_qos limits being hit in my case, but I suspect it may also lead to hitting worker or thread pool limits in other cases. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/24 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mpm-itk depends on: ii apache2-bin [apache2-api-20120211] 2.4.48-3.1 ii libc6 2.31-13 ii libcap2 1:2.44-1 libapache2-mpm-itk recommends no packages. libapache2-mpm-itk suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Control: -1 fixed 2.4.52-1~deb11u2--- End Message ---
Bug#986537: marked as done (apache2: Reinstall fails due to missing conf files)
Your message dated Fri, 2 Dec 2022 14:53:19 +0100 with message-id <20221202145319.0185b...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #986537, regarding apache2: Reinstall fails due to missing conf files to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 986537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986537 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.46-4 Severity: important X-Debbugs-Cc: patrickjrdunf...@gmail.com Description: If apache2 is uninstalled and then reinstalled, the reinstallation will fail if the user has removed conf files in /etc/apache2 directory. The script does not copy these files for reinstallation in the same way as it does for first time installation. Therefore it is nearly impossible for a user to perform a clean reinstallation of apache2 using the package installer. Steps to reproduce: apt install apache2 apt remove apache2 cd /etc/apache2 rm -rf * apt install apache2 The installation fails when apache2.service is unable to start due to missing apache2.conf file in /etc/apache2. A check of this directory reveals the reinstallation only copied in some of the files that are present in a full installation. -- Package-specific info: -- System Information: Debian Release: bullseye/sid APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE=en_NZ:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.46-4 ii apache2-data 2.4.46-4 ii apache2-utils2.4.46-4 ii dpkg 1.20.7.1 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii mime-support 3.66 ii perl 5.32.1-3 ii procps 2:3.3.17-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.0 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]78.9.0esr-1 ii konqueror [www-browser] 4:20.12.0-4 Versions of packages apache2-bin depends on: ii libapr1 1.7.0-6 ii libaprutil1 1.6.1-5 ii libaprutil1-dbd-sqlite3 1.6.1-5 ii libaprutil1-ldap 1.6.1-5 ii libbrotli1 1.0.9-2+b2 ii libc62.31-11 ii libcrypt11:4.4.17-1 ii libcurl4 7.74.0-1.1 ii libjansson4 2.13.1-1.1 ii libldap-2.4-22.4.57+dfsg-2 ii liblua5.3-0 5.3.3-1.1+b1 ii libnghttp2-141.43.0-1 ii libpcre3 2:8.39-13 ii libssl1.11.1.1k-1 ii libxml2 2.9.10+dfsg-6.3+b1 ii perl 5.32.1-3 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii firefox-esr [www-browser]78.9.0esr-1 ii konqueror [www-browser] 4:20.12.0-4 Versions of packages apache2 is related to: ii apache2 2.4.46-4 ii apache2-bin 2.4.46-4 -- no debconf information --- End Message --- --- Begin Message --- Control: -1 tags wontfix--- End Message ---
Bug#925061: marked as done (apache2: Cannot disabled old TLS Versions (prior to TLS1.2))
Your message dated Fri, 2 Dec 2022 14:48:05 +0100 with message-id <20221202144805.523e3...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #925061, regarding apache2: Cannot disabled old TLS Versions (prior to TLS1.2) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 925061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.38-2 Severity: important Dear Maintainer, I wanted to get an A+ rating on ssllabs.com so I tried to disable all SSLProtocols except for TLS1.2 Therefore I edited /etc/apache2/mods-enabled/ssl.conf so that it states "SSLProtocol TLSv1.2", which should disable all SSLProtocols except for TLS1.2, but TLS1.0 und TLS1.1 are still active, as seen with nmap: # nmap --script ssl-enum-ciphers -p 443 127.0.0.1 | grep TLSv | TLSv1.0: | TLSv1.1: | TLSv1.2: On Apache Bugtracker it appears that apache itself does not have that problem but it has something to do with the deb-Package for Debian and Ubuntu: https://bz.apache.org/bugzilla/show_bug.cgi?id=60739 Tried with stretch-stable first, updated to testing because reportbug told me there is a newer version. I would really appreciate it if someone else is able to reproduce this problem and figure out what is going on. Best, Thomas -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 4.9.0-8-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.38-2 ii apache2-data 2.4.38-2 ii apache2-utils 2.4.38-2 ii dpkg 1.18.25 ii lsb-base 10.2019031300 ii mime-support 3.62 ii perl 5.24.1-3+deb9u5 ii procps 2:3.3.12-3+deb9u1 Versions of packages apache2 recommends: ii ssl-cert 1.0.39 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii w3m [www-browser]0.5.3-34+deb9u1 Versions of packages apache2-bin depends on: ii libapr1 1.6.5-1+b1 ii libaprutil1 1.6.1-3+b2 ii libaprutil1-dbd-sqlite3 1.6.1-3+b2 ii libaprutil1-ldap 1.6.1-3+b2 ii libbrotli1 1.0.7-2 ii libc62.28-8 ii libcurl4 7.64.0-1 ii libjansson4 2.12-1 ii libldap-2.4-22.4.47+dfsg-3 ii liblua5.2-0 5.2.4-1.1+b2 ii libnghttp2-141.36.0-2 ii libpcre3 2:8.39-12 ii libssl1.11.1.1b-1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii perl 5.24.1-3+deb9u5 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom ii w3m [www-browser]0.5.3-34+deb9u1 Versions of packages apache2 is related to: ii apache2 2.4.38-2 ii apache2-bin 2.4.38-2 -- Configuration Files: /etc/apache2/mods-available/ssl.conf changed: # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x
Bug#844351: marked as done (apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue)
Your message dated Fri, 2 Dec 2022 14:40:23 +0100 with message-id <20221202144023.4d9b4...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #844351, regarding apache2: as a reverse proxy, a 100 continue response is sent prematurely when request contains expects continue to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 844351: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844351 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.10-10+deb8u7 Severity: important Tags: upstream Dear Maintainer, * What led up to the situation? a backend with correct 100 continue support and a web client which expects 100-continue * What exactly did you do (or not do) that was effective (or ineffective)? Reverse Proxy a backend. * What was the outcome of this action? Premature 100-continue response from apache, before backend responds. * What outcome did you expect instead? No 100-continue unless backend responds with 100-continue https://bz.apache.org/bugzilla/show_bug.cgi?id=60330 As a reverse proxy, a 100 continue response is sent prematurely when a request contains expects: 100-continue. This causes the requesting client to send a body. The apache httpd proxy will then read the body and attempt to send it to the backend, but the backend already sent an error and should be allowed to NOT read the remaining request body, which never should have existed. When the backend does not read the request body mod_proxy_http errors and returns a 500 error to the client. The client never receives the correct error message. -- Package-specific info: -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-45-generic (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin2.4.10-10+deb8u7 ii apache2-data 2.4.10-10+deb8u7 ii apache2-utils 2.4.10-10+deb8u7 ii dpkg 1.17.27 ii lsb-base 4.1+Debian13+nmu1 ii mime-support 3.58 ii perl 5.20.2-3+deb8u6 ii procps 2:3.3.9-9 Versions of packages apache2 recommends: ii ssl-cert 1.0.35 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.5.1-3 ii libaprutil1 1.5.4-1 ii libaprutil1-dbd-sqlite3 1.5.4-1 ii libaprutil1-ldap 1.5.4-1 ii libc62.19-18+deb8u6 ii libldap-2.4-22.4.40+dfsg-1+deb8u2 ii liblua5.1-0 5.1.5-7.1 ii libpcre3 2:8.35-3.3+deb8u4 ii libssl1.0.0 1.0.1t-1+deb8u3 ii libxml2 2.9.1+dfsg1-5+deb8u3 ii perl 5.20.2-3+deb8u6 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.10-10+deb8u7 ii apache2-bin 2.4.10-10+deb8u7 -- no debconf information --- End Message --- --- Begin Message --- Control: -1 fixed 2.4.40--- End Message ---
Bug#807120: marked as done (Deprecate mod_rpaf, transition to mod_remoteip)
Your message dated Fri, 2 Dec 2022 14:33:06 +0100 with message-id <20221202143306.10f59...@frustcomp.hnjs.home.arpa> and subject line has caused the Debian Bug report #807120, regarding Deprecate mod_rpaf, transition to mod_remoteip to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 807120: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807120 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Severity: important mod_rpaf module has dead upstream (there are alternative at https://github.com/gnif/mod_rpaf/) and has a good candidate for replacement in the core modules: http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html Probably, we must coordinate transition from mod_rpaf to mod_remoteip and then remove mod_rpaf. Default rpaf.conf could be replaced with: RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 In general, this mapping should work: RPAFheader <-> RemoteIPHeader RPAFproxy_ips <-> RemoteIPTrustedProxy To get CLF-type logs with proper client addresses we should use %a instead of %h. Could we alter the default common log format entry? --- End Message --- --- Begin Message --- Control: tag -1 fixed-upstream mod_rpaf is in a separate package and current apache2 packages contain mod_remoteip. The bug in the logformat hostname has been fixed upstream. Therefore this bug is considered fixed.--- End Message ---
Processed: Re: apache2: improve apache2 OOM handling w/systemd
Processing commands for cont...@bugs.debian.org: > close 1022822 2.4.54-5 Bug #1022822 [apache2] apache2: improve apache2 OOM handling w/systemd Marked as fixed in versions apache2/2.4.54-5. Bug #1022822 [apache2] apache2: improve apache2 OOM handling w/systemd Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1022822: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022822 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#980275: marked as done (Please depend on media-types instead of mime-support)
Your message dated Thu, 24 Nov 2022 10:04:29 + with message-id and subject line Bug#980275: fixed in apache2 2.4.54-4 has caused the Debian Bug report #980275, regarding Please depend on media-types instead of mime-support to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 980275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Dear apache2 maintainers, I have recently split the `mime-support` package into two: `mailcap` for the mailcap system, and `media-types` for providing `/etc/mime.types`. The goal is to allow minimal systems without `mailcap`. `mime-support` is now a transitional package, and it would be great if users could be able to remove it after the _Bookworm_ release. Please Depend on `media-types` instead of `mime-support` if you only need the `/etc/mime.types` file. Have a nice week-end, Charles -- Charles Plessy Nagahama, Yomitan, Okinawa, Japan Tooting from work, https://mastodon.technology/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.54-4 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 980...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 24 Nov 2022 10:45:00 +0100 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.54-4 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 980275 Changes: apache2 (2.4.54-4) unstable; urgency=medium . [ Charles Plessy ] * Replace mime-support transition package with media-types (Closes: #980275) . [ Hendrik Jäger ] * fix mislead safety precautions: don't hide errors when enabling a module. MR !20 * fix trailing spaces and indentation inconsistencies. MR !19 !21 !22 * Fix confusing and impractical naming: rename default-ssl.conf into 000-default-ssl.conf. MR !23 * Fix confusing keyword: replace _default_ by *. MR !24 Checksums-Sha1: 1cc112119c9e7b70b4405310b7ff241be9352bfe 3488 apache2_2.4.54-4.dsc ef078164fa31bbab23d077b60ed80872ffe93f1e 899572 apache2_2.4.54-4.debian.tar.xz Checksums-Sha256: 2ef2ed0c4996b0e70c85c379755a62a62f40840f9e8dd0a1c4c6d2c2b0ec535c 3488 apache2_2.4.54-4.dsc 496535ffef8af4776b2dba0c09d1c5472efbbb45f0f8d5a93bce655293b5e865 899572 apache2_2.4.54-4.debian.tar.xz Files: f371660a0e5542a176d3e3c2bf7cd4fd 3488 httpd optional apache2_2.4.54-4.dsc 9b769ac142ee552b09fe83cc48cbcfdc 899572 httpd optional apache2_2.4.54-4.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmN/PhYACgkQ9tdMp8mZ 7umqFRAAjAvYVcR996xz1Oj4v3UK5Ml55eoE17dXIYr9ZhqR1kCUcHtXymUV6mKO jeLZMssHQBhsdzkigoKtTA5NuYtJEt1cmLU0c/xwx5nybWpiCHaTJuHdgROS9Q9u Di7iEP4r9iyF5h6nVOVDktblfxcQP4TlTOW2HkhbArEXRCNKMtVq7jRpUVkWRGcL Y3tac9y9sKjyI6YqlcMxznnhBWPoGgNyC7n0jYMkgtW426vED2RF3oeGVkK/hC/I 6U3nZyTi034BEsAsfjrbA+sealGXOKStxOiMupw5LZPyT5ukg7jFa2cK8Hmkxv2T RKSc+4unHtOX4NDfJzFf3QXrfj7iNpq5G9sUxcSdU2KwPznWxtTlx0EFnZuVw0e9 7My6z8bDxoCqSyvNVX10MrQYfaGrm1r1yHVfdKKZ7E9hko5SxoE23z8B3dPNFdAq 9szEvzsOOaH60Y56yy/prcJWphjSzTcA9IswuupdW4/nv4GTRgqyRWkpSmXd/DyL f9pDpuOa2NTIC5xePxhcgOhmszuYqhxCImFt7nzuIbCl1iybA6grXyvCiJWmkeFr 0gaI3vvVoxLrx90BGmeCIDXkJqrA0TQihy4quq9qA/XNialzKgBW29FYvmopNOq6 hu/esYTJCd77QGVnzhvftSH317s3RgsS3oKEzOsTIkhCsD9stIA= =Q1jv -END PGP SIGNATURE End Message ---
Processed: Bug#980275 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #980275 [apache2] Please depend on media-types instead of mime-support Added tag(s) pending. -- 980275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980275 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1014056: marked as done (apache2: /var/run/apache2 permissions too narrow for cgid)
Your message dated Fri, 08 Jul 2022 07:04:02 + with message-id and subject line Bug#1014056: fixed in apache2 2.4.54-2 has caused the Debian Bug report #1014056, regarding apache2: /var/run/apache2 permissions too narrow for cgid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1014056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2 Version: 2.4.53-1~deb11u1 Severity: minor Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** Enabling cgid in apache2 (with a2enmod cgid) results in an error when using mpm_event: [cgid:error] [pid 8943:tid 140189712234240] (22)Invalid argument: [client x.x.x.x:49364] AH01257: unable to connect to cgi daemon after multiple tries: /usr/lib/cgi-bin/xx Meanwhile, the user receives a 503 HTTP error, rather than the CGI content. Upon launch, Apache creates /var/run/apache2/cgisock.PID (where PID is the PID in question), however it does that as the www-data user and root group, who does not have write access to /var/run/apache2 (where only the root user has write permission). To fix this, chmod g+rwx /var/run/apache2 fixes the issue. Since we're only adding the root group, this likely has a minimal security effect. Alternately, the default directive of /etc/apache2/mods-available/cgid.conf: ScriptSock ${APACHE_RUN_DIR}/cgisock Should not point to a folder that does not have write access by www-data user and a subfolder with more open permission should be created. -- Package-specific info: -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-15-amd64 (SMP w/4 CPU threads) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apache2 depends on: ii apache2-bin 2.4.53-1~deb11u1 ii apache2-data 2.4.53-1~deb11u1 ii apache2-utils 2.4.53-1~deb11u1 ii dpkg 1.20.10 ii init-system-helpers 1.60 ii lsb-base 11.1.0 ii mime-support 3.66 ii perl 5.32.1-4+deb11u2 ii procps 2:3.3.17-5 Versions of packages apache2 recommends: ii ssl-cert 1.1.0+nmu1 Versions of packages apache2 suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2-bin depends on: ii libapr1 1.7.0-6+deb11u1 ii libaprutil1 1.6.1-5 ii libaprutil1-dbd-sqlite3 1.6.1-5 ii libaprutil1-ldap 1.6.1-5 ii libbrotli1 1.0.9-2+b2 ii libc6 2.31-13+deb11u3 ii libcrypt1 1:4.4.18-4 ii libcurl4 7.74.0-1.3+deb11u1 ii libjansson4 2.13.1-1.1 ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1 ii liblua5.3-0 5.3.3-1.1+b1 ii libnghttp2-14 1.43.0-1 ii libpcre3 2:8.39-13 ii libssl1.1 1.1.1n-0+deb11u3 ii libxml2 2.9.10+dfsg-6.7+deb11u2 ii perl 5.32.1-4+deb11u2 ii zlib1g 1:1.2.11.dfsg-2+deb11u1 Versions of packages apache2-bin suggests: pn apache2-doc pn apache2-suexec-pristine | apache2-suexec-custom pn www-browser Versions of packages apache2 is related to: ii apache2 2.4.53-1~deb11u1 ii apache2-bin 2.4.53-1~deb11u1 -- no debconf information --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.54-2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1014...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas
Processed: found 1014056 in 2.4.54-1, fixed 1014056 in 2.4.54-3
Processing commands for cont...@bugs.debian.org: > found 1014056 2.4.54-1 Bug #1014056 [apache2] apache2: /var/run/apache2 permissions too narrow for cgid Marked as found in versions apache2/2.4.54-1. > fixed 1014056 2.4.54-3 Bug #1014056 [apache2] apache2: /var/run/apache2 permissions too narrow for cgid There is no source info for the package 'apache2' at version '2.4.54-3' with architecture '' Unable to make a source version for version '2.4.54-3' Marked as fixed in versions 2.4.54-3. > thanks Stopping processing here. Please contact me if you need assistance. -- 1014056: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014056 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1012513: marked as done (apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556)
Your message dated Sat, 02 Jul 2022 17:17:07 + with message-id and subject line Bug#1012513: fixed in apache2 2.4.54-1~deb11u1 has caused the Debian Bug report #1012513, regarding apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2022-31813[0]: | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* | headers to the origin server based on client side Connection header | hop-by-hop mechanism. This may be used to bypass IP based | authentication on the origin server/application. CVE-2022-26377[1]: | Inconsistent Interpretation of HTTP Requests ('HTTP Request | Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server | allows an attacker to smuggle requests to the AJP server it forwards | requests to. This issue affects Apache HTTP Server Apache HTTP Server | 2.4 version 2.4.53 and prior versions. CVE-2022-28614[2]: | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may | read unintended memory if an attacker can cause the server to reflect | very large input using ap_rwrite() or ap_rputs(), such as with | mod_luas r:puts() function. CVE-2022-28615[3]: | Apache HTTP Server 2.4.53 and earlier may crash or disclose | information due to a read beyond bounds in ap_strcmp_match() when | provided with an extremely large input buffer. While no code | distributed with the server can be coerced into such a call, third- | party modules or lua scripts that use ap_strcmp_match() may | hypothetically be affected. CVE-2022-29404[4]: | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua | script that calls r:parsebody(0) may cause a denial of service due to | no default limit on possible input size. CVE-2022-30522[5]: | If Apache HTTP Server 2.4.53 is configured to do transformations with | mod_sed in contexts where the input to mod_sed may be very large, | mod_sed may make excessively large memory allocations and trigger an | abort. CVE-2022-30556[6]: | Apache HTTP Server 2.4.53 and earlier may return lengths to | applications calling r:wsread() that point past the end of the storage | allocated for the buffer. As usual Apache fails to directly identify fixing commits at https://httpd.apache.org/security/vulnerabilities_24.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 [1] https://security-tracker.debian.org/tracker/CVE-2022-26377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 [2] https://security-tracker.debian.org/tracker/CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 [3] https://security-tracker.debian.org/tracker/CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 [4] https://security-tracker.debian.org/tracker/CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 [5] https://security-tracker.debian.org/tracker/CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 [6] https://security-tracker.debian.org/tracker/CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.54-1~deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SI
Bug#1010455: marked as done (Should apache2.README.Debian refer to apache-htcacheclean ?)
Your message dated Sat, 02 Jul 2022 17:17:07 + with message-id and subject line Bug#1010455: fixed in apache2 2.4.54-1~deb11u1 has caused the Debian Bug report #1010455, regarding Should apache2.README.Debian refer to apache-htcacheclean ? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.53-2 Tags: patch Severity: minor Sort of a patch. Refering to https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2.README.Debian Line 193 refers to '/etc/default/apache2'. Shouldn't that be '/etc/default/apache-htcacheclean' ? The context is the configuration file for using mod_cache_disk. -- u34 --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.54-1~deb11u1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 09 Jun 2022 06:26:43 +0200 Source: apache2 Architecture: source Version: 2.4.54-1~deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1010455 1012513 Changes: apache2 (2.4.54-1~deb11u1) bullseye; urgency=medium . [ Yadd ] * Fix htcacheclean doc (Closes: #1010455) . [ Yadd ] * New upstream version 2.4.54 (closes: #1012513, CVE-2022-31813, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-28330) Checksums-Sha1: a9b12eda05896c39650d6bf2e13a2738c2b118d9 3539 apache2_2.4.54-1~deb11u1.dsc 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc 5957f685697fbaebbfa077ad2ae176923240d26b 894208 apache2_2.4.54-1~deb11u1.debian.tar.xz Checksums-Sha256: a019ec1ca8130e8fdbde9ee198ed551a114961a32a37b9775d944659bfeaaae5 3539 apache2_2.4.54-1~deb11u1.dsc c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 apache2_2.4.54.orig.tar.gz d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 apache2_2.4.54.orig.tar.gz.asc 89189e18b964f58a7943024bb40af782fce654149d11c3be872af6ca73388117 894208 apache2_2.4.54-1~deb11u1.debian.tar.xz Files: 5648326c781d60301f7c8b6a231538d9 3539 httpd optional apache2_2.4.54-1~deb11u1.dsc 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional apache2_2.4.54.orig.tar.gz 35861f1b441ce88c67ee109b63106ef7 874 httpd optional apache2_2.4.54.orig.tar.gz.asc 7da218147f56f14894ab220f4a8f7f4a 894208 httpd optional apache2_2.4.54-1~deb11u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmK/RAcACgkQ9tdMp8mZ 7ukoBxAAiL67H3JqzhKPohCjNgMKrL2kBmWrOt7kb7H7pxUSbU4IjQqWbMOIRvck Ec6yPDiZN3dfeI8DpR0Hb2tuuloa5VOfXpm0XSWMXtpyCSF5dw7xgNv28JvOgL6v wvA8CShBrakOXp8kmnYlBzK1V1VI2Sn7ZsborbQnSEuBEH9jUXm/CoRjhB96/LAw Dd6QUs26PergZpjgeM6OJwFIsN2PX4/JFP44Apfsv0rBFyuuuK8TrB/rGqvFL/N+ n5cJNWUq56b700OdzGHcR/1pTj2cVEnr6qbAo5gX94f2ttiYnt1MAB0AbKb2H5tm iBTcvnPVRHhKuUi4etlEMpwOP4sQIIQ8W2fBMnQL0VBqd/0nmPsETQwgFZDRcLfu UGu8a1uX0TyAm2RgZRgvLYnKcOlY79bLPjg/FWs7A/2zjHmjl9RT3GD6WuoAWGjh cMZkl3AKW6ejwTeyuZ4/jkH/WWEuZlrk3lgLJrSaHG4AVRO6Ta4vN12oFGLWlmtb aGjSJ0g+sGes9fEGlIITacZL1h03St5lDikRKxQaPVXVli+tdovzd04QhUtffcWQ 6bLncrfNv4hDUdPD7A2HrvbAGOa/JIXzntpmOocNWViWnNq+t/qYX8fcC4TMm4Z7 93FiwlzXI5cF1fR9HjlBAc5EX7m+lkrdOrIaUM1EHo2KfdJ2a8Y= =Bmzf -END PGP SIGNATURE End Message ---
Bug#1010455: marked as done (Should apache2.README.Debian refer to apache-htcacheclean ?)
Your message dated Thu, 09 Jun 2022 05:03:55 + with message-id and subject line Bug#1010455: fixed in apache2 2.4.54-1 has caused the Debian Bug report #1010455, regarding Should apache2.README.Debian refer to apache-htcacheclean ? to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1010455: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Version: 2.4.53-2 Tags: patch Severity: minor Sort of a patch. Refering to https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2.README.Debian Line 193 refers to '/etc/default/apache2'. Shouldn't that be '/etc/default/apache-htcacheclean' ? The context is the configuration file for using mod_cache_disk. -- u34 --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.54-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 09 Jun 2022 06:33:53 +0200 Source: apache2 Built-For-Profiles: nocheck Architecture: source Version: 2.4.54-1 Distribution: unstable Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1010455 1012513 Changes: apache2 (2.4.54-1) unstable; urgency=medium . [ Simon Deziel ] * Escape literal "." for BrowserMatch directives in setenvif.conf * Use non-capturing regex with FilesMatch directive in default-ssl.conf . [ Ondřej Surý ] * New upstream version 2.4.54 (Closes: #1012513, CVE-2022-31813, CVE-2022-26377, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30522, CVE-2022-30556, CVE-2022-28330) . [ Yadd ] * Fix htcacheclean doc (Closes: #1010455) * New upstream version 2.4.54 Checksums-Sha1: ab83430595284de35a09b4925ff02d25f0c59836 3488 apache2_2.4.54-1.dsc 5121eed65951d525db5bde8c8997dffa6daa613a 9743277 apache2_2.4.54.orig.tar.gz f8c7a962998549f4816a18889555f8fa8b7f771a 874 apache2_2.4.54.orig.tar.gz.asc c3d54fc0133d051edc03cfd9366022c62e41208e 899680 apache2_2.4.54-1.debian.tar.xz Checksums-Sha256: 6638ab251c44e19013fbeef8616adf60fd82e71fc62b59ed950e4920e4dfcafd 3488 apache2_2.4.54-1.dsc c687b99c446c0ef345e7d86c21a8e15fc074b7d5152c4fe22b0463e2be346ffb 9743277 apache2_2.4.54.orig.tar.gz d3855dc59d3e6ceaddd6d224aa9a33eef554c2706ccee5894e54f2b229ee800a 874 apache2_2.4.54.orig.tar.gz.asc a9b19fbb49ba9540dc5004a537cad3c70eb05448076f55544592844a7d6e0cfd 899680 apache2_2.4.54-1.debian.tar.xz Files: 71f12c8f92422781eaefc68f56367ea0 3488 httpd optional apache2_2.4.54-1.dsc 5830f69aeed1f4a00a563862aaf2c67d 9743277 httpd optional apache2_2.4.54.orig.tar.gz 35861f1b441ce88c67ee109b63106ef7 874 httpd optional apache2_2.4.54.orig.tar.gz.asc f13ba4968c990a764664cdfd2a69a808 899680 httpd optional apache2_2.4.54-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmKheQwACgkQ9tdMp8mZ 7unuEQ//Uc6nlVALQPXVfl4TbGDfnBV6/tphfDz6BVWXwtXgoors/LCEIz0wqJCf nqmFmttTbqWp9zz65SFjN1nYcs2m8AhMDQBjEYkHvfi2hcsGmfBSBjVGCJzPi2Cg qKtx70i8v9Psm5Y6+UV/4LNlnCX+wCHFtLAeTFE8H9/3m8xsPc7kRsbK/pJYcit5 Fo7XZ3djflWTR2cUUAGToHZTb23dVNhEZQFcpBpMdxo3wAgJm+3rMSamb0e070jm vsJiifY0QY/a3uRVeJeiZq5zykfQxr6FBoQ97Q79/FIGV0YI+tg96Fxph/vISJ3B /fS8JgoeIOy5SI5+tOF4/D+/bRhvskwL7swL7Lk8n/Jff6ruFafAL2x+//IMunOq Xdpixj5PdgwXq80fmwH/EWzFl77iSjosGTITgVkp9r1SdtumoxM1pkM3GukaZ/ev 0D8Q7iAXXejYQHD6Q7fv7InYdQLa9IjhUuqzCi7u6sIr+d0kuw6mb+A5CSz4toQd SUkHozlF7gzU7m3u4afbBLDAR1WCqZKjRWmcDIsc+wJVRWDkpIzmEHqPqE05dn4f tSqA5p5WKGdOJd4CXxMrpx654a7itmYllK1AgqSH0fykUciDKYyWP61AAL2oinP2 UDSE8GSjA2MK7z+Zg/WEL7eKJlqBkTltDByFpH6xMluPiZTUQRY= =pJbP -END PGP SIGNATURE End Message ---
Bug#1012513: marked as done (apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556)
Your message dated Thu, 09 Jun 2022 05:03:55 + with message-id and subject line Bug#1012513: fixed in apache2 2.4.54-1 has caused the Debian Bug report #1012513, regarding apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1012513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for apache2. CVE-2022-31813[0]: | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* | headers to the origin server based on client side Connection header | hop-by-hop mechanism. This may be used to bypass IP based | authentication on the origin server/application. CVE-2022-26377[1]: | Inconsistent Interpretation of HTTP Requests ('HTTP Request | Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server | allows an attacker to smuggle requests to the AJP server it forwards | requests to. This issue affects Apache HTTP Server Apache HTTP Server | 2.4 version 2.4.53 and prior versions. CVE-2022-28614[2]: | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may | read unintended memory if an attacker can cause the server to reflect | very large input using ap_rwrite() or ap_rputs(), such as with | mod_luas r:puts() function. CVE-2022-28615[3]: | Apache HTTP Server 2.4.53 and earlier may crash or disclose | information due to a read beyond bounds in ap_strcmp_match() when | provided with an extremely large input buffer. While no code | distributed with the server can be coerced into such a call, third- | party modules or lua scripts that use ap_strcmp_match() may | hypothetically be affected. CVE-2022-29404[4]: | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua | script that calls r:parsebody(0) may cause a denial of service due to | no default limit on possible input size. CVE-2022-30522[5]: | If Apache HTTP Server 2.4.53 is configured to do transformations with | mod_sed in contexts where the input to mod_sed may be very large, | mod_sed may make excessively large memory allocations and trigger an | abort. CVE-2022-30556[6]: | Apache HTTP Server 2.4.53 and earlier may return lengths to | applications calling r:wsread() that point past the end of the storage | allocated for the buffer. As usual Apache fails to directly identify fixing commits at https://httpd.apache.org/security/vulnerabilities_24.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31813 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813 [1] https://security-tracker.debian.org/tracker/CVE-2022-26377 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377 [2] https://security-tracker.debian.org/tracker/CVE-2022-28614 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614 [3] https://security-tracker.debian.org/tracker/CVE-2022-28615 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615 [4] https://security-tracker.debian.org/tracker/CVE-2022-29404 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404 [5] https://security-tracker.debian.org/tracker/CVE-2022-30522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522 [6] https://security-tracker.debian.org/tracker/CVE-2022-30556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.54-1 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1012...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE-
Processed: tagging 1012513, found 1012513 in 2.4.53-2
Processing commands for cont...@bugs.debian.org: > tags 1012513 + upstream Bug #1012513 [src:apache2] apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 Added tag(s) upstream. > found 1012513 2.4.53-2 Bug #1012513 [src:apache2] apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 Marked as found in versions apache2/2.4.53-2. > thanks Stopping processing here. Please contact me if you need assistance. -- 1012513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1007254: marked as done (apache2-dev: Missing dependency on libpcre2-dev for apxs2)
Your message dated Tue, 15 Mar 2022 14:45:14 + with message-id and subject line Bug#1007254: fixed in apache2 2.4.53-2 has caused the Debian Bug report #1007254, regarding apache2-dev: Missing dependency on libpcre2-dev for apxs2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: apache2-dev Version: 2.4.53-1 Severity: serious Tags: ftbfs Control: affects -1 src:mod-vhost-ldap https://buildd.debian.org/status/logs.php?pkg=mod-vhost-ldap=2.4.0-1%2Bb3 ... make[1]: Entering directory '/<>' # Try building with per request document root and if it fails, do the normal build (kinda ugly, but should work) apxs2 -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG -Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/2.4.0\\\" -Wc,-DHAS_PER_REQUEST_DOCUMENT_ROOT -c -lldap_r mod_vhost_ldap.c || \ apxs2 -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG -Wc,-DMOD_VHOST_LDAP_VERSION=\\\"mod_vhost_ldap/2.4.0\\\" -c -lldap_r mod_vhost_ldap.c /usr/share/apr-1.0/build/libtool --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" -DHAS_PER_REQUEST_DOCUMENT_ROOT -c -o mod_vhost_ldap.lo mod_vhost_ldap.c && touch mod_vhost_ldap.slo libtool: compile: x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" -DHAS_PER_REQUEST_DOCUMENT_ROOT -c mod_vhost_ldap.c -fPIC -DPIC -o .libs/mod_vhost_ldap.o /usr/share/apr-1.0/build/libtool --mode=link --tag=disable-static x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0-o mod_vhost_ldap.la -lldap_r -rpath /usr/lib/apache2/modules -module -avoid-versionmod_vhost_ldap.lo libtool: link: x86_64-linux-gnu-gcc -shared -fPIC -DPIC .libs/mod_vhost_ldap.o -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 -lldap_r -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-soname -Wl,mod_vhost_ldap.so -o .libs/mod_vhost_ldap.so /usr/bin/ld: cannot find -lpcre2-8: No such file or directory collect2: error: ld returned 1 exit status apxs:Error: Command failed with rc=65536 . /usr/share/apr-1.0/build/libtool --mode=compile --tag=disable-static x86_64-linux-gnu-gcc -prefer-pic -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" -c -o mod_vhost_ldap.lo mod_vhost_ldap.c && touch mod_vhost_ldap.slo libtool: compile: x86_64-linux-gnu-gcc -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -g -DDEBUG -DMOD_VHOST_LDAP_VERSION=\"mod_vhost_ldap/2.4.0\" -c mod_vhost_ldap.c -fPIC -DPIC -o .libs/mod_vhost_ldap.o /usr/share/apr-1.0/build/libtool --mode=link --tag=disable-static x86_64-linux-gnu-gcc -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0-o mod_vhost_ldap.la -lldap_r -rpath /usr/lib/apache2/modules -module -avoid-versionmod_vhost_ldap.lo libtool: link: x86_64-linux-gnu-gcc -shared -fPIC -DPIC .libs/mod_vhost_ldap.o -lpcre2-8 -L/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0 -lldap_r -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-soname -Wl,mod_vhost_ldap.so -o .libs/mod_vhost_ldap.so /usr/bin/ld: cannot find -lpcre2-8: No such file or directory collect2: error: ld returned 1 exit status apxs:Error: Command failed with rc=65536 . make[1]: *** [Makefile:22: mod_vhost_ldap.o] Error 1 --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.53-2 Done: Yadd We believe
Processed: Bug#1007254 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1007254 [apache2-dev] apache2-dev: Missing dependency on libpcre2-dev for apxs2 Ignoring request to alter tags of bug #1007254 to the same tags previously set -- 1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1007254 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1007254 [apache2-dev] apache2-dev: Missing dependency on libpcre2-dev for apxs2 Added tag(s) pending. -- 1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: apache2-dev: Missing dependency on libpcre2-dev for apxs2
Processing control commands: > affects -1 src:mod-vhost-ldap Bug #1007254 [apache2-dev] apache2-dev: Missing dependency on libpcre2-dev for apxs2 Added indication that 1007254 affects src:mod-vhost-ldap -- 1007254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007254 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: fixed 663530 in 2.4.2-2, found 663530 in 2.2.22-4, notfound 876636 in 2.4.27-6
Processing commands for cont...@bugs.debian.org: > fixed 663530 2.4.2-2 Bug #663530 {Done: Vincent Lefevre } [apache2-bin] apache2.2-common: Spurious warning "NameVirtualHost *:80 has no VirtualHosts" in cron/logrotate output Marked as fixed in versions apache2/2.4.2-2. > found 663530 2.2.22-4 Bug #663530 {Done: Vincent Lefevre } [apache2-bin] apache2.2-common: Spurious warning "NameVirtualHost *:80 has no VirtualHosts" in cron/logrotate output There is no source info for the package 'apache2-bin' at version '2.2.22-4' with architecture '' Unable to make a source version for version '2.2.22-4' Marked as found in versions 2.2.22-4. > notfound 876636 2.4.27-6 Bug #876636 {Done: Christian Göttsche } [apache2] apache2: insserv noise No longer marked as found in versions apache2/2.4.27-6. > thanks Stopping processing here. Please contact me if you need assistance. -- 663530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663530 876636: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876636 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1000114: marked as done (apache2: depends on obsolete pcre3 library)
Your message dated Tue, 28 Dec 2021 19:33:34 + with message-id and subject line Bug#1000114: fixed in apache2 2.4.52-2 has caused the Debian Bug report #1000114, regarding apache2: depends on obsolete pcre3 library to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1000114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: apache2 Severity: important User: matthew-pcre...@debian.org Usertags: obsolete-pcre3 Dear maintainer, Your package still depends on the old, obsolete PCRE3[0] libraries (i.e. libpcre3-dev). This has been end of life for a while now, and upstream do not intend to fix any further bugs in it. Accordingly, I would like to remove the pcre3 libraries from Debian, preferably in time for the release of Bookworm. The newer PCRE2 library was first released in 2015, and has been in Debian since stretch. Upstream's documentation for PCRE2 is available here: https://pcre.org/current/doc/html/ Many large projects that use PCRE have made the switch now (e.g. git, php); it does involve some work, but we are now at the stage where PCRE3 should not be used, particularly if it might ever be exposed to untrusted input. This mass bug filing was discussed on debian-devel@ in https://lists.debian.org/debian-devel/2021/11/msg00176.html Regards, Matthew [0] Historical reasons mean that old PCRE is packaged as pcre3 in Debian --- End Message --- --- Begin Message --- Source: apache2 Source-Version: 2.4.52-2 Done: Yadd We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1000...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yadd (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 28 Dec 2021 20:01:43 +0100 Source: apache2 Architecture: source Version: 2.4.52-2 Distribution: experimental Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Closes: 1000114 Changes: apache2 (2.4.52-2) experimental; urgency=medium . * Build with pcre2 (Closes: #1000114) Checksums-Sha1: 24df80aeb69c3b262702491e5cdadadf6ce8fada 3474 apache2_2.4.52-2.dsc 86a53e3b3c7cd215261ac14bca7558c2e173a46f 890768 apache2_2.4.52-2.debian.tar.xz Checksums-Sha256: 8caf78d4eb34ea4bde694e48fc470ca2ab9f96768cf02d46ef221c9b05c0028c 3474 apache2_2.4.52-2.dsc d00120b36fd572212e2ed886137d32904cae9308a7d624f1033bf31cc411dc92 890768 apache2_2.4.52-2.debian.tar.xz Files: 81b813a6c33850dc6dc8c96a70a51bbe 3474 httpd optional apache2_2.4.52-2.dsc 41180a6b3549d15dd7d275e3ee8b1f83 890768 httpd optional apache2_2.4.52-2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmHLYSwACgkQ9tdMp8mZ 7ungwRAAkqqXAiFfj2jeNkvPJKil0to/qbklSOggYQBkGcWoBbLGyoW6rRHcssDY t1iMcVaLyODfy4gwKyqST4NCVblnzogbzv8DMuRnL9z2C5YCvQ+WrC0zGo8HqBEU aGtBGHxk86JL/WgqVZLTUlHySo2466B93RlklOiTrgFn+KGvtvNAYDEwjl85O877 p37cDwNr1mbd0804Rsd0mA6fNXpIig9TCLOn4asi2CiBN0fQTn6rybfyXQlouqlc X9Ycb0EZEgUKm4zMCZUr2bantN1kUszgZhXwqYIQRTx8tpH5aY5cSgxGte1aFB8A uJyRIoLwoKIuH9jF+Yvz/iUAf3gJq5AR6gY0lXkc6gt5R+TioI9zn4n+C1zD1cpR dDRADZJCuUE8qYiuORMuqwiMnAHiSOqzv0pYLo3B34CW7mH1A9P62kU6QRZaEkdv n19GL7HwbMP29PsX6/JMNPzijyfDx7YYlkckoVUTRpCpwiAlUIfeZUIg2cEYyLF+ cCLllzdhsq9cDBq9X351Qfjx/NmggVWFT1jC6T7uzfbxbZUbmZ4wt7VQSTMK7FLC CubijlqwhZOY9L3NpeqOxiGmuZRlJYKpPnMqPtuiwe9BSmSvQ7ovnlgAoVY0BY97 VuYnP+KXk0o2mPcUBZkWcDwJpXHn0iCl7nJgfR3BcPU+lv64/BA= =Ew5p -END PGP SIGNATURE End Message ---
Processed: Bug#1000114 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1000114 [src:apache2] apache2: depends on obsolete pcre3 library Ignoring request to alter tags of bug #1000114 to the same tags previously set -- 1000114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: tagging 489625
Processing commands for cont...@bugs.debian.org: > tags 489625 - fixed-upstream Bug #489625 [libapr1-dev] libapr1-dev: please don't ship your own copy of libtool Removed tag(s) fixed-upstream. > thanks Stopping processing here. Please contact me if you need assistance. -- 489625: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489625 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#1000114: apache2: depends on obsolete pcre3 library
Processing control commands: > tags -1 + moreinfo Bug #1000114 [src:apache2] apache2: depends on obsolete pcre3 library Added tag(s) moreinfo. -- 1000114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#1000114 marked as pending in apache2
Processing control commands: > tag -1 pending Bug #1000114 [src:apache2] apache2: depends on obsolete pcre3 library Added tag(s) pending. -- 1000114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#996570: marked as done (libapache2-mod-proxy-uwsgi: ProxyPass sends wrong PATH_INFO to uwsgi)
Your message dated Mon, 15 Nov 2021 11:02:54 +0100 with message-id and subject line Re: Bug#996570: Acknowledgement (libapache2-mod-proxy-uwsgi: ProxyPass sends wrong PATH_INFO to uwsgi) has caused the Debian Bug report #996570, regarding libapache2-mod-proxy-uwsgi: ProxyPass sends wrong PATH_INFO to uwsgi to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 996570: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996570 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libapache2-mod-proxy-uwsgi Version: 2.4.38-3+deb10u6 Severity: important Dear Maintainer, after installing version 2.4.38-3+deb10u6 our uwsgi webservice did not work anymore. The apache2 config contains the line ProxyPass /networks/v1/ unix:/var/run/uwsgi/networks-api.socket|uwsgi://networks/v1/ retry=0 A request to https://server.uni-paderborn.de/networks/v1/name/imt_infra_ntp used to result in PATH_INFO set to "/name/imt_infra_ntp", so stripping off the first two directories "/networks/v1/" as set in the config. Version 2.4.38-3+deb10u6 contains a security fix for setting PATH_INFO, but it seems to get confused with directories: In our case PATH_INFO is set to "/v1/name/imt_infra_ntp" which renders our uwsgi webservice useless. Thanks for fixing, Christopher -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mod-proxy-uwsgi depends on: ii apache2 2.4.38-3+deb10u5 libapache2-mod-proxy-uwsgi recommends no packages. libapache2-mod-proxy-uwsgi suggests no packages. -- no debconf information --- End Message --- --- Begin Message --- Hi, this was not a bug but only a configuration problem or a misunderstanding of how to configure the module. For clearance: Actually the proxy worker/backend is solely identified by the uwsgi URL, the unix socket part is completely ignored at init time (when the backend URL is registered) and thus when the request URL is mapped to a registered backend URL (to determine which backend backend parameters apply, like timeout or ... connections reuse). The hostname part of the uwsgi URL is not used for DNS resolution since the endpoint is the unix socket path. So if you want to run two or more different services on the same host which would result in identical uwsgi URLs, just use different (virtual) hostnames to make them distinguishable. Thanks, Christopher -- == Dipl.-Ing. Christopher Odenbach Zentrum fuer Informations- und Medientechnologien Universitaet Paderborn Raum N5.314 odenb...@uni-paderborn.de Tel.: +49 5251 60 5315 == OpenPGP_signature Description: OpenPGP digital signature --- End Message ---
Bug#990228: marked as done (openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/de
Your message dated Sun, 07 Nov 2021 17:05:52 + with message-id and subject line Bug#990228: fixed in ssl-cert 1.1.1 has caused the Debian Bug report #990228, regarding openssl: breaks ssl-cert installation: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 990228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990228 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: openssl Version: 3.0.0~~alpha16-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package causes other package to fail installation/upgrading. >From the attached log (scroll to the bottom...): ... Setting up openssl (3.0.0~~alpha16-1) ... Setting up libbsd0:amd64 (0.11.3-1) ... Setting up readline-common (8.1-2) ... Setting up libxml2:amd64 (2.9.10+dfsg-6.7) ... Setting up libgdbm6:amd64 (1.19-2) ... Setting up postgresql-client-common (226) ... Setting up libedit2:amd64 (3.1-20210522-1~exp1) ... Setting up libreadline8:amd64 (8.1-2) ... Setting up libldap-2.4-2:amd64 (2.4.57+dfsg-3) ... Setting up libllvm11:amd64 (1:11.0.1-2) ... Setting up ssl-cert (1.1.0+nmu1) ... Could not create certificate. Openssl output was: Generating a RSA private key ..+..+..+...+.+...+.+...+...+..+...+.+..+...+.+...+...+..+.+.+...+...+.+..++..+..+*.+*..+..++...+.+..+...++..+.++..++...++..+.+...+..+...+...+.+..+...+.++.+++.+..+.+.+..+..+.+...+.+.+.++.+.+.++++...+ ..+.++...+...+...+..+..+.+...+.++...+.+..+..+..+*+...++..+...+..+...+..+.+..+*+..+...++..++..++.+..+...++.+.+..+.+.+..+.+..+..+..+.+++.++..+...+.+...+...+...+...+..++...+..+.+ Writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key' - Warning: No -copy_extensions given; ignoring any extensions in the request Cannot write random bytes: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom dpkg: error processing package ssl-cert (--configure): installed ssl-cert package post-installation script subprocess returned error exit status 1 dpkg: dependency problems prevent configuration of postgresql-common: postgresql-common depends on ssl-cert (>= 1.0.11); however: Package ssl-cert is not configured yet. ... Hmm, well, yes, /dev/urandom is not a regular file. It's a character device node. cheers, Andreas postgresql-14_14~beta1-1.log.gz Description: application/gzip --- End Message --- --- Begin Message --- Source: ssl-cert Source-Version: 1.1.1 Done: Stefan Fritsch We believe that the bug you reported is fixed in the latest version of ssl-cert, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 990...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch (supplier of updated ssl-cert package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Nov 2021 17:33:48 +0100 Source: ssl-cert Architecture: source Version: 1.1.1 Distribution: unstable Urgency: medium Maintainer: Debian
Processed: tagging 990228
Processing commands for cont...@bugs.debian.org: > tags 990228 + pending Bug #990228 [ssl-cert] openssl: breaks ssl-cert installation: 8022CB35777F:error:127A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 990228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990228 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: affects 996570
Processing commands for cont...@bugs.debian.org: > affects 996570 + security.debian.org,release.debian.org Bug #996570 [libapache2-mod-proxy-uwsgi] libapache2-mod-proxy-uwsgi: ProxyPass sends wrong PATH_INFO to uwsgi Added indication that 996570 affects security.debian.org and release.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 996570: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996570 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: Bug#995961: libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1
Processing commands for cont...@bugs.debian.org: > reassign 995961 apache2 Bug #995961 [libapache2-mpm-itk] libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 Bug reassigned from package 'libapache2-mpm-itk' to 'apache2'. No longer marked as found in versions mpm-itk/2.4.7-04-1. Ignoring request to alter fixed versions of bug #995961 to the same values previously set > found 995961 2.4.51-1~deb11u1 Bug #995961 [apache2] libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 Marked as found in versions apache2/2.4.51-1~deb11u1. > found 995961 2.4.51-1 Bug #995961 [apache2] libapache2-mpm-itk: Error "AH00052: child pid exit signal Segmentation fault" after update to apache 2.4.51-1~deb11u1 Marked as found in versions apache2/2.4.51-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 995961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: libapache2-mod-proxy-uwsgi 2.0.14+20161117-3+deb9u4 - duplicated request path
Processing commands for cont...@bugs.debian.org: > reassign 995368 uwsgi Bug #995368 [libapache2-mod-proxy-uwsgi] Bug in Package: libapache2-mod-proxy-uwsgi Bug reassigned from package 'libapache2-mod-proxy-uwsgi' to 'uwsgi'. Ignoring request to alter found versions of bug #995368 to the same values previously set Ignoring request to alter fixed versions of bug #995368 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 995368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems