Debian Bug report logs -
#541607
apache2: fails to start because of SSL configuration changes
Reported by: "Marc Dequènes (Duck)" <duck@duckcorp.org>
Date: Fri, 14 Aug 2009 21:42:02 UTC
Severity: grave
Found in version apache2/2.2.12-1
Fixed in version apache2/2.2.13-2
Done: Stefan Fritsch <sf@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Fri, 14 Aug 2009 21:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to "Marc Dequènes (Duck)" <duck@duckcorp.org>:
New Bug report received and forwarded. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Fri, 14 Aug 2009 21:42:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: apache2
Version: 2.2.12-1
Severity: grave
Justification: apache2 with a (quite common) SSL configuration won't work
Coin,
I just upgraded from 2.2.11-6 to 2.2.12-1, and my server failed to
start with the following error:
[error] Server should be SSL-aware but has no certificate
configured [Hint: SSLCertificateFile]
This configuration is working (unchanged) since months without any
problem, and all the SSL-aware vhosts have proper
SSLCertificateFile-and-friends parameters. My SSL certificate is not
expired and openssl verify is perfectly happy with it.
There is no indication in NEWS.Debian of any important configuration change.
I tried to add SSL parameters from a working SSL vhost at the global
configuration level, and the error disappeared, but the server still
fails to start. Without any other error message, i then don't know
what to do next to please this new version.
I reverted to 2.2.11-6 for the time being.
--
Marc Dequènes (Duck)
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Sun, 23 Aug 2009 11:57:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Laurent <laurent+debian@desgrange.net>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Sun, 23 Aug 2009 11:57:08 GMT) (full text, mbox, link).
Message #10 received at 541607@bugs.debian.org (full text, mbox, reply):
Hi,
Same problem here.
I managed to get rid of it by declaring SSLCertificateFile and
SSLCertificateKeyFile only once (I put it in ssl.conf) and having only
"SSLEngine on" in all SSL vhosts configurations.
Looks like apache is more strict on configuration files now. So, it may not
be a bug but it's really disturbing to have a working configuration failing
that way after an upgrade.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Sun, 30 Aug 2009 19:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Julian Mehnle <julian@mehnle.net>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Sun, 30 Aug 2009 19:21:07 GMT) (full text, mbox, link).
Message #15 received at 541607@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I, too, can confirm this for 2.2.12-1.
I wasted two hours trying to figure out if there was *some* way to adjust
my configuration to make it work, to no avail. After all, I was forced
to downgrade to 2.2.11, which I was using before.
Luckily I still had the packages in my cache, or I would have been doomed,
as snapshot.debian.net seems to carry only rather old versions of apache2
(2.2.8 or something).
Surprisingly, this issue seems to be unknown upstream, so I'm not sure if
this actually occurs in upstream or is rather caused by one of the Debian
specific patches in this package.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Fri, 04 Sep 2009 18:48:07 GMT) (full text, mbox, link).
Acknowledgement sent
to sf@debian.org, 541607@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Fri, 04 Sep 2009 18:48:07 GMT) (full text, mbox, link).
Message #20 received at 541607@bugs.debian.org (full text, mbox, reply):
Hi,
On Friday 14 August 2009, Marc Dequènes (Duck) wrote:
> I just upgraded from 2.2.11-6 to 2.2.12-1, and my server failed to
> start with the following error:
> [error] Server should be SSL-aware but has no certificate
> configured [Hint: SSLCertificateFile]
I can't reproduce that problem. Can one of you please provide some
more detailed information about his configuration? The output of
egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)'
/etc/apache2/*conf* /etc/apache2/*enabled
would be nice.
Cheers,
Stefan
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Sat, 05 Sep 2009 09:12:03 GMT) (full text, mbox, link).
Acknowledgement sent
to sf@debian.org, 541607@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Sat, 05 Sep 2009 09:12:03 GMT) (full text, mbox, link).
Message #25 received at 541607@bugs.debian.org (full text, mbox, reply):
On Friday 04 September 2009, Stefan Fritsch wrote:
> egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)'
> /etc/apache2/*conf* /etc/apache2/*enabled
One configuration where I see this error is with:
NameVirtualHost *:443
and several *:443 virtual hosts, where one of them has "sslengine on"
but is missing the sslcertificatefile/sslcertificatekeyfile. The grep
above can help find such virtual hosts.
Does this help for you?
BTW, for those needing to downgrade, I put old i386 builds at:
http://people.debian.org/~sf/2.2.11-6/
That version lacks some DoS security fixes, though.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Sat, 05 Sep 2009 16:39:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Julian Mehnle <julian@mehnle.net>:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Sat, 05 Sep 2009 16:39:05 GMT) (full text, mbox, link).
Message #30 received at 541607@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Stefan Fritsch wrote:
> I can't reproduce that problem. Can one of you please provide some
> more detailed information about his configuration? The output of
>
> egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)'
> /etc/apache2/*conf* /etc/apache2/*enabled
>
> would be nice.
I cannot disclose the set of web sites I'm hosting, so I have to mask some
of the information, but I think the following should give you an idea of
my configuration:
$ egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' /etc/apache2/*conf* /etc/apache2/*enabled
/etc/apache2/apache2.conf:NameVirtualHost *:80
/etc/apache2/apache2.conf:NameVirtualHost *:443
/etc/apache2/sites-enabled/00default:<VirtualHost *:80>
/etc/apache2/sites-enabled/00default: SSLEngine off
/etc/apache2/sites-enabled/00default:</VirtualHost>
/etc/apache2/sites-enabled/00default:<VirtualHost *:443>
/etc/apache2/sites-enabled/00default: SSLEngine on
/etc/apache2/sites-enabled/00default: SSLCertificateFile /etc/ssl/certs/www.cer.pem
/etc/apache2/sites-enabled/00default: SSLCertificateKeyFile /etc/ssl/private/www.cer+key.pem
/etc/apache2/sites-enabled/00default:</VirtualHost>
/etc/apache2/sites-enabled/SITE01:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE01:</VirtualHost>
/etc/apache2/sites-enabled/SITE01:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE01:</VirtualHost>
/etc/apache2/sites-enabled/SITE01:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE01:</VirtualHost>
/etc/apache2/sites-enabled/SITE01:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE01:</VirtualHost>
/etc/apache2/sites-enabled/SITE01.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE01.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE01.B:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE01.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE01.C:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE01.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE01.D:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE01.D:</VirtualHost>
/etc/apache2/sites-enabled/SITE01.E:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE01.E:</VirtualHost>
/etc/apache2/sites-enabled/SITE02:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE02:</VirtualHost>
/etc/apache2/sites-enabled/SITE02:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE02:</VirtualHost>
/etc/apache2/sites-enabled/SITE02.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE02.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE02.B:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE02.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE02.B:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE02.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE02.C:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE02.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE03:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE03:</VirtualHost>
/etc/apache2/sites-enabled/SITE03:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE03:</VirtualHost>
/etc/apache2/sites-enabled/SITE03.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE03.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE04:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE04:</VirtualHost>
/etc/apache2/sites-enabled/SITE04.A:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE04.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE04.B:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE04.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE04.C:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE04.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE05:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05:</VirtualHost>
/etc/apache2/sites-enabled/SITE05:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE05:</VirtualHost>
/etc/apache2/sites-enabled/SITE05.A:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE05.A:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE05.B:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE05.B:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE05.C:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE05.C:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE05.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE06:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE06:</VirtualHost>
/etc/apache2/sites-enabled/SITE06:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE06:</VirtualHost>
/etc/apache2/sites-enabled/SITE06.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE06.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE07:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE07:</VirtualHost>
/etc/apache2/sites-enabled/SITE07:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE07:</VirtualHost>
/etc/apache2/sites-enabled/SITE07.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE07.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE07.B:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE07.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE07.C:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE07.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE07.D:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE07.D:</VirtualHost>
/etc/apache2/sites-enabled/SITE07.E:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE07.E:</VirtualHost>
/etc/apache2/sites-enabled/SITE08:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE08:</VirtualHost>
/etc/apache2/sites-enabled/SITE08.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE08.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE08.B:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE08.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE08.C:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE08.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE09:<VirtualHost *:80>
/etc/apache2/sites-enabled/SITE09:</VirtualHost>
/etc/apache2/sites-enabled/SITE09:<VirtualHost *:443>
/etc/apache2/sites-enabled/SITE09:</VirtualHost>
/etc/apache2/sites-enabled/SITE09.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE09.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE10.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE10.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE10.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE10.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE11.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE11.A:</VirtualHost>
/etc/apache2/sites-enabled/SITE11.B:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE11.B:</VirtualHost>
/etc/apache2/sites-enabled/SITE11.C:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE11.C:</VirtualHost>
/etc/apache2/sites-enabled/SITE11.D:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE11.D:</VirtualHost>
/etc/apache2/sites-enabled/SITE12.A:<VirtualHost *:80 *:443>
/etc/apache2/sites-enabled/SITE12.A:</VirtualHost>
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Apache Maintainers <debian-apache@lists.debian.org>:
Bug#541607; Package apache2.
(Sun, 06 Sep 2009 19:51:02 GMT) (full text, mbox, link).
Acknowledgement sent
to 541607@bugs.debian.org, sf@debian.org:
Extra info received and forwarded to list. Copy sent to Debian Apache Maintainers <debian-apache@lists.debian.org>.
(Sun, 06 Sep 2009 19:51:03 GMT) (full text, mbox, link).
Message #35 received at 541607@bugs.debian.org (full text, mbox, reply):
Thanks for the info.
On Saturday 05 September 2009, Julian Mehnle wrote:
> /etc/apache2/apache2.conf:NameVirtualHost *:80
> /etc/apache2/apache2.conf:NameVirtualHost *:443
> /etc/apache2/sites-enabled/00default:<VirtualHost *:80>
> /etc/apache2/sites-enabled/00default: SSLEngine off
> /etc/apache2/sites-enabled/00default:</VirtualHost>
> /etc/apache2/sites-enabled/00default:<VirtualHost *:443>
> /etc/apache2/sites-enabled/00default: SSLEngine on
> /etc/apache2/sites-enabled/00default: SSLCertificateFile
> /etc/ssl/certs/www.cer.pem /etc/apache2/sites-enabled/00default:
> SSLCertificateKeyFile /etc/ssl/private/www.cer+key.pem
> /etc/apache2/sites-enabled/00default:</VirtualHost>
...
> /etc/apache2/sites-enabled/SITE01.A:<VirtualHost *:80 *:443>
> /etc/apache2/sites-enabled/SITE01.A:</VirtualHost>
That's a rather interesting abuse of the apache configuration. I would
not have thought that it worked, but I immediately see how it is
useful. But I am pretty sure it only worked by accident. You are
relying on the fact that a virtual host inherits the SSL* settings
from its corresponding default virtual host There is nothing in the
documentation that this is an intended behaviour. Virtual hosts should
only inherit from the main server configuration.
Now, since there is proper support for ssl name based virtual hosts
since 2.2.12, this broke. The "fix" would be to use something like
this:
Put the contents of SITE01.A without the VirtualHost lines into some
file outside of sites-enabled. Then in sites-enabled/SITE01.A, put
something like:
<VirtualHost *:80>
Include /etc/apache2/sites-includes/SITE01.A
</VirtualHost>
<VirtualHost *:443>
Include /etc/apache2/sites-includes/SITE01.A
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.cer.pem
SSLCertificateKeyFile /etc/ssl/private/www.cer+key.pem
</VirtualHost>
You will also need to add the SSL* directives to the other *:443
virtual hosts.
Can you try that?
Cheers,
Stefan
Added tag(s) pending.
Request was from Stefan Fritsch <sf@debian.org>
to control@bugs.debian.org.
(Wed, 16 Sep 2009 18:51:08 GMT) (full text, mbox, link).
Reply sent
to Stefan Fritsch <sf@debian.org>:
You have taken responsibility.
(Wed, 16 Sep 2009 22:33:43 GMT) (full text, mbox, link).
Notification sent
to "Marc Dequènes (Duck)" <duck@duckcorp.org>:
Bug acknowledged by developer.
(Wed, 16 Sep 2009 22:33:43 GMT) (full text, mbox, link).
Message #42 received at 541607-close@bugs.debian.org (full text, mbox, reply):
Source: apache2
Source-Version: 2.2.13-2
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:
apache2-dbg_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-dbg_2.2.13-2_i386.deb
apache2-doc_2.2.13-2_all.deb
to pool/main/a/apache2/apache2-doc_2.2.13-2_all.deb
apache2-mpm-event_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-mpm-event_2.2.13-2_i386.deb
apache2-mpm-itk_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-mpm-itk_2.2.13-2_i386.deb
apache2-mpm-prefork_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-mpm-prefork_2.2.13-2_i386.deb
apache2-mpm-worker_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-mpm-worker_2.2.13-2_i386.deb
apache2-prefork-dev_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-prefork-dev_2.2.13-2_i386.deb
apache2-suexec-custom_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-suexec-custom_2.2.13-2_i386.deb
apache2-suexec_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-suexec_2.2.13-2_i386.deb
apache2-threaded-dev_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-threaded-dev_2.2.13-2_i386.deb
apache2-utils_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2-utils_2.2.13-2_i386.deb
apache2.2-bin_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2.2-bin_2.2.13-2_i386.deb
apache2.2-common_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2.2-common_2.2.13-2_i386.deb
apache2_2.2.13-2.diff.gz
to pool/main/a/apache2/apache2_2.2.13-2.diff.gz
apache2_2.2.13-2.dsc
to pool/main/a/apache2/apache2_2.2.13-2.dsc
apache2_2.2.13-2_i386.deb
to pool/main/a/apache2/apache2_2.2.13-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 541607@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 16 Sep 2009 20:55:02 +0200
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source i386 all
Version: 2.2.13-2
Distribution: unstable
Urgency: high
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
apache2 - Apache HTTP Server metapackage
apache2-dbg - Apache debugging symbols
apache2-doc - Apache HTTP Server documentation
apache2-mpm-event - Apache HTTP Server - event driven model
apache2-mpm-itk - multiuser MPM for Apache 2.2
apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
apache2-mpm-worker - Apache HTTP Server - high speed threaded model
apache2-prefork-dev - Apache development headers - non-threaded MPM
apache2-suexec - Standard suexec program for Apache 2 mod_suexec
apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
apache2-threaded-dev - Apache development headers - threaded MPM
apache2-utils - utility programs for webservers
apache2.2-bin - Apache HTTP Server common binary files
apache2.2-common - Apache HTTP Server common files
Closes: 541536 541607 544509 545951
Changes:
apache2 (2.2.13-2) unstable; urgency=high
.
* mod_proxy_ftp security fixes (closes: #545951):
- DoS by malicious ftp server (CVE-2009-3094)
- missing input sanitization: a user could execute arbitrary ftp commands
on the backend ftp server (CVE-2009-3095)
* Add entries to NEWS.Debian and README.Debian about Apache being stricter
about certain misconfigurations involving name based SSL virtual hosts.
Also make Apache print the location of the misconfigured VirtualHost when
it complains about a missing SSLCertificateFile statement. Closes: #541607
* Add Build-Conflicts: autoconf2.13 (closes: #541536).
* Adjust priority of apache2-mpm-itk to extra.
* Switch apache2.2-common and the four mpm packages from architecture all to
any. This is stupid but makes apache2 binNMUable again (closes: #544509).
* Bump Standards-Version (no changes).
Checksums-Sha1:
bbd12d630b1005da87f4a40d1e7889a10c8de1e9 1813 apache2_2.2.13-2.dsc
7938c204ffb780f9f66dc20269d049f99877c53f 181484 apache2_2.2.13-2.diff.gz
34209f96e048870b3b3e957f2b3d95237bd04965 292296 apache2.2-common_2.2.13-2_i386.deb
208a848093a9cce5610ebb80ae1b59bb5b91587b 1301960 apache2.2-bin_2.2.13-2_i386.deb
85be746b8de17525a4c6fc3e42c2f77bdb189848 2268 apache2-mpm-worker_2.2.13-2_i386.deb
817038c091c470b463ed0eb30038d18055938701 2330 apache2-mpm-prefork_2.2.13-2_i386.deb
f5ea922ce44cc90f0d2dad5c1ba5cbb57fbfaa23 2300 apache2-mpm-event_2.2.13-2_i386.deb
5c7fb9e384ff086f5c759dd1c82a7a50f8cf61bb 2328 apache2-mpm-itk_2.2.13-2_i386.deb
80a939fcd07158426bf46a4335d98e3919393863 154800 apache2-utils_2.2.13-2_i386.deb
ee1532bdeb716d7a65b070f44c125a9b0c719417 90904 apache2-suexec_2.2.13-2_i386.deb
9705b9247d5f1bc8a43ce4fd23c0f473cf8c2755 92454 apache2-suexec-custom_2.2.13-2_i386.deb
9d94647ee45435dfe7b6fd615de87caa43a322d1 1376 apache2_2.2.13-2_i386.deb
15b21bf3143516d9cf474cf8b07eca7b0a4498ba 138032 apache2-prefork-dev_2.2.13-2_i386.deb
0695a7874db9faf3a1f3b3f486a02f1215a536b9 139216 apache2-threaded-dev_2.2.13-2_i386.deb
1fe9992cb0b4506b69deab0f1eba372167846b14 2672452 apache2-dbg_2.2.13-2_i386.deb
8f355ceb4dc3863438dcf5356f7cccf422c21a45 2272814 apache2-doc_2.2.13-2_all.deb
Checksums-Sha256:
aaf0110a68aa27e084f356c343c4aa411e35c01bdd519992615fa722cf72a5bd 1813 apache2_2.2.13-2.dsc
269b3301498c8ff0a5187502a1999ad7e78d35e3afafc2bfba8747d7256b5930 181484 apache2_2.2.13-2.diff.gz
bf601051a11727ca378925b2f08fc1c0f1fbc45fc375c54b38809974e1005b77 292296 apache2.2-common_2.2.13-2_i386.deb
4f1f9bb778349d1a8955e953364e9fcd22ff26f9007b568ee7f2ac3410beae54 1301960 apache2.2-bin_2.2.13-2_i386.deb
d9e11cea3b05c0eca723851beb6b6977db22d99221af107b8064072bbdd98087 2268 apache2-mpm-worker_2.2.13-2_i386.deb
bb7bc32609b0393c8f23c4092a919aec8541f7edb19b246124228bc7ad0d80c3 2330 apache2-mpm-prefork_2.2.13-2_i386.deb
efac0d8b55f1758170e41a824800703861cf64fe4dac0ff6d98d2612ec9e83d3 2300 apache2-mpm-event_2.2.13-2_i386.deb
c5d6389bb3d5a8ad95ac476ecd0b8eccf87eee9fdb022b662eed801d5c963a92 2328 apache2-mpm-itk_2.2.13-2_i386.deb
6f9fb6690307496ab52005723a80ca3e1cc8527170f57454610662324ffb4764 154800 apache2-utils_2.2.13-2_i386.deb
7a212bc37d2219500de6e15bf3224bb5a3348cd1ede593aa28812ed13779676d 90904 apache2-suexec_2.2.13-2_i386.deb
71baa7bce8942912efe669378dfe3f0fce5fe9542d8ec5f600821c157af35f27 92454 apache2-suexec-custom_2.2.13-2_i386.deb
7710a1cca521eae7ca282ae0f21d914577bcfadbf5c503cb31e4569d845127e7 1376 apache2_2.2.13-2_i386.deb
da938db98baecb070b2839d287e54a6d0d95a681e9ea8d04982b389080a9ccc5 138032 apache2-prefork-dev_2.2.13-2_i386.deb
dfc063caae79629fa18744cea730ef73be2c0fc103ba7f5f0c6c0c9c7871bec7 139216 apache2-threaded-dev_2.2.13-2_i386.deb
cf2718c27af28f88343d7e3b7f19d09651d5a12ec5b31d025432b3ab8e05ebaf 2672452 apache2-dbg_2.2.13-2_i386.deb
22fbf875bbaf412d194d8604d61bf3045769414d840d939f1558663796e77887 2272814 apache2-doc_2.2.13-2_all.deb
Files:
97bad00546872899c897af892c472e61 1813 httpd optional apache2_2.2.13-2.dsc
b86f09d23e32384f679276007cbd9095 181484 httpd optional apache2_2.2.13-2.diff.gz
471bccf7c92ca8ee22fae71ef847e52a 292296 httpd optional apache2.2-common_2.2.13-2_i386.deb
286a5778b758a073aa296269e49cb596 1301960 httpd optional apache2.2-bin_2.2.13-2_i386.deb
ffa4691e7df5d0178d5ff7f9322c1b41 2268 httpd optional apache2-mpm-worker_2.2.13-2_i386.deb
e8743341f6b03f4c3d8b81fad957e738 2330 httpd optional apache2-mpm-prefork_2.2.13-2_i386.deb
2ff7fa8d12596611ded962aae41fce0b 2300 httpd optional apache2-mpm-event_2.2.13-2_i386.deb
22e76983a8954a25126b1e19f6b507ae 2328 httpd extra apache2-mpm-itk_2.2.13-2_i386.deb
39a3ffb8d6162841a1269c23bfb13479 154800 httpd optional apache2-utils_2.2.13-2_i386.deb
8ca00bd9a08c22b4797db31e4ee2abd7 90904 httpd optional apache2-suexec_2.2.13-2_i386.deb
cf2ba08382e1563c0194152509e843b3 92454 httpd extra apache2-suexec-custom_2.2.13-2_i386.deb
fd9b3cecff03088b35bddde0be34e2c8 1376 httpd optional apache2_2.2.13-2_i386.deb
7cfbf6f406d8cf1829d4ad5c8e5825b2 138032 httpd extra apache2-prefork-dev_2.2.13-2_i386.deb
f527eb83f7179f02b7cc0bc13261ae07 139216 httpd extra apache2-threaded-dev_2.2.13-2_i386.deb
0a58245ed8f8a40acf08589505afa026 2672452 debug extra apache2-dbg_2.2.13-2_i386.deb
31bb0c0e3c48710812e5dda3fc128e5c 2272814 doc optional apache2-doc_2.2.13-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFKsUSJbxelr8HyTqQRAgkBAJ9LUO53e3KLjYkG18vdJ06Jce90EwCdFwDa
WoBXtQ17ZlGTgSu60SHu65Q=
=XRVy
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 22 Oct 2009 07:29:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Apr 16 03:46:18 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.