Bug#1125368: marked as done (apache2-bin: regular seg faults in mod_http2)

Sat, 17 Jan 2026 14:25:54 -0800 

Your message dated Sat, 17 Jan 2026 22:23:17 +0000
with message-id <[email protected]>
and subject line Bug#1125368: fixed in apache2 2.4.66-3
has caused the Debian Bug report #1125368,
regarding apache2-bin: regular seg faults in mod_http2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1125368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125368
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: apache2-bin
Version: 2.4.66-1~deb12u1
Severity: important

Since installing Apache 2.4.66, I've had a number of segmentation faults
in mod_http2, on multiple servers (running similar config). The same 
configuration
did not fault in 2.4.65.

gdb says

Core was generated by `/usr/sbin/apache2 -k start'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  c1_purge_streams (m=m@entry=0x7f2b7801d738) at ./modules/http2/h2_mplx.c:606
Download failed: Invalid argument.  Continuing without source file 
./modules/http2/./modules/http2/h2_mplx.c.
606     ./modules/http2/h2_mplx.c: No such file or directory.
[Current thread is 1 (Thread 0x7f2b5cff96c0 (LWP 67321))]
(gdb) bt
#0  c1_purge_streams (m=m@entry=0x7f2b7801d738) at ./modules/http2/h2_mplx.c:606
#1  0x00007f2b9797cfe0 in h2_mplx_c1_poll (m=0x7f2b7801d738, 
timeout=timeout@entry=0, on_stream_input=on_stream_input@entry=0x7f2b97982230 
<on_stream_input>,
    on_stream_output=on_stream_output@entry=0x7f2b979820f0 <on_stream_output>, 
on_ctx=on_ctx@entry=0x7f2b7801d0a0) at ./modules/http2/h2_mplx.c:659
#2  0x00007f2b979861bc in h2_session_process (session=0x7f2b7801d0a0, async=1, 
pkeepalive=pkeepalive@entry=0x7f2b5cff8d44) at ./modules/http2/h2_session.c:2013
#3  0x00007f2b9796f81c in h2_c1_run (c=0x7f2b7805a360) at 
./modules/http2/h2_c1.c:132
#4  0x000056427a468fd0 in ap_run_process_connection (c=c@entry=0x7f2b7805a360) 
at ./server/connection.c:42
#5  0x00007f2b97c22743 in process_socket (thd=thd@entry=0x7f2b98f4e068, 
p=<optimized out>, sock=<optimized out>, cs=<optimized out>, 
my_child_num=my_child_num@entry=0,
    my_thread_num=my_thread_num@entry=11) at ./server/mpm/event/event.c:1098
#6  0x00007f2b97c2359a in worker_thread (thd=0x7f2b98f4e068, dummy=<optimized 
out>) at ./server/mpm/event/event.c:2252
#7  0x00007f2b990791f5 in start_thread (arg=<optimized out>) at 
./nptl/pthread_create.c:442
#8  0x00007f2b990f98dc in clone3 () at 
../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

This appears to be a known bug upstream: 
https://bz.apache.org/bugzilla/show_bug.cgi



Hamish


-- Package-specific info:

-- System Information:
Debian Release: 12.13
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-42-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apache2-bin depends on:
ii  libapr1                  1.7.2-3+deb12u1
ii  libaprutil1              1.6.3-1
ii  libaprutil1-dbd-sqlite3  1.6.3-1
ii  libaprutil1-ldap         1.6.3-1
ii  libbrotli1               1.0.9-2+b6
ii  libc6                    2.36-9+deb12u13
ii  libcrypt1                1:4.4.33-2
ii  libcurl4                 7.88.1-10+deb12u14
ii  libjansson4              2.14-2
ii  libldap-2.5-0            2.5.13+dfsg-5
ii  liblua5.3-0              5.3.6-2
ii  libnghttp2-14            1.52.0-1+deb12u2
ii  libpcre2-8-0             10.42-1
ii  libssl3                  3.0.18-1~deb12u1
ii  libxml2                  2.9.14+dfsg-1.3~deb12u5
ii  perl                     5.36.0-7+deb12u3
ii  zlib1g                   1:1.2.13.dfsg-1

apache2-bin recommends no packages.

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  elinks [www-browser]                             0.13.2-1+b4
ii  links [www-browser]                              2.28-1+b2
ii  lynx [www-browser]                               2.9.0dev.12-1
ii  netrik [www-browser]                             1.16.1-2+b2
ii  w3m [www-browser]                                0.5.3+git20230121-2

Versions of packages apache2 depends on:
ii  apache2-data               2.4.66-1~deb12u1
ii  apache2-utils              2.4.66-1~deb12u1
ii  init-system-helpers        1.65.2+deb12u1
ii  lsb-base                   11.6
ii  media-types                10.0.0
ii  perl                       5.36.0-7+deb12u3
ii  procps                     2:4.0.2-3
ii  sysvinit-utils [lsb-base]  3.06-4

Versions of packages apache2 recommends:
ii  ssl-cert  1.1.2

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  elinks [www-browser]                             0.13.2-1+b4
ii  links [www-browser]                              2.28-1+b2
ii  lynx [www-browser]                               2.9.0dev.12-1
ii  netrik [www-browser]                             1.16.1-2+b2
ii  w3m [www-browser]                                0.5.3+git20230121-2

Versions of packages apache2-bin is related to:
ii  apache2      2.4.66-1~deb12u1
ii  apache2-bin  2.4.66-1~deb12u1

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: apache2
Source-Version: 2.4.66-3
Done: Bastien Roucariès <[email protected]>

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucariès <[email protected]> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Jan 2026 12:54:11 +0100
Source: apache2
Architecture: source
Version: 2.4.66-3
Distribution: experimental
Urgency: medium
Maintainer: Debian Apache Maintainers <[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1054562 1072804 1122137 1125368
Changes:
 apache2 (2.4.66-3) experimental; urgency=medium
 .
   [ Helmut Grohne ]
   * Add a new cross build patch (Closes: #1122137)
 .
   [ Bastien Roucariès ]
   * Fix apache2-bin: regular seg faults in mod_http2
     (Closes: #1125368)
   * Emit per default XHTML for autoindex (Closes: #1072804)
   * Add a list-vhosts command (Closes: #1054562)
Checksums-Sha1:
 881bbd69c315b049096d4773a9aee0d8d4250469 3680 apache2_2.4.66-3.dsc
 9a2de37ab3a9e4603a0a98f4e2255a6bfed005d4 9828043 apache2_2.4.66.orig.tar.gz
 a0525bf2f2f51a508b61d7d78e3dca19276de0d0 833 apache2_2.4.66.orig.tar.gz.asc
 ed311926b331afe692d607eb2dd9746d4c54c9df 826748 apache2_2.4.66-3.debian.tar.xz
 e17bf0bf9789796459cb453bfae0e6b33f7766ae 5780 apache2_2.4.66-3_source.buildinfo
Checksums-Sha256:
 d79d6fe56221a581ce2a56b277ee0528e10eb3154ef239c8e34009eb9c39d6be 3680 
apache2_2.4.66-3.dsc
 442184763b60936471b88a91275f79d2407733b7aac27e345f270e8bc31c3d49 9828043 
apache2_2.4.66.orig.tar.gz
 d39cdcb8d723e3c5bd4edc1e248d52c4fd352fb10eeda91cae973b12325605bc 833 
apache2_2.4.66.orig.tar.gz.asc
 07d2e0da21ca91de7bf1b75d8a24896b9d451024235320e773edd36ba0afe8f3 826748 
apache2_2.4.66-3.debian.tar.xz
 007ae8b5ecc2bf328afcb3fcb284a9ed31d082cecf3d15fff9ee9c489a82335f 5780 
apache2_2.4.66-3_source.buildinfo
Files:
 f736d69a388d3d1a0218f1c15b0c4025 3680 httpd optional apache2_2.4.66-3.dsc
 91b20bb90cf7d1eeb225e5b7246ce93d 9828043 httpd optional 
apache2_2.4.66.orig.tar.gz
 2823799bf1d4b8e771a672d1d6f6ce60 833 httpd optional 
apache2_2.4.66.orig.tar.gz.asc
 1a9d624ead13a020c434fff4f4954888 826748 httpd optional 
apache2_2.4.66-3.debian.tar.xz
 8ff51f4bc959595655ee51fc16719dba 5780 httpd optional 
apache2_2.4.66-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpa4OJCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmdyiKehlYdLQkw8yMoWNtrtD7snzkr2P2lJ6jz31z7+
xhYhBF0Bh7lAokW617D1agA6Gi2qQQhfAABUnBAArSnpKiYwPIRHg6m2dgAugFI3
XtidhunWbrqjY4+J7epOZJT1Qj52mhSMhw8LROvBnJIMykrrKoi/wAQ9spYtDfeo
aNxVr0H7pO6+fIp1f6iBAFxmKwd1Nxq6aJ+GAvIj912R1a4qy2nH30fi9wSfJsX5
nFoUQ+vP+irUGxoU5dnAHgUoebbjKp+U4xKc83X2Zl4xD+xpCQGaxKPlmut1wrZY
qZjzCYRMmyPCpw1bRcXAx5Do8YTzwa2NHWI5yFzHBzp479ySkJX+tVhoEFwHjsPQ
eb1pQCBXFU7T9uOjv121AwXdfRBo8jUlMyRe4clkGECRGXBI27kPho/rOWc0Jnqp
ep+j/JqBOqeMWn6PoZCrvKvUHXj+fBrGQuWdmmEJ3A6pSZi54B0GTYBMkjVaNID4
dOukDGvUG+sOG60dJjRsT9GacDWkUJ0/wxtnCsz9vurSqAbM+gRTZ4IwJzPUaUfP
kHYFhqhwt+e+MrmBwecaStKtCIUNhXqayG1EACAsYW1aURThdmriGrzrhLfcj/1n
z/+6cJZ7M7yAF9hVM4MEJmaAhUb1cmwoKzwACPbiSDVH32RB6ovxqg25+EME+NM3
CcX0jHXthWnhViYQ7BNNBOkDW7uAfmXgX3Wh5MOsES6o2bDG75c6XfraKeNY5pUQ
ZOb1kcpApi/9uVsBf+g=
=3eb+
-----END PGP SIGNATURE-----

Attachment: pgplsCxq6rUfe.pgp
Description: PGP signature


--- End Message ---

Reply via email to