Your message dated Tue, 07 Sep 2021 08:37:43 +0000
with message-id <[email protected]>
and subject line Bug#868949: fixed in libapache2-mod-auth-openidc 2.4.9.4-1
has caused the Debian Bug report #868949,
regarding Bare install breaks apache2 reload
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
868949: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868949
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache2-mod-auth-openidc
Version: 2.1.6-1~bpo+1
Severity: important
Dear Maintainer,
This is some kind of a trap : simply enabling the module and performing
a reload (no restart) gives a non-responsive Apache2 server.
I had this first with jessie's 1.6.0-1, then with jessie-backports'
(reporting against the latter).
Steps to reproduce, once the package is installed :
a2enmod auth_openidc
systemctl reload apache2
then the HTTP server becomes unresponsive : accepts connections for a
while but hangs indefinitely, then does not accept connections at all.
The error log displays continuous segmentation faults that I saw only
while rechecking for this report (I had a first version with just
complains about missing directives, which is perhaps another story).
In any case, breaking an Apache2 server with a simple reload should not
happen (I'm even surprised it's possible)
With the segmentation faults, this looks quite similar to #850331. I did
not have the occasion yet to give it a try on a stretch system, in case
the backported version would have a compatibility issue with jessie's
Apache2
Thanks for your attention and your work in general!
--
Georges Racinet GPG: BF5456F4DC625443849B6E58EE20CA44EF691D39, sur
serveurs publics
--- End Message ---
--- Begin Message ---
Source: libapache2-mod-auth-openidc
Source-Version: 2.4.9.4-1
Done: Moritz Schlarb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libapache2-mod-auth-openidc, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Schlarb <[email protected]> (supplier of updated
libapache2-mod-auth-openidc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Sep 2021 09:37:15 +0200
Source: libapache2-mod-auth-openidc
Architecture: source
Version: 2.4.9.4-1
Distribution: unstable
Urgency: medium
Maintainer: Moritz Schlarb <[email protected]>
Changed-By: Moritz Schlarb <[email protected]>
Closes: 868949 883616 891224 993648
Changes:
libapache2-mod-auth-openidc (2.4.9.4-1) unstable; urgency=medium
.
* New upstream version 2.4.9.4
* Fix "CVE-2021-39191" (Closes: #993648)
* 2.4.9.2 fixed a regression regarding segfault at reload/restart
(Closes: #883616, #891224, #868949)
Checksums-Sha1:
6e0593f90c1dbf43efda8586732980feecfc953e 2528
libapache2-mod-auth-openidc_2.4.9.4-1.dsc
47f8b949552c3d32f019c5cf785c4672dc0f8aae 261544
libapache2-mod-auth-openidc_2.4.9.4.orig.tar.gz
64d79ff511f145f1131fc8e52b9883837773c690 5848
libapache2-mod-auth-openidc_2.4.9.4-1.debian.tar.xz
b6f2b10fdde35bf0e62c1bc4edb326f73bc2800c 7946
libapache2-mod-auth-openidc_2.4.9.4-1_amd64.buildinfo
Checksums-Sha256:
757c704a9229eff21b0a3665ea7fabfe6fd7b56501c879552a6d3c67c73b8792 2528
libapache2-mod-auth-openidc_2.4.9.4-1.dsc
142ee7abd49a4c6e2a7233c9124143709e733e8e51896c4a4f4172b0ffbc4741 261544
libapache2-mod-auth-openidc_2.4.9.4.orig.tar.gz
f0e8c3677b08282fffd71e401ae6f622c596676d60515d7c240fd80b5209b2e1 5848
libapache2-mod-auth-openidc_2.4.9.4-1.debian.tar.xz
2d2c83226d56c80d62009f6a2a656ac3cea08c702846f0f325638eb0f2473db9 7946
libapache2-mod-auth-openidc_2.4.9.4-1_amd64.buildinfo
Files:
7fc4a2d6a82b628e718fdc1042cc270f 2528 httpd optional
libapache2-mod-auth-openidc_2.4.9.4-1.dsc
21959e96f73545012afec7201f5f46fd 261544 httpd optional
libapache2-mod-auth-openidc_2.4.9.4.orig.tar.gz
8377c6fdb6f7a7cedbea6b0ddeeec969 5848 httpd optional
libapache2-mod-auth-openidc_2.4.9.4-1.debian.tar.xz
b4ddeb1f703c0289c8cbde81ddb32e02 7946 httpd optional
libapache2-mod-auth-openidc_2.4.9.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCgA0FiEE3wEiR7/GVQGv8oRFDCS4Qcfduq8FAmE3GPYWHHNjaGxhcmJt
QHVuaS1tYWluei5kZQAKCRAMJLhBx926ryc0D/9+bSB19PkraBM/N3ctbS1ns6nM
d1xx6AQfNBcPEzPk1axX2uqqtMG7t4goGn44dtBKe7iMxKxSobffnfuSmiU+j8L4
RCzPMeggRR/W5+DvxDz5Hu6PovZ4yqyLNjL45XQTx4ncAuAhLDl8odkAZpw8b3k/
kGDeBQbCFjQIDJFzCsKOHHNxWPi1ZMv03MISbR4drirfLbhoaSEcbcBDH7f3xT7U
g5qkPoboj24wkDFr6oacbSWsIOj/nttxHSmW41lnw68tKk/AaSvukErkQHJtGEbQ
prdy1quHcIDoGsx/UKLABsaXL955iODoTcL4JcFp/dcLJmnooKLAOuzplU4QFSil
AM5HU7sSNl0rVqOOeX9NptXmTjd9GmWVUu7hBWWN2zrJnyzxzh0uBi/SdJFHV8Zd
sFE+4DCjy2lIquSpWL0e/Mv8ZFOsTJwj4ai5OoOJUSWNFzDcD4HfUCeK5b/Agued
Ea6MMqIPVblzpfVvN3Ca6rTaIHfjtbD7RszN2EMpPpYEFK7UmrkbVNNT2oFZytc4
wydJ/QMOz4bqQa/2Sob95G/rFoPujtucFGKBZAMSkQM4BNjYeubf74ohlaBw7q7u
O+xaySunWtEa5xZaeqjN5hNHXVIEn2RBSDTKQU9/LgEfLxBu1zVnyR1OAN+D/cTz
u1kNKW6RHGcJHytkeg==
=q8c0
-----END PGP SIGNATURE-----
--- End Message ---
