Hi,
I have created yet another default SSL configuration for this bug.
With this one it is possible to enable the default SSL site just with
"a2enmod ssl" (plus creation of a certificate). It does this by
including a default.common file twice into the
sites-available/default file, once inside
Package: apache2-mpm-worker
Version: 2.0.55-3
Severity: grave
Tags: patch security
CVE-2005-2970:
worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances.
A Patch is at
http://svn.apache.org/viewcvs?rev=292949&view=rev
--
To UNSUBSCRIBE, email t
Package: apache2-utils
Version: 2.0.55-4
Severity: wishlist
As a followup to CVE-2006-1078 and CVE-2006-1079:
This note from the htpasswd source:
"NOTE! This program is not safe as a setuid executable! Do not make it
setuid!"
should also be in the man page.
--
To UNSUBSCRIBE, email to [EMAI
Package: apache2
Version: 2.0.55-4
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-3918 reads:
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1
before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0
before 2.0.58, and 2.2 before 2.2.2, does no
Package: apache
Version: 1.3.34-2
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-3918 reads:
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1
before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0
before 2.0.58, and 2.2 before 2.2.2, does no
On Tuesday 08 August 2006 08:06, Norbert Tretkowski wrote:
> could you please give us a status update about the apache 2.2
> packages?
Are there realistic chances to get 2.2 into etch? If yes, are
preliminary packets available somewhere?
If no, we should go for 2.0.59. There have been quite a few
I cannot reproduce this here with unstable (apache2-mpm-worker
2.0.55-4.1).
Cheers,
Stefan
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Saturday 09 September 2006 12:35, Loïc Minier wrote:
> I think only apache was uploaded for CVE-2006-3918, and not
> apache2. Do you intend to issue a DSA for apache2 as well? Or
> isn't it affected by the vulnerability?
>
> This is fixed in apache2 >= 2.0.55-4.1 in unstable.
The issue is le
On Friday 06 October 2006 00:32, Jason Spiro wrote:
> > This can be done with mod_speling or with something like
> >
> > RewriteRule ^(.*)[,.]$ $1 [R]
> >
> > though the latter will prevent you from requesting any file
> > ending with period or comma. With some more refined rewrite magic
> > using
Besides, apache2ctl graceful does not restart the main apache process.
Only the worker processes are killed and forked off again. This means
the old executable keeps running, and apache or library updates won't
get active. On update, you need to do stop+start.
Cheers,
Stefan
--
To UNSUBSCRIB
> If Apache behaves like this, it's a security issue, especially if
> it occurs together with SuexecUserGroup. Non-privileged processes
> can intercept HTTP requests and impersonate the web server process.
mod_cgi closes the socket (I checked 2.2) so it is only an issue with
mod_php.
AFAIK mod_
forwarded 175351 http://issues.apache.org/bugzilla/show_bug.cgi?id=17629
thanks
this one is known upstream
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> Could you add application/x-javascript and text/css to
> deflate.conf?
This does not work reliably with MSIE 6.
For text/css this is definitely the case with the most current MSIE 6,
for application/x-javascript only with older versions (AFAIK).
I would not recommend to enable this now, maybe
On Monday 13 November 2006 06:30, Olaf van der Spek wrote:
> >> Could you add application/x-javascript and text/css to
> >> deflate.conf?
> >
> > This does not work reliably with MSIE 6.
> >
> > For text/css this is definitely the case with the most current
> > MSIE 6,
> >
> :(
>
> Do you have any
Some questions:
- are there any interesting entries in the apache error log?
- anything interesting in syslog, kern.log, ...?
- are you using php/cgi/... or just static content? If you use php,
what memory_limit have you set?
- what other modules do you use that are not enabled by default?
- how
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
also notes memory leaks in mod_deflate and mod_mem_cache. Do you use one
of these?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> We have mod_python, redirection with mod_proxy/mod_rewrite, PHP with
> memory limit set to 32M, DAV and DAV/SVN. The are no errors or other
> interesting entries in apache logs nor in any other log.
Maybe you could try disabling modules one by one to see which one is the
cause? There are reports
This upstream bug report could also be related:
"Server has a memory leak when handling chunked responses."
http://issues.apache.org/bugzilla/show_bug.cgi?id=40920
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I upgraded apache:
[REMOVE, NOT USED] libapr0
[INSTALL, DEPENDENCIES] apache2.2-common
[REMOVE, DEPENDENCIES] apache2-common
[UPGRADE] apache2 2.0.55-4.1 -> 2.2.3-3.1
[UPGRADE] apache2-mpm-prefork 2.0.55-4.1 -> 2.2.3-3.1
[UPGRADE] apache2-utils 2.0.55-4.1 -> 2.2.3-3.1
[UPGRADE] libapache2-mod-php4
Hi,
I did an upgrade of a simple setup of apache 2.0+php4 and it worked
quite well. The only issues were:
- the 000-default symlink was added to sites-enabled (see Bug#394462)
- there were some error messages that stopping apache failed (but it
was not running anymore when dpkg asked for confi
Thanks for the patch. I will take a look next week-end.
Cheers,
Stefan
Hi Raphael,
On Tuesday, 27 September 2016 09:56:41 CEST Raphael Hertzog wrote:
> On Wed, 21 Sep 2016, Stefan Fritsch wrote:
> > Thanks for the patch. I will take a look next week-end.
>
> Did you have the time to review my changes?
A bit, but not as much as I would have liked. An
Hi,
On Wednesday, 12 October 2016 15:27:45 CET Brendon Baumgartner wrote:
> We have a relatively busy webserver (about 1-2 million hits per day).
> Recently we experienced some downtime and tracked it to mod_cgid. Once we
> disabled this module, the crashes stopped.
>
> To induce the crash (doesn
tags 843014 wontfix
thanks
On Thursday, 3 November 2016 07:42:39 CET Heinrich Schuchardt wrote:
> This results in a header like:
> Server: Apache/2.4.10 (Debian)
>
> Sending the Apache and OS version is a waste of bandwidth.
> Unfortunately Apache does not allow to completely suppress this
> supe
On Friday, 4 November 2016 23:32:58 CET Hans van Kranenburg wrote:
> I would ask you to consider enabling gdbm support in apr-util so that
> users can use mod_authn_dbm in apache with AuthDBMType GDBM
We support Berkley DB (AuthDBMType db) in apr-util. Are there any advantages
of gdbm over db?
On Saturday, 5 November 2016 18:04:35 CET Hans van Kranenburg wrote:
> > We support Berkley DB (AuthDBMType db) in apr-util. Are there any
> > advantages of gdbm over db?
>
> Heh. I interpret this question as a suggestive one, suggesting there are
> none.
I really did not know. Thanks for the res
On Sunday, 6 November 2016 09:27:18 CET John Gates wrote:
> I have a server that needs to stay PCIDSS compliant and it is complaining
> that apache 2.4.10 is running... When is an update going to be
> available... Do I have to compile my own Apache version? Seems odd that
> stability is favored
Hi Kurt,
On Sunday, 25 September 2016 19:51:08 CET Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
> > tags 828236 + patch
>
> Bug #828236 [src:apache2] apache2: FTBFS with openssl 1.1.0
> Added tag(s) patch.
I am sorry, but I don't feel qualified to review t
Hi,
If these two packages cannot transition to openssl 1.1.0 before apache2 does,
I suggest that you build with openssl 1.0.2 explicitly and then downgrade the
bugs and unlink them from the transition bug. I don't have much hope that
apache2 will transition in time for stretch release.
Cheers,
On Thursday, 3 November 2016 13:51:46 CET martin f krafft wrote:
> Nov 3 13:49:49 albatross systemd[1]: Starting Disk Cache Cleaning Daemon
> for Apache HTTP Server... Nov 3 13:49:49 albatross htcacheclean[4246]:
> htcacheclean error: Could not set filepath to
> '/var/cache/apache2/mod_cache_disk
On Monday, 14 November 2016 05:03:45 CET Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
>
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all i
Hi again,
On Saturday, 12 November 2016 07:51:40 CET Stefan Fritsch wrote:
> If these two packages cannot transition to openssl 1.1.0 before apache2
> does, I suggest that you build with openssl 1.0.2 explicitly and then
> downgrade the bugs and unlink them from the transition bug. I d
Hi,
[I have trimmed the cc list a bit]
On Wednesday, 16 November 2016 20:36:49 CET Kurt Roeckx wrote:
> On Mon, Nov 14, 2016 at 03:06:44PM -0800, Russ Allbery wrote:
> > Stefan Fritsch writes:
> > > I must admit that I did not think of php when doing that change, sorry.
&
On Thursday, 17 November 2016 21:39:19 CET Kurt Roeckx wrote:
> > That header was created for mod_ssl_ct which provides support for
> > certificate transparency. It's quite new and likely that nothing else
> > uses the header. It would probably be acceptable to remove the dependency
> > in apache2
On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote:
> On Thu, Nov 17, 2016 at 11:18:57PM +0100, Stefan Fritsch wrote:
> > On Thursday, 17 November 2016 21:39:19 CET Kurt Roeckx wrote:
> > > > That header was created for mod_ssl_ct which provides support fo
On Friday, 18 November 2016 19:20:15 CET Adrian Bunk wrote:
> On Fri, Nov 18, 2016 at 06:10:31AM +0100, Stefan Fritsch wrote:
> > On Friday, 18 November 2016 01:09:53 CET Adrian Bunk wrote:
> > > What does create the dependency in
> > >
> > > https://bugs.
On Saturday, 19 November 2016 12:39:18 CET Peter Colberg wrote:
> apache2-dev was changed to depend on libssl1.0-dev | libssl-dev (<< 1.1)
> recently (#844160), which has caused a FTBFS in cgit that depends on
> libssl-dev without a version constraint.
>
> I would rather not constrain cgit’s build
On Saturday, 19 November 2016 18:06:44 CET Peter Colberg wrote:
> On Sat, Nov 19, 2016 at 11:58:41PM +0100, Stefan Fritsch wrote:
> > I will move the libssl-dev dependency to a new mod_ssl dev package. That
> > should avoid this issue without having to modify loads of other packag
On Monday, 14 November 2016 05:03:45 CET Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
>
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all i
On Friday, 2 December 2016 00:16:24 CET Sebastian Andrzej Siewior wrote:
> is there a reason for gridsite not to go for 3.0 (or backport the
> change) and libssl-dev? Apache stays 1.0 but does not expose anything
> SSL related (unless I read #828236 too quick).
(assuming you meant 1.1 instead of 3
On Monday, 5 December 2016 21:13:04 CET Salvatore Bonaccorso wrote:
> CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory
> can be exhausted and service denied when HTTP/2 is used.
There are a few more security issues fixed in the pending 2.4.24 release. I
will wait a bit more in
On Friday, 23 December 2016 18:56:54 CET Niko Tyni wrote:
> This passage in RFC 7230, section 9.4., seems relevant:
>
>A more effective mitigation is to prevent anything other than the
>server's core protocol libraries from sending a CR or LF within the
>header section, which means res
Hi Ola,
On Friday, 23 December 2016 23:56:45 CET Ola Lundqvist wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apache2:
> https://security-tracker.debian.org/tracker/CVE-2016-8743
>
> Would you like to take care of this yourse
On Saturday, 14 January 2017 12:33:55 CET Jonathan Vollebregt wrote:
> Actually that makes another point: according to RFC952 hostnames are
> allowed only a single period:
>
> http://www.ietf.org/rfc/rfc952.txt
>
> > ::= *["."]
> >::= [*[]]
>
> Unless this was updated in another
On Saturday, 14 January 2017 12:19:17 CET Jonathan Vollebregt wrote:
> Does this mean it's now impossible to create virtual hosts in apache for
> domain names with underscores?
>
> Unless they've silently added a DomainName directive somewhere this
> change breaks virtual hosts with internationa
On Saturday, 14 January 2017 19:36:34 CET Ondřej Surý wrote:
> Stefan,
>
> JFTR underscores in domain names are allowed, just not for hostnames. SRV,
> TLSA and other RRs make use of them.
But the character restriction for hostnames is valid for all parts of the FQDN
of a host. From RFC1035 sect
reassign 850885 dwww
severity 850885 grave
tags 850885 patch
thanks
On Thursday, 12 January 2017 06:50:16 CET Arjan Opmeer wrote:
> > is correct however, here's the HTTP header part:
> > Content-type: text/html
> > Last modified: Tue Dec 13 14:16:35 2016
> > Content-Disposition: inline
On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
> I would need people to start testing the package at this point, not
> necessarily in production considering how big the change is, but your
> comfort level will vary with the severity and complexity of services. :)
There is a separa
On Thursday, 19 January 2017 20:47:15 CET Stefan Fritsch wrote:
> On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
> > I would need people to start testing the package at this point, not
> > necessarily in production considering how big the change is, but your
> &g
On Thursday, 2 February 2017 18:56:38 CET Julian Gilbey wrote:
> [Thu Feb 02 18:14:44.630796 2017] [core:notice] [pid 3650] AH00052: child
> pid 3696 exit signal Aborted (6)
Please follow the instructions in /usr/share/doc/apache2/README.backtrace and
add a backtrace to this report. Thanks.
Chee
On Monday, 23 January 2017 14:38:51 CET Antoine Beaupré wrote:
> By the way, would it be possible to enable the test suite in the package
> build, since we have the code ready to go there anyways? Or in
> autopkgtest?
I have hacked something ugly into the package and an autopkgtest for running
th
tags 851357 wontfix
thanks
Upstream does not intend to change this behavior. See the thread starting at
http://mail-archives.apache.org/mod_mbox/httpd-dev/201702.mbox/
%3C20170202125319.GA15948%40redhat.com%3E
I won't deviate from upstream in the Debian 9 squeeze release, but I will
allow unde
anuary 2017 17:03:55 CET Antoine Beaupré wrote:
> On 2017-01-23 15:14:30, Antoine Beaupré wrote:
> > On 2017-01-22 11:25:08, Stefan Fritsch wrote:
> >> Test Summary Report
> >> ---
> >> t/apache/chunkinput.t (Wstat: 0 Tes
On Monday, 20 February 2017 15:27:23 CET Antoine Beaupré wrote:
> > Probably a good idea is to put the packages somewhere and ask for testers
> > on secur...@lists.debian.org.
>
> security@lists.d.o is not a list, as far as i know. there's
> debian-security@lists.d.o, but I never posted there...
Hi,
On Thursday, 23 February 2017 19:14:59 CET Jonas Meurer wrote:
> All right, then we should go for the update. Antoine, do you take care
> of it?
Great work and sorry that I did not have time to help you more.
In case it helps: For stable, I have suggested this text for the DSA to the
secur
On Thursday, 2 March 2017 16:15:45 CET Thorsten Glaser wrote:
> Apache 2 does not send *any* Content-Type header for plaintext files
> any more,
With "any more", do you mean that this is a regression, i.e. did it work in an
earlier version? If yes, which version?
On Friday, 3 March 2017 12:28:1
On Monday, 13 March 2017 08:07:01 CET Sergio Gelato wrote:
> Now that apache2 includes a native systemd unit, it may be prudent to stop
> assuming that /etc/init.d/apache2 exists. (It's still distributed as part
> of the package, but since it's a configuration file system administrators
> are free
Hi Raphael,
On Tuesday, 20 June 2017 16:38:12 CEST Raphael Hertzog wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apache2:
> https://security-tracker.debian.org/tracker/CVE-2017-3167
> https://security-tracker.debian.org/track
Hi Valentin,
Thanks for the report.
On Friday, 7 July 2017 14:30:59 CEST Valentin Vidic wrote:
> Stopping or restaring apache2 produces an error in kernel log:
>
> # systemctl apache2 stop
>
> Jul 7 14:13:52 stretch kernel: [ 5393.547573] apache2[7588]: segfault at
> 7f7e1113b7a0 ip 7f7e
reopen 851094
found 851094 2.4.27-2
thanks
Hi Raphael,
On Saturday, 15 July 2017 11:52:49 CEST Raphael Hertzog wrote:
> Hello Stefan,
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apache2:
> https://security-tracker.debian.org/tracker/CVE-2017-9788
>
> Would you like to
On Monday, 17 July 2017 16:57:00 CEST Roberto C. Sánchez wrote:
> I did the deb7u9 update of apache2 and I was not aware of the regression
> either. I wonder if it makes sense for bugs above a certain severity
> affecting versions of a package which are security uploads to show up in
> the securit
Hi Antoine,
On Wednesday, 19 July 2017 15:45:20 CEST Antoine Beaupre wrote:
> As I mentioned in the #858373 bug report, I started looking at fixing
> the regression introduced by the 2.2.22-13+deb7u8 upload, part of
> DLA-841-1. The problem occurs when a CGI(d) ErrorDocument is configured
> to han
Is there anything relevant in the log files?
In the apache error log?
In the output of "journalctl -u apache2.service"?
For the upgrades, if you still know the date, look into /var/log/apt/term.log*
Cheers,
Stefan
Hi Andrew,
On Fri, 4 Aug 2017, Andrew Murphy wrote:
>
> Please add mod_brotli
>
> Note: Originally I raised an Ubuntu bug, but they said raise it upstream
> with you. But I couldn't find a 'new bug' button on debian apache2 package.
The debian bts is email based (unless you use the reportbug to
On Fri, 4 Aug 2017, John Paul Adrian Glaubitz wrote:
> > Not sure if m68k is alive anymore. The build log urls are not reachable
> > anymore this bug report is no longer useful. Closing.
>
> Well, maybe you should just ask people instead of just closing bug
> reports without further notice?
>
>
Hi Mattias,
I have just uploaded apache2 2.4.27-5 which links to openssl 1.1 to unstable.
You should do the same for your canl-c and gridsite updates.
Cheers,
Stefan
On Wednesday, 4 October 2017 20:41:38 CEST Tiger!P wrote:
> I tried to add a file /etc/systemd/system/apache2.service.d/after.conf
> with the following content:
> 8<
> [Unit]
> Wants=network-online.target
> After=network.target remote-fs.target nss-lookup.target
> network-online.target
> --
Hi Markus,
On Friday, 3 November 2017 22:40:02 CET Markus Koschany wrote:
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of apr and apr-util:
> https://security-tracker.debian.org/tracker/source-package/apr
> https://security-tracker.de
Hi Matthew,
I don't know libvirt lxc containers at all, but ...
On Tue, 14 Nov 2017, Matthew Gabeler-Lee wrote:
> Nov 14 14:38:33 hostname systemd[1]: Reloading The Apache HTTP Server.
> Nov 14 14:38:33 hostname systemd[11798]: apache2.service: Failed at step
> NAMESPACE spawning /usr/sbin/apach
Hi Ben,
On Wednesday, 27 December 2017 11:26:14 CET Ben RUBSON wrote:
> Could it be possible to backport the following very useful (and therefore
> tiny) patch to Apache in Debian Stretch please ?
> https://svn.apache.org/viewvc?view=revision&revision=1807707
I am sorry, but we don't backport new
amd64
Version: 1.6.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Stefan Fritsch
Description:
libaprutil1 - Apache Portable Runtime Utility Library
libaprutil1-dbd-mysql - Apache Portable Runtime Utility Library - MySQL Driver
libaprutil1-dbd-odbc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 25 Feb 2018 16:35:41 +0100
Source: apr
Binary: libapr1 libapr1-dev libapr1-dbg
Architecture: source amd64
Version: 1.6.3-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Stefan
On Friday, 2 February 2018 23:32:35 CET Gianfranco Costamagna wrote:
> Hello, before uploading new gdbm in unstable, I tested all the
> reverse-dependencies, except for the packages that were already broken/not
> building.
>
> This sounds to be the case for this one, and now I don't know how to de
all
Version: 2.4.33-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Stefan Fritsch
Description:
apache2- Apache HTTP Server
apache2-bin - Apache HTTP Server (modules and other binary files)
apache2-data - Apache HTTP Server (common files)
apache2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Hi,
I would like to do an upgrade of apache2 in stretch that upgrades the
complete mod_http2 and mod_proxy_http2 modules from the versions from
2.4.25 to the versions from 2.4.33.
-mod-macro apache2-utils apache2-suexec
apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev
apache2-dbg
Architecture: source amd64 all
Version: 2.4.10-10+deb8u12
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Apache Maintainers
Changed-By: Stefan Fritsch
Hi Dan,
On Wed, 4 Apr 2018, Dan Benton wrote:
> Package: apache2
> Version: 2.4.10-10+deb8u12
> Severity: normal
Is this a new issue with version 2.4.10-10+deb8u12 (from the security
update a few days ago) or have you also observed it with the previous
version 2.4.10-10+deb8u11?
Cheers,
Stefa
On Fri, 9 Mar 2018, Moritz Muehlenhoff wrote:
> On Tue, Nov 14, 2017 at 02:46:00PM +, Matthew Gabeler-Lee wrote:
> > Package: apache2
> > Version: 2.4.25-3+deb9u3
> > Severity: normal
> >
> > When running inside a libvirt-managed lxc os container, the reload command
> > on the systemd unit fa
On Thursday, 12 April 2018 11:56:04 CEST Axel Beckert wrote:
> Jan Heitkötter wrote:
> > Default behaviour is do stop/start Apache using apachectl which fails in
> > installations running systemd. Apache will stop, but not start again.
Using apachectl stop / start / restart works fine for me with
Dear libapache2-mod-proxy-uwsgi maintainers,
mod-proxy-uwsgi has been donated to the ASF and since version 2.4.33, it is
included in apache2. Now, as uwsgi builds a bunch of other packages, the
question is from which source package should the libapache2-mod-proxy-uwsgi
transitional package be b
On Monday, 16 April 2018 20:34:00 CEST Matthew Gabeler-Lee wrote:
> On Sat, 14 Apr 2018, Stefan Fritsch wrote:
> > This seems to be a systemd bug. Changing PrivateTmp from true to false in
> > apache2.service fixes the issue. But even with PrivateTmp it works for
> > s
On Monday, 16 April 2018 21:51:36 CEST Stefan Fritsch wrote:
> So tmpreaper should exclude systemd-private-* files by default. Moritz, do
> you also have some cron job cleaning up stale files in /tmp ?
tmpreaper needs to exclude dirs inside the systemd-private-* dir, too (there
is a t
On Sunday, 15 April 2018 21:50:57 CEST Jan Heitkötter wrote:
> The hooks in Let’s Encrypt’s conffile say “apachectl -k”; the manpage
> does not explain this option. Omitting -k makes things work:
options unknown to apachectl are passed to apache2 and apache2 -k start tells
apache2 to do a normal
The package repositories have been migrated from alioth to salsa:
https://salsa.debian.org/apache-team/
Cheer,
Stefan
Package: apache2
Version: 2.4.25-3+deb9u4
Severity: normal
While /etc/init.d/apache-htcacheclean contains this comment
# Default values. Edit /etc/default/apache-htcacheclean$DIR_SUFFIX to
# change these
it does not actually read that file. This has been fixed in sid in
2.4.27-4 .
Hi,
On Tuesday, 3 April 2018 14:07:33 CEST Stefan Fritsch wrote:
> I would like to do an upgrade of apache2 in stretch that upgrades the
> complete mod_http2 and mod_proxy_http2 modules from the versions from
> 2.4.25 to the versions from 2.4.33.
>
> The reason is that the fix fo
Hi,
I have prepared a big update of the stretch apache2 package that ships the
mod_http2 version from 2.4.33. I hope it will be included in the next stable
point release. It would be great if interested people could give it some
testing.
The list of changes is:
* Upgrade mod_http and mod_pro
Hi,
On Sunday, 13 May 2018 19:15:22 CEST Stefan Fritsch wrote:
> On Tuesday, 3 April 2018 14:07:33 CEST Stefan Fritsch wrote:
> > I would like to do an upgrade of apache2 in stretch that upgrades the
> > complete mod_http2 and mod_proxy_http2 modules from the versions from
&g
On Thursday, 10 May 2018 00:21:44 CEST 積丹尼 Dan Jacobson wrote:
> Package: apache2-bin
> Version: 2.4.33-3
>
> Please Depend on libcurl3 | libcurl4,
> else we cannot upgrade our system.
The dependency is generated automatically depending on which version of
libcurl is used during compilation. And
On Sunday, 20 May 2018 18:32:55 CEST Stefan Fritsch wrote:
> As I don't see any other way to fix the open issues, I would still like to
> go ahead. But I will prepare a new package/diff with a NEWS.Debian entry
> that informs about this change.
The new debdiff is attached. the NEW
On Saturday, 2 June 2018 02:06:10 CEST Jason Perrin wrote:
> This appears to be a problem in the source for this package, on the master
> branch, as well as on separate branches for different distros:
> https://salsa.debian.org/apache-team/apache2/blob/master/debian/rules#L148-1
> 53 I'm not sure
On Sunday, 24 June 2018 19:00:22 CEST Adam D. Barratt wrote:
> On Sat, 2018-06-02 at 10:29 +0200, Stefan Fritsch wrote:
> > +apache2 (2.4.25-3+deb9u5) stretch; urgency=medium
> > +
> > + * This package upgrades mod_http2 to the version from apache2
> > 2.4.33. This
&
On Tuesday, 17 July 2018 09:50:08 CEST Thomas Mühlberg wrote:
> Package: apache2 apache2-bin apache2-data apache2-utils
> Version: 2.4.25-3+deb9u5
>
> After upgrade from version 2.4.25-3+deb9u4 to 2.4.25-3+deb9u5 the Apache
> processes are limited to 1000.
> After rollback to version 2.4.25-3+deb9
On Friday, 13 July 2018 19:33:24 CEST marcelo wrote:
> The mod_md not works in the last version in apache, i understood the mod_md
> now is part of apache, but the mod_md not work, because missing archives,
> for example the archive mod_md.so, i believe the solution is the same apply
> in libap
On Friday, 29 June 2018 10:35:32 CEST mer.at wrote:
> when i do an "apachectl graceful" or "apachectl restart", i get
> segfaults.
I don't think this is a bug in apache, at least not directly.
> if i then do a /etc/init.d/apache2 restart, it works normally
> /etc/init.d/apache2 restart and system
On Tuesday, 17 July 2018 21:12:48 CEST gregor herrmann wrote:
> On Tue, 17 Jul 2018 20:54:02 +0200, Stefan Fritsch wrote:
> > Can one of you please check how libcap-ng is pulled into the process.
> > Something like this should do the trick (replace XXX with the pid of one
> &g
Hi Ondřej,
On Wednesday, 25 July 2018 14:50:43 CEST Ondřej Surý wrote:
> while updating apache2 to 2.4.34, I found out (or rather users found out)
> that lbmethod_bybusyness module now require symbols from mod_proxy.
>
> Unfortunately, because the modules are loaded in alphabetical order, this
>
Package: libcap-ng0
Version: 0.7.9-1
Severity: grave
Justification: renders package unusable
Hi,
apache httpd loads and unloads modules during a reload of the server
configuration. This causes the pthread_atfork entry that is installed by
libcap-ng0 to point to code that is no longer in the proce
retitle 902657 graceful/restart results in segfault if libcap-ng0 is loaded
severity 902657 important
block 902657 by 904808
thanks
The problem is caused by libcap-ng0 0.7.9 . This is usually pulled in by php
extensions. There is nothing apache can do.
Unfortunately, downgrading to 0.7.7 from s
401 - 500 of 840 matches
Mail list logo