apache2 security update breaks ssl+svn
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Debian) |
Fix Released
|
Unknown
|
|||
apache2 (Ubuntu) |
Fix Released
|
High
|
Adam Conrad |
Bug Description
Automatically imported from Debian bug report #327269 http://
Debian Bug Importer (debzilla) wrote : | #1 |
In Debian Bug tracker #327269, Steve Langasek (vorlon) wrote : severity of 327269 is grave | #2 |
# Automatically generated email from bts, devscripts version 2.9.4
# regression, but certainly doesn't break the whole system
severity 327269 grave
In Debian Bug tracker #327269, Adam Conrad (adconrad) wrote : Re: Bug#327269: apache2 security update breaks ssl+svn | #3 |
Andreas Jellinghaus wrote:
>Package: apache2
>Version: 2.0.54-5
>Severity: critical
>
>After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
>
>subversion client (e.g. checkout):
>svn: PROPFIND request failed on '/svn/test'
>svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
>alert unexpected message (https:/
>
>apache error log:
>[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
>accepted by client!?
>
>downgrade to 2.0.54-4 and everything is fine again.
>
>debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
>apache2 on 80 and 443, ssl with self signed certificate,
>accepting a list of self signed certificates, svn repository
>needs those for write access only.
>
>more configuration and any detail you need available on request.
>
>
I would like a tarball of your /etc/apache2/, if that's not too much
inconvenience. I suspect a combination of a longstanding subversion bug
and a (mis)configuration of apache2 are biting you, and the recent
apache2 bugfix just exposed the issue. I need to see how you have your
sites set up to confirm this, though.
... Adam
In Debian Bug tracker #327269, Adam Conrad (adconrad) wrote : | #4 |
Andreas Jellinghaus wrote:
>On Friday 09 September 2005 02:37, Adam Conrad wrote:
>
>
>>I would like a tarball of your /etc/apache2/
>>
>if there is anything else I can do to help, please let me know.
>
>
Meh. Yeah, this is actually a neon or svn (not sure who) bug, where it
can't do renogotiations when requested, and our fix for the security
hole in apache2 removed a "feature" (that "feature" was the security
hole) you were relying on with your configs. I need to set up a test
case here and see if there's a good way to do this, so it still works
how you want, without fixing neon/svn (which isn't really an option).
The bug that you were taking advantage of is that if you had
"SSLVerifyClient optional" in your VirtualHost, and "SSLVerifyClient
require" in a Location statement, the latter would never be honoured, so
I could actually get at your SVN repo by refusing to offer a client
cert, and Apache would give me write access. Whoops.
We've fixed that, but in fixing that, obviously you've tripped on the
above issue.
Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
the main VirtualHost, and keeping the rest the same, and seeing if that
makes a difference for you at all? Over the weekend, I'll set up a test
SVN site and follow some codepaths around in mod_ssl and see if there's
still a way (short of you using seperate Vhosts for read access and
read/write access, which has been considered by many the "most secure"
option) to have apache behave the way you'd like it to.
... Adam
In Debian Bug tracker #327269, Andreas Jellinghaus (tolonuga) wrote : | #5 |
Hi Adam,
> Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
> the main VirtualHost, and keeping the rest the same, and seeing if that
> makes a difference for you at all?
Done, no change at all.
Thanks for looking into this issue.
Regards, Andreas
In Debian Bug tracker #327269, R. Mattes (rm-seid-online) wrote : | #6 |
On Fri, 2005-09-09 at 10:37 +1000, Adam Conrad wrote:
> Andreas Jellinghaus wrote:
>
> >Package: apache2
> >Version: 2.0.54-5
> >Severity: critical
> >
> >After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
> >
> >subversion client (e.g. checkout):
> >svn: PROPFIND request failed on '/svn/test'
> >svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
> >alert unexpected message (https:/
> >
> >apache error log:
> >[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
> >accepted by client!?
> >
> >downgrade to 2.0.54-4 and everything is fine again.
> >
> >debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
> >apache2 on 80 and 443, ssl with self signed certificate,
> >accepting a list of self signed certificates, svn repository
> >needs those for write access only.
> >
> >more configuration and any detail you need available on request.
> >
> >
> I would like a tarball of your /etc/apache2/, if that's not too much
> inconvenience. I suspect a combination of a longstanding subversion bug
> and a (mis)configuration of apache2 are biting you, and the recent
> apache2 bugfix just exposed the issue. I need to see how you have your
> sites set up to confirm this, though.
After reading the initial bug report I checked with my upgraded SVN
servers (no client certs involved). "Fresh" checkouts seem to work
flawless but checkouts from user accounts that had allready checked
out from the server hang. Doing a 'svn co --no-auth-cache' from these
accounts seems to have fixed the problem (i.e. afterwards checkouts
work even without the '--no-auth-cache' option). Maybe there's a problem
with SVNs cert cache?
HTH Ralf Mattes
> ... Adam
>
>
>
>
In Debian Bug tracker #327269, Andreas Jellinghaus (tolonuga) wrote : | #7 |
On Friday 09 September 2005 10:58, R. Mattes wrote:
> After reading the initial bug report I checked with my upgraded SVN
> servers (no client certs involved). "Fresh" checkouts seem to work
> flawless but checkouts from user accounts that had allready checked
> out from the server hang. Doing a 'svn co --no-auth-cache' from these
> accounts seems to have fixed the problem (i.e. afterwards checkouts
> work even without the '--no-auth-cache' option). Maybe there's a problem
> with SVNs cert cache?
I had tried something similar: I had deleted the .subversion/auth/
directory, but it didn't help. I can try that option tomorrow, but
I guess it won't help either.
Regards, Andreas
In Debian Bug tracker #327269, Eric Côté (simon-nuit) wrote : apache2-mpm-prefork: confirm on SSL breaking | #8 |
Package: apache2-mpm-prefork
Version: 2.0.54-5
Followup-For: Bug #327269
hi,
i can confirm on mod_ssl being very borked, as i haven't been able to
access SSL-enabled sites, but their HTTP equivalent i have been able to
do so. this a PPC server, so it's cross-arch.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (1000, 'unstable'), (998, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.13-pylon
Locale: LANG=en_CA.UTF-8, LC_CTYPE=
Versions of packages apache2-mpm-prefork depends on:
ii apache2-common 2.0.54-5 next generation, scalable, extenda
ii libapr0 2.0.54-5 the Apache Portable Runtime
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-19 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libldap-2.2-7 [libldap2] 2.2.26-4.1 OpenLDAP libraries
ii libldap2 2.2.20-0.1 OpenLDAP libraries
ii libpcre3 6.3-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7g-2 SSL shared libraries
ii zlib1g 1:1.2.3-4 compression library - runtime
apache2-mpm-prefork recommends no packages.
-- no debconf information
In Debian Bug tracker #327269, Andreas Jellinghaus (tolonuga) wrote : still problems | #9 |
btw, I tried --no-auth-cache and it
does not help at all.
any other idea?
Andreas
Debian Bug Importer (debzilla) wrote : | #10 |
Message-Id: <email address hidden>
Date: Thu, 8 Sep 2005 23:08:52 +0200
From: Andreas Jellinghaus <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: apache2 security update breaks ssl+svn
Package: apache2
Version: 2.0.54-5
Severity: critical
After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
subversion client (e.g. checkout):
svn: PROPFIND request failed on '/svn/test'
svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
alert unexpected message (https:/
apache error log:
[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
accepted by client!?
downgrade to 2.0.54-4 and everything is fine again.
debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
apache2 on 80 and 443, ssl with self signed certificate,
accepting a list of self signed certificates, svn repository
needs those for write access only.
more configuration and any detail you need available on request.
Regards, Andreas
Debian Bug Importer (debzilla) wrote : | #11 |
Message-Id: <email address hidden>
Date: Thu, 8 Sep 2005 16:18:03 -0700
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: severity of 327269 is grave
# Automatically generated email from bts, devscripts version 2.9.4
# regression, but certainly doesn't break the whole system
severity 327269 grave
Debian Bug Importer (debzilla) wrote : | #12 |
Message-ID: <email address hidden>
Date: Fri, 09 Sep 2005 10:37:46 +1000
From: Adam Conrad <email address hidden>
To: Andreas Jellinghaus <email address hidden>, <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn
Andreas Jellinghaus wrote:
>Package: apache2
>Version: 2.0.54-5
>Severity: critical
>
>After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
>
>subversion client (e.g. checkout):
>svn: PROPFIND request failed on '/svn/test'
>svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
>alert unexpected message (https:/
>
>apache error log:
>[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
>accepted by client!?
>
>downgrade to 2.0.54-4 and everything is fine again.
>
>debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
>apache2 on 80 and 443, ssl with self signed certificate,
>accepting a list of self signed certificates, svn repository
>needs those for write access only.
>
>more configuration and any detail you need available on request.
>
>
I would like a tarball of your /etc/apache2/, if that's not too much
inconvenience. I suspect a combination of a longstanding subversion bug
and a (mis)configuration of apache2 are biting you, and the recent
apache2 bugfix just exposed the issue. I need to see how you have your
sites set up to confirm this, though.
... Adam
Debian Bug Importer (debzilla) wrote : | #13 |
Message-ID: <email address hidden>
Date: Fri, 09 Sep 2005 18:16:09 +1000
From: Adam Conrad <email address hidden>
To: Andreas Jellinghaus <email address hidden>, <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn
Andreas Jellinghaus wrote:
>On Friday 09 September 2005 02:37, Adam Conrad wrote:
>
>
>>I would like a tarball of your /etc/apache2/
>>
>if there is anything else I can do to help, please let me know.
>
>
Meh. Yeah, this is actually a neon or svn (not sure who) bug, where it
can't do renogotiations when requested, and our fix for the security
hole in apache2 removed a "feature" (that "feature" was the security
hole) you were relying on with your configs. I need to set up a test
case here and see if there's a good way to do this, so it still works
how you want, without fixing neon/svn (which isn't really an option).
The bug that you were taking advantage of is that if you had
"SSLVerifyClient optional" in your VirtualHost, and "SSLVerifyClient
require" in a Location statement, the latter would never be honoured, so
I could actually get at your SVN repo by refusing to offer a client
cert, and Apache would give me write access. Whoops.
We've fixed that, but in fixing that, obviously you've tripped on the
above issue.
Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
the main VirtualHost, and keeping the rest the same, and seeing if that
makes a difference for you at all? Over the weekend, I'll set up a test
SVN site and follow some codepaths around in mod_ssl and see if there's
still a way (short of you using seperate Vhosts for read access and
read/write access, which has been considered by many the "most secure"
option) to have apache behave the way you'd like it to.
... Adam
Debian Bug Importer (debzilla) wrote : | #14 |
Message-Id: <email address hidden>
Date: Fri, 9 Sep 2005 10:45:15 +0200
From: Andreas Jellinghaus <email address hidden>
To: Adam Conrad <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn
Hi Adam,
> Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
> the main VirtualHost, and keeping the rest the same, and seeing if that
> makes a difference for you at all?
Done, no change at all.
Thanks for looking into this issue.
Regards, Andreas
Debian Bug Importer (debzilla) wrote : | #15 |
Message-Id: <email address hidden>
Date: Fri, 09 Sep 2005 10:58:39 +0200
From: "R. Mattes" <email address hidden>
To: <email address hidden>, Adam Conrad <email address hidden>
Cc: Andreas Jellinghaus <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn
On Fri, 2005-09-09 at 10:37 +1000, Adam Conrad wrote:
> Andreas Jellinghaus wrote:
>
> >Package: apache2
> >Version: 2.0.54-5
> >Severity: critical
> >
> >After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
> >
> >subversion client (e.g. checkout):
> >svn: PROPFIND request failed on '/svn/test'
> >svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
> >alert unexpected message (https:/
> >
> >apache error log:
> >[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
> >accepted by client!?
> >
> >downgrade to 2.0.54-4 and everything is fine again.
> >
> >debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
> >apache2 on 80 and 443, ssl with self signed certificate,
> >accepting a list of self signed certificates, svn repository
> >needs those for write access only.
> >
> >more configuration and any detail you need available on request.
> >
> >
> I would like a tarball of your /etc/apache2/, if that's not too much
> inconvenience. I suspect a combination of a longstanding subversion bug
> and a (mis)configuration of apache2 are biting you, and the recent
> apache2 bugfix just exposed the issue. I need to see how you have your
> sites set up to confirm this, though.
After reading the initial bug report I checked with my upgraded SVN
servers (no client certs involved). "Fresh" checkouts seem to work
flawless but checkouts from user accounts that had allready checked
out from the server hang. Doing a 'svn co --no-auth-cache' from these
accounts seems to have fixed the problem (i.e. afterwards checkouts
work even without the '--no-auth-cache' option). Maybe there's a problem
with SVNs cert cache?
HTH Ralf Mattes
> ... Adam
>
>
>
>
Debian Bug Importer (debzilla) wrote : | #16 |
Message-Id: <email address hidden>
Date: Sat, 10 Sep 2005 00:03:09 +0200
From: Andreas Jellinghaus <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, Adam Conrad <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn
On Friday 09 September 2005 10:58, R. Mattes wrote:
> After reading the initial bug report I checked with my upgraded SVN
> servers (no client certs involved). "Fresh" checkouts seem to work
> flawless but checkouts from user accounts that had allready checked
> out from the server hang. Doing a 'svn co --no-auth-cache' from these
> accounts seems to have fixed the problem (i.e. afterwards checkouts
> work even without the '--no-auth-cache' option). Maybe there's a problem
> with SVNs cert cache?
I had tried something similar: I had deleted the .subversion/auth/
directory, but it didn't help. I can try that option tomorrow, but
I guess it won't help either.
Regards, Andreas
Debian Bug Importer (debzilla) wrote : | #17 |
Message-Id: <email address hidden>
Date: Sat, 10 Sep 2005 18:26:22 -0400
From: simon raven <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: apache2-
Package: apache2-mpm-prefork
Version: 2.0.54-5
Followup-For: Bug #327269
hi,
i can confirm on mod_ssl being very borked, as i haven't been able to
access SSL-enabled sites, but their HTTP equivalent i have been able to
do so. this a PPC server, so it's cross-arch.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (1000, 'unstable'), (998, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.13-pylon
Locale: LANG=en_CA.UTF-8, LC_CTYPE=
Versions of packages apache2-mpm-prefork depends on:
ii apache2-common 2.0.54-5 next generation, scalable, extenda
ii libapr0 2.0.54-5 the Apache Portable Runtime
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-19 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libldap-2.2-7 [libldap2] 2.2.26-4.1 OpenLDAP libraries
ii libldap2 2.2.20-0.1 OpenLDAP libraries
ii libpcre3 6.3-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7g-2 SSL shared libraries
ii zlib1g 1:1.2.3-4 compression library - runtime
apache2-mpm-prefork recommends no packages.
-- no debconf information
Debian Bug Importer (debzilla) wrote : | #18 |
Message-Id: <email address hidden>
Date: Mon, 19 Sep 2005 11:34:10 +0200
From: Andreas Jellinghaus <email address hidden>
To: <email address hidden>
Subject: still problems
btw, I tried --no-auth-cache and it
does not help at all.
any other idea?
Andreas
In Debian Bug tracker #327269, Adam Conrad (adconrad) wrote : Re: Bug#327269: still problems | #19 |
Andreas Jellinghaus wrote:
> btw, I tried --no-auth-cache and it
> does not help at all.
>
> any other idea?
Can you test the packages at
http://
They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
be positive if they'll fix YOUR bug without testing.
Thanks.
... Adam
In Debian Bug tracker #327269, Andreas Jellinghaus (tolonuga) wrote : | #20 |
On Sunday 25 September 2005 15:26, Adam Conrad wrote:
> Can you test the packages at
> http://
>
> They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
> be positive if they'll fix YOUR bug without testing.
Hi Adam,
thanks for your work, those packages work fine, bug fixed.
Andreas
Debian Bug Importer (debzilla) wrote : | #21 |
Message-ID: <4336A571.
Date: Sun, 25 Sep 2005 23:26:09 +1000
From: Adam Conrad <adconrad@0c3.net>
To: Andreas Jellinghaus <email address hidden>, <email address hidden>
Subject: Re: Bug#327269: still problems
Andreas Jellinghaus wrote:
> btw, I tried --no-auth-cache and it
> does not help at all.
>
> any other idea?
Can you test the packages at
http://
They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
be positive if they'll fix YOUR bug without testing.
Thanks.
... Adam
Debian Bug Importer (debzilla) wrote : | #22 |
Message-Id: <email address hidden>
Date: Sun, 25 Sep 2005 16:28:32 +0200
From: Andreas Jellinghaus <email address hidden>
To: Adam Conrad <adconrad@0c3.net>
Cc: <email address hidden>
Subject: Re: Bug#327269: still problems
On Sunday 25 September 2005 15:26, Adam Conrad wrote:
> Can you test the packages at
> http://
>
> They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
> be positive if they'll fix YOUR bug without testing.
Hi Adam,
thanks for your work, those packages work fine, bug fixed.
Andreas
Adam Conrad (adconrad) wrote : | #23 |
This is fixed for breezy in version 2.0.54-5ubuntu2. It was decided not to fix
it for warty and hoary, as this wasn't really a regression, but a misfeature
going away, because it was never really there in the first place (only possible
due to the security hole we patched)
In Debian Bug tracker #327269, Adam Conrad (adconrad) wrote : Bug#327269: fixed in apache2 2.0.55-1 | #24 |
Source: apache2
Source-Version: 2.0.55-1
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2_
to pool/main/
apache2_
to pool/main/
apache2_
to pool/main/
apache2_
to pool/main/
libapr0-
to pool/main/
libapr0_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Oct 2005 13:00:13 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-
Architecture: source i386 all
Version: 2.0.55-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
apache2 - next generation, scalable, extendable web server
apache2-common - next generation, scalable, extendable web server
apache2-doc - documentation for apache2
apache2-
apache2-
apache2-mpm-worker - high speed threaded model for Apache2
apache2-
apache2-
apache2-utils - utility programs for webservers
libapr0 - the Apache Portable Runtime
libapr0-dev - development headers for libapr
Closes: 303076 316303 327269 331741 332791 333363
Changes:
apache2 (2.0.55-1) unstable; ...
Debian Bug Importer (debzilla) wrote : | #25 |
Message-Id: <email address hidden>
Date: Sat, 22 Oct 2005 18:47:11 -0700
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#327269: fixed in apache2 2.0.55-1
Source: apache2
Source-Version: 2.0.55-1
We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2-
to pool/main/
apache2_
to pool/main/
apache2_
to pool/main/
apache2_
to pool/main/
apache2_
to pool/main/
libapr0-
to pool/main/
libapr0_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Oct 2005 13:00:13 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-
Architecture: source i386 all
Version: 2.0.55-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
apache2 - next generation, scalable, extendable web server
apache2-common - next generation, scalable, extendable web server
apache2-doc - documentation for apache2
apache2-
apache2-
apache2-mpm-worker - high speed threaded model for Apache2
apache2-
apache2-
apache2-utils - utili...
Automatically imported from Debian bug report #327269 http:// bugs.debian. org/327269