Ubuntu
apache2 package

apache2 security update breaks ssl+svn

Bug #21218 reported by Debian Bug Importer
6
Affects Status Importance Assigned to Milestone
apache2 (Debian)
Fix Released
Unknown
apache2 (Ubuntu)
Fix Released
High
Adam Conrad

Bug Description

Automatically imported from Debian bug report #327269 http://bugs.debian.org/327269

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #327269 http://bugs.debian.org/327269

Revision history for this message
In , Steve Langasek (vorlon) wrote : severity of 327269 is grave

# Automatically generated email from bts, devscripts version 2.9.4
 # regression, but certainly doesn't break the whole system
severity 327269 grave

Revision history for this message
In , Adam Conrad (adconrad) wrote : Re: Bug#327269: apache2 security update breaks ssl+svn

Andreas Jellinghaus wrote:

>Package: apache2
>Version: 2.0.54-5
>Severity: critical
>
>After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
>
>subversion client (e.g. checkout):
>svn: PROPFIND request failed on '/svn/test'
>svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
>alert unexpected message (https://www.opensc.org)
>
>apache error log:
>[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
>accepted by client!?
>
>downgrade to 2.0.54-4 and everything is fine again.
>
>debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
>apache2 on 80 and 443, ssl with self signed certificate,
>accepting a list of self signed certificates, svn repository
>needs those for write access only.
>
>more configuration and any detail you need available on request.
>
>
I would like a tarball of your /etc/apache2/, if that's not too much
inconvenience. I suspect a combination of a longstanding subversion bug
and a (mis)configuration of apache2 are biting you, and the recent
apache2 bugfix just exposed the issue. I need to see how you have your
sites set up to confirm this, though.

... Adam

Revision history for this message
In , Adam Conrad (adconrad) wrote :

Andreas Jellinghaus wrote:

>On Friday 09 September 2005 02:37, Adam Conrad wrote:
>
>
>>I would like a tarball of your /etc/apache2/
>>
>if there is anything else I can do to help, please let me know.
>
>

Meh. Yeah, this is actually a neon or svn (not sure who) bug, where it
can't do renogotiations when requested, and our fix for the security
hole in apache2 removed a "feature" (that "feature" was the security
hole) you were relying on with your configs. I need to set up a test
case here and see if there's a good way to do this, so it still works
how you want, without fixing neon/svn (which isn't really an option).

The bug that you were taking advantage of is that if you had
"SSLVerifyClient optional" in your VirtualHost, and "SSLVerifyClient
require" in a Location statement, the latter would never be honoured, so
I could actually get at your SVN repo by refusing to offer a client
cert, and Apache would give me write access. Whoops.

We've fixed that, but in fixing that, obviously you've tripped on the
above issue.

Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
the main VirtualHost, and keeping the rest the same, and seeing if that
makes a difference for you at all? Over the weekend, I'll set up a test
SVN site and follow some codepaths around in mod_ssl and see if there's
still a way (short of you using seperate Vhosts for read access and
read/write access, which has been considered by many the "most secure"
option) to have apache behave the way you'd like it to.

... Adam

Revision history for this message
In , Andreas Jellinghaus (tolonuga) wrote :

Hi Adam,

> Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
> the main VirtualHost, and keeping the rest the same, and seeing if that
> makes a difference for you at all?

Done, no change at all.

Thanks for looking into this issue.

Regards, Andreas

Revision history for this message
In , R. Mattes (rm-seid-online) wrote :

On Fri, 2005-09-09 at 10:37 +1000, Adam Conrad wrote:
> Andreas Jellinghaus wrote:
>
> >Package: apache2
> >Version: 2.0.54-5
> >Severity: critical
> >
> >After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
> >
> >subversion client (e.g. checkout):
> >svn: PROPFIND request failed on '/svn/test'
> >svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
> >alert unexpected message (https://www.opensc.org)
> >
> >apache error log:
> >[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
> >accepted by client!?
> >
> >downgrade to 2.0.54-4 and everything is fine again.
> >
> >debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
> >apache2 on 80 and 443, ssl with self signed certificate,
> >accepting a list of self signed certificates, svn repository
> >needs those for write access only.
> >
> >more configuration and any detail you need available on request.
> >
> >
> I would like a tarball of your /etc/apache2/, if that's not too much
> inconvenience. I suspect a combination of a longstanding subversion bug
> and a (mis)configuration of apache2 are biting you, and the recent
> apache2 bugfix just exposed the issue. I need to see how you have your
> sites set up to confirm this, though.

After reading the initial bug report I checked with my upgraded SVN
servers (no client certs involved). "Fresh" checkouts seem to work
flawless but checkouts from user accounts that had allready checked
out from the server hang. Doing a 'svn co --no-auth-cache' from these
accounts seems to have fixed the problem (i.e. afterwards checkouts
work even without the '--no-auth-cache' option). Maybe there's a problem
with SVNs cert cache?

 HTH Ralf Mattes
> ... Adam
>
>
>
>

Revision history for this message
In , Andreas Jellinghaus (tolonuga) wrote :

On Friday 09 September 2005 10:58, R. Mattes wrote:
> After reading the initial bug report I checked with my upgraded SVN
> servers (no client certs involved). "Fresh" checkouts seem to work
> flawless but checkouts from user accounts that had allready checked
> out from the server hang. Doing a 'svn co --no-auth-cache' from these
> accounts seems to have fixed the problem (i.e. afterwards checkouts
> work even without the '--no-auth-cache' option). Maybe there's a problem
> with SVNs cert cache?

I had tried something similar: I had deleted the .subversion/auth/
directory, but it didn't help. I can try that option tomorrow, but
I guess it won't help either.

Regards, Andreas

Revision history for this message
In , Eric Côté (simon-nuit) wrote : apache2-mpm-prefork: confirm on SSL breaking

Package: apache2-mpm-prefork
Version: 2.0.54-5
Followup-For: Bug #327269

hi,

i can confirm on mod_ssl being very borked, as i haven't been able to
access SSL-enabled sites, but their HTTP equivalent i have been able to
do so. this a PPC server, so it's cross-arch.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (1000, 'unstable'), (998, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.13-pylon
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)

Versions of packages apache2-mpm-prefork depends on:
ii apache2-common 2.0.54-5 next generation, scalable, extenda
ii libapr0 2.0.54-5 the Apache Portable Runtime
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-19 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libldap-2.2-7 [libldap2] 2.2.26-4.1 OpenLDAP libraries
ii libldap2 2.2.20-0.1 OpenLDAP libraries
ii libpcre3 6.3-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7g-2 SSL shared libraries
ii zlib1g 1:1.2.3-4 compression library - runtime

apache2-mpm-prefork recommends no packages.

-- no debconf information

Revision history for this message
In , Andreas Jellinghaus (tolonuga) wrote : still problems

btw, I tried --no-auth-cache and it
does not help at all.

any other idea?

Andreas

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 8 Sep 2005 23:08:52 +0200
From: Andreas Jellinghaus <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: apache2 security update breaks ssl+svn

Package: apache2
Version: 2.0.54-5
Severity: critical

After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:

subversion client (e.g. checkout):
svn: PROPFIND request failed on '/svn/test'
svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
alert unexpected message (https://www.opensc.org)

apache error log:
[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
accepted by client!?

downgrade to 2.0.54-4 and everything is fine again.

debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
apache2 on 80 and 443, ssl with self signed certificate,
accepting a list of self signed certificates, svn repository
needs those for write access only.

more configuration and any detail you need available on request.

Regards, Andreas

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 8 Sep 2005 16:18:03 -0700
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: severity of 327269 is grave

# Automatically generated email from bts, devscripts version 2.9.4
 # regression, but certainly doesn't break the whole system
severity 327269 grave

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 09 Sep 2005 10:37:46 +1000
From: Adam Conrad <email address hidden>
To: Andreas Jellinghaus <email address hidden>, <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn

Andreas Jellinghaus wrote:

>Package: apache2
>Version: 2.0.54-5
>Severity: critical
>
>After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
>
>subversion client (e.g. checkout):
>svn: PROPFIND request failed on '/svn/test'
>svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
>alert unexpected message (https://www.opensc.org)
>
>apache error log:
>[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
>accepted by client!?
>
>downgrade to 2.0.54-4 and everything is fine again.
>
>debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
>apache2 on 80 and 443, ssl with self signed certificate,
>accepting a list of self signed certificates, svn repository
>needs those for write access only.
>
>more configuration and any detail you need available on request.
>
>
I would like a tarball of your /etc/apache2/, if that's not too much
inconvenience. I suspect a combination of a longstanding subversion bug
and a (mis)configuration of apache2 are biting you, and the recent
apache2 bugfix just exposed the issue. I need to see how you have your
sites set up to confirm this, though.

... Adam

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 09 Sep 2005 18:16:09 +1000
From: Adam Conrad <email address hidden>
To: Andreas Jellinghaus <email address hidden>, <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn

Andreas Jellinghaus wrote:

>On Friday 09 September 2005 02:37, Adam Conrad wrote:
>
>
>>I would like a tarball of your /etc/apache2/
>>
>if there is anything else I can do to help, please let me know.
>
>

Meh. Yeah, this is actually a neon or svn (not sure who) bug, where it
can't do renogotiations when requested, and our fix for the security
hole in apache2 removed a "feature" (that "feature" was the security
hole) you were relying on with your configs. I need to set up a test
case here and see if there's a good way to do this, so it still works
how you want, without fixing neon/svn (which isn't really an option).

The bug that you were taking advantage of is that if you had
"SSLVerifyClient optional" in your VirtualHost, and "SSLVerifyClient
require" in a Location statement, the latter would never be honoured, so
I could actually get at your SVN repo by refusing to offer a client
cert, and Apache would give me write access. Whoops.

We've fixed that, but in fixing that, obviously you've tripped on the
above issue.

Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
the main VirtualHost, and keeping the rest the same, and seeing if that
makes a difference for you at all? Over the weekend, I'll set up a test
SVN site and follow some codepaths around in mod_ssl and see if there's
still a way (short of you using seperate Vhosts for read access and
read/write access, which has been considered by many the "most secure"
option) to have apache behave the way you'd like it to.

... Adam

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 9 Sep 2005 10:45:15 +0200
From: Andreas Jellinghaus <email address hidden>
To: Adam Conrad <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn

Hi Adam,

> Could you try, for curiosity's sake, setting "SSLVerifyClient none" in
> the main VirtualHost, and keeping the rest the same, and seeing if that
> makes a difference for you at all?

Done, no change at all.

Thanks for looking into this issue.

Regards, Andreas

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 09 Sep 2005 10:58:39 +0200
From: "R. Mattes" <email address hidden>
To: <email address hidden>, Adam Conrad <email address hidden>
Cc: Andreas Jellinghaus <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn

On Fri, 2005-09-09 at 10:37 +1000, Adam Conrad wrote:
> Andreas Jellinghaus wrote:
>
> >Package: apache2
> >Version: 2.0.54-5
> >Severity: critical
> >
> >After upgrading 2.0.54-4 to 2.0.54-5 svn+ssl is broken:
> >
> >subversion client (e.g. checkout):
> >svn: PROPFIND request failed on '/svn/test'
> >svn: PROPFIND of '/svn/test': Could not read status line: SSL error: sslv3
> >alert unexpected message (https://www.opensc.org)
> >
> >apache error log:
> >[Thu Sep 08 20:47:39 2005] [error] Re-negotiation handshake failed: Not
> >accepted by client!?
> >
> >downgrade to 2.0.54-4 and everything is fine again.
> >
> >debian gnu linux / sarge / kernel 2.6.11.11 vanilla, i386,
> >apache2 on 80 and 443, ssl with self signed certificate,
> >accepting a list of self signed certificates, svn repository
> >needs those for write access only.
> >
> >more configuration and any detail you need available on request.
> >
> >
> I would like a tarball of your /etc/apache2/, if that's not too much
> inconvenience. I suspect a combination of a longstanding subversion bug
> and a (mis)configuration of apache2 are biting you, and the recent
> apache2 bugfix just exposed the issue. I need to see how you have your
> sites set up to confirm this, though.

After reading the initial bug report I checked with my upgraded SVN
servers (no client certs involved). "Fresh" checkouts seem to work
flawless but checkouts from user accounts that had allready checked
out from the server hang. Doing a 'svn co --no-auth-cache' from these
accounts seems to have fixed the problem (i.e. afterwards checkouts
work even without the '--no-auth-cache' option). Maybe there's a problem
with SVNs cert cache?

 HTH Ralf Mattes
> ... Adam
>
>
>
>

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sat, 10 Sep 2005 00:03:09 +0200
From: Andreas Jellinghaus <email address hidden>
To: <email address hidden>
Cc: <email address hidden>, Adam Conrad <email address hidden>
Subject: Re: Bug#327269: apache2 security update breaks ssl+svn

On Friday 09 September 2005 10:58, R. Mattes wrote:
> After reading the initial bug report I checked with my upgraded SVN
> servers (no client certs involved). "Fresh" checkouts seem to work
> flawless but checkouts from user accounts that had allready checked
> out from the server hang. Doing a 'svn co --no-auth-cache' from these
> accounts seems to have fixed the problem (i.e. afterwards checkouts
> work even without the '--no-auth-cache' option). Maybe there's a problem
> with SVNs cert cache?

I had tried something similar: I had deleted the .subversion/auth/
directory, but it didn't help. I can try that option tomorrow, but
I guess it won't help either.

Regards, Andreas

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sat, 10 Sep 2005 18:26:22 -0400
From: simon raven <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: apache2-mpm-prefork: confirm on SSL breaking

Package: apache2-mpm-prefork
Version: 2.0.54-5
Followup-For: Bug #327269

hi,

i can confirm on mod_ssl being very borked, as i haven't been able to
access SSL-enabled sites, but their HTTP equivalent i have been able to
do so. this a PPC server, so it's cross-arch.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (1000, 'unstable'), (998, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.13-pylon
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)

Versions of packages apache2-mpm-prefork depends on:
ii apache2-common 2.0.54-5 next generation, scalable, extenda
ii libapr0 2.0.54-5 the Apache Portable Runtime
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-19 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libldap-2.2-7 [libldap2] 2.2.26-4.1 OpenLDAP libraries
ii libldap2 2.2.20-0.1 OpenLDAP libraries
ii libpcre3 6.3-1 Perl 5 Compatible Regular Expressi
ii libssl0.9.7 0.9.7g-2 SSL shared libraries
ii zlib1g 1:1.2.3-4 compression library - runtime

apache2-mpm-prefork recommends no packages.

-- no debconf information

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Mon, 19 Sep 2005 11:34:10 +0200
From: Andreas Jellinghaus <email address hidden>
To: <email address hidden>
Subject: still problems

btw, I tried --no-auth-cache and it
does not help at all.

any other idea?

Andreas

Revision history for this message
In , Adam Conrad (adconrad) wrote : Re: Bug#327269: still problems

Andreas Jellinghaus wrote:
> btw, I tried --no-auth-cache and it
> does not help at all.
>
> any other idea?

Can you test the packages at
http://people.debian.org/~adconrad/apache2-security/ for me?

They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
be positive if they'll fix YOUR bug without testing.

Thanks.

... Adam

Revision history for this message
In , Andreas Jellinghaus (tolonuga) wrote :

On Sunday 25 September 2005 15:26, Adam Conrad wrote:
> Can you test the packages at
> http://people.debian.org/~adconrad/apache2-security/ for me?
>
> They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
> be positive if they'll fix YOUR bug without testing.

Hi Adam,

thanks for your work, those packages work fine, bug fixed.

Andreas

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <4336A571.1050905@0c3.net>
Date: Sun, 25 Sep 2005 23:26:09 +1000
From: Adam Conrad <adconrad@0c3.net>
To: Andreas Jellinghaus <email address hidden>, <email address hidden>
Subject: Re: Bug#327269: still problems

Andreas Jellinghaus wrote:
> btw, I tried --no-auth-cache and it
> does not help at all.
>
> any other idea?

Can you test the packages at
http://people.debian.org/~adconrad/apache2-security/ for me?

They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
be positive if they'll fix YOUR bug without testing.

Thanks.

... Adam

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sun, 25 Sep 2005 16:28:32 +0200
From: Andreas Jellinghaus <email address hidden>
To: Adam Conrad <adconrad@0c3.net>
Cc: <email address hidden>
Subject: Re: Bug#327269: still problems

On Sunday 25 September 2005 15:26, Adam Conrad wrote:
> Can you test the packages at
> http://people.debian.org/~adconrad/apache2-security/ for me?
>
> They should fix /a/ bug with SSLVerifyClient and PROPFIND, but I can't
> be positive if they'll fix YOUR bug without testing.

Hi Adam,

thanks for your work, those packages work fine, bug fixed.

Andreas

Revision history for this message
Adam Conrad (adconrad) wrote :

This is fixed for breezy in version 2.0.54-5ubuntu2. It was decided not to fix
it for warty and hoary, as this wasn't really a regression, but a misfeature
going away, because it was never really there in the first place (only possible
due to the security hole we patched)

Revision history for this message
In , Adam Conrad (adconrad) wrote : Bug#327269: fixed in apache2 2.0.55-1
Download full text (6.3 KiB)

Source: apache2
Source-Version: 2.0.55-1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.55-1_i386.deb
apache2-doc_2.0.55-1_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.55-1_all.deb
apache2-mpm-perchild_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.55-1_i386.deb
apache2-mpm-prefork_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.55-1_i386.deb
apache2-mpm-worker_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.55-1_i386.deb
apache2-prefork-dev_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.55-1_i386.deb
apache2-threaded-dev_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.55-1_i386.deb
apache2-utils_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.55-1_i386.deb
apache2_2.0.55-1.diff.gz
  to pool/main/a/apache2/apache2_2.0.55-1.diff.gz
apache2_2.0.55-1.dsc
  to pool/main/a/apache2/apache2_2.0.55-1.dsc
apache2_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2_2.0.55-1_i386.deb
apache2_2.0.55.orig.tar.gz
  to pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
libapr0-dev_2.0.55-1_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.55-1_i386.deb
libapr0_2.0.55-1_i386.deb
  to pool/main/a/apache2/libapr0_2.0.55-1_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 17 Oct 2005 13:00:13 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source i386 all
Version: 2.0.55-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 libapr0 - the Apache Portable Runtime
 libapr0-dev - development headers for libapr
Closes: 303076 316303 327269 331741 332791 333363
Changes:
 apache2 (2.0.55-1) unstable; ...

Read more...

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (6.5 KiB)

Message-Id: <email address hidden>
Date: Sat, 22 Oct 2005 18:47:11 -0700
From: Adam Conrad <adconrad@0c3.net>
To: <email address hidden>
Subject: Bug#327269: fixed in apache2 2.0.55-1

Source: apache2
Source-Version: 2.0.55-1

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

apache2-common_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-common_2.0.55-1_i386.deb
apache2-doc_2.0.55-1_all.deb
  to pool/main/a/apache2/apache2-doc_2.0.55-1_all.deb
apache2-mpm-perchild_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.0.55-1_i386.deb
apache2-mpm-prefork_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.0.55-1_i386.deb
apache2-mpm-worker_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.0.55-1_i386.deb
apache2-prefork-dev_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.0.55-1_i386.deb
apache2-threaded-dev_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.0.55-1_i386.deb
apache2-utils_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2-utils_2.0.55-1_i386.deb
apache2_2.0.55-1.diff.gz
  to pool/main/a/apache2/apache2_2.0.55-1.diff.gz
apache2_2.0.55-1.dsc
  to pool/main/a/apache2/apache2_2.0.55-1.dsc
apache2_2.0.55-1_i386.deb
  to pool/main/a/apache2/apache2_2.0.55-1_i386.deb
apache2_2.0.55.orig.tar.gz
  to pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
libapr0-dev_2.0.55-1_i386.deb
  to pool/main/a/apache2/libapr0-dev_2.0.55-1_i386.deb
libapr0_2.0.55-1_i386.deb
  to pool/main/a/apache2/libapr0_2.0.55-1_i386.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 17 Oct 2005 13:00:13 +1000
Source: apache2
Binary: apache2-utils apache2 apache2-prefork-dev apache2-mpm-prefork apache2-doc libapr0-dev apache2-mpm-worker libapr0 apache2-threaded-dev apache2-common apache2-mpm-perchild
Architecture: source i386 all
Version: 2.0.55-1
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <email address hidden>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
 apache2 - next generation, scalable, extendable web server
 apache2-common - next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-perchild - experimental high speed perchild threaded model for Apache2
 apache2-mpm-prefork - traditional model for Apache2
 apache2-mpm-worker - high speed threaded model for Apache2
 apache2-prefork-dev - development headers for apache2
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utili...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.