[SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Debian) |
Fix Released
|
Unknown
|
|||
apache2 (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Invalid
|
High
|
Unassigned | ||
mod-proxy-html (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Robie Basak | ||
modsecurity-apache (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Robie Basak |
Bug Description
[Impact]
The libapache2-
[Test Case]
apt-get -y install apache2 <libapache2-
This fails with the following error, although the postinst does exit 0:
Setting up libapache2-
Action 'configtest' failed.
The Apache error log may have more information.
Your apache2 configuration is broken, so we're not restarting it for you.
$ sudo apachectl configtest
apache2: Syntax error on line 210 of /etc/apache2/
Action 'configtest' failed.
The Apache error log may have more information.
Expected results:
1. The installations should succeed.
2. "sudo apachectl configtest" should return "Syntax OK" with a zero exit status.
3. "sudo grep libxml2.so.2 /proc/$(cat /run/apache2.
[Fix]
Debian has fixed this by updating apache2 to use dlopen's search path and changing mod-security.load to not use any absolute path. We have merged apache2. modsecurity-apache and mod-proxy-html have synced and I have verified that Quantal is fixed.
For the Precise SRU, it was concluded that the change to apache2 in Debian is too invasive. Instead, we have removed the LoadFile directives entirely, after ensuring that the modules do depend correctly on libxml2.so.2.
[Regression Potential]
With the new approach, apache2 does not need an update.
Previously, libapache2-
We have changed a config file, but since it is a config file, an administrator who has manually worked around the problem by changing the config file differently will be prompted and so should not get an unexpected regression.
/usr/lib/
So the area to look for regressions is in the existence of XML functionality in these two modules, but I think this change is so minimal it is very unlikely.
Original bug description:
service apache2 restart
apache2: Syntax error on line 210 of /etc/apache2/
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
in file /etc/apache2/
LoadFile /usr/lib/
correct path on x86 would be /usr/lib/
maybe a symlink could fix this issue?
Related branches
- masum chechra (community): Approve
- Chuck Short (community): Approve
-
Diff: 97692 lines (+586/-96068)68 files modified.pc/004_usr_bin_perl_0wnz_j00/docs/cgi-examples/printenv (+0/-13)
.pc/008_make_include_safe/server/config.c (+0/-2190)
.pc/009_apache2_has_dso/support/apxs.in (+0/-768)
.pc/010_fhs_compliance/config.layout (+0/-324)
.pc/010_fhs_compliance/configure (+0/-20482)
.pc/010_fhs_compliance/configure.in (+0/-732)
.pc/010_fhs_compliance/include/ap_config_layout.h.in (+0/-64)
.pc/031_apxs2_sucks_more/support/apxs.in (+0/-769)
.pc/032_suexec_is_shared/os/unix/unixd.c (+0/-775)
.pc/033_dbm_read_hash_or_btree/support/dbmmanage.in (+0/-312)
.pc/034_apxs2_libtool_fixtastic/support/apxs.in (+0/-771)
.pc/038_no_LD_LIBRARY_PATH/support/envvars-std.in (+0/-24)
.pc/045_suexec_log_cloexec/support/suexec.c (+0/-638)
.pc/047_fix_usage_message/server/main.c (+0/-778)
.pc/052_logresolve_linelength/support/logresolve.c (+0/-387)
.pc/057_disablemods/acinclude.m4 (+0/-576)
.pc/057_disablemods/configure (+0/-20482)
.pc/058_suexec-CVE-2007-1742/support/suexec.c (+0/-636)
.pc/067_fix_segfault_in_ab/support/ab.c (+0/-2298)
.pc/071_fix_cacheenable/modules/cache/cache_util.c (+0/-917)
.pc/073_mod_dav_trunk_fixes/modules/dav/fs/lock.c (+0/-1514)
.pc/073_mod_dav_trunk_fixes/modules/dav/fs/repos.c (+0/-2167)
.pc/073_mod_dav_trunk_fixes/modules/dav/main/mod_dav.c (+0/-4869)
.pc/074_link_support_progs_with_lcrypt/configure (+0/-20486)
.pc/074_link_support_progs_with_lcrypt/support/config.m4 (+0/-140)
.pc/075_mod_rewrite_literal_ipv6_redirect/modules/mappers/mod_rewrite.c (+0/-4940)
.pc/076_apxs2_a2enmod/support/apxs.in (+0/-771)
.pc/077_CacheIgnoreURLSessionIdentifiers/modules/cache/cache_storage.c (+0/-558)
.pc/079_polish_translation/docs/error/HTTP_NOT_FOUND.html.var (+0/-444)
.pc/082_ab_num_requests/support/ab.c (+0/-2297)
.pc/201_build_suexec-custom/Makefile.in (+0/-233)
.pc/201_build_suexec-custom/support/Makefile.in (+0/-72)
.pc/applied-patches (+0/-25)
Makefile.in (+1/-1)
acinclude.m4 (+8/-13)
config.guess (+0/-1500)
config.layout (+3/-3)
config.sub (+0/-1608)
configure (+14/-18)
configure.in (+3/-3)
debian/changelog (+44/-2)
debian/config-dir/sites-available/default (+0/-10)
debian/config-dir/sites-available/default-ssl (+0/-9)
debian/control (+2/-3)
debian/gbp.conf (+3/-0)
debian/patches/083_dlopen_search_path (+145/-0)
debian/patches/series (+1/-0)
debian/rules (+5/-5)
docs/cgi-examples/printenv (+1/-1)
docs/error/HTTP_NOT_FOUND.html.var (+1/-1)
include/ap_config_layout.h.in (+0/-1)
modules/cache/cache_storage.c (+17/-49)
modules/cache/cache_util.c (+35/-72)
modules/dav/fs/lock.c (+84/-13)
modules/dav/fs/repos.c (+54/-125)
modules/dav/main/mod_dav.c (+3/-23)
modules/mappers/mod_rewrite.c (+2/-19)
os/unix/unixd.c (+0/-4)
server/config.c (+2/-29)
server/main.c (+1/-3)
support/Makefile.in (+1/-5)
support/ab.c (+3/-5)
support/apxs.in (+121/-51)
support/config.m4 (+2/-2)
support/dbmmanage.in (+3/-5)
support/envvars-std.in (+3/-0)
support/logresolve.c (+12/-10)
support/suexec.c (+12/-23)
- James Page: Approve
- Ubuntu branches: Pending requested
-
Diff: 38 lines (+12/-2)3 files modifieddebian/changelog (+9/-0)
debian/control (+2/-1)
debian/mod-security.load (+1/-1)
- James Page: Approve
- Ubuntu branches: Pending requested
-
Diff: 773 lines (+641/-35)6 files modified.pc/083_dlopen_search_path/modules/mappers/mod_so.c (+434/-0)
.pc/applied-patches (+1/-0)
debian/changelog (+9/-0)
debian/patches/083_dlopen_search_path (+152/-0)
debian/patches/series (+1/-0)
modules/mappers/mod_so.c (+44/-35)
- James Page: Approve
- Ubuntu branches: Pending requested
-
Diff: 52 lines (+14/-3)4 files modifieddebian/changelog (+11/-0)
debian/conf/proxy_html.load (+0/-1)
debian/control (+2/-1)
debian/rules (+1/-1)
- James Page: Approve
- Ubuntu branches: Pending requested
-
Diff: 47 lines (+21/-2)3 files modifieddebian/changelog (+19/-0)
debian/control (+2/-1)
debian/mod-security.load (+0/-1)
tags: | added: precise |
no longer affects: | apache2 (Debian) |
Changed in apache2 (Debian): | |
status: | Unknown → New |
tags: | added: libxml2-ma |
Changed in apache2 (Debian): | |
status: | New → Fix Released |
Changed in apache2 (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in modsecurity-apache (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in apache2 (Ubuntu Precise): | |
status: | New → Triaged |
Changed in modsecurity-apache (Ubuntu Precise): | |
status: | New → Triaged |
Changed in modsecurity-apache (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.1 |
Changed in apache2 (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04.1 |
Changed in apache2 (Ubuntu Precise): | |
assignee: | nobody → Robie Basak (racb) |
Changed in modsecurity-apache (Ubuntu Precise): | |
assignee: | nobody → Robie Basak (racb) |
description: | updated |
summary: |
- wrong path to libxml2.so.2 in mod_security + [SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch + enabled libraries |
Changed in apache2 (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in modsecurity-apache (Ubuntu Precise): | |
status: | Triaged → In Progress |
Changed in mod-proxy-html (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in mod-proxy-html (Ubuntu Precise): | |
status: | Confirmed → In Progress |
Changed in apache2 (Ubuntu Precise): | |
assignee: | Robie Basak (racb) → nobody |
description: | updated |
Ubuntu 12.04 LTS