Your message dated Mon, 02 Jul 2018 16:47:10 +0000 with message-id <E1fa1yo-000ARR-5c@fasolo.debian.org> and subject line Bug#873945: fixed in apache2 2.4.25-3+deb9u5 has caused the Debian Bug report #873945, regarding apache2-bin: apache2 with http2 segfault to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 873945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873945 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---Title: apache2-bin: apache2 with http2 segfault
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2-bin: apache2 with http2 segfault
- From: Hosted Power Sales <sales@hosted-power.com>
- Date: Fri, 1 Sep 2017 14:55:22 +0200
- Message-id: <zarafa.59a958ba.418c.4f62bf5755c793ce@web.hosted-power.com>
Package: apache2-binVersion: 2.4.25-3+deb9u2Severity: importantDear Maintainer,*** Reporter, please consider answering these questions, where appropriate **** What led up to the situation?SEGFAULT Apache2 with http2, just by having users visiting the site.gdb /usr/sbin/apache2 core-apache2-11-33-33-16474-1504205745GNU gdb (Debian 7.12-6) 7.12.0.20161007-gitCopyright (C) 2016 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law. Type "show copying"and "show warranty" for details.This GDB was configured as "x86_64-linux-gnu".Type "show configuration" for configuration details.For bug reporting instructions, please see:<http://www.gnu.org/software/gdb/bugs/>.Find the GDB manual and other documentation resources online at:<http://www.gnu.org/software/gdb/documentation/>.For help, type "help".Type "apropos word" to search for commands related to "word"...Reading symbols from /usr/sbin/apache2...Reading symbols from /usr/lib/debug/.build-id/1b/81c3ec196acae651912c3a4025bc1c6a07c375.debug...done.done.[New LWP 16532][New LWP 16477][New LWP 16474][New LWP 16475][New LWP 16479][New LWP 16476][New LWP 16480][New LWP 16481][New LWP 16511][New LWP 16478][New LWP 16487][New LWP 16482][New LWP 16512][New LWP 16489][New LWP 16483][New LWP 16491][New LWP 16494][New LWP 16513][New LWP 16484][New LWP 16499][New LWP 16485][New LWP 16500][New LWP 16516][New LWP 16502][New LWP 16486][New LWP 16504][New LWP 16517][New LWP 16488][New LWP 16506][New LWP 16507][New LWP 16490][New LWP 16518][New LWP 16492][New LWP 16509][New LWP 16514][New LWP 16519][New LWP 16522][New LWP 16527][New LWP 16520][New LWP 16523][New LWP 16524][New LWP 16525][New LWP 16529][New LWP 16495][New LWP 16533][New LWP 16496][New LWP 16497][New LWP 16535][New LWP 16498][New LWP 16501][New LWP 16536][New LWP 16503][New LWP 16537][New LWP 16505][New LWP 16510][New LWP 16515][New LWP 16521][New LWP 16526][New LWP 16528][New LWP 16530][New LWP 16531][New LWP 16534][New LWP 16538][New LWP 16539][New LWP 16540][New LWP 16541][New LWP 16493][Thread debugging using libthread_db enabled]Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".Core was generated by `/usr/sbin/apache2 -k start'.Program terminated with signal SIGSEGV, Segmentation fault.#0 h2_stream_out_prepare (stream=stream@entry=0x7ff7772330a0, plen=plen@entry=0x7ff77cfe89e0, peos=peos@entry=0x7ff77cfe89dc, presponse=presponse@entry=0x7ff77cfe89e8) at h2_stream.c:604604 h2_stream.c: No such file or directory.[Current thread is 1 (Thread 0x7ff77cfe9700 (LWP 16532))](gdb) bt#0 h2_stream_out_prepare (stream=stream@entry=0x7ff7772330a0, plen=plen@entry=0x7ff77cfe89e0, peos=peos@entry=0x7ff77cfe89dc, presponse=presponse@entry=0x7ff77cfe89e8) at h2_stream.c:604#1 0x00007ff7ae7bb6cb in on_stream_resume (ctx=0x7ff7768410a0, stream=0x7ff7772330a0) at h2_session.c:1576#2 0x00007ff7ae7b2e3b in h2_mplx_dispatch_master_events (m=0x7ff7768412d0, _on_resume_=on_resume@entry=0x7ff7ae7bb500 <on_stream_resume>, _on_ctx_=on_ctx@entry=0x7ff7768410a0) at h2_mplx.c:1379#3 0x00007ff7ae7bc7ab in h2_session_process (session=0x7ff7768410a0, async=async@entry=1) at h2_session.c:2210#4 0x00007ff7ae7a8b2a in h2_conn_run (ctx=ctx@entry=0x7ff78c144360, c=c@entry=0x7ff78c14b348) at h2_conn.c:212#5 0x00007ff7ae7aea5b in h2_h2_process_conn (c=0x7ff78c14b348) at h2_h2.c:658#6 0x0000558b46d1e6f0 in ap_run_process_connection (c=c@entry=0x7ff78c14b348) at connection.c:42#7 0x00007ff7ad8976e8 in process_socket (my_thread_num=<optimized out>, my_child_num=<optimized out>, cs=0x7ff78c14b2b8, sock=<optimized out>, p=0x7ff78c14b028, thd=<optimized out>) at event.c:1099#8 worker_thread (thd=<optimized out>, dummy=<optimized out>) at event.c:2003#9 0x00007ff7b1862494 in start_thread (arg=0x7ff77cfe9700) at pthread_create.c:333#10 0x00007ff7b15a4aff in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97* What exactly did you do (or not do) that was effective (or ineffective)?http2 enabled caused it, disable module fixes it immediately-- Package-specific info:-- System Information:Debian Release: 9.1APT prefers stableAPT policy: (500, 'stable')Architecture: amd64 (x86_64)Kernel: Linux 4.9.0-3-amd64 (SMP w/3 CPU cores)Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)Shell: /bin/sh linked to /bin/dashInit: systemd (via /run/systemd/system)Versions of packages apache2-bin depends on:ii libapr1 1.5.2-5ii libaprutil1 1.5.4-3ii libaprutil1-dbd-sqlite3 1.5.4-3ii libaprutil1-ldap 1.5.4-3ii libc6 2.24-11+deb9u1ii libldap-2.4-2 2.4.44+dfsg-5ii liblua5.2-0 5.2.4-1.1+b2ii libnghttp2-14 1.18.1-1ii libpcre3 2:8.39-3ii libssl1.0.2 1.0.2l-2ii libxml2 2.9.4+dfsg1-2.2+deb9u1ii perl 5.24.1-3+deb9u1ii zlib1g 1:1.2.8.dfsg-5apache2-bin recommends no packages.Versions of packages apache2-bin suggests:pn apache2-doc <none>pn apache2-suexec-pristine | apache2-suexec-custom <none>ii w3m [www-browser] 0.5.3-34Versions of packages apache2 depends on:ii apache2-data 2.4.25-3+deb9u2ii apache2-utils 2.4.25-3+deb9u2ii dpkg 1.18.24ii init-system-helpers 1.48ii lsb-base 9.20161125ii mime-support 3.60ii perl 5.24.1-3+deb9u1ii procps 2:3.3.12-3Versions of packages apache2 recommends:ii ssl-cert 1.0.39Versions of packages apache2 suggests:pn apache2-doc <none>pn apache2-suexec-pristine | apache2-suexec-custom <none>ii w3m [www-browser] 0.5.3-34Versions of packages apache2-bin is related to:ii apache2 2.4.25-3+deb9u2ii apache2-bin 2.4.25-3+deb9u2-- no debconf information
--- End Message ---
--- Begin Message ---
- To: 873945-close@bugs.debian.org
- Subject: Bug#873945: fixed in apache2 2.4.25-3+deb9u5
- From: Stefan Fritsch <sf@debian.org>
- Date: Mon, 02 Jul 2018 16:47:10 +0000
- Message-id: <E1fa1yo-000ARR-5c@fasolo.debian.org>
Source: apache2 Source-Version: 2.4.25-3+deb9u5 We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 873945@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 02 Jun 2018 10:01:13 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: source amd64 all Version: 2.4.25-3+deb9u5 Distribution: stretch Urgency: medium Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description: apache2 - Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Closes: 850947 873945 897218 898563 Changes: apache2 (2.4.25-3+deb9u5) stretch; urgency=medium . * Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This fixes - CVE-2018-1302: mod_http2: Potential crash w/ mod_http2 - Segfaults in mod_http2 (Closes: #873945) - mod_http2 issue with option "Indexes" and directive "HeaderName" (Closes: #850947) Unfortunately, this also removes support for http2 when running on mpm_prefork. * mod_http2: Avoid high memory usage with large files, causing crashes on 32bit archs. Closes: #897218 * Make the apache-htcacheclean init script actually look into /etc/default/apache-htcacheclean for its config. Closes: #898563 Checksums-Sha1: fdac535212c1cf95c335c058966b09341cca546f 2986 apache2_2.4.25-3+deb9u5.dsc 222669e18a9027b65e7d49c5addb58670a627449 786444 apache2_2.4.25-3+deb9u5.debian.tar.xz 42daafa1a07e6af45f9db52c94b318ffc5504bbf 1185526 apache2-bin_2.4.25-3+deb9u5_amd64.deb faf46c716f49448978c8999f3155ec64b6ce8a93 162430 apache2-data_2.4.25-3+deb9u5_all.deb 37fb8923ae00f527086924e9b1eb5b2e1c29635d 4016942 apache2-dbg_2.4.25-3+deb9u5_amd64.deb 33d6b7816874b12fea0dcb09e9563128ac74931c 313898 apache2-dev_2.4.25-3+deb9u5_amd64.deb 24e76f8ba471f18899735f371c9f4dc442ef8876 3770868 apache2-doc_2.4.25-3+deb9u5_all.deb d4b76295607383d06d970252fb6f514cec41cf94 2264 apache2-ssl-dev_2.4.25-3+deb9u5_amd64.deb d745709ad9f29b3fa48cb7a08a8a41015d19abc8 155174 apache2-suexec-custom_2.4.25-3+deb9u5_amd64.deb ec4471ee41e7fa3bd0afcaca8bc7b7a365fcafe0 153704 apache2-suexec-pristine_2.4.25-3+deb9u5_amd64.deb 0568111f1c2eaa209919ae4e94beeac4f3bc4419 217066 apache2-utils_2.4.25-3+deb9u5_amd64.deb a81e796710a4c0974fd6ba013d6d772df666eb09 10102 apache2_2.4.25-3+deb9u5_amd64.buildinfo fe3bd51275b977b519ffcc9a70d84996106dc92d 235980 apache2_2.4.25-3+deb9u5_amd64.deb Checksums-Sha256: 89f87b98db2629bb298e83a27bfc8078a141e6001303b55cc5947e4535aba43b 2986 apache2_2.4.25-3+deb9u5.dsc 66d6f8381e5e913e0e20fa5d555115d55d82dbbd2110c3c44d591840bf57f143 786444 apache2_2.4.25-3+deb9u5.debian.tar.xz 259001920e738bcff8b06dc59c5ed0e2c279de7995b4a7763c0c73b29a7a46ac 1185526 apache2-bin_2.4.25-3+deb9u5_amd64.deb 0407478f446ed7253b7f43c3907ae4bc4c913437c1e0b8b75db2bd35a15480e2 162430 apache2-data_2.4.25-3+deb9u5_all.deb 5ecceac2ffbe5776fc5007fda814f3235a1f68a980bee15dfb961dbcf87d854c 4016942 apache2-dbg_2.4.25-3+deb9u5_amd64.deb 859f190b80bcf14197f1060f3bbba43f403615004b1fc3d840f2fd226337eda5 313898 apache2-dev_2.4.25-3+deb9u5_amd64.deb 6b51d63e7224f88298655723d3fa75a878c030882e89d8b4919ee0e7299cb770 3770868 apache2-doc_2.4.25-3+deb9u5_all.deb e7ef47fb459933c2786f11e414b5f38ec41e385b6daa091e643029e2190fadbd 2264 apache2-ssl-dev_2.4.25-3+deb9u5_amd64.deb 2e9152dbb2449789598774ac29badf45fe54e473978f6ec0226027a87a58f893 155174 apache2-suexec-custom_2.4.25-3+deb9u5_amd64.deb 2f2db56dee710dee5c023d3eae51fc0687fa0b24addb0693f9a0988fffedf8b9 153704 apache2-suexec-pristine_2.4.25-3+deb9u5_amd64.deb 65048e223915b9fe2ad5d6af2ab2cbb06b07f79bb7f3af0abc22b3ad4db73ca5 217066 apache2-utils_2.4.25-3+deb9u5_amd64.deb 10609d5e3c05a7c162e93bb9bd6896f42609252cfb51dfc697c880aa8965f674 10102 apache2_2.4.25-3+deb9u5_amd64.buildinfo 2f0b391e8ad280747fcb4846d2fa48135e2bccd6bb358e3ca5dd50b08713bacc 235980 apache2_2.4.25-3+deb9u5_amd64.deb Files: adca6af370ddcabf704dd20529dcd12c 2986 httpd optional apache2_2.4.25-3+deb9u5.dsc d7a3d205fc0516654e904c6f844d5887 786444 httpd optional apache2_2.4.25-3+deb9u5.debian.tar.xz 06fe2c27af927b1e8d95acbec6d4eabf 1185526 httpd optional apache2-bin_2.4.25-3+deb9u5_amd64.deb a7dc8ef5496a3d9fe736d1b71a0ea8ae 162430 httpd optional apache2-data_2.4.25-3+deb9u5_all.deb f445cd12998b585e500864e38af2cd23 4016942 debug extra apache2-dbg_2.4.25-3+deb9u5_amd64.deb a037c139900c8d9f7d4e7e18104d8449 313898 httpd optional apache2-dev_2.4.25-3+deb9u5_amd64.deb 496e62321bc3635702273f3fc347a772 3770868 doc optional apache2-doc_2.4.25-3+deb9u5_all.deb 805f7c041563282647d7371691c9e1a3 2264 httpd optional apache2-ssl-dev_2.4.25-3+deb9u5_amd64.deb a976442c7c324f09eb87e414a6eef666 155174 httpd extra apache2-suexec-custom_2.4.25-3+deb9u5_amd64.deb ead7c32c002109866da50589aeb6420c 153704 httpd optional apache2-suexec-pristine_2.4.25-3+deb9u5_amd64.deb 230b2c6b1b2bff67c1548819d90abc2a 217066 httpd optional apache2-utils_2.4.25-3+deb9u5_amd64.deb 1472bd7aed256344348f5354b7c0ec60 10102 httpd optional apache2_2.4.25-3+deb9u5_amd64.buildinfo 196a09a927954e927802fa47bcc0bf52 235980 httpd optional apache2_2.4.25-3+deb9u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOpiNza8JqByyYYsxxodfNUHO/eAFAlsSVMMACgkQxodfNUHO /eA6ixAArXXpZ7PBw/3hm6OJUTdj4zCbRnq9IQqBd+A5jyuKE0AAByYlaAn5VgBu 8LcRABX/GtoGQ7QGWCaXS8nPtiJv0Tt0DcrttFCVUaqPfLva7tvUluB1Ok1wchXI B4u5VErSNaqrJZCQWqi9O7vKPzeWTpAU1M0I9SsnxVce8B9EH3vRIF2xo0y/KAkS 6f1ae6hhRoD7ScWwpPW2LSGB/UlhzlGLNAY1KyBuEhy56VzI9UWZN/M6lbTb15E2 OP4acrKTqy99leojQU/6qjlkdHzLEgWryF/k5eRa5n5QOQ3l39mfUTFEHJxvZvpb C2SRnc/VuumegTjM//tnIwHbf+IO2vpqt0b0kT/24IMiqMiVqd3XWLQ3NrGA2NTD hSLdz5aUp6ESXFULHisSOAfdFefoFtx4TuNTIWt0txXCw6TVUV8/+Xe7H9EVR/C/ edKXZ8xSx/8m4LN5uENamEjc34Z3bKIfB9yp69MKtCElHQBW8ezDOwYLpoXSuHHw dyLfXRK6918twisffzqjeu4XiEgBrAE3v7Kz1s1xnqhH4DeEa0GGNATsft0N8p7n UgOPVfls//TI9qR79IJKx1rSU6h23CBd9AIh38kroY0JXayBj8nqKJLyEamLS8+b LlTK1ZOqs7xqaxGxVXx2auLxDLoi9dNsDhsTCzMSWU9D/h/xVLw= =Tggv -----END PGP SIGNATURE-----
--- End Message ---