** Description changed: [Impact] - The libapache2-modsecurity package does not work out of the box (but a - workaround is available). + The libapache2-modsecurity and libapache2-mod-proxy-html packages does + not work out of the box (but workarounds are available). [Test Case] - apt-get -y install apache2 libapache2-modsecurity + apt-get -y install apache2 <libapache2-modsecurity or libapache2-mod- + proxy-html> This fails with the following error, although the postinst does exit 0: - Setting up libapache2-modsecurity (2.6.3-1) ... - Action 'configtest' failed. - The Apache error log may have more information. - Your apache2 configuration is broken, so we're not restarting it for you. + Setting up libapache2-modsecurity (2.6.3-1) ... + Action 'configtest' failed. + The Apache error log may have more information. + Your apache2 configuration is broken, so we're not restarting it for you. $ sudo apachectl configtest apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/mod-security.load: Cannot load /usr/lib/libxml2.so.2 into server: /usr/lib/libxml2.so.2: cannot open shared object file: No such file or directory Action 'configtest' failed. The Apache error log may have more information. + Expected results: + + 1. The installations should succeed. + 2. "sudo apachectl configtest" should return "Syntax OK" with a zero exit status. + 3. "sudo grep libxml2.so.2 /proc/$(cat /run/apache2.pid)/maps" should display load locations of libxml2.so.2.<version>, in order to verify that the runtime linker has successfully linked the required module. + [Fix] Debian has fixed this by updating apache2 to use dlopen's search path and changing mod-security.load to not use any absolute path. We have - merged apache2 and synced modsecurity-apache and verified that Quantal - is fixed. + merged apache2. modsecurity-apache and mod-proxy-html have synced and I + have verified that Quantal is fixed. - For Precise, we have backported the upstream apache2 dlopen search path - modification, and fixed the path in mod-security.load the same as - Debian. + For the Precise SRU, it was concluded that the change to apache2 in + Debian is too invasive. Instead, we have removed the LoadFile directives + entirely, after ensuring that the modules do depend correctly on + libxml2.so.2. [Regression Potential] - The modsecurity-apache fix is just the load path, so it should either - work or fail. I can't see any potential for regression here. + With the new approach, apache2 does not need an update. - The apache2 fix involves changing the behaviour of dynamic module loads. - There is now a fallback to use the dlopen search path if the name does - not use an absolute path. If there is a regression, it will probably be - with edge cases to do with module load paths and likely manifest - themselves as modules failing to load. "sudo apachectl configtest" - should reveal these. + Previously, libapache2-modsecurity and libapache2-mod-proxy-html did not + load at all in the default configuration, so I don't see how there could + be a regression here. + We have changed a config file, but since it is a config file, an + administrator who has manually worked around the problem by changing the + config file differently will be prompted and so should not get an + unexpected regression. + + /usr/lib/apache2/modules/mod_proxy_html.so now explicitly imports + symbols from libxml2.so.2, but this was done by the LoadFile directive + anyway, so I don't see that there would be a problem here. + + So the area to look for regressions is in the existence of XML + functionality in these two modules, but I think this change is so + minimal it is very unlikely. Original bug description: service apache2 restart apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/mod-security.load: Cannot load /usr/lib/libxml2.so.2 into server: /usr/lib/libxml2.so.2: cannot open shared object file: No such file or directory Action 'configtest' failed. The Apache error log may have more information. ...fail! in file /etc/apache2/mods-enabled/mod-security.load: LoadFile /usr/lib/libxml2.so.2 correct path on x86 would be /usr/lib/i386-linux-gnu/libxml2.so.2 maybe a symlink could fix this issue?
** Branch linked: lp:~racb/ubuntu/precise/mod-proxy-html/988819 ** Branch linked: lp:~racb/ubuntu/precise/modsecurity-apache/988819_2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/988819 Title: [SRU] wrong path to libxml2.so.2 in mod_security - broken by multiarch enabled libraries To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/988819/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
