Ubuntu
apache2 package

apache2 apache-htcacheclean do not source /etc/default/apache-htcacheclean

Bug #1691495 reported by Baptiste Lafontaine
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Hi,

On ubuntu 16.04.2, with 2.4.18-2ubuntu3.2

Apache2 apache-htcache clean service init script define some config values:

# Default values. Edit /etc/default/apache-htcacheclean to change these
HTCACHECLEAN_SIZE="${HTCACHECLEAN_SIZE:=300M}"
HTCACHECLEAN_DAEMON_INTERVAL="${HTCACHECLEAN_DAEMON_INTERVAL:=120}"
HTCACHECLEAN_PATH="${HTCACHECLEAN_PATH:=/var/cache/apache2$DIR_SUFFIX/mod_cache_disk}"
HTCACHECLEAN_OPTIONS="${HTCACHECLEAN_OPTIONS:=-n}"

But the file /etc/default/apache-htcacheclean is not sourced in the file, so any change to the default configuration is not possible.

Adding ". /etc/default/apache-htcacheclean" just before allows to change the values.

CVE References

Revision history for this message
Joshua Powers (powersj) wrote :

Hi and thanks for the bug report.

Can you state more clearly what files you are editing? I am not sure I followed each step you took; for example, where did you add ". /etc/default/apache-htcacheclean" to?

If I look at /etc/cron.daily/apache2 it has that command already.

Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Baptiste Lafontaine (magnetik) wrote :

Sorry it was indeed not clear.

It is the file /etc/init.d/apache-htaccess that should (IMO) source the /etc/default/apache-htcacheclean file.

Revision history for this message
Joshua Powers (powersj) wrote :

Thanks for the clarification!

Changed in apache2 (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → High
Revision history for this message
Rene Fragoso (ctrlrsf) wrote :

Actually what looks to be happening is that /etc/default/apache-htcacheclean is being included/sourced after DAEMON_ARGS has already been set. The init script sets some HTCACHECLEAN_* variables, then DAEMON_ARGS, and then eventually /etc/default/apache-htcacheclean is sourced. However, DAEMON_ARGS is never reset using the newly sourced ENV vars so they're never used (see bash -x debug output below).

As a workaround, instead of changing init script, you can also add DAEMON_ARGS to bottom of your /etc/default/apache-htcacheclean. Here's my DAEMON_ARGS, which I took directly from the init script:

DAEMON_ARGS="$HTCACHECLEAN_OPTIONS \
    -d$HTCACHECLEAN_DAEMON_INTERVAL \
    -P$PIDFILE -i \
    -p$HTCACHECLEAN_PATH \
    -l$HTCACHECLEAN_SIZE"

Snippet of bash -x /etc/init.d/apache-htcacheclean start:
...
+++ HTCACHECLEAN_SIZE=300M
+++ HTCACHECLEAN_DAEMON_INTERVAL=120
+++ HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk
+++ HTCACHECLEAN_OPTIONS=-n
+++ PIDDIR=/var/run/apache2/www-data
+++ PIDFILE=/var/run/apache2/www-data/apache-htcacheclean.pid
+++ DAEMON_ARGS='-n -d120 -P/var/run/apache2/www-data/apache-htcacheclean.pid -i -p/var/cache/apache2/mod_cache_disk -l300M'
++ NAME=apache-htcacheclean
++ DESC='Apache htcacheclean'
++ '[' none = /var/run/apache2/www-data/apache-htcacheclean.pid ']'
++ '[' -z /var/run/apache2/www-data/apache-htcacheclean.pid ']'
++ '[' none '!=' /usr/bin/htcacheclean ']'
++ '[' '!' -x /usr/bin/htcacheclean ']'
++ '[' -r /etc/default/apache-htcacheclean ']'
++ . /etc/default/apache-htcacheclean
+++ HTCACHECLEAN_MODE=daemon
+++ HTCACHECLEAN_SIZE=64M
+++ HTCACHECLEAN_DAEMON_INTERVAL=15
+++ HTCACHECLEAN_PATH=/dev/shm/htcache
+++ HTCACHECLEAN_OPTIONS=-n
++ . /lib/init/vars.sh
+++ TMPTIME=0
...
...
++ echo ' * Starting Apache htcacheclean' apache-htcacheclean
 * Starting Apache htcacheclean apache-htcacheclean
++ COL=
++ call do_start_cmd
++ cmd=do_start_cmd
++ shift
++ is_call_implemented do_start_cmd_override
++ command -V do_start_cmd_override
++ do_start_cmd_override
++ start-stop-daemon --start --quiet --pidfile /var/run/apache2/www-data/apache-htcacheclean.pid -u www-data --startas /usr/bin/htcacheclean --name htcacheclean --test

(DAEMON_ARGS is never changed and it has the arguments to start the daemon)

$ dpkg -l | grep apache2
ii apache2 2.4.18-2ubuntu3.4 amd64 Apache HTTP Server
ii apache2-bin 2.4.18-2ubuntu3.4 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.18-2ubuntu3.4 all Apache HTTP Server (common files)
ii apache2-utils 2.4.18-2ubuntu3.4 amd64 Apache HTTP Server (utility programs for web servers)

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.7 KiB)

This bug was fixed in the package apache2 - 2.4.29-1ubuntu1

---------------
apache2 (2.4.29-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
      + d/source/include-binaries: add Ubuntu icon file
    - Correct systemd-sysv-generator behavior by customizing some
      parameters:
      + d/apache2-systemd.conf: add a drop-in file to specify some
        parameters for the systemd unit (type=Forking and
        RemainsAfterExit=no), this allow a correct state synchronisation
        between systemctl status and actual state of apache2 daemon.
      + d/apache2.install: place the apache2-systemd.conf file in the
        correct location.
    - Don't build http2 module (nghttp2 still not in main) (LP 1687454)
      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
      + debian/config-dir/mods-available/http2.load: removed.
      + debian/rules: removed proxy_http2 from configure.
  * Switch back to OpenSSL 1.0 as we don't yet have 1.1:
    - debian/control: switch BuildDepends to libssl1.0-dev
    - debian/control: remove Breaks on gridsite and libapache2-mod-dacs
    - debian/rules: remove openssl virtual package and logic

apache2 (2.4.29-1) unstable; urgency=medium

  [ Stefan Fritsch ]
  * Replace outdated dependency on dh-systemd

  [ Ondřej Surý ]
  * New upstream version 2.4.29
  * Refresh quilt patches
  * Add mod_ssl_md patch needed for libapache2-mod-md (Closes: #877343)
  * Refresh patches on top of upstream release 2.4.29
  * Fix Apache crash on restarts (ASF Bug 61558)
  * Add deconfigure to the list of recognized scripts (Closes: #877524)

apache2 (2.4.27-6) unstable; urgency=high

  * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files
    which could result in HTTP OPTIONS method leaking Apache's server memory.
    Closes: #876109
  * Fix argument escaping in apachectl. Closes: #876384

apache2 (2.4.27-5) unstable; urgency=medium

  * Upload to unstable.
  * Update "Breaks:" for openssl transition.
  * Bump Standards-Version to 4.1.0. No changes needed.

apache2 (2.4.27-4) experimental; urgency=medium

  * Use 'invoke-rc.d' instead of init script in logrotate script.
    Closes: #857607
  * Make the apache-htcacheclean init script actually look into
    /etc/default/apache-htcacheclean for its config. LP: #1691495
  * mime.conf: Guard AddOutputFilter INCLUDES with proper <IfModule>.
    LP: #1675184
  * Use 'service' instead of init script in monit example config.
  * Bump Standards-Version to 4.0.1. Other changes:
    - change package priorities from extra to optional
  * Use libprotocol-http2-perl in autopkgtest.
  * Update test suite to svn r1804214.
  * Various tweaks to the test suite autopkgtest to avoid having to skip
    any test.
  * Also remove -DBUILD_DATETIME an...

Read more...

Changed in apache2 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.