Package: apache2-bin Version: 2.4.65-1~deb11u1 Severity: normal Dear Maintainers,
During upgrade to bookworm, access to locations requising a basic auth using a local openldap server stop working. openldap is running on the same host, access is done using ldap://localhost/ without TLS. Configuration is: <Directory /a/b/www/restrictedsubdir/> # Auth LDAP AuthBasicProvider ldap AuthType Basic AuthName "Restricted access" AuthLDAPURL "ldap://localhost/ou=users,dc=xxx,dc=fr?cn?sub?(objectClass=person)" NONE AuthLDAPBindDN "cn=webserver,ou=system,dc=xxx,dc=fr" AuthLDAPBindPassword "xxxx" Require valid-user </Directory> When upgraded, apache report (with LDAPLibraryDebug 7): ldap_simple_bind ldap_sasl_bind [Wed Aug 27 22:03:16.104849 2025] [core:notice] [pid 18603:tid 18603] AH00051: child pid 18624 exit signal Segmentation fault (11), possible coredump in /tmp Nothing is traced in the accesslog nor in the LDAP server logs. ldapsearch is working fine using the same credentials provided using AuthLDAPBindDN / AuthLDAPBindPassword authentication using simple-ldap-login wordpress plugin (PHP8) is working fine too. Other access without authentication, or using the file provider are fine. Backtrace is: Reading symbols from /usr/sbin/apache2... (No debugging symbols found in /usr/sbin/apache2) warning: Can't open file /dev/zero (deleted) during file-backed mapping note processing [New LWP 18609] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/sbin/apache2 -k start'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f675582ab86 in ldap_int_put_controls () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (gdb) bt #0 0x00007f675582ab86 in ldap_int_put_controls () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #1 0x00007f675582ff35 in ldap_build_bind_req () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #2 0x00007f67558300f7 in ldap_sasl_bind () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #3 0x00007f6755830cf6 in ldap_simple_bind () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 #4 0x00007f6754c8ff25 in ?? () from /usr/lib/apache2/modules/mod_ldap.so #5 0x00007f6754c90228 in ?? () from /usr/lib/apache2/modules/mod_ldap.so #6 0x00007f6754c938b7 in ?? () from /usr/lib/apache2/modules/mod_ldap.so #7 0x00007f675588172b in ?? () from /usr/lib/apache2/modules/mod_authnz_ldap.so #8 0x00007f675589bab2 in ?? () from /usr/lib/apache2/modules/mod_auth_basic.so #9 0x000055e48edaa580 in ap_run_check_user_id () #10 0x000055e48edad228 in ap_process_request_internal () #11 0x000055e48edcf208 in ap_process_async_request () #12 0x000055e48edcf45e in ap_process_request () #13 0x000055e48edcb224 in ?? () #14 0x000055e48edbfd90 in ap_run_process_connection () #15 0x00007f6754c7cbbc in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so #16 0x00007f6754c7cf26 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so #17 0x00007f6754c7cf71 in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so #18 0x00007f6754c7d67f in ?? () from /usr/lib/apache2/modules/mod_mpm_prefork.so #19 0x000055e48ed958e0 in ap_run_mpm () #20 0x000055e48ed8d178 in main () Bug #578566 does not resolv the issue. -- Package-specific info: -- System Information: Debian Release: 12.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldoldstable-updates'), (500, 'oldoldstable-security'), (500, 'oldoldstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-38-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_CRAP Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2-bin depends on: ii libapr1 1.7.2-3+deb12u1 ii libaprutil1 1.6.3-1 ii libaprutil1-dbd-sqlite3 1.6.3-1 ii libaprutil1-ldap 1.6.3-1 ii libbrotli1 1.0.9-2+b6 ii libc6 2.36-9+deb12u10 ii libcrypt1 1:4.4.33-2 ii libcurl4 7.88.1-10+deb12u12 ii libjansson4 2.14-2 ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1 ii liblua5.3-0 5.3.6-2 ii libnghttp2-14 1.52.0-1+deb12u2 ii libpcre3 2:8.39-15 ii libssl1.1 1.1.1w-0+deb11u3 ii libxml2 2.9.14+dfsg-1.3~deb12u2 ii perl 5.36.0-7+deb12u2 ii zlib1g 1:1.2.13.dfsg-1 apache2-bin recommends no packages. Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii w3m [www-browser] 0.5.3+git20230121-2 Versions of packages apache2 depends on: ii apache2-data 2.4.65-1~deb11u1 ii apache2-utils 2.4.65-1~deb11u1 ii dpkg 1.21.22 ii init-system-helpers 1.65.2 ii lsb-base 11.6 ii mime-support 3.66 ii perl 5.36.0-7+deb12u2 ii procps 2:4.0.2-3 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages apache2 recommends: ii ssl-cert 1.1.2 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii w3m [www-browser] 0.5.3+git20230121-2 Versions of packages apache2-bin is related to: ii apache2 2.4.65-1~deb11u1 ii apache2-bin 2.4.65-1~deb11u1 -- no debconf information
