Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#996549: upgrade-reports: Upgrade from buster to bullseye disables php module while apache2 running
32 views
Skip to first unread message
Philipp
Oct 15, 2021, 4:40:03 AM10/15/21
to
Package: upgrade-reports
Severity: important
(Please provide enough information to help the Debian
maintainers evaluate the report efficiently - e.g., by filling
in the sections below.)
My previous release is: Debian Buster
I am upgrading to: Debian Bullseye
Archive date: recent version
Upgrade date: 10/15/2021
Method: I replaced buster with bullseye in /etc/apt/sources.list, then apt {update|upgrade|dist-upgrade}
Contents of /etc/apt/sources.list:
deb http://ftp.de.debian.org/debian/ bullseye main
deb http://security.debian.org/debian-security bullseye-security main
deb http://ftp.de.debian.org/debian/ bullseye-updates main
- Were there any non-Debian packages installed before the upgrade? If
so, what were they?
No.
- Was the system pre-update a pure sarge system? If not, which packages
were not from sarge?
Yes.
- Did any packages fail to upgrade?
No.
- Were there any problems with the system after upgrading?
php7.4 was installed over php7.3. Therefore, php7.3 has been deactivated as apache2 module. But the installer did not enable php7.4. So, after a reboot, apache2 started to deliver php files as text files. This is a _serious_ issue if you don't realize it fast enough because the php files may contain config or other sensible information.
Further Comments/Problems:
The upgrade-process or the libapache2-mod-php7.4 package should auto-enable php7.4 with a2enmod - especially during an upgrade from another php version...
Severity: important
(Please provide enough information to help the Debian
maintainers evaluate the report efficiently - e.g., by filling
in the sections below.)
My previous release is: Debian Buster
I am upgrading to: Debian Bullseye
Archive date: recent version
Upgrade date: 10/15/2021
Method: I replaced buster with bullseye in /etc/apt/sources.list, then apt {update|upgrade|dist-upgrade}
Contents of /etc/apt/sources.list:
deb http://ftp.de.debian.org/debian/ bullseye main
deb http://security.debian.org/debian-security bullseye-security main
deb http://ftp.de.debian.org/debian/ bullseye-updates main
- Were there any non-Debian packages installed before the upgrade? If
so, what were they?
No.
- Was the system pre-update a pure sarge system? If not, which packages
were not from sarge?
Yes.
- Did any packages fail to upgrade?
No.
- Were there any problems with the system after upgrading?
php7.4 was installed over php7.3. Therefore, php7.3 has been deactivated as apache2 module. But the installer did not enable php7.4. So, after a reboot, apache2 started to deliver php files as text files. This is a _serious_ issue if you don't realize it fast enough because the php files may contain config or other sensible information.
Further Comments/Problems:
The upgrade-process or the libapache2-mod-php7.4 package should auto-enable php7.4 with a2enmod - especially during an upgrade from another php version...
Paul Gevers
Oct 16, 2021, 2:50:03 PM10/16/21
to
Control: reassign -1 src:php7.4 7.4.21-1+deb11u1
Hi Philipp,
Thanks for reporting your upgrade issues.
On 15-10-2021 10:22, Philipp wrote:
> - Were there any problems with the system after upgrading?
> php7.4 was installed over php7.3. Therefore, php7.3 has been deactivated as apache2 module. But the installer did not enable php7.4. So, after a reboot, apache2 started to deliver php files as text files. This is a _serious_ issue if you don't realize it fast enough because the php files may contain config or other sensible information.
This looks like a php7.4 issue, so hence reassigning.
> Further Comments/Problems:
>
> The upgrade-process or the libapache2-mod-php7.4 package should auto-enable php7.4 with a2enmod - especially during an upgrade from another php version...
Paul
Hi Philipp,
Thanks for reporting your upgrade issues.
On 15-10-2021 10:22, Philipp wrote:
> - Were there any problems with the system after upgrading?
> php7.4 was installed over php7.3. Therefore, php7.3 has been deactivated as apache2 module. But the installer did not enable php7.4. So, after a reboot, apache2 started to deliver php files as text files. This is a _serious_ issue if you don't realize it fast enough because the php files may contain config or other sensible information.
> Further Comments/Problems:
>
> The upgrade-process or the libapache2-mod-php7.4 package should auto-enable php7.4 with a2enmod - especially during an upgrade from another php version...
Bill Allombert
Oct 16, 2021, 3:10:03 PM10/16/21
to
Le Fri, Oct 15, 2021 at 10:22:33AM +0200, Philipp a écrit :
> Package: upgrade-reports
> Severity: important
>
> (Please provide enough information to help the Debian
> maintainers evaluate the report efficiently - e.g., by filling
> in the sections below.)
>
> My previous release is: Debian Buster
> I am upgrading to: Debian Bullseye
> Archive date: recent version
> Upgrade date: 10/15/2021
> Method: I replaced buster with bullseye in /etc/apt/sources.list, then apt {update|upgrade|dist-upgrade}
>
> Contents of /etc/apt/sources.list:
> deb http://ftp.de.debian.org/debian/ bullseye main
> deb http://security.debian.org/debian-security bullseye-security main
> deb http://ftp.de.debian.org/debian/ bullseye-updates main
>
>
> - Were there any non-Debian packages installed before the upgrade? If
> so, what were they?
> No.
>
> - Was the system pre-update a pure sarge system? If not, which packages
> were not from sarge?
> Yes.
Hello Philipp,
> Package: upgrade-reports
> Severity: important
>
> (Please provide enough information to help the Debian
> maintainers evaluate the report efficiently - e.g., by filling
> in the sections below.)
>
> My previous release is: Debian Buster
> I am upgrading to: Debian Bullseye
> Archive date: recent version
> Upgrade date: 10/15/2021
> Method: I replaced buster with bullseye in /etc/apt/sources.list, then apt {update|upgrade|dist-upgrade}
>
> Contents of /etc/apt/sources.list:
> deb http://ftp.de.debian.org/debian/ bullseye main
> deb http://security.debian.org/debian-security bullseye-security main
> deb http://ftp.de.debian.org/debian/ bullseye-updates main
>
>
> - Were there any non-Debian packages installed before the upgrade? If
> so, what were they?
> No.
>
> - Was the system pre-update a pure sarge system? If not, which packages
> were not from sarge?
> Yes.
Thanks for your report. Did you use reportbug ? Because this template is
seriously outdated, Debian sarge was released in 2005...
Cheers,
--
Bill. <ball...@debian.org>
Imagine a large red swirl here.
eingemaischt e
Jan 26, 2022, 2:20:04 AM1/26/22
to
Hi,
sorry for the late reply - yes I used reportbug.
Closing this issue just because php7.4 was removed from unstable isn't not really great to see.
The bug occurs on stable. If you update buster to bullseye the proposed upgrade mechanism _will_ switch off php in apache2 and therefore expose all php-(config)-files until php gets reactivated by the user....
Closing this issue just because php7.4 was removed from unstable isn't not really great to see.
The bug occurs on stable. If you update buster to bullseye the proposed upgrade mechanism _will_ switch off php in apache2 and therefore expose all php-(config)-files until php gets reactivated by the user....
Philipp
0 new messages