Bug#763582: apache2: Apache2 cannot run CGI scripts in "jessie"

[Leslie Rhorer <lrhorer@mygrande.net>]

Package: apache2
Version: 2.4.10-2
Severity: grave
Justification: renders package unusable

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- Package-specific info:

-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2 depends on:
ii  apache2-bin   2.4.10-2
ii  apache2-data  2.4.10-2
ii  lsb-base      4.1+Debian13
ii  mime-support  3.56
ii  perl          5.20.0-6
ii  procps        1:3.3.9-7

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.34

Versions of packages apache2 suggests:
ii  apache2-doc                                      2.4.10-1
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
pn  apache2-utils                                    <none>
ii  iceweasel [www-browser]                          31.1.0esr-1
ii  konqueror [www-browser]                          4:4.14.1-1
ii  w3m [www-browser]                                0.5.3-17

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.1-3
ii  libaprutil1              1.5.3-3
ii  libaprutil1-dbd-sqlite3  1.5.3-3
ii  libaprutil1-ldap         1.5.3-3
ii  libc6                    2.19-11
ii  libldap-2.4-2            2.4.39-1.1+b1
ii  liblua5.1-0              5.1.5-7
ii  libpcre3                 1:8.35-3
ii  libssl1.0.0              1.0.1i-2
ii  libxml2                  2.9.1+dfsg1-4
ii  perl                     5.20.0-6
ii  zlib1g                   1:1.2.8.dfsg-2

Versions of packages apache2-bin suggests:
ii  apache2-doc                                      2.4.10-1
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  iceweasel [www-browser]                          31.1.0esr-1
ii  konqueror [www-browser]                          4:4.14.1-1
ii  w3m [www-browser]                                0.5.3-17

Versions of packages apache2 is related to:
ii  apache2      2.4.10-2
ii  apache2-bin  2.4.10-2

-- Configuration Files:
/etc/apache2/mods-available/alias.conf changed:
<IfModule alias_module>
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
    Options FollowSymlinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
Alias "/DVD" "/RAID/DVD"
<Location "/DVD">
   Options Indexes
   Order allow,deny
   Allow from all
</Location>
Alias "/RAID_Server" "/RAID/Recordings"
<Location "/RAID_Server">
   Options Indexes
   Order allow,deny
   Allow from all
</Location>
</IfModule>

/etc/apache2/sites-available/000-default.conf changed:
<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>
	<Directory "/var/www/vidmgr">
		Options +ExecCGI
		AddHandler cgi-script .py
		DirectoryIndex VidMgrWeb.py
		Order allow,deny
		Allow from all
	</Directory>
	ErrorLog ${APACHE_LOG_DIR}/error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:8080>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/cgi-bin/TiVo
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/cgi-bin/TiVo>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
	ScriptAlias / /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin/TiVo">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>
	ErrorLog ${APACHE_LOG_DIR}/error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


-- no debconf information

I upgraded my server a few days ago by installing a virgin copy of Debian "jessie" from scratch, and then copied over the configurations from the previous version which ran under "wheezy".  After having done so, any plain html pages seem to load just fine, but I cannot run any scripts.  I have several bash-based scripts in /var/www/cgi-bin/<PageName>, each with an index.cgi script as the entry point.  Attempring to enter into any of these web pages results in a 403 error: "You don't have permission to access /cgi/bin/xxxxxx on this server.  /var/log/apache2/error.log produces an entry like:

[Tue Sep 30 23:51:39.643085 2014] [authz_core:error] [pid 9530:tid 140346304423680] [client 192.168.1.121:59351] AH01630: client denied by server configuration: /usr/lib/cgi-bin/Thermostat/index.cgi

Meanwhile, I also have one directory that has a set of Python scripts in it, starting with /var/www/vidmgr/VidMgrWeb.py.  When I try to access this directory, insted of running the script, the borwser starts downloading it to the PC.  This was all working under "Wheezy", but now it is broken, and I cannot figure out what, if anything, is wrong in my configurations or how to fix it.