Bug#1069748: mod_ssl: warning about compilation against OpenSSL 3.0.13 instead of 3.0.11 on bookworm
Package: apache2
Version: 2.4.59-1~deb12u1
Severity: normal
X-Debbugs-Cc: team@security.debian.org
Dear Maintainer,
I noticed that after a recent security update of apache2 on bookworm
(2.4.57-2 -> 2.4.59-1~deb12u1), the following warning started to appear
in the error.log on every apache2 restart:
[ssl:warn] [pid 1144573:tid 281472850739232] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 3.0.13 30 Jan 2024 (OpenSSL 3.0.11 19 Sep 2023), version currently loaded is 0x300000B0) - may result in undefined or erroneous behavior
[mpm_event:notice] [pid 1144575:tid 281472850739232] AH00489: Apache/2.4.59 (Debian) mod_fcgid/2.3.9 OpenSSL/3.0.11 configured -- resuming normal operations
Comparing package versions on my system with those listed on
packages.debian.org for bookworm it seems I'm up to date with apache2
and libssl3 (3.0.11-1~deb12u2) packages.
Apart from this warning I haven't noticed any problems so far.
Best regards
Tomaž
-- Package-specific info:
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.1.0-20-arm64 (SMP w/2 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apache2 depends on:
ii apache2-bin 2.4.59-1~deb12u1
ii apache2-data 2.4.59-1~deb12u1
ii apache2-utils 2.4.59-1~deb12u1
ii init-system-helpers 1.65.2
ii media-types 10.0.0
ii perl 5.36.0-7+deb12u1
ii procps 2:4.0.2-3
ii sysvinit-utils [lsb-base] 3.06-4
Versions of packages apache2 recommends:
pn ssl-cert <none>
Versions of packages apache2 suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
pn www-browser <none>
Versions of packages apache2-bin depends on:
ii libapr1 1.7.2-3
ii libaprutil1 1.6.3-1
ii libaprutil1-dbd-sqlite3 1.6.3-1
ii libaprutil1-ldap 1.6.3-1
ii libbrotli1 1.0.9-2+b6
ii libc6 2.36-9+deb12u6
ii libcrypt1 1:4.4.33-2
ii libcurl4 7.88.1-10+deb12u5
ii libjansson4 2.14-2
ii libldap-2.5-0 2.5.13+dfsg-5
ii liblua5.3-0 5.3.6-2
ii libnghttp2-14 1.52.0-1+deb12u1
ii libpcre2-8-0 10.42-1
ii libssl3 3.0.11-1~deb12u2
ii libxml2 2.9.14+dfsg-1.3~deb12u1
ii perl 5.36.0-7+deb12u1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
pn www-browser <none>
Versions of packages apache2 is related to:
ii apache2 2.4.59-1~deb12u1
ii apache2-bin 2.4.59-1~deb12u1
-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/sites-available/000-default.conf changed [not included]
-- no debconf information
Reply to: