mod_python statically linked to wrong python 2.7 version

Hi Stefan,

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I took a look at this further and found that python 2.7.17 is in Bionic and 2.7.18 is in Focal (see: rmadison libpython2.7). With that, I am a bit confused as to how are you facing this error.

Furthermore, I took a look a look at the .so and saw the same .so being linked for both, Focal and Bionic:
$ ldd /usr/lib/apache2/modules/mod_python.so
 linux-vdso.so.1 (0x00007ffdfcdd0000)
 libpython2.7.so.1.0 => /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0 (0x00007fc61fd48000)
 libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc61f957000)
 libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fc61f73a000)
 libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fc61f51b000)
 libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fc61f317000)
 libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x00007fc61f114000)
 libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fc61ed76000)
 /lib64/ld-linux-x86-64.so.2 (0x00007fc6204e8000)

Now, I am a bit unsure as to how did you figure out that the .so is "statically" linked with is? Could you perhaps show us the output of `apt-cache policy libapache2-mod-python libpython2.7`? Because at this point, I am worried that you might somehow be running different versions of the two packages (one from Focal and the other from Bionic).

Whilst at it, could you also help me provide the steps to reproduce this error/failure?

Since there isn't enough information in your report to differentiate between a local configuration problem and a bug in Ubuntu, I'm marking this bug as "Incomplete" for now.

If indeed this is a local configuration problem, you can find pointers to get help for this sort of problem here: http://www.ubuntu.com/support/community. Or if you believe that this is really a bug, then you may find it helpful to read "How to report bugs effectively" (http://www.chiark.greenend.org.uk/~sgtatham/bugs.html). We'd be grateful if you would then provide a more complete description of the problem, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to New.

Once done, I'll be happy to take a look at this and figure out from there on. Thanks, again, for reporting this though! :)

Hi,
Sorry for the missing information.

I was able to reproduce it with a fresh system by doing the following steps:
- Create a VM
- Install ubuntu-20.04.1-live-server-amd64.iso
  -> all standard + openssh
  -> let the security updates run
- install apache2
- install libapache2-mod-python
- restart apache2
- the said error is logged in /var/log/apache2/error.log

I noted that during installing libapache2-mod-python there are conflicting Python-versions listet 2.7.17 and 2.7.18. So maybe the error doesn't lie within libapache2-mod-python but within python2 - i can't tell from my point of view.

Here is the output during the installing processes:

newuser@test-ubuntu:~$ sudo apt update
[sudo] password for administrator:
Hit:1 http://de.archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://de.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:4 http://de.archive.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
102 packages can be upgraded. Run 'apt list --upgradable' to see them.

newuser@test-ubuntu:~$ sudo apt install apache2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4 liblua5.2-0 ssl-cert
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser openssl-blacklist
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4 liblua5.2-0 ssl-cert
0 upgraded, 11 newly installed, 0 to remove and 102 not upgraded.
Need to get 1865 kB of archives.
After this operation, 8080 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://de.archive.ubuntu.com/ubuntu focal/main amd64 libapr1 amd64 1.6.5-1ubuntu1 [91.4 kB]
Get:2 http://de.archive.ubuntu.com/ubuntu focal/main amd64 libaprutil1 amd64 1.6.1-4ubuntu2 [84.7 kB]
Get:3 http://de.archive.ubuntu.com/ubuntu focal/main amd64 libaprutil1-dbd-sqlite3 amd64 1.6.1-4ubuntu2 [10.5 kB]
Get:4 http://de.archive.ubuntu.com/ubuntu focal/main amd64 libaprutil1-ldap amd64 1.6.1-4ubuntu2 [8736 B]
Get:5 http://de.archive.ubuntu.com/ubuntu focal/main amd64 libjansson4 amd64 2.12-1build1 [28.9 kB]
Get:6 http://de.archive.ubuntu.com/ubuntu focal/main amd64 liblua5.2-0 amd64 5.2.4-1.1build3 [106 kB]
Get:7 http://de.archive.ubuntu.com/ubuntu focal-updates/main amd64 apache2-bin amd64 2.4.41-4ubuntu3.1 [1180 kB]
Get:8 http://de.archive.ubuntu.com/ubuntu focal-updates/main amd64 apache2-data all 2.4.41-4ubuntu3.1 [158 kB]
Get:9 http://de.archive.ubuntu.com/ubuntu focal-updates/main amd64 apache2-utils amd64 2.4.41-4ubuntu3.1 [83.8 kB]
Get:10 http://de.archive.ubuntu.com/ubuntu focal-updates/main amd64 apache2 amd64 2.4.41-4ubuntu3.1 [95.5 kB]
Get:11 http://de.archive.ubuntu.com/ubuntu focal/main amd64 ssl-cert all 1.0.39 [17.0 kB]
Fetched 1865 kB in 0s (4448 kB/s)
Preconfiguring packages ...
Se...

Hi Stefan,

Thanks for the information. I can reproduce it here easily.

I'm just curious if the rebuild of libapache2-mod-python against 2.7.18 should fix this so I'd like to ask if you can check if install libapache2-mod-python from this (https://launchpad.net/~utkarsh/+archive/ubuntu/experimental-dump) PPA fixes the original issue for you?

The mismatch does go away for me but does it work as intended?

Indeed thanks Stefan and Utkarsh,
also with that known one can see that the build of libapache2-mod-python was done against 2.7.17-1ubuntu5. See:
https://launchpad.net/ubuntu/+source/libapache2-mod-python/3.3.1-11ubuntu5
https://launchpadlibrarian.net/464118415/buildlog_ubuntu-focal-amd64.libapache2-mod-python_3.3.1-11ubuntu5_BUILDING.txt.gz

@Utkarsh - Somewhat independent to the case here I wonder if this has a strong dependency to 2.7.17 or 2.7.18 (as the error indicates) if the package dependencies to "libpython2.7 (>= 2.7)" are sufficient. >=2.7 seems wrong, even >2.7.17 would be wrong as we have 2.7.18 and it fails.
Almost like =2.7.17 (or on rebuild =2.7.18). Once the immediate case is resolved it might be worth spending a bit of time to look if dh-python or libapache2-mod-python needs a fix here to create better package dependencies.

while the rebuild makes the issue go away, the module just should not check the subminor version.

Hi Matthias,

> while the rebuild makes the issue go away, the module just
> should not check the subminor version.

Precisely. I agree and I opened an issue upstream about it:
https://github.com/grisha/mod_python/issues/101

I've known and hope upstream to be kind and helpful about this and maybe this could be fixed there and then included or cherry-picked here. This would be the ideal solution.

But until that happens, I'm inclined towards doing a rebuild of libapache2-mod-python with python2 v2.7.18 and uploading to fix this for now. Probably same needs to be done for hirsute as well(?). Let me know if you feel differently or have any other suggestions.

Hi,

I've got an update to the issue.
When i tried to test Utkarshs build of the package I was doing a negative test first by installing Trac (https://trac.edgewall.org/) to the test-VM (as i was doing on the machine where i discovered this issue).

And it turns out that the current module is indeed working - despite the error that is logged.

So it seems to be an "cosmetic" error only.

Thanks Stefan,
for this extra insight - it helps to handle the severity of this much better.
And resolves my bad gut-feeling that I mentioned to Utkarsh yesterday which was "it somehow smells odd to me as that would mean apache<->python wsa broken all the time since 20.04 release. And we need a year until someone complains ... spidersense is tickling ..."

I have checked the very same based on the example from http://modpython.org/live/current/doc-html/tutorial.html and I agree, despite the seemingly fatal error message it works just fine.

# Repro:
$ apt install libapache2-mod-python
$ cat > /etc/apache2/sites-enabled/python.conf << EOF
> <Directory /var/www/html>
> AddHandler mod_python .py
> PythonHandler mod_python.publisher
> PythonDebug On
> </Directory>
> EOF
$ systemctl restart apache2
# place the example form.html + form.py in /var/www/html/ and give it a try

Awesome then. Let's not rush into this since it's barely a problem except the logging part and wait for the upstream to answer the issue.

Upstream maintainer replied to Utkarsh bug report but I do not think it will lead to a resolution.

This bug was fixed in the package libapache2-mod-python - 3.5.0.1-1

---------------
libapache2-mod-python (3.5.0.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream release.
    - Fixes random segfaults with Python 3.10 (Closes: #1019299)
  * Update watch file, upstream is cutting releases again.
  * Refresh patches.
  * Drop patches, superseded upstream: 11_py310_py_ssize_t_clean.patch,
    12_py310_collections_import.patch, 13_py310_minor_version.patch,
    14_sphinx_py3.patch.
  * Patch: Sphinx >= 5.1 support.
  * Drop ln for contents.html, no longer needed.
  * Clean correctly. (Closes: #1045745)
  * debian/rules: Add dh_auto_build override to pass
    -ffile-prefix-map via APXSFLAGS to avoid embedding build paths. Thanks
    Vagrant Cascadian. (Closes: #1020815)
  * Patch: Remove the Python version check. (Closes: #592988, #1040269)
    (LP: #1919923, #1073147)
  * Bump Standards-Version to 4.6.2, no changes needed.
  * In 03_debian-version.patch, strip the debian part of the version. BinNMUs
    were resulting in invalid PEP-440 versions. (Closes: #1054587)

 -- Stefano Rivera <email address hidden> Thu, 26 Oct 2023 15:47:22 +0200