[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#470652: marked as done (apache2.2-common: mod_cache doesn't handle If-Range correctly)

Your message dated Mon, 08 Sep 2008 07:52:21 +0000
with message-id <E1KcbXp-0005WG-Oa@ries.debian.org>
and subject line Bug#470652: fixed in apache2 2.2.3-4+etch6
has caused the Debian Bug report #470652,
regarding apache2.2-common: mod_cache doesn't handle If-Range correctly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

470652: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470652
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Subject: apache2.2-common: mod_cache doesn't handle If-Range correctly
Package: apache2.2-common
Version: 2.2.3-4+etch4
Severity: normal
Tags: patch

*** Please type your report below this line ***

Using mod_cache, if an object is in the cache, but expired,
and the backend has a newer version of the object, and a client
makes an If-Range request, then mod_cache will ignore the
If-Range condition and return only the requested Range of the
new version, even when it should have returned the whole of the
new version.

<https://issues.apache.org/bugzilla/show_bug.cgi?id=44579> has
a more detailed report and the following patch for Apache 2.2.8,
which will also work on 2.2.3:

Index: modules/cache/mod_cache.c
--- modules/cache/mod_cache.c   (revision 634179)
+++ modules/cache/mod_cache.c   (working copy)
@@ -613,6 +613,12 @@
             /* Treat the request as if it wasn't conditional. */
             cache->stale_handle = NULL;
+            /*
+             * Restore the original request headers as they may be needed
+             * by further output filters like the byterange filter to make
+             * the correct decisions.
+             */
+            r->headers_in = cache->stale_headers;

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

--- End Message ---
--- Begin Message ---
Source: apache2
Source-Version: 2.2.3-4+etch6

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive:

  to pool/main/a/apache2/apache2-doc_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-src_2.2.3-4+etch6_all.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch6_i386.deb
  to pool/main/a/apache2/apache2_2.2.3-4+etch6.diff.gz
  to pool/main/a/apache2/apache2_2.2.3-4+etch6.dsc
  to pool/main/a/apache2/apache2_2.2.3-4+etch6_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 470652@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Sat, 06 Sep 2008 11:35:16 +0200
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild
Architecture: source all i386
Version: 2.2.3-4+etch6
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
 apache2    - Next generation, scalable, extendable web server
 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD 2.1
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD 2.1
 apache2-mpm-worker - High speed threaded model for Apache HTTPD 2.1
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers
 apache2.2-common - Next generation, scalable, extendable web server
Closes: 470652 489899
 apache2 (2.2.3-4+etch6) stable; urgency=low
   * Fix CVE-2007-6388: XSS in mod_status
   * Fix CVE-2008-2939: XSS in mod_proxy_ftp
   * Fix CVE-2008-2364: DoS in mod_proxy_http
   * Fix salt generation weakness in htpasswd (Closes: #489899)
   * Fix processes hanging on graceful restart or shutdown with prefork MPM.
   * mod_cache: Handle If-Range correctly if the cached resource was stale.
     This fixes problems when using apt with mod_cache (closes: #470652).
 ab86afc4f0f8b720558639e52265a5d3 1068 web optional apache2_2.2.3-4+etch6.dsc
 35d05e9ae19aff4303af57be8ba15ad1 117297 web optional apache2_2.2.3-4+etch6.diff.gz
 a05c4e70529b939789863251aee40404 963004 web optional apache2.2-common_2.2.3-4+etch6_i386.deb
 41bb8337693eaa7f7d0ad79d0828085d 424706 web optional apache2-mpm-worker_2.2.3-4+etch6_i386.deb
 05cbd6dacc7faeda6cdb74f091aba723 420754 web optional apache2-mpm-prefork_2.2.3-4+etch6_i386.deb
 ddf0c7d5baad24fc0518865c66a12c5a 425124 web optional apache2-mpm-event_2.2.3-4+etch6_i386.deb
 3ae1121effa67c06264efdfb119e3e94 343510 web optional apache2-utils_2.2.3-4+etch6_i386.deb
 b990cadc094cd47bd35e9bb99e1f4b06 409148 devel optional apache2-prefork-dev_2.2.3-4+etch6_i386.deb
 245b4acc5cc3f6f1d9de38979d6f6868 409900 devel optional apache2-threaded-dev_2.2.3-4+etch6_i386.deb
 d045d1fcda9c9da3eaaf8fc4cea2990d 275480 web optional apache2-mpm-perchild_2.2.3-4+etch6_all.deb
 9c0c4e8267e2666528467593f4dd3426 41306 web optional apache2_2.2.3-4+etch6_all.deb
 6d73f26c66b5018dc7ba6dd34831706a 2246566 doc optional apache2-doc_2.2.3-4+etch6_all.deb
 d3ce986aaafd5eda8f0964e74ce58fcb 6668346 devel extra apache2-src_2.2.3-4+etch6_all.deb

Version: GnuPG v1.4.9 (GNU/Linux)


--- End Message ---

Reply to: