Package: sitesummary
Version: 0.1.27
Severity: important
Starting with apache2 2.4.25-1 sitesummary doesn't work like before.
The test-server-client script output (see debci as well):
Failed to upload, answer 'HTTP/1.1 400 Bad Request
Date: Wed, 25 Jan 2017 17:47:11 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80</address>
</body></html>
'
error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi'
/var/lib/sitesummary
/var/lib/sitesummary/tmpstorage
/var/lib/sitesummary/entries
/var/lib/sitesummary/www
/var/lib/sitesummary/www/index.html
error: did not find entry
info: terminating script
Downgrading to apache 2.4.23-8 makes sitesummary work ok.
I suspect apache security enhancements to cause the failure.
Apache 2.4.25 changelog states:
* Security: CVE-2016-8743:
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies.
* The stricter HTTP enforcement may cause compatibility problems with
non-conforming clients. Fine-tuning is possible with the new
HttpProtocolOptions directive.
Wolfgang
Attachment:
signature.asc
Description: PGP signature