[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#852623: marked as done (sitesummary-client fails to submit data)

Your message dated Tue, 31 Jan 2017 12:49:50 +0000
with message-id <E1cYXsc-0009fk-Pi@fasolo.debian.org>
and subject line Bug#852623: fixed in sitesummary 0.1.28
has caused the Debian Bug report #852623,
regarding sitesummary-client fails to submit data
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: sitesummary
Version: 0.1.27
Severity: important

Starting with apache2 2.4.25-1 sitesummary doesn't work like before.

The test-server-client script output (see debci as well):

Failed to upload, answer 'HTTP/1.1 400 Bad Request
Date: Wed, 25 Jan 2017 17:47:11 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80</address>
</body></html>
'
error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi'
/var/lib/sitesummary
/var/lib/sitesummary/tmpstorage
/var/lib/sitesummary/entries
/var/lib/sitesummary/www
/var/lib/sitesummary/www/index.html
error: did not find entry
info: terminating script


Downgrading to apache 2.4.23-8 makes sitesummary work ok.

I suspect apache security enhancements to cause the failure.

Apache 2.4.25 changelog states:

  * Security: CVE-2016-8743:
    Enforce HTTP request grammar corresponding to RFC7230 for request lines
    and request headers, to prevent response splitting and cache pollution by
    malicious clients or downstream proxies.
  * The stricter HTTP enforcement may cause compatibility problems with
    non-conforming clients. Fine-tuning is possible with the new
    HttpProtocolOptions directive.

Wolfgang

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: sitesummary
Source-Version: 0.1.28

We believe that the bug you reported is fixed in the latest version of
sitesummary, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852623@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated sitesummary package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 31 Jan 2017 13:26:50 +0100
Source: sitesummary
Binary: sitesummary sitesummary-client
Architecture: source
Version: 0.1.28
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description:
 sitesummary - Generate site summary of submitting hosts (server part)
 sitesummary-client - Generate site summary of submitting hosts (client part)
Closes: 852623
Changes:
 sitesummary (0.1.28) unstable; urgency=medium
 .
   [ Wolfgang Schweer ]
   * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant
     with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623)
Checksums-Sha1:
 659b89d3832e6e4d7b9df8a44398408c5767a217 1908 sitesummary_0.1.28.dsc
 1ca2d10f65e66d67d19eed178c7fc919185af17c 76365 sitesummary_0.1.28.tar.gz
 87f8547907c0671724c452ed20e95fb300ec99cf 4884 sitesummary_0.1.28_source.buildinfo
Checksums-Sha256:
 eba893b1994e0f59a9bd1c0cd85aeba9b2b7ff1ccac5d9a066be1b508e116acb 1908 sitesummary_0.1.28.dsc
 d23c7e1e84c3dd08b4a973ecd901d2c98ccb2f152d9c825cbc101b9b4bc7446b 76365 sitesummary_0.1.28.tar.gz
 ed44604f72dcf3ee3a1b210f5ae56a308626ae64eb5b6c08c9abba0a6b73983d 4884 sitesummary_0.1.28_source.buildinfo
Files:
 cf091f738fde2b8439dccf250e9729fd 1908 misc optional sitesummary_0.1.28.dsc
 947f8a5cb867014eeb396a92ad489cf4 76365 misc optional sitesummary_0.1.28.tar.gz
 728a16859171e6f12cee1ad9d84f0623 4884 misc optional sitesummary_0.1.28_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWJCDNgkauFYGmqocAQodqg/9GMZTCuPFrV3fZje+GcYI6qZgM3n9q71m
pX+BPbzhIqaqVLnxyPgKYS93t4cSYf6I9Uy0nFOHMqnhYzFiAPZi+SciRe+3O2ba
yM4J0RNAFcZpwPnl9oIMGrOm4Khb9tOjhzS/BjsmsZtty7qz4H1nTFCjydRlZUT9
FwvyscL67GnNiReqs/I9Ho/yub1G96vS3jchmBBvr9CpHoSK7E5EEfUVOFkTvceu
0X2bzfT7GYVuT7x1TvY55UwFhbhtlsz0IXFDq0BlkToHMOUxmXoj0yIKGegK4XQz
RSOE4yiiBwk2JsdKGsXvle34uF5ClZaC0cf3950J+pA8fDMFYBRZdiGPuyYYMFtT
AEhNqyaUmFYNtOkPHvt+osUlMFMsSDVQAfnfInWcX4Q3GF5YxhgfUPqzoOYInJ0D
51cguEWermwmTZesTGxVlRhbD2Ra8wb16GD32oRwwZ1XvlFe60LYp2eL6C+Im1il
er8/dwi0OqiWQ1pks32xGPccl7gdMhqrhqzWqu0b8HoNZqLOQfPgSCdLForTZPQF
ISEDtOcM7gE/VZyHKBCEzxWJdhbdIW5fb240Xfwr9nRs4Vf54xbtYWv+3NZTaAYB
qItrQ7404NwlRlPnDJQcmpptOxPcl/p9djmjIsPZ0cDxssqI8ON6uoV5+fmjWc3X
Kkg8n72b1YM=
=Bles
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: