Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2

To: submit@bugs.debian.org
Subject: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2
From: Petter Reinholdtsen <pere@hungry.com>
Date: Thu, 02 Mar 2017 09:12:34 +0100
Message-id: <[🔎] 2flzih4nll9.fsf@diskless.uio.no>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 856539@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

The sitesummary package in stable is affected by one RC bug causing all
clients to fail to submit data to the collector, and thus breaking the
service SiteSummary is supposed to provide (collect data about
machines).  The problem is triggered by the recent update of Apache.
The following patch will solve it.  The change is already in unstable
and testing.

diff --git a/debian/changelog b/debian/changelog
index adf4080..296faf2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+sitesummary (0.1.17+deb8u2) jessie; urgency=medium
+
+  * Backport RC fix from unstable.
+
+  [ Wolfgang Schweer ]
+  * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant
+    with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623).
+
+ -- Petter Reinholdtsen <pere@debian.org>  Thu, 02 Mar 2017 09:05:24 +0100
+
 sitesummary (0.1.17+deb8u1) jessie; urgency=medium
 
   * Backport RC fixes from unstable.
diff --git a/sitesummary-upload b/sitesummary-upload
index 050aefa..28c19d6 100755
--- a/sitesummary-upload
+++ b/sitesummary-upload
@@ -78,15 +78,13 @@ $form .= "$ORS";
 my $formlen = length($form);
 
 #Send data
-print $remote <<"EOF";
-POST $submiturl HTTP/1.1
-User-Agent: sitesummary-upload
-Host: $host
-content-type: multipart/form-data; boundary=$boundary
-content-length: $formlen
-
-$form
-EOF
+print $remote "POST $submiturl HTTP/1.1\r\n";
+print $remote "User-Agent: sitesummary-upload\r\n";
+print $remote "Host: $host\r\n";
+print $remote "Content-Type: multipart/form-data; boundary=$boundary\r\n";
+print $remote "Content-Length: $formlen\r\n";
+print $remote "\r\n";
+print $remote "$form";
 
 #Get answer
 my($answer)="";

I would like to update the stable version of sitesummary to fix this
bug.  It affect Debian Edu, but also all other users of SiteSummary in
Jessie.  Are you OK with me uploading a package with this change?  How
quickly is it possible to get this change into Jessie?

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Prev by Date: Processed: Bug#856493 marked as pending
Next by Date: Bug#852623: sitesummary-client fails to submit data
Previous by thread: Processed: Bug#856493 marked as pending
Next by thread: updating sitesummary in stable+oldtable due to regression introduced with apache update (Re: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2)
Index(es):
- Date
- Thread