Bug#852623: marked as done (sitesummary-client fails to submit data)

To: Holger Levsen <holger@debian.org>
Subject: Bug#852623: marked as done (sitesummary-client fails to submit data)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 24 Mar 2017 12:36:03 +0000
Message-id: <[🔎] handler.852623.D852623.14903587674408.ackdone@bugs.debian.org>
References: <E1crOOc-0003jY-HR@fasolo.debian.org> <20170125175723.wlktzvkecekxgw4v@star>

Your message dated Fri, 24 Mar 2017 12:32:46 +0000
with message-id <E1crOOc-0003jY-HR@fasolo.debian.org>
and subject line Bug#852623: fixed in sitesummary 0.1.17+deb8u2
has caused the Debian Bug report #852623,
regarding sitesummary-client fails to submit data
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: sitesummary-client fails to submit data
From: Wolfgang Schweer <wschweer@arcor.de>
Date: Wed, 25 Jan 2017 18:57:23 +0100
Message-id: <20170125175723.wlktzvkecekxgw4v@star>

Package: sitesummary
Version: 0.1.27
Severity: important

Starting with apache2 2.4.25-1 sitesummary doesn't work like before.

The test-server-client script output (see debci as well):

Failed to upload, answer 'HTTP/1.1 400 Bad Request
Date: Wed, 25 Jan 2017 17:47:11 GMT
Server: Apache/2.4.25 (Debian)
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80</address>
</body></html>
'
error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi'
/var/lib/sitesummary
/var/lib/sitesummary/tmpstorage
/var/lib/sitesummary/entries
/var/lib/sitesummary/www
/var/lib/sitesummary/www/index.html
error: did not find entry
info: terminating script


Downgrading to apache 2.4.23-8 makes sitesummary work ok.

I suspect apache security enhancements to cause the failure.

Apache 2.4.25 changelog states:

  * Security: CVE-2016-8743:
    Enforce HTTP request grammar corresponding to RFC7230 for request lines
    and request headers, to prevent response splitting and cache pollution by
    malicious clients or downstream proxies.
  * The stricter HTTP enforcement may cause compatibility problems with
    non-conforming clients. Fine-tuning is possible with the new
    HttpProtocolOptions directive.

Wolfgang

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 852623-close@bugs.debian.org
Subject: Bug#852623: fixed in sitesummary 0.1.17+deb8u2
From: Holger Levsen <holger@debian.org>
Date: Fri, 24 Mar 2017 12:32:46 +0000
Message-id: <E1crOOc-0003jY-HR@fasolo.debian.org>

Source: sitesummary
Source-Version: 0.1.17+deb8u2

We believe that the bug you reported is fixed in the latest version of
sitesummary, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852623@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated sitesummary package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Mar 2017 15:26:10 +0100
Source: sitesummary
Binary: sitesummary sitesummary-client
Architecture: source all
Version: 0.1.17+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description:
 sitesummary - Generate site summary of submitting hosts (server part)
 sitesummary-client - Generate site summary of submitting hosts (client part)
Closes: 852623
Changes:
 sitesummary (0.1.17+deb8u2) jessie-security; urgency=high
 .
   * Backport RC fix from unstable.
 .
   [ Wolfgang Schweer ]
   * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant
     with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623).
Checksums-Sha1:
 ed1f8dd220bc41568eb5997a7a8e1d21591ee896 1864 sitesummary_0.1.17+deb8u2.dsc
 92a87d93bab23048d98af74a7bed368a2d3a54c6 74441 sitesummary_0.1.17+deb8u2.tar.gz
 edb291f4a3793029e218493b82aada3363102321 45370 sitesummary_0.1.17+deb8u2_all.deb
 bcea47a8d1ebe02814965830c72c2106b1244f82 35000 sitesummary-client_0.1.17+deb8u2_all.deb
Checksums-Sha256:
 d979fb1760b6454ac1f36f11c9ab1a2dc273b7483c4beec59f7dde00138eb11a 1864 sitesummary_0.1.17+deb8u2.dsc
 4695259d0b868d9061d571ee769b4428662d9f07a570b88c67d37bbc8fbe3814 74441 sitesummary_0.1.17+deb8u2.tar.gz
 c66e3e2b65bc64ac328d54b02c0b69d91432c2c0d0ea6c695b282641c34ddc08 45370 sitesummary_0.1.17+deb8u2_all.deb
 3d84e7e8e1d1ef4139f9f20e5a4e3deb3f6edc534e381d9a89b1c9479f91a07b 35000 sitesummary-client_0.1.17+deb8u2_all.deb
Files:
 956c4939cbd17a51b0653fe876b19b9a 1864 misc optional sitesummary_0.1.17+deb8u2.dsc
 dce0b8992be2bba2a08e668ad3988038 74441 misc optional sitesummary_0.1.17+deb8u2.tar.gz
 e77f51542568b17598b26ec1871ec36d 45370 misc optional sitesummary_0.1.17+deb8u2_all.deb
 246bc2868c5fc45a96ab36fe7c934107 35000 misc optional sitesummary-client_0.1.17+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWM1IFgkauFYGmqocAQpYQA/9E3my66/ot8BtrTDZLcXb7CMfqs99LLng
rZwvSlNBd4B+96sOH77eXO1z6ozjs890K/VHVTuel8zleM4bj3+Mnk8ZPYRa8+O4
3Yca0Wv2F5jD0SZ5KieXGinvRUQwkaO4MVXDgnJeiug/Y8rA3JMI8rXDzqA6I3bs
GAsfuTcWwfLnbCMW6SZJt2ZrV8basCPhCL9egEeKMmti+spjgH4+/qk2CnztVPIe
7Hxzl4IU0qnArmbjisxl4ugG1oz4YV5uFotrzu4L1VRuvwWsOAgYD/zUrqD8TIbs
Y3gLp36qtMT3IihqR1+Wj3HRq0+1cJqJJzWo1hvPb+BwJkxAsH37PM+7DCKXKMLA
LlMO6Fo/q1zPJgoV0nMV6CozEtHadoiRL2Y/E9+LNhqVyvqxzPb1oRfkLuIMNFJf
VWqSmnfuq5fmnI+TzqYbvseInYvbVkVY8icXFLtcAP9WLHS011BMuZEZRyKcnrMs
4fYaVIbvhc61pmvizJDtxebLJaoB2hWm2vM8rK1WI8YvG6iXnRVP8dMubpf79UTA
FDB9/EPSunA6WYfcdIP0S4XmvbemoqjTXa1OqqJAM/pbJXJVMPvg9iBTOT7ajT9g
iVjMIZ4Svqo/gkOiIsYb8Wo0l9xgdc8nACgkrlEJ7DMj9jb+OGAlVJcY/S5cH9PR
siBLXm9IH/Y=
=rj1w
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processed: unarchiving 823688, found 823688 in 0.1.17+deb8u1, found 823688 in 0.1.17+deb8u2
Next by Date: sitesummary_0.1.17+deb8u2_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Processed: unarchiving 823688, found 823688 in 0.1.17+deb8u1, found 823688 in 0.1.17+deb8u2
Next by thread: sitesummary_0.1.17+deb8u2_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread