Bug#856539: marked as done (jessie-pu: package sitesummary/0.1.17+deb8u2)
Your message dated Tue, 21 Mar 2017 08:41:59 +0000
with message-id <1490085719.1979.25.camel@adam-barratt.org.uk>
and subject line Re: Bug#856539: updating sitesummary in stable+oldtable due to regression introduced with apache update (Re: Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2)
has caused the Debian Bug report #856539,
regarding jessie-pu: package sitesummary/0.1.17+deb8u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
856539: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856539
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
The sitesummary package in stable is affected by one RC bug causing all
clients to fail to submit data to the collector, and thus breaking the
service SiteSummary is supposed to provide (collect data about
machines). The problem is triggered by the recent update of Apache.
The following patch will solve it. The change is already in unstable
and testing.
diff --git a/debian/changelog b/debian/changelog
index adf4080..296faf2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+sitesummary (0.1.17+deb8u2) jessie; urgency=medium
+
+ * Backport RC fix from unstable.
+
+ [ Wolfgang Schweer ]
+ * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant
+ with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623).
+
+ -- Petter Reinholdtsen <pere@debian.org> Thu, 02 Mar 2017 09:05:24 +0100
+
sitesummary (0.1.17+deb8u1) jessie; urgency=medium
* Backport RC fixes from unstable.
diff --git a/sitesummary-upload b/sitesummary-upload
index 050aefa..28c19d6 100755
--- a/sitesummary-upload
+++ b/sitesummary-upload
@@ -78,15 +78,13 @@ $form .= "$ORS";
my $formlen = length($form);
#Send data
-print $remote <<"EOF";
-POST $submiturl HTTP/1.1
-User-Agent: sitesummary-upload
-Host: $host
-content-type: multipart/form-data; boundary=$boundary
-content-length: $formlen
-
-$form
-EOF
+print $remote "POST $submiturl HTTP/1.1\r\n";
+print $remote "User-Agent: sitesummary-upload\r\n";
+print $remote "Host: $host\r\n";
+print $remote "Content-Type: multipart/form-data; boundary=$boundary\r\n";
+print $remote "Content-Length: $formlen\r\n";
+print $remote "\r\n";
+print $remote "$form";
#Get answer
my($answer)="";
I would like to update the stable version of sitesummary to fix this
bug. It affect Debian Edu, but also all other users of SiteSummary in
Jessie. Are you OK with me uploading a package with this change? How
quickly is it possible to get this change into Jessie?
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
On Sat, 2017-03-18 at 14:48 +0000, Holger Levsen wrote:
> Hi Seb,
>
> On Thu, Mar 16, 2017 at 08:48:04AM +0100, Sébastien Delafond wrote:
> > > I meant a debdiff specifically targetting jessie-security. Please
> > > change jessie to jessie-security, set severity to high, and upload to
> > > security-master (no source-only upload).
>
> I've done all this now.
>
> Will you write and send the DSA? I guess the text should basically just be
> something like what we wrote in debian/changelog:
>
> * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant
> with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623).
That happened as DSA 3796-2; closing this p-u request.
Regards,
Adam
--- End Message ---
Reply to: