Your message dated Sat, 27 Oct 2012 15:47:04 +0000 with message-id <e1ts8bi-0004ye...@franck.debian.org> and subject line Bug#636805: fixed in viewvc 1.1.5-1.1+squeeze1 has caused the Debian Bug report #636805, regarding viewvc runs extremely slowly (~15s per page) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 636805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636805 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: viewvc Version: 1.1.5-1.1 Severity: important As reported in the upstream bug tracker (#467) viewvc sends the wrong content length when compression is enabled, causing browsers to hang until a timeout is reached (typically 15s). This is fixed upstream in svn (r2471) and was merged into version 1.1.8. See http://viewvc.tigris.org/issues/show_bug.cgi?id=467 This bug makes viewvc virtually unusable, so please merge this fix into stable. I'm attaching a patch based on svn change 2471 but massaged for 1.1.5. For unstable, use the packaged 1.1.9 offered in bug #614509. A workaround is to ensure allow_compress = 0 in the configuration. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages viewvc depends on: ii cvs 1:1.12.13-12 Concurrent Versions System ii python 2.6.6-3+squeeze6 interactive high-level object-orie ii python-subversion 1.6.12dfsg-6 Python bindings for Subversion ii python-support 1.0.10 automated rebuilding support for P ii rcs 5.7-25 The GNU Revision Control System ii subversion 1.6.12dfsg-6 Advanced version control system Versions of packages viewvc recommends: ii apache2 2.2.16-6+squeeze1 Apache HTTP Server metapackage ii apache2-mpm-prefork [h 2.2.16-6+squeeze1 Apache HTTP Server - traditional n pn python-pygments <none> (no description available) Versions of packages viewvc suggests: pn cvsgraph <none> (no description available) pn libapache2-mod-python <none> (no description available) ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap pn python-tk <none> (no description available) pn viewvc-query <none> (no description available) -- Configuration Files: /etc/viewvc/viewvc.conf changed [not included] -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: viewvc Source-Version: 1.1.5-1.1+squeeze1 We believe that the bug you reported is fixed in the latest version of viewvc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 636...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated viewvc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 14 Oct 2012 20:12:07 +0000 Source: viewvc Binary: viewvc viewvc-query Architecture: source all Version: 1.1.5-1.1+squeeze1 Distribution: stable-security Urgency: high Maintainer: David MartÃnez Moreno <en...@debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: viewvc - web interface for CVS and/or Subversion repositories viewvc-query - utility to query CVS and Subversion commit database Closes: 636805 671482 679069 Changes: viewvc (1.1.5-1.1+squeeze1) stable-security; urgency=high . * Non-maintainer upload. . [ gregor herrmann ] * [SECURITY] Fix "CVE-2012-3356 / CVE-2012-3357": - CVE-2012-3356: * security fix: complete authz support for remote SVN views - CVE-2012-3357: * security fix: log msg leak in SVN revision view with unreadable copy source Add patches "CVE-2012-3356" and "CVE-2012-3357", taken from upstream svn. (Closes: #679069) * Fix "viewvc runs extremely slowly (~15s per page)": backport upstream commit r2471 as new patch compression-content-length: don't set Content-Length when compression is used. (Closes: #636805) . [ Ben Hutchings ] * view_query: No longer allow an undocumented URL parameter to override the admin-declared SQL row limit, which could result in excessive CPU usage and memory consumption (CVE-2009-5024) (Closes: #671482) Checksums-Sha1: 2ad3542ad175bebc67ed1ccc718bb6de4951b47b 1498 viewvc_1.1.5-1.1+squeeze1.dsc 988d7b9e13af194696db9cba5446510367720b91 593630 viewvc_1.1.5.orig.tar.gz 00089765d74a8995aa0c4b2eb43b94db1334454c 30479 viewvc_1.1.5-1.1+squeeze1.diff.gz 6a017148e51668ecd475c3c38d1b79355b9c8fdd 606544 viewvc_1.1.5-1.1+squeeze1_all.deb 13228ddbc7a83a7aa59ca0e90f0eb8afc6c58911 12106 viewvc-query_1.1.5-1.1+squeeze1_all.deb Checksums-Sha256: f72ff0183658afa35fab6f22b3f5d3a6469a8a6579e65b14944d1b058547c6d0 1498 viewvc_1.1.5-1.1+squeeze1.dsc 32ce717330fc780e9c2341cca800079078e9935581d4dfd526e4a15fc1d94919 593630 viewvc_1.1.5.orig.tar.gz 92bc4267c140a91eaf89443b4b1b889362401379a9f448aa6a61530a495d1e60 30479 viewvc_1.1.5-1.1+squeeze1.diff.gz 6d4a7909659e4f9f3e8c049342a123d7e13d4ffb7a74a984df0a8b8ff0c7f168 606544 viewvc_1.1.5-1.1+squeeze1_all.deb 0c03412641438cefc30086b0b999bc0e3271b95aabc9550fa2cfc76dc150446b 12106 viewvc-query_1.1.5-1.1+squeeze1_all.deb Files: 39095cfbd30229eccd9468da19a60ba5 1498 vcs optional viewvc_1.1.5-1.1+squeeze1.dsc da7bbcf6800383ebb23405a064c6faf8 593630 vcs optional viewvc_1.1.5.orig.tar.gz d67c265da2ac4bbb4b776498290550dd 30479 vcs optional viewvc_1.1.5-1.1+squeeze1.diff.gz a22095492d9f05f7e553d513fe39b15c 606544 vcs optional viewvc_1.1.5-1.1+squeeze1_all.deb 3cc471934f2c28693c09c034b94c8699 12106 vcs optional viewvc-query_1.1.5-1.1+squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJQgWM6AAoJEFb2GnlAHawEt/kH/jaY5/RqOoHFDFETHJbEKgEP vgDYFVjpUMwQYhXiWhHeCYJ4H/k+xE9e1HqXWuNlieLad70Nb5yCtfVYrHn4nZxp 7wag9bwbypJ5sR7HrGWIuLII9x0wkw21ggR572CZBXPRWFdtwrGPUlISom1/RqM5 VtPyupSBCjL0NIQ+h3FwelI2C+ozYYV8eJBgJttPXRysGS7B5de03q/1re0ACeN2 o85WOo419NcW4fKMWIYHGVaqnbo5RAs2wh2qwFukbhx7xUgmYzHdUvedM1hqjAW1 uG+9Wp4AdHtxSASZ6Sn3/yMbh4z+PEc2zJ+4oCTFJjwuV93ho/724rgeC7dcqJs= =t0Q5 -----END PGP SIGNATURE-----
--- End Message ---
