Your message dated Fri, 24 Mar 2017 12:32:46 +0000 with message-id <e1crooc-0003jy...@fasolo.debian.org> and subject line Bug#852623: fixed in sitesummary 0.1.17+deb8u2 has caused the Debian Bug report #852623, regarding sitesummary-client fails to submit data to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sitesummary Version: 0.1.27 Severity: important Starting with apache2 2.4.25-1 sitesummary doesn't work like before. The test-server-client script output (see debci as well): Failed to upload, answer 'HTTP/1.1 400 Bad Request Date: Wed, 25 Jan 2017 17:47:11 GMT Server: Apache/2.4.25 (Debian) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> <hr> <address>Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80</address> </body></html> ' error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi' /var/lib/sitesummary /var/lib/sitesummary/tmpstorage /var/lib/sitesummary/entries /var/lib/sitesummary/www /var/lib/sitesummary/www/index.html error: did not find entry info: terminating script Downgrading to apache 2.4.23-8 makes sitesummary work ok. I suspect apache security enhancements to cause the failure. Apache 2.4.25 changelog states: * Security: CVE-2016-8743: Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. * The stricter HTTP enforcement may cause compatibility problems with non-conforming clients. Fine-tuning is possible with the new HttpProtocolOptions directive. Wolfgang
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: sitesummary Source-Version: 0.1.17+deb8u2 We believe that the bug you reported is fixed in the latest version of sitesummary, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 852...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen <hol...@debian.org> (supplier of updated sitesummary package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Mar 2017 15:26:10 +0100 Source: sitesummary Binary: sitesummary sitesummary-client Architecture: source all Version: 0.1.17+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Edu Developers <debian-...@lists.debian.org> Changed-By: Holger Levsen <hol...@debian.org> Description: sitesummary - Generate site summary of submitting hosts (server part) sitesummary-client - Generate site summary of submitting hosts (client part) Closes: 852623 Changes: sitesummary (0.1.17+deb8u2) jessie-security; urgency=high . * Backport RC fix from unstable. . [ Wolfgang Schweer ] * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623). Checksums-Sha1: ed1f8dd220bc41568eb5997a7a8e1d21591ee896 1864 sitesummary_0.1.17+deb8u2.dsc 92a87d93bab23048d98af74a7bed368a2d3a54c6 74441 sitesummary_0.1.17+deb8u2.tar.gz edb291f4a3793029e218493b82aada3363102321 45370 sitesummary_0.1.17+deb8u2_all.deb bcea47a8d1ebe02814965830c72c2106b1244f82 35000 sitesummary-client_0.1.17+deb8u2_all.deb Checksums-Sha256: d979fb1760b6454ac1f36f11c9ab1a2dc273b7483c4beec59f7dde00138eb11a 1864 sitesummary_0.1.17+deb8u2.dsc 4695259d0b868d9061d571ee769b4428662d9f07a570b88c67d37bbc8fbe3814 74441 sitesummary_0.1.17+deb8u2.tar.gz c66e3e2b65bc64ac328d54b02c0b69d91432c2c0d0ea6c695b282641c34ddc08 45370 sitesummary_0.1.17+deb8u2_all.deb 3d84e7e8e1d1ef4139f9f20e5a4e3deb3f6edc534e381d9a89b1c9479f91a07b 35000 sitesummary-client_0.1.17+deb8u2_all.deb Files: 956c4939cbd17a51b0653fe876b19b9a 1864 misc optional sitesummary_0.1.17+deb8u2.dsc dce0b8992be2bba2a08e668ad3988038 74441 misc optional sitesummary_0.1.17+deb8u2.tar.gz e77f51542568b17598b26ec1871ec36d 45370 misc optional sitesummary_0.1.17+deb8u2_all.deb 246bc2868c5fc45a96ab36fe7c934107 35000 misc optional sitesummary-client_0.1.17+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWM1IFgkauFYGmqocAQpYQA/9E3my66/ot8BtrTDZLcXb7CMfqs99LLng rZwvSlNBd4B+96sOH77eXO1z6ozjs890K/VHVTuel8zleM4bj3+Mnk8ZPYRa8+O4 3Yca0Wv2F5jD0SZ5KieXGinvRUQwkaO4MVXDgnJeiug/Y8rA3JMI8rXDzqA6I3bs GAsfuTcWwfLnbCMW6SZJt2ZrV8basCPhCL9egEeKMmti+spjgH4+/qk2CnztVPIe 7Hxzl4IU0qnArmbjisxl4ugG1oz4YV5uFotrzu4L1VRuvwWsOAgYD/zUrqD8TIbs Y3gLp36qtMT3IihqR1+Wj3HRq0+1cJqJJzWo1hvPb+BwJkxAsH37PM+7DCKXKMLA LlMO6Fo/q1zPJgoV0nMV6CozEtHadoiRL2Y/E9+LNhqVyvqxzPb1oRfkLuIMNFJf VWqSmnfuq5fmnI+TzqYbvseInYvbVkVY8icXFLtcAP9WLHS011BMuZEZRyKcnrMs 4fYaVIbvhc61pmvizJDtxebLJaoB2hWm2vM8rK1WI8YvG6iXnRVP8dMubpf79UTA FDB9/EPSunA6WYfcdIP0S4XmvbemoqjTXa1OqqJAM/pbJXJVMPvg9iBTOT7ajT9g iVjMIZ4Svqo/gkOiIsYb8Wo0l9xgdc8nACgkrlEJ7DMj9jb+OGAlVJcY/S5cH9PR siBLXm9IH/Y= =rj1w -----END PGP SIGNATURE-----
--- End Message ---
