Bug#856539: jessie-pu: package sitesummary/0.1.17+deb8u2

Thu, 02 Mar 2017 00:16:10 -0800 

Package: release.debian.org
Severity: normal
Tags: jessie
User: [email protected]
Usertags: pu

The sitesummary package in stable is affected by one RC bug causing all
clients to fail to submit data to the collector, and thus breaking the
service SiteSummary is supposed to provide (collect data about
machines).  The problem is triggered by the recent update of Apache.
The following patch will solve it.  The change is already in unstable
and testing.

diff --git a/debian/changelog b/debian/changelog
index adf4080..296faf2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+sitesummary (0.1.17+deb8u2) jessie; urgency=medium
+
+  * Backport RC fix from unstable.
+
+  [ Wolfgang Schweer ]
+  * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant
+    with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623).
+
+ -- Petter Reinholdtsen <[email protected]>  Thu, 02 Mar 2017 09:05:24 +0100
+
 sitesummary (0.1.17+deb8u1) jessie; urgency=medium
 
   * Backport RC fixes from unstable.
diff --git a/sitesummary-upload b/sitesummary-upload
index 050aefa..28c19d6 100755
--- a/sitesummary-upload
+++ b/sitesummary-upload
@@ -78,15 +78,13 @@ $form .= "$ORS";
 my $formlen = length($form);
 
 #Send data
-print $remote <<"EOF";
-POST $submiturl HTTP/1.1
-User-Agent: sitesummary-upload
-Host: $host
-content-type: multipart/form-data; boundary=$boundary
-content-length: $formlen
-
-$form
-EOF
+print $remote "POST $submiturl HTTP/1.1\r\n";
+print $remote "User-Agent: sitesummary-upload\r\n";
+print $remote "Host: $host\r\n";
+print $remote "Content-Type: multipart/form-data; boundary=$boundary\r\n";
+print $remote "Content-Length: $formlen\r\n";
+print $remote "\r\n";
+print $remote "$form";
 
 #Get answer
 my($answer)="";

I would like to update the stable version of sitesummary to fix this
bug.  It affect Debian Edu, but also all other users of SiteSummary in
Jessie.  Are you OK with me uploading a package with this change?  How
quickly is it possible to get this change into Jessie?

-- 
Happy hacking
Petter Reinholdtsen

Reply via email to