Package: sitesummary Version: 0.1.27 Severity: important Starting with apache2 2.4.25-1 sitesummary doesn't work like before.
The test-server-client script output (see debci as well): Failed to upload, answer 'HTTP/1.1 400 Bad Request Date: Wed, 25 Jan 2017 17:47:11 GMT Server: Apache/2.4.25 (Debian) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> <hr> <address>Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80</address> </body></html> ' error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi' /var/lib/sitesummary /var/lib/sitesummary/tmpstorage /var/lib/sitesummary/entries /var/lib/sitesummary/www /var/lib/sitesummary/www/index.html error: did not find entry info: terminating script Downgrading to apache 2.4.23-8 makes sitesummary work ok. I suspect apache security enhancements to cause the failure. Apache 2.4.25 changelog states: * Security: CVE-2016-8743: Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. * The stricter HTTP enforcement may cause compatibility problems with non-conforming clients. Fine-tuning is possible with the new HttpProtocolOptions directive. Wolfgang
signature.asc
Description: PGP signature
