Your message dated Tue, 31 Jan 2017 12:49:50 +0000 with message-id <e1cyxsc-0009fk...@fasolo.debian.org> and subject line Bug#852623: fixed in sitesummary 0.1.28 has caused the Debian Bug report #852623, regarding sitesummary-client fails to submit data to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sitesummary Version: 0.1.27 Severity: important Starting with apache2 2.4.25-1 sitesummary doesn't work like before. The test-server-client script output (see debci as well): Failed to upload, answer 'HTTP/1.1 400 Bad Request Date: Wed, 25 Jan 2017 17:47:11 GMT Server: Apache/2.4.25 (Debian) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> <hr> <address>Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80</address> </body></html> ' error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi' /var/lib/sitesummary /var/lib/sitesummary/tmpstorage /var/lib/sitesummary/entries /var/lib/sitesummary/www /var/lib/sitesummary/www/index.html error: did not find entry info: terminating script Downgrading to apache 2.4.23-8 makes sitesummary work ok. I suspect apache security enhancements to cause the failure. Apache 2.4.25 changelog states: * Security: CVE-2016-8743: Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. * The stricter HTTP enforcement may cause compatibility problems with non-conforming clients. Fine-tuning is possible with the new HttpProtocolOptions directive. Wolfgang
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: sitesummary Source-Version: 0.1.28 We believe that the bug you reported is fixed in the latest version of sitesummary, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 852...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen <hol...@debian.org> (supplier of updated sitesummary package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 31 Jan 2017 13:26:50 +0100 Source: sitesummary Binary: sitesummary sitesummary-client Architecture: source Version: 0.1.28 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Holger Levsen <hol...@debian.org> Description: sitesummary - Generate site summary of submitting hosts (server part) sitesummary-client - Generate site summary of submitting hosts (client part) Closes: 852623 Changes: sitesummary (0.1.28) unstable; urgency=medium . [ Wolfgang Schweer ] * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623) Checksums-Sha1: 659b89d3832e6e4d7b9df8a44398408c5767a217 1908 sitesummary_0.1.28.dsc 1ca2d10f65e66d67d19eed178c7fc919185af17c 76365 sitesummary_0.1.28.tar.gz 87f8547907c0671724c452ed20e95fb300ec99cf 4884 sitesummary_0.1.28_source.buildinfo Checksums-Sha256: eba893b1994e0f59a9bd1c0cd85aeba9b2b7ff1ccac5d9a066be1b508e116acb 1908 sitesummary_0.1.28.dsc d23c7e1e84c3dd08b4a973ecd901d2c98ccb2f152d9c825cbc101b9b4bc7446b 76365 sitesummary_0.1.28.tar.gz ed44604f72dcf3ee3a1b210f5ae56a308626ae64eb5b6c08c9abba0a6b73983d 4884 sitesummary_0.1.28_source.buildinfo Files: cf091f738fde2b8439dccf250e9729fd 1908 misc optional sitesummary_0.1.28.dsc 947f8a5cb867014eeb396a92ad489cf4 76365 misc optional sitesummary_0.1.28.tar.gz 728a16859171e6f12cee1ad9d84f0623 4884 misc optional sitesummary_0.1.28_source.buildinfo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWJCDNgkauFYGmqocAQodqg/9GMZTCuPFrV3fZje+GcYI6qZgM3n9q71m pX+BPbzhIqaqVLnxyPgKYS93t4cSYf6I9Uy0nFOHMqnhYzFiAPZi+SciRe+3O2ba yM4J0RNAFcZpwPnl9oIMGrOm4Khb9tOjhzS/BjsmsZtty7qz4H1nTFCjydRlZUT9 FwvyscL67GnNiReqs/I9Ho/yub1G96vS3jchmBBvr9CpHoSK7E5EEfUVOFkTvceu 0X2bzfT7GYVuT7x1TvY55UwFhbhtlsz0IXFDq0BlkToHMOUxmXoj0yIKGegK4XQz RSOE4yiiBwk2JsdKGsXvle34uF5ClZaC0cf3950J+pA8fDMFYBRZdiGPuyYYMFtT AEhNqyaUmFYNtOkPHvt+osUlMFMsSDVQAfnfInWcX4Q3GF5YxhgfUPqzoOYInJ0D 51cguEWermwmTZesTGxVlRhbD2Ra8wb16GD32oRwwZ1XvlFe60LYp2eL6C+Im1il er8/dwi0OqiWQ1pks32xGPccl7gdMhqrhqzWqu0b8HoNZqLOQfPgSCdLForTZPQF ISEDtOcM7gE/VZyHKBCEzxWJdhbdIW5fb240Xfwr9nRs4Vf54xbtYWv+3NZTaAYB qItrQ7404NwlRlPnDJQcmpptOxPcl/p9djmjIsPZ0cDxssqI8ON6uoV5+fmjWc3X Kkg8n72b1YM= =Bles -----END PGP SIGNATURE-----
--- End Message ---
