Processing of debian-edu_1.919_source.changes
debian-edu_1.919_source.changes uploaded successfully to localhost along with the files: debian-edu_1.919.dsc debian-edu_1.919.tar.xz debian-edu_1.919_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Re: [debian-edu-commits] debian-edu/upstream/ 01/01: Adjust sitesummary-upload to be compliant with apache 2.4.25 security fixes (HTTP request). (Closes: #852623).
On Sat, Jan 28, 2017 at 05:05:48PM +0100, Wolfgang Schweer wrote: > What really matters are the line endings CRLF (\r\n) to avoid > whitespace. thanks, improved the changelog message accordingly: - * Adjust sitesummary-upload to be compliant with apache 2.4.25 security -fixes (HTTP request). (Closes: #852623). + * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant +with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623). -- cheers, Holger signature.asc Description: Digital signature
debian-edu_1.919_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 31 Jan 2017 12:02:44 +0100 Source: debian-edu Binary: education-tasks education-menus education-thin-client-server education-astronomy education-chemistry education-common education-desktop-gnome education-desktop-kde education-desktop-lxde education-desktop-mate education-desktop-other education-desktop-xfce education-development education-electronics education-geography education-graphics education-lang-da education-lang-da-desktop education-lang-da-desktop-kde education-lang-de education-lang-de-desktop education-lang-de-desktop-kde education-lang-es education-lang-es-desktop education-lang-es-desktop-kde education-lang-fr education-lang-fr-desktop education-lang-fr-desktop-kde education-lang-he education-lang-he-desktop education-lang-he-desktop-kde education-lang-it education-lang-it-desktop education-lang-it-desktop-kde education-lang-ja education-lang-ja-desktop education-lang-ja-desktop-kde education-lang-no education-lang-no-desktop education-lang-no-desktop-kde education-lang-se education-lang-zh-tw education-lang-zh-tw-desktop education-lang-zh-tw-desktop-kde education-language education-laptop education-logic-games education-ltsp-server education-main-server education-mathematics education-misc education-music education-networked education-networked-common education-physics education-roaming-workstation education-services education-standalone education-thin-client education-workstation Architecture: source Version: 1.919 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers Changed-By: Holger Levsen Description: education-astronomy - Debian Edu astronomy related applications education-chemistry - Debian Edu chemistry related applications education-common - Debian Edu common packages education-desktop-gnome - Debian Edu GNOME desktop applications education-desktop-kde - Debian Edu KDE desktop applications education-desktop-lxde - Debian Edu LXDE desktop applications education-desktop-mate - Debian Edu MATE desktop applications education-desktop-other - Debian Edu non-GNOME- and non-KDE-specific desktop applications education-desktop-xfce - Debian Edu Xfce desktop applications education-development - Debian Edu software development related educational applications education-electronics - Debian Edu electronics related applications education-geography - Debian Edu applications for geography education-graphics - Debian Edu graphics related applications education-lang-da - Debian Edu applications for Danish installs education-lang-da-desktop - Debian Edu Desktop applications for Danish installs education-lang-da-desktop-kde - Danish Debian Edu KDE desktop applications education-lang-de - Debian Edu applications for German installs education-lang-de-desktop - Debian Edu Desktop applications for German installs education-lang-de-desktop-kde - German Debian Edu KDE desktop applications education-lang-es - Debian Edu applications for Spanish installs education-lang-es-desktop - Debian Edu Desktop applications for Spanish installs education-lang-es-desktop-kde - Spanish Debian Edu KDE desktop applications education-lang-fr - Debian Edu applications for French installs education-lang-fr-desktop - Debian Edu Desktop applications for French installs education-lang-fr-desktop-kde - French Debian Edu KDE desktop applications education-lang-he - Debian Edu applications for Hebrew installs education-lang-he-desktop - Debian Edu Desktop applications for Hebrew installs education-lang-he-desktop-kde - Hebrew Debian Edu KDE desktop applications education-lang-it - Debian Edu applications for Italian installs education-lang-it-desktop - Debian Edu Desktop applications for Italian installs education-lang-it-desktop-kde - Italian Debian Edu KDE desktop applications education-lang-ja - Debian Edu applications for Japanese installs education-lang-ja-desktop - Debian Edu Desktop applications for Japanese installs education-lang-ja-desktop-kde - Japanese Debian Edu KDE desktop applications education-lang-no - Debian Edu applications for Norwegian installs education-lang-no-desktop - Debian Edu Desktop applications for Norwegian installs education-lang-no-desktop-kde - Norwegian (Bokmaal and Nynorsk) Debian Edu KDE desktop applicatio education-lang-se - Debian Edu applications for North Sami installs education-lang-zh-tw - Debian Edu applications for Traditional Chinese installs education-lang-zh-tw-desktop - Debian Edu Desktop applications for Traditional Chinese installs education-lang-zh-tw-desktop-kde - Traditional Chinese Debian Edu KDE desktop applications education-language - Debian Edu language related educational applications education-laptop - Debian Edu laptop packages education-logic-games - Debian Edu logic games education-ltsp-server - Debian Edu networked LTSP server packages education-main-server - Debian Edu main server package
Processed: Re: Bug#852623: sitesummary-client fails to submit data
Processing control commands: > severity -1 serious Bug #852623 [sitesummary] sitesummary-client fails to submit data Severity set to 'serious' from 'important' -- 852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#852623: sitesummary-client fails to submit data
control: severity -1 serious thanks On Sat, Jan 28, 2017 at 04:39:02PM +0100, Wolfgang Schweer wrote: > On Sat, Jan 28, 2017 at 02:13:26PM +, Holger Levsen wrote: > > On Wed, Jan 25, 2017 at 06:57:23PM +0100, Wolfgang Schweer wrote: > > > Starting with apache2 2.4.25-1 sitesummary doesn't work like before. > > doesnt this completly break sitesummary in stretch (and thus should be > > RC?) > Right, breaks it pretty much. ok, raising severity accordingly. > Same would apply if the apache2 security > fixes take effect in jessie and even wheezy (apache 2.2.x). IIRC the > apache people fixed 2.2 as well. Yes. The fix (breaking stuff in sitesummary as expected) is in included in apache2 in wheezy (2.2.22-13+deb7u7) but not yet in jessie (as of (2.4.10-10+deb8u7). Not sure how to express this in bug meta-data so I'll leave this as is. -- cheers, Holger signature.asc Description: Digital signature
Bug#852623: marked as done (sitesummary-client fails to submit data)
Your message dated Tue, 31 Jan 2017 12:49:50 + with message-id and subject line Bug#852623: fixed in sitesummary 0.1.28 has caused the Debian Bug report #852623, regarding sitesummary-client fails to submit data to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: sitesummary Version: 0.1.27 Severity: important Starting with apache2 2.4.25-1 sitesummary doesn't work like before. The test-server-client script output (see debci as well): Failed to upload, answer 'HTTP/1.1 400 Bad Request Date: Wed, 25 Jan 2017 17:47:11 GMT Server: Apache/2.4.25 (Debian) Content-Length: 301 Connection: close Content-Type: text/html; charset=iso-8859-1 400 Bad Request Bad Request Your browser sent a request that this server could not understand. Apache/2.4.25 (Debian) Server at 127.0.1.1 Port 80 ' error: unable to submit to 'http://localhost/cgi-bin/sitesummary-collector.cgi' /var/lib/sitesummary /var/lib/sitesummary/tmpstorage /var/lib/sitesummary/entries /var/lib/sitesummary/www /var/lib/sitesummary/www/index.html error: did not find entry info: terminating script Downgrading to apache 2.4.23-8 makes sitesummary work ok. I suspect apache security enhancements to cause the failure. Apache 2.4.25 changelog states: * Security: CVE-2016-8743: Enforce HTTP request grammar corresponding to RFC7230 for request lines and request headers, to prevent response splitting and cache pollution by malicious clients or downstream proxies. * The stricter HTTP enforcement may cause compatibility problems with non-conforming clients. Fine-tuning is possible with the new HttpProtocolOptions directive. Wolfgang signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: sitesummary Source-Version: 0.1.28 We believe that the bug you reported is fixed in the latest version of sitesummary, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 852...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen (supplier of updated sitesummary package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 31 Jan 2017 13:26:50 +0100 Source: sitesummary Binary: sitesummary sitesummary-client Architecture: source Version: 0.1.28 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers Changed-By: Holger Levsen Description: sitesummary - Generate site summary of submitting hosts (server part) sitesummary-client - Generate site summary of submitting hosts (client part) Closes: 852623 Changes: sitesummary (0.1.28) unstable; urgency=medium . [ Wolfgang Schweer ] * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623) Checksums-Sha1: 659b89d3832e6e4d7b9df8a44398408c5767a217 1908 sitesummary_0.1.28.dsc 1ca2d10f65e66d67d19eed178c7fc919185af17c 76365 sitesummary_0.1.28.tar.gz 87f8547907c0671724c452ed20e95fb300ec99cf 4884 sitesummary_0.1.28_source.buildinfo Checksums-Sha256: eba893b1994e0f59a9bd1c0cd85aeba9b2b7ff1ccac5d9a066be1b508e116acb 1908 sitesummary_0.1.28.dsc d23c7e1e84c3dd08b4a973ecd901d2c98ccb2f152d9c825cbc101b9b4bc7446b 76365 sitesummary_0.1.28.tar.gz ed44604f72dcf3ee3a1b210f5ae56a308626ae64eb5b6c08c9abba0a6b73983d 4884 sitesummary_0.1.28_source.buildinfo Files: cf091f738fde2b8439dccf250e9729fd 1908 misc optional sitesummary_0.1.28.dsc 947f8a5cb867014eeb396a92ad489cf4 76365 misc optional sitesummary_0.1.28.tar.gz 728a16859171e6f12cee1ad9d84f0623 4884 misc optional sitesummary_0.1.28_source.buildinfo -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBWJCDNgkauFYGmqocAQodqg/9GMZTCuPFrV3fZje+GcYI6qZgM3n9q71m pX+BPbzhIqaqVLnxyPgKYS93t4cSYf6I9Uy0nFOHMqnhYzFiAPZi+SciRe+3O2ba yM4J0RNAFcZpwPnl9oIMGrOm4Khb9tOjhzS/BjsmsZtty7qz4H1nTFCjydRlZUT9 FwvyscL67GnNiReqs/I9Ho/yub1G96vS3jchmBBvr9CpHoSK7E5EEfUVOFkTvceu 0X2bzfT7GYVuT7x1TvY55UwFhbhtlsz0IXFDq0BlkToHMOUxmXoj0yIKGegK4XQz RSOE4yiiBwk2JsdKGsXvle34uF5ClZaC0cf3950J+pA8fDMFYBRZdiGPuyYY
Processing of sitesummary_0.1.28_source.changes
sitesummary_0.1.28_source.changes uploaded successfully to localhost along with the files: sitesummary_0.1.28.dsc sitesummary_0.1.28.tar.gz sitesummary_0.1.28_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
sitesummary_0.1.28_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 31 Jan 2017 13:26:50 +0100 Source: sitesummary Binary: sitesummary sitesummary-client Architecture: source Version: 0.1.28 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers Changed-By: Holger Levsen Description: sitesummary - Generate site summary of submitting hosts (server part) sitesummary-client - Generate site summary of submitting hosts (client part) Closes: 852623 Changes: sitesummary (0.1.28) unstable; urgency=medium . [ Wolfgang Schweer ] * Adjust sitesummary-upload to use CRLF (\r\n) line endings to be compliant with apache 2.4.25 security fixes for HTTP requests. (Closes: #852623) Checksums-Sha1: 659b89d3832e6e4d7b9df8a44398408c5767a217 1908 sitesummary_0.1.28.dsc 1ca2d10f65e66d67d19eed178c7fc919185af17c 76365 sitesummary_0.1.28.tar.gz 87f8547907c0671724c452ed20e95fb300ec99cf 4884 sitesummary_0.1.28_source.buildinfo Checksums-Sha256: eba893b1994e0f59a9bd1c0cd85aeba9b2b7ff1ccac5d9a066be1b508e116acb 1908 sitesummary_0.1.28.dsc d23c7e1e84c3dd08b4a973ecd901d2c98ccb2f152d9c825cbc101b9b4bc7446b 76365 sitesummary_0.1.28.tar.gz ed44604f72dcf3ee3a1b210f5ae56a308626ae64eb5b6c08c9abba0a6b73983d 4884 sitesummary_0.1.28_source.buildinfo Files: cf091f738fde2b8439dccf250e9729fd 1908 misc optional sitesummary_0.1.28.dsc 947f8a5cb867014eeb396a92ad489cf4 76365 misc optional sitesummary_0.1.28.tar.gz 728a16859171e6f12cee1ad9d84f0623 4884 misc optional sitesummary_0.1.28_source.buildinfo -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIVAwUBWJCDNgkauFYGmqocAQodqg/9GMZTCuPFrV3fZje+GcYI6qZgM3n9q71m pX+BPbzhIqaqVLnxyPgKYS93t4cSYf6I9Uy0nFOHMqnhYzFiAPZi+SciRe+3O2ba yM4J0RNAFcZpwPnl9oIMGrOm4Khb9tOjhzS/BjsmsZtty7qz4H1nTFCjydRlZUT9 FwvyscL67GnNiReqs/I9Ho/yub1G96vS3jchmBBvr9CpHoSK7E5EEfUVOFkTvceu 0X2bzfT7GYVuT7x1TvY55UwFhbhtlsz0IXFDq0BlkToHMOUxmXoj0yIKGegK4XQz RSOE4yiiBwk2JsdKGsXvle34uF5ClZaC0cf3950J+pA8fDMFYBRZdiGPuyYYMFtT AEhNqyaUmFYNtOkPHvt+osUlMFMsSDVQAfnfInWcX4Q3GF5YxhgfUPqzoOYInJ0D 51cguEWermwmTZesTGxVlRhbD2Ra8wb16GD32oRwwZ1XvlFe60LYp2eL6C+Im1il er8/dwi0OqiWQ1pks32xGPccl7gdMhqrhqzWqu0b8HoNZqLOQfPgSCdLForTZPQF ISEDtOcM7gE/VZyHKBCEzxWJdhbdIW5fb240Xfwr9nRs4Vf54xbtYWv+3NZTaAYB qItrQ7404NwlRlPnDJQcmpptOxPcl/p9djmjIsPZ0cDxssqI8ON6uoV5+fmjWc3X Kkg8n72b1YM= =Bles -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#852623: sitesummary-client fails to submit data
control: found -1 0.1.17+deb8u1 control: found -1 0.1.8+deb7u1 On Tue, Jan 31, 2017 at 12:24:55PM +, Holger Levsen wrote: > Yes. The fix (breaking stuff in sitesummary as expected) is in included > in apache2 in wheezy (2.2.22-13+deb7u7) but not yet in jessie (as of > (2.4.10-10+deb8u7). > > Not sure how to express this in bug meta-data so I'll leave this as is. I've decided to just go the simple route as shown above. The fix will hit us in jessie with the next apache2 security update, so… meh. -- cheers, Holger signature.asc Description: Digital signature
Processed: Re: Bug#852623: sitesummary-client fails to submit data
Processing control commands:
> found -1 0.1.17+deb8u1
Bug #852623 {Done: Holger Levsen } [sitesummary]
sitesummary-client fails to submit data
Marked as found in versions sitesummary/0.1.17+deb8u1.
> found -1 0.1.8+deb7u1
Bug #852623 {Done: Holger Levsen } [sitesummary]
sitesummary-client fails to submit data
Marked as found in versions sitesummary/0.1.8+deb7u1.
--
852623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
