Bug#331631: marked as done (apache2-utils: logresolve wraps lines longer than 1024 characters)

From: Debian Bug Tracking System <owner(at)bugs.debian.org>
Date: Thu Oct 18 2007 - 15:51:03 EDT

Your message dated Thu, 18 Oct 2007 19:47:04 +0000 with message-id <E1IibKi-0004F6-Cp@ries.debian.org> and subject line Bug#331631: fixed in apache2 2.2.6-2 has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.)

Debian bug tracking system administrator (administrator, Debian Bugs database)

attached mail follows:

---

Package: apache2-utils
Version: 2.0.54-5
Severity: normal

Expected behavior: logresolve replaces IP addresses with host names and leaves the rest of the log unchanged.

Observed behavior: Lines longer than 1024 characters are being wrapped. This causes these lines to be broken (i.e. they can no longer be parsed by log file analysis tools such as webalizer).

How to reproduce the problem:
echo '192.168.0.1 - - [25/Sep/2005:07:56:48 +0200] "GET 1234567890123[...]7890" 404' | /usr/sbin/logresolve

Observe that a line break has been inserted after the first 1024 characters.

Notes: Due to the high amount of web server worms "in the wild" today, trying to exploit web servers by buffer overflow or similar techniques, this kind of very long web request is not uncommon. Although those lines are usually not important for web statistics, they do cause warning messages and a positive return value in webalizer if they are broken.

• System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages apache2-utils depends on:

ii  libapr0                2.0.54-5          the Apache Portable Runtime
ii  libc6                  2.3.2.ds1-22      GNU C Library: Shared libraries an
ii  libdb4.2               4.2.52-18         Berkeley v4.2 Database Libraries [
ii  libexpat1              1.95.8-3          XML parsing C library - runtime li
ii  libldap2               2.1.30-8          OpenLDAP libraries
ii  libpcre3               4.5-1.2sarge1     Perl 5 Compatible Regular Expressi
ii  libssl0.9.7            0.9.7e-3          SSL shared libraries
ii  zlib1g                 1:1.2.2-4.sarge.2 compression library - runtime

• no debconf information

  attached mail follows:

  ---

Source: apache2
Source-Version: 2.2.6-2

We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive:

apache2-dbg_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-dbg_2.2.6-2_i386.deb apache2-doc_2.2.6-2_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.6-2_all.deb apache2-mpm-event_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-event_2.2.6-2_i386.deb apache2-mpm-perchild_2.2.6-2_all.deb
  to pool/main/a/apache2/apache2-mpm-perchild_2.2.6-2_all.deb apache2-mpm-prefork_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-prefork_2.2.6-2_i386.deb apache2-mpm-worker_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-mpm-worker_2.2.6-2_i386.deb apache2-prefork-dev_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-prefork-dev_2.2.6-2_i386.deb apache2-src_2.2.6-2_all.deb
  to pool/main/a/apache2/apache2-src_2.2.6-2_all.deb apache2-threaded-dev_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-threaded-dev_2.2.6-2_i386.deb apache2-utils_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.6-2_i386.deb apache2.2-common_2.2.6-2_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.6-2_i386.deb apache2_2.2.6-2.diff.gz
  to pool/main/a/apache2/apache2_2.2.6-2.diff.gz apache2_2.2.6-2.dsc
  to pool/main/a/apache2/apache2_2.2.6-2.dsc apache2_2.2.6-2_all.deb
  to pool/main/a/apache2/apache2_2.2.6-2_all.deb

A summary of the changes between this version and the previous one is attached.

Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 331631@bugs.debian.org, and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 18 Oct 2007 19:35:40 +0200
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-dbg apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source all i386
Version: 2.2.6-2
Distribution: unstable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description:
 apache2 - Next generation, scalable, extendable web server

 apache2-dbg - Apache debugging symbols
 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD
 apache2-mpm-worker - High speed threaded model for Apache HTTPD
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers

 apache2.2-common - Next generation, scalable, extendable web server Closes: 294662 331631 400918 443310 445263 447164 Changes:
 apache2 (2.2.6-2) unstable; urgency=low  .

• Avoid calling apr_pollset_poll() and accept_func() when the listening sockets have already been closed on graceful stop or reload. This hopefully fixes processes not being killed (closes: #445263, #447164) and the "Bad file descriptor: apr_socket_accept: (client socket)" error message (closes: #400918, #443310)
• Allow logresolve to process long lines (Closes: #331631)
• Remove duplicate config examples (Closes: #294662)
• Include README.backtrace describing how to create a backtrace
• Add CVE reference to 2.2.6-1 changelog entry Files: 5ca97816c802c65537125aca368b4e45 1223 web optional apache2_2.2.6-2.dsc 511bc32b4869e8d0b739797accc7b09b 115600 web optional apache2_2.2.6-2.diff.gz 1f9fba90bf217035ed58ba1f612759af 747700 web optional apache2.2-common_2.2.6-2_i386.deb 5b1fec1a865bfcf3b73e147279b700f9 226744 web optional apache2-mpm-worker_2.2.6-2_i386.deb f3c65b86a3e897e16ffbdeac13aa67c5 222994 web optional apache2-mpm-prefork_2.2.6-2_i386.deb 4c6bbba2e5ce50c818cdea4e51f541a8 227362 web optional apache2-mpm-event_2.2.6-2_i386.deb 0f38195c59721b4d1ff0f868038e0fc3 134326 web optional apache2-utils_2.2.6-2_i386.deb 56c9cf15e0515c6ebefa16f29cfbb107 200486 devel extra apache2-prefork-dev_2.2.6-2_i386.deb c43299ccd3d2c4b06d4400d929eac83a 201098 devel extra apache2-threaded-dev_2.2.6-2_i386.deb 02f873448ad6ad225c3a90e57522310d 2289318 libdevel extra apache2-dbg_2.2.6-2_i386.deb f0e5034a88aff4473399fe3658c20551 66240 web optional apache2-mpm-perchild_2.2.6-2_all.deb 65c25adfd770f51187fc9a322fbf5d33 42192 web optional apache2_2.2.6-2_all.deb 854deafa6c797110c84e14db869040e1 2010392 doc optional apache2-doc_2.2.6-2_all.deb 16630a7d27f78d98c8d483da12e7fcc5 6296816 devel extra apache2-src_2.2.6-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHF7IQbxelr8HyTqQRAuwtAKCwzK5b7BOzbqR02WihMBJtbRu/SACgn/cf sUuoQUGF78OJWaE/R87Si4I=
=5xiF
-----END PGP SIGNATURE-----

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Thu Oct 18 15:54:21 2007