Hosting Provided By

Bug#462458: marked as done (apache2: SSL renegotiation does not work on POST requests in certain configurations)

From: Debian Bug Tracking System <owner(at)bugs.debian.org>
Date: Wed Apr 16 2008 - 16:06:09 EDT

Your message dated Wed, 16 Apr 2008 19:52:20 +0000 with message-id <E1JmDg4-0007it-U6@ries.debian.org> and subject line Bug#462458: fixed in apache2 2.2.3-4+etch5 has caused the Debian Bug report #462458, regarding apache2: SSL renegotiation does not work on POST requests in certain configurations to be marked as done.

This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.)

--

462458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462458 Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

attached mail follows:

Package: apache2
Version: 2.2.3-4+etch3
Severity: important

Do you need help?

When mod_fastcgi and mod_action are used (for example, to implement PHP4 and PHP5 in the same server), data from POST requests which is buffered during SSL renegotiation is not reinjected correctly through the filter chain. (Technically, anything that causes Apache to do an internal redirect on a POST request under SSL renegotiation can cause this bug to surface.)

This bug was reported upstream as ASF Bugzilla Bug 43738 (<http://issues.apache.org/bugzilla/show_bug.cgi?id=43738>), and has been fixed in the Apache development line and in the 2.2 branch for a future release (Apache SVN revision 608787, <http://svn.apache.org/viewvc?view=rev&revision=608787>).

System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-xen-amd64 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.2.3-4+etch3 Traditional model for Apache HTTPD

apache2 recommends no packages.

no debconf information
attached mail follows:

Source: apache2
Source-Version: 2.2.3-4+etch5

We believe that the bug you reported is fixed in the latest version of apache2, which is due to be installed in the Debian FTP archive:

Do you need more help?

apache2-doc_2.2.3-4+etch5_all.deb
  to pool/main/a/apache2/apache2-doc_2.2.3-4+etch5_all.deb apache2-mpm-event_2.2.3-4+etch5_i386.deb   to pool/main/a/apache2/apache2-mpm-event_2.2.3-4+etch5_i386.deb apache2-mpm-perchild_2.2.3-4+etch5_all.deb   to pool/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch5_all.deb apache2-mpm-prefork_2.2.3-4+etch5_i386.deb   to pool/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch5_i386.deb apache2-mpm-worker_2.2.3-4+etch5_i386.deb   to pool/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch5_i386.deb apache2-prefork-dev_2.2.3-4+etch5_i386.deb   to pool/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch5_i386.deb apache2-src_2.2.3-4+etch5_all.deb
  to pool/main/a/apache2/apache2-src_2.2.3-4+etch5_all.deb apache2-threaded-dev_2.2.3-4+etch5_i386.deb   to pool/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch5_i386.deb apache2-utils_2.2.3-4+etch5_i386.deb
  to pool/main/a/apache2/apache2-utils_2.2.3-4+etch5_i386.deb apache2.2-common_2.2.3-4+etch5_i386.deb
  to pool/main/a/apache2/apache2.2-common_2.2.3-4+etch5_i386.deb apache2_2.2.3-4+etch5.diff.gz
  to pool/main/a/apache2/apache2_2.2.3-4+etch5.diff.gz apache2_2.2.3-4+etch5.dsc
  to pool/main/a/apache2/apache2_2.2.3-4+etch5.dsc apache2_2.2.3-4+etch5_all.deb
  to pool/main/a/apache2/apache2_2.2.3-4+etch5_all.deb

A summary of the changes between this version and the previous one is attached.

Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 462458@bugs.debian.org, and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 22 Mar 2008 10:16:03 +0100
Source: apache2
Binary: apache2-utils apache2-prefork-dev apache2 apache2-mpm-prefork apache2-doc apache2-mpm-event apache2.2-common apache2-mpm-worker apache2-src apache2-threaded-dev apache2-mpm-perchild Architecture: source all i386
Version: 2.2.3-4+etch5
Distribution: stable
Urgency: low
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Stefan Fritsch <sf@debian.org> Description:
apache2 - Next generation, scalable, extendable web server

 apache2-doc - documentation for apache2
 apache2-mpm-event - Event driven model for Apache HTTPD 2.1
 apache2-mpm-perchild - Transitional package - please remove
 apache2-mpm-prefork - Traditional model for Apache HTTPD 2.1
 apache2-mpm-worker - High speed threaded model for Apache HTTPD 2.1
 apache2-prefork-dev - development headers for apache2
 apache2-src - Apache source code
 apache2-threaded-dev - development headers for apache2
 apache2-utils - utility programs for webservers

apache2.2-common - Next generation, scalable, extendable web server Closes: 462458 468289
Changes:
apache2 (2.2.3-4+etch5) stable; urgency=low .

Fix a regression introduced by the patch for CVE-2007-6421 which could lead to a segfault when viewing the balancer manager page. (Closes: #468289)
Fix SSL renegotiation with POST requests. (Closes: #462458)
Make mod_authn_dbd depend on mod_dbd. Files: b2bc49b890a8a72117d54fe6a58cfa48 1068 web optional apache2_2.2.3-4+etch5.dsc bd613135be7304f40bed8cdd612ba3e3 120852 web optional apache2_2.2.3-4+etch5.diff.gz a95d448f98276fa8a1634d8c33186aec 963938 web optional apache2.2-common_2.2.3-4+etch5_i386.deb 7b2d4cd45e0d35c83cecb31fbfe6e36a 423864 web optional apache2-mpm-worker_2.2.3-4+etch5_i386.deb 770cce01a335bc610c9caf42a8d4588d 420012 web optional apache2-mpm-prefork_2.2.3-4+etch5_i386.deb e8bd74a19729350f8bd833d0d41fd445 424350 web optional apache2-mpm-event_2.2.3-4+etch5_i386.deb d94c2c5895d1b4f918281eb530f3be5e 341748 web optional apache2-utils_2.2.3-4+etch5_i386.deb dcdbabc93679b865da84c89c2a416407 408214 devel optional apache2-prefork-dev_2.2.3-4+etch5_i386.deb a9d8c9acce2675907225d32e1049907e 408892 devel optional apache2-threaded-dev_2.2.3-4+etch5_i386.deb e7d5bb3ec3bc1b03ef16dd8a684c4562 274838 web optional apache2-mpm-perchild_2.2.3-4+etch5_all.deb 7f2a181efe13c1461e99ee5163329589 41536 web optional apache2_2.2.3-4+etch5_all.deb 72171cdab2754a7cdf3ef0dbb7fc20ad 2209374 doc optional apache2-doc_2.2.3-4+etch5_all.deb 8f1561f25fca5f4db05d3a45bf82d6a5 6617920 devel extra apache2-src_2.2.3-4+etch5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

Can we help you?

iD8DBQFH5OKEbxelr8HyTqQRAuy9AJ9W2tdtqWwvM8vpVXWWEaEAdVfBtwCgnrk/ MSWAZVX3lJlIyeeMC/7aVCM=
=PGY7
-----END PGP SIGNATURE-----
--

To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Received on Wed Apr 16 16:07:30 2008

This message: [ Message body ]
Next message: Debian Bug Tracking System: "Bug#475510: marked as done (apache2: Mod_proxy_balacer, the handler balancer-manager, seg fault when trying to edit a worker)"
Previous message: Debian Installer: "apache2_2.2.3-4+etch5_i386.changes ACCEPTED"
In reply to: Garrett Wollman: "Bug#462458: apache2: SSL renegotiation does not work on POST requests in certain configurations"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Mon May 05 2008 - 17:57:02 EDT