Your message dated Sat, 09 May 2009 16:17:15 +0000
with message-id <[email protected]>
and subject line Bug#514032: fixed in python-cherrypy 2.3.0-2
has caused the Debian Bug report #514032,
regarding Return error 500 on bad cookies
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
514032: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514032
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: python-cherrypy: Error 500 on invalid cookies
Package: python-cherrypy
Version: Return error 500 on bad cookies
Severity: normal
Tags: patch
ii python-cherrypy 2.3.0-1
When the browser sends an invalid cookie (with a colon ":"), cherrypy returns
the error "500 Internal Server Error" and saves the stack in the logs.
Upstream bug:
http://www.cherrypy.org/ticket/868
The upstream bug is about a new version CherryPy, however, the version 2.3.0 is
used by Debian. The attached patch applies on the Debian version. It just
ignores invalid cookies.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- ./cherrypy/_cphttptools.py.vanilla 2009-02-03 14:04:42.000000000 +0200
+++ ./cherrypy/_cphttptools.py 2009-02-03 16:20:13.000000000 +0200
@@ -200,7 +200,16 @@ class Request(object):
# Handle cookies differently because on Konqueror, multiple
# cookies come on different lines with the same key
if name.title() == 'Cookie':
- self.simple_cookie.load(value)
+ # Cookies with a colon (":") are invalid according to rfc2965
+ # and rfc2068. However if the browser send such a cookie, we
+ # want to ignore it and continue instead of returning an
+ # "500 Internal Server Error" error. More infos on:
+ # http://www.cherrypy.org/ticket/868
+ try:
+ self.simple_cookie.load(value)
+ except Cookie.CookieError, e:
+ cherrypy.log("Unable to load user's cookie. Cookie ignored.")
+
# Save original values (in case they get modified by filters)
# This feature is deprecated in 2.2 and will be removed in 2.3.
--- End Message ---
--- Begin Message ---
Source: python-cherrypy
Source-Version: 2.3.0-2
We believe that the bug you reported is fixed in the latest version of
python-cherrypy, which is due to be installed in the Debian FTP archive:
python-cherrypy_2.3.0-2.diff.gz
to pool/main/p/python-cherrypy/python-cherrypy_2.3.0-2.diff.gz
python-cherrypy_2.3.0-2.dsc
to pool/main/p/python-cherrypy/python-cherrypy_2.3.0-2.dsc
python-cherrypy_2.3.0-2_all.deb
to pool/main/p/python-cherrypy/python-cherrypy_2.3.0-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gustavo Noronha Silva <[email protected]> (supplier of updated python-cherrypy
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 09 May 2009 12:40:54 -0300
Source: python-cherrypy
Binary: python-cherrypy
Architecture: source all
Version: 2.3.0-2
Distribution: unstable
Urgency: low
Maintainer: Gustavo Noronha Silva <[email protected]>
Changed-By: Gustavo Noronha Silva <[email protected]>
Description:
python-cherrypy - Python web development framework
Closes: 514032
Changes:
python-cherrypy (2.3.0-2) unstable; urgency=low
.
[ Sandro Tosi ]
* debian/control
- switch Vcs-Browser field to viewsvn
.
[ Gustavo Noronha Silva ]
* debian/patches/01_ignore_invalid_cookies.diff:
- patch from upstream, provided by Alban Crequy
<[email protected]> to ignore invalid cookies
(Closes: #514032)
Checksums-Sha1:
ec9b509ddf0a034da546c50f63008311c1030599 1702 python-cherrypy_2.3.0-2.dsc
b3bc3dcda0fd95ab6b42ee6c92a9204ef38c853f 6730 python-cherrypy_2.3.0-2.diff.gz
ea1ff950c3634ec9cd4362ef495bc56800ec6870 246410 python-cherrypy_2.3.0-2_all.deb
Checksums-Sha256:
3b1b09cfa9199d62f1cc34138742ed5326af4406337d41d4d7e47828582c965c 1702
python-cherrypy_2.3.0-2.dsc
495fd508eb7d6c9528996a3220594e6890a5b8e8c21c917cc2cdc74dab1921fe 6730
python-cherrypy_2.3.0-2.diff.gz
5728cd4e41213a26f2bc1dea52ec91c391405284779717c7cb6e99d6f8bcfa65 246410
python-cherrypy_2.3.0-2_all.deb
Files:
cfaf3a1f5c4b7ce9811af9a0183cf8c2 1702 python optional
python-cherrypy_2.3.0-2.dsc
0e186353b851ff2edc3c3e6fe3cf7ef9 6730 python optional
python-cherrypy_2.3.0-2.diff.gz
4368bb07449f18601e7161b9f859d04c 246410 python optional
python-cherrypy_2.3.0-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKBat6AAoJENIA6zCg+12maRwH/2FZZKWYCmA4jMe75Uozr+zl
Az8VHuqkpdEqyR8mHjUpxlo/oK2CTelf5+S4NK3FNxqZr4RX/2O8FJDaDpkXUccj
snLaCRQrjNZS4xtZw+ypytfSSPZMuYZ1rsxn86+tBpSAkkUx2bD7KMq6Xhg55CPO
+YhZw09afSGHFe2tws4RKxYuL7Qh0ezS+MsyeVhiopPT1YkIbfPWvb/qsqq1B6SY
X2CtRy0FcCpBMeFtDwNKntY7CKFMwydcwRM9mh/63ycxsr8KrfV6DrMyemSEUbaG
TDehAeOKE614MNWAsZ0UAHULij74KOBiFi8s1p5qqtA68fmqs9A28nMhyQbmDWY=
=/dYw
-----END PGP SIGNATURE-----
--- End Message ---
