Your message dated Mon, 18 Apr 2016 06:07:16 +0000 with message-id <[email protected]> and subject line Bug#514005: fixed in mod-gnutls 0.7.4-1 has caused the Debian Bug report #514005, regarding mod_gnutls: HTTPS server variable set incorrectly for mod_rewrite's RewriteCond to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 514005: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514005 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libapache2-mod-gnutls Version: 0.5.1-1 Severity: normal File: mod_gnutls mod_gnutls does not set the HTTPS server variable correctly for mod_rewrite. Note that this appears to be a different variable than the HTTPS environment variable. I have mod_gnutls loaded on my server and I have a simple rewrite rule to redirect HTTPS POST calls on my non-SSL protected site to my SSL protected site, like so: RewriteEngine On RewriteCond %{REQUEST_METHOD} ^POST$ RewriteCond %{HTTPS} ^off$ RewriteRule ^xmlrpc(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L,QSA] Here is the output of ModRewrite with RewriteLogLevel 5. Note that the contents of %{HTTPS} is "off". Apparently mod_gnutls does not set this variable. 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) init rewrite engine with requested uri /xmlrpc 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) pass through /xmlrpc 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] strip per-dir prefix: /home/sander/projects/odf-shots/trunk/server/www/app/webroot/xmlrpc -> xmlrpc 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] applying pattern '^xmlrpc(.*)$' to uri 'xmlrpc' 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: input='POST' pattern='^POST$' => matched # Here is the culprit 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: input='off' pattern='^off$' => matched 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] rewrite 'xmlrpc' -> 'https://odf-shots.jejik.com/xmlrpc' 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] explicitly forcing redirect with https://odf-shots.jejik.com/xmlrpc 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] escaping https://odf-shots.jejik.com/xmlrpc for redirect 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] redirect to https://odf-shots.jejik.com/xmlrpc?XDEBUG_SESSION_START=1 [REDIRECT/302] The contents of %{HTTPS} should have been set to "on" by mod_gnutls. -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libapache2-mod-gnutls depends on: ii libc6 2.7-18 GNU C Library: Shared libraries ii libgnutls26 2.4.2-4 the GNU TLS library - runtime libr libapache2-mod-gnutls recommends no packages. libapache2-mod-gnutls suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: mod-gnutls Source-Version: 0.7.4-1 We believe that the bug you reported is fixed in the latest version of mod-gnutls, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Kahn Gillmor <[email protected]> (supplier of updated mod-gnutls package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 16 Apr 2016 11:31:58 -0400 Source: mod-gnutls Binary: libapache2-mod-gnutls Architecture: source Version: 0.7.4-1 Distribution: unstable Urgency: medium Maintainer: Daniel Kahn Gillmor <[email protected]> Changed-By: Daniel Kahn Gillmor <[email protected]> Description: libapache2-mod-gnutls - Apache module for SSL and TLS encryption with GnuTLS Closes: 514005 754960 769493 820248 Changes: mod-gnutls (0.7.4-1) unstable; urgency=medium . [ Thomas Klute ] * New upstream release. * New test case: Disable TLS 1.0 (Closes: #754960) * Register "ssl_is_https" function for mod_rewrite (Closes: #514005) * Disable Monkeysphere support on non-Linux arches (Closes: #769493) * Install HTML documentation * Drop 0001-let-a-failed-diff-be-verbose.patch (included upstream) . [ Daniel Kahn Gillmor ] * allow testing against softhsm2 (while keeping build-dep on softhsm for easy backports) (Closes: #820248) * adjust test suite to work with gpg "modern" as well as "classic" Checksums-Sha1: bc942600484b37e8075be432bcd8e66f6d9c4f27 2374 mod-gnutls_0.7.4-1.dsc a86d30dddb6db26f9516413b96cbff8294e101da 339486 mod-gnutls_0.7.4.orig.tar.bz2 aeecdf46583b85c66c566e8bf49799a872dc7fa1 10544 mod-gnutls_0.7.4-1.debian.tar.xz Checksums-Sha256: 25c7a1472ac836ad7330858c5cc3775b5c9511be3dad0c2403bcf6e651049534 2374 mod-gnutls_0.7.4-1.dsc 880f575f809fba5a5697bb5b69a90cedd3f2c2552081bf9b40fa73a3cf2b0ff6 339486 mod-gnutls_0.7.4.orig.tar.bz2 c84646c8670e4d37ce9fc95589057cff451a71fe0b43c79501b27f7e2ad83e93 10544 mod-gnutls_0.7.4-1.debian.tar.xz Files: a337c5860f489483371adedf093f123d 2374 httpd extra mod-gnutls_0.7.4-1.dsc 01e5120218f1bd8884f49c3ed53b906d 339486 httpd extra mod-gnutls_0.7.4.orig.tar.bz2 851819898c7f0f43c18741d5cb1a2938 10544 httpd extra mod-gnutls_0.7.4-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXFHUaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy NEVDRkY1QUZGNjgzNzBBAAoJECTs/1r/aDcKC3AP/j5DlVxMXGua+56Y7Kyu8UF0 DrQxjtu2o/AelR8zgOoM7TqVd5i/EIH1LhUkF3kfUGOUHnqlkzSzFmgthWfWqAUI ObYPJAd58roTV3EU+waJ1dF2esC0mQfNhNcLyrc32lByyRqdkczlliI2RftyrsT3 fmrc+AnF1llaOeK2m+tq9F3p4HGhr/9UKxLUQ4nKtj/vlxLlxNhQMqi9ZTPeFOgM 1XMVhe58Zapp7/39zqOwHBTQuanbj26LHbSweIMTbn3vAigkFxOtq9Nwqxz//SKz 6k9kMSc6RIymMepOm8xuw/d1g8UekGBAK2f0vRi9Gq1i7+AmcKJH4er7oFD3Hu6u 7Vpraiq1OHDXzMNT26vu2iPR2fWFuL6QkMB9xyU/uA8jkFMD7uZQJaZqnyydrAtM qnd0gj7ATKdstxkCkI8E2sbRLUmRs/WELVVtOxLB1QBN3sNi0f/bm7AfVFSYTgO0 z6UNlmr9c7OoCyN3zIoptKSBzz0XTnO5ZYRqhZ0C6yrTQyOHQdj5Vu+xDjdR/bvs PFdxOKtXkYyadhQgxwOG2iJ4rUD9O911678lSlQhUWN4z25jA3k31lTseC+S2zbK ZkHWKO+okXByjZ8er8szp9b5YTLDzMNtEgCkwpG9E1TcU8po2JrOqek+JzLlxyfQ nUHqiaZTSz/2rb2jV2wr =SK+r -----END PGP SIGNATURE-----
--- End Message ---
