Your message dated Sun, 15 Jan 2017 23:02:53 +0000 with message-id <[email protected]> and subject line Bug#850176: fixed in python-bottle 0.12.7-1+deb8u2 has caused the Debian Bug report #850176, regarding [python-bottle] latest security update breaks existing code to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 850176: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850176 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: python-bottle Version: 0.12.7-1+deb8u1 Severity: normal --- Please enter the report below this line. --- Dear maintainer, the latest security update breaks existing code like the following script: #!/usr/bin/env python # coding=utf-8 import bottle @bottle.route('/', method='GET') def test(): return bottle.static_file('test.txt', root='.', mimetype=u'text/plain', download='test.txt') bottle.BaseRequest.MEMFILE_MAX = 5 * 1024 * 1024 bottle.debug(True) bottle.run(host='127.0.0.1', port=8080, reloader=True, server='cherrypy') Save a dummy file test.txt in the same directory and launch it with python 2.7 to try yourself. This used to work with version 0.12.7-1, now with 0.12.7-1+deb8u1 it shows this error in chromium: "The requested resource returned more bytes than the declared Content-Length." The actual trace as shown in the console where the script runs is: Critical error while processing request: / Error: TypeError("WSGI response header value u'text/plain' is not of type str.",) Traceback: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/bottle.py", line 960, in wsgi start_response(response._status_line, response.headerlist) File "/usr/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 2309, in start_response "WSGI response header value %r is not of type str." % v) TypeError: WSGI response header value u'text/plain' is not of type str. One workaround is to pass a string not a unicode string as mimetype: return bottle.static_file('test.txt', root='.', mimetype='text/plain', download='test.txt') At a minimum, it would be preferable to see the "Critical error while processing request" error not the "The requested resource returned more bytes than the declared Content-Length." one which is misleading. For maximum backward compatibility, and if that does not cause side-effects, it would be nice if unicode strings would be OK as they used to be. --- System information. --- Architecture: amd64 Kernel: Linux 3.16.0-4-amd64 Debian Release: 8.6 500 stable-updates ftp.it.debian.org 500 stable security.debian.org 500 stable ftp.it.debian.org 100 jessie-backports ftp.it.debian.org --- Package information. --- Package's Depends field is empty. Package's Recommends field is empty. Package's Suggests field is empty.
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: python-bottle Source-Version: 0.12.7-1+deb8u2 We believe that the bug you reported is fixed in the latest version of python-bottle, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Federico Ceratto <[email protected]> (supplier of updated python-bottle package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 14 Jan 2017 00:14:10 +0000 Source: python-bottle Binary: python-bottle python3-bottle python-bottle-doc Architecture: source all Version: 0.12.7-1+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: David Paleino <[email protected]> Changed-By: Federico Ceratto <[email protected]> Description: python-bottle - fast and simple WSGI-framework for Python python-bottle-doc - fast and simple WSGI-framework for Python - documentation python3-bottle - fast and simple WSGI-framework for Python3 Closes: 850176 Changes: python-bottle (0.12.7-1+deb8u2) jessie-security; urgency=medium . * Add patch for string type bug (Closes: #850176) Checksums-Sha1: 1b7a95f472e343d2c4a9f237f6547c45e9e44f75 2390 python-bottle_0.12.7-1+deb8u2.dsc fefc213cf60fcad37e670e7fde3dde7e0ca4e302 7800 python-bottle_0.12.7-1+deb8u2.debian.tar.xz 85a04266f423e00e3ea533fc405186aa454a22de 46034 python-bottle_0.12.7-1+deb8u2_all.deb 6c90912546b175b4d17b43f80a02ff101fc0a905 46128 python3-bottle_0.12.7-1+deb8u2_all.deb 135b759d7138ee57ba3ec8620c897c2925c94f36 189526 python-bottle-doc_0.12.7-1+deb8u2_all.deb Checksums-Sha256: 4e985d4ff428fd0b14851184c7968305dda2eaca67b64274388f54751424741f 2390 python-bottle_0.12.7-1+deb8u2.dsc d3d8665db7091c885d74516e91aa5e9fedefd098ce1ca7b53f2ea8a6f8975365 7800 python-bottle_0.12.7-1+deb8u2.debian.tar.xz bd66f3ec4b0e6dafaa25383944a765ec1bc93a42b51a2ba9ad5c1bcdaa84edc9 46034 python-bottle_0.12.7-1+deb8u2_all.deb c665f9af9e996bff085848240768a199aecf620331b7e5f0f2b045c00b662131 46128 python3-bottle_0.12.7-1+deb8u2_all.deb 9180f42e83c8c2b909d27a76d5e83371375d1e40a7547e83890fa26b08862445 189526 python-bottle-doc_0.12.7-1+deb8u2_all.deb Files: b6633132310435dcebee54d0408d2519 2390 python optional python-bottle_0.12.7-1+deb8u2.dsc 1c4f9ed528a5d6753fe181ed4a53f05e 7800 python optional python-bottle_0.12.7-1+deb8u2.debian.tar.xz 8df76067a210539766e669f1105d3b63 46034 python optional python-bottle_0.12.7-1+deb8u2_all.deb 54bbd52b65d759ac4ff9113c606e592b 46128 python optional python3-bottle_0.12.7-1+deb8u2_all.deb 9196668b26adc7c04c650ae1b9cc80cc 189526 doc optional python-bottle-doc_0.12.7-1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfKfd+zM5IUCMbyuWbzG8RPUXfaoFAlh6G4kACgkQbzG8RPUX fapIvA/+O0LqzlaXpMqudSnVuFgpn/1Nha3Kxf8Su/YClG+tXqKghHaKb9X/msVw 4CXXqFxYbSdGdcqpKTgmS5YrTx8vms0uZ92kdSkOM/O3H/9qIY+irvz5HB/OIKbn /CLrHQTXC/wpDykSYsQ4y55myvaNLwM8oJMlEtXoX2zCefmKZBd5hKFmVVW9Hq31 0HjHOf3mHBjzC8b5OTlOkigrgUhmFAP7ShgJwE/xJQ1P1HQZWFMasHPOHTRjvyKo XTYw2SOBzAxsTQcDsZpI6C+CaOB2qiitzMm3K1jzukpkYMsgb1QxpK+gXcjscImm jLt+N2m1+KO3uYa9buZBaGcpV8RkUpeJjXAMMij2e2LWfo6nqT+DrhZbjm5fmqK2 aDCFxOAcPaUQjQlsn7JYS5bacrcBHOGXDsyBtoSQmKZTQASLTBULBDDSmo7SIsx3 BdFtotyrmgveczZbkyDnWA4pcFimpQ+CHw9kZ5VIO8cWN1TYQlx+bprTRhhfRzX1 4Ll5XWyrApQCuM4BHnLVxeyRUqSsRTk31WiesjQFlr8/5BwWZ+LclTtQM1UdciRi CFlQ24RFKQO3OXkbxn0Duv0S0Mw8/km3vxGm5AXasqkNlbOngwENpgGpRLP7nZwA zFrRzk+BXKxVShPM8VEQXReyjAS1lF5kDljidrcIiRFr8UaLQM4= =hMgc -----END PGP SIGNATURE-----
--- End Message ---
