Bug#1041331: marked as done (snac2: RSA verify error when run behind apache2 reverse proxy)

[Debian Bug Tracking System]

Your message dated Sat, 13 Jan 2024 23:04:35 +0000
with message-id <e1ron3l-00ex2l...@fasolo.debian.org>
and subject line Bug#1041331: fixed in snac2 2.42-2
has caused the Debian Bug report #1041331,
regarding snac2: RSA verify error when run behind apache2 reverse proxy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1041331: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041331
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: snac2
Version: 2.25-2
Severity: normal
X-Debbugs-Cc: jvalle...@mailbox.org

Following other users works fine when run behing nginx reverse proxy.
However when run behind apache, there are RSA verify errors in the log.
My assumption is that the proxy somehow mangles the encryption.


11:07:45 job thread 1 wake up
11:07:45 [james] enqueue_input ~/queue/1689606465.955365.json
11:07:48 [james] user_queue ready for ~/queue/1689606465.955365.json
11:07:48 object_add https://<domain>/users/<username> 
~/object/43/434d677e0dda135de06627b6698a2fc5.json 201
11:07:48 [james] bad signature https://<domain>/users/<username> (RSA verify 
error https://<domain>/users/<username>)


-- System Information:
Debian Release: 12.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'oldstable-updates'), (500, 'oldstable-security'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-10-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages snac2 depends on:
ii  adduser   3.134
ii  libc6     2.36-9
ii  libcurl4  7.88.1-10
ii  libssl3   3.0.9-1

Versions of packages snac2 recommends:
ii  apache2 [httpd]   2.4.57-2
ii  lighttpd [httpd]  1.4.69-1
ii  nginx [httpd]     1.22.1-9

snac2 suggests no packages.

-- Configuration Files:
/etc/apache2/conf-available/snac2.conf changed:
<Location /.well-known/webfinger>
    ProxyPass http://127.0.0.1:8001/.well-known/webfinger
</Location>
<Location /.well-known/nodeinfo>
    ProxyPass http://127.0.0.1:8001/.well-known/nodeinfo
</Location>
<Location /snac>
    ProxyPass http://127.0.0.1:8001
    ProxyPreserveHost On
    RequestHeader    set X-Forwarded-Proto 'https' env=HTTPS
</Location>


-- no debconf information

--- End Message ---

--- Begin Message ---

Source: snac2
Source-Version: 2.42-2
Done: James Valleroy <jvalle...@mailbox.org>

We believe that the bug you reported is fixed in the latest version of
snac2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1041...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Valleroy <jvalle...@mailbox.org> (supplier of updated snac2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jan 2024 17:45:44 -0500
Source: snac2
Architecture: source
Version: 2.42-2
Distribution: unstable
Urgency: medium
Maintainer: James Valleroy <jvalle...@mailbox.org>
Changed-By: James Valleroy <jvalle...@mailbox.org>
Closes: 1041331 1054114
Changes:
 snac2 (2.42-2) unstable; urgency=medium
 .
   * apache: Use upstream example config (Closes: #1041331)
   * postinst: If apache2 is installed, then enable modules (Closes: #1054114)
   * service: Add security hardening options
Checksums-Sha1:
 4c6616df1311ffcbdc432e14a9f5e631511e275b 1940 snac2_2.42-2.dsc
 c777642dee980d88f4f9de38085f55388b5e7038 5228 snac2_2.42-2.debian.tar.xz
 2df2b8a037ce5f1247e7f201867ee0888ae164ec 7551 snac2_2.42-2_amd64.buildinfo
Checksums-Sha256:
 62f990fce70870832fa151521d497cdbb33d2ad32e7f6dfa9f0a3083e7d794df 1940 
snac2_2.42-2.dsc
 793d96335ce0bdd28b489ecbb1d002b5a5e2a29af86e43288cfabdef8443556e 5228 
snac2_2.42-2.debian.tar.xz
 d54ff2c33a73b6828f1b285c4cdaba90837a894d917a67de793add32837246eb 7551 
snac2_2.42-2_amd64.buildinfo
Files:
 f2e35097d9d26ad53d2de96f3a065bce 1940 web optional snac2_2.42-2.dsc
 96845d7d3f40fdf1c9335f351f070164 5228 web optional snac2_2.42-2.debian.tar.xz
 9a0e8d6d0526f8fd88f01fda29a99049 7551 web optional snac2_2.42-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAmWjE4sWHGp2YWxsZXJv
eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICIhwD/9VxRQ1dnFggvMGp1H5oNM+j5DB
Awj0TSDP5uJXA4CvfUAuao6pG38SrWLGyG9wVgUh+IWSG5m83axPV+o3HsxsA91q
75POhmk8qSXRsvD+rZEfrpA3brsUySj86Bflq47mO2b/Lm2xDNIvxTkFMK/Ly6FR
XAOb3TpZIGIN9qYnOa3A3nWm1xrDxY83/q3rJ4J8uPe0GCtAJO24kx3kn9LVqUm+
j/9lF2Z3W3diIo8QECmlAxJw4eiqrpCzzH59eTjBVybp1eytESIBwadPio9X0CQb
ddt6GFiGQuPmHiC79Wd1UiilsjXj1gYTVf+D/5fIhFokjkk/BWOlWPopr2wZxxJd
G9qoRem6gTb+f2iGH+yraLiIrSK8cD62CPyJ5CnO4PirZuhAJiXPz6iSralLONCY
VJIQXyYU8ONNCtaO5f49X6jmGJWx5XsetY+3PiAaBXExJbt5YbTsL5VeyyacCTgk
0cgltSiSiw1+VhCY1Agr9nzKC0pj6Vk/gKFX7C9FLuknigjnrBpwAaUJ32Qr9cM4
ru9EGURvmoKIiPUSlb7zqCV00t/T83Cmq7fpr3wRRe2veTy8uNbqNjERSaM2kzog
Mn74J9bfg7yFS6ejGg9e5i3Q89AhxsqvoUF9BMTFCDfx9HwEfGahabvF5OUlyQWK
DV1/l5ZDNgRWEAXDoA==
=MUiY
-----END PGP SIGNATURE-----

--- End Message ---