Package: libapache2-mod-python Version: 3.2.10-3 Severity: important Hello,
I wanted to deploy a new Django application today, but it didn't work :( It failed with a SuspiciousOperation exception, which appears to be related to sessions, which in turns use md5. You can find some reference to this bug, already reported on the mod_python mailing list in [1], and a workaround in [2]. I join the test case from [1] in this bug : - with php5-mhash installed and activated in Apache, all tests failed - after purging php5-mhash AND restarting Apache, all tests passed So, it seems it's directly related to libmhash2 (as [2] suggests). I can reproduce on sid-i386. On etch-x86_64, it seems that Apache2 segfault (without php5-mhash, everything is ok) : ================ [Mon Feb 19 13:31:10 2007] [notice] mod_python: (Re)importing module 'test' [Mon Feb 19 13:31:10 2007] [notice] child pid 16238 exit signal Segmentation fault (11) ================ I think this bug is RC-critical for Etch. However, I'll let libapache2-mod-python maintainers tag it as appropriate. I report against libapache2-mod-python, since this is the package which seems to be affected by the bug. However, feel free to reassign to php5-mhash or libmhash2. Thanks ! - Jonathan [1] : http://www.modpython.org/pipermail/mod_python/2006-June/021482.html [2] : http://www.modpython.org/pipermail/mod_python/2006-July/021544.html -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-rtsp-jon Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libapache2-mod-python depends on: ii apache2 2.2.3-3.2 Next generation, scalable, extenda ii apache2-mpm-prefork [apache 2.2.3-3.2 Traditional model for Apache HTTPD ii apache2.2-common 2.2.3-3.2 Next generation, scalable, extenda ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libc6 2.3.6.ds1-11 GNU C Library: Shared libraries ii python 2.4.4-2 An interactive high-level object-o ii python-central 0.5.12 register and build utility for Pyt ii python2.4 2.4.4-2 An interactive high-level object-o libapache2-mod-python recommends no packages. -- debconf information excluded
from mod_python import apache # from http://www.ietf.org/rfc/rfc1321.txt MD5_TESTS = { "": "d41d8cd98f00b204e9800998ecf8427e", "a": "0cc175b9c0f1b6a831c399e269772661", "abc": "900150983cd24fb0d6963f7d28e17f72", "message digest": "f96b697d7cb7938d525a2f31aaf161d0", "abcdefghijklmnopqrstuvwxyz": "c3fcd3d76192e4007dfb496cca67e13b", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789": "d174ab98d277d9f5a5611c2c9f419d9f", "12345678901234567890123456789012345678901234567890123456789012345678901234567890": "57edf4a22be3c955ac49da2e2107b67a" } def handler(req): import md5 req.content_type = 'text/plain' req.write('md5: %s\n' % md5.__file__) for k, v in MD5_TESTS.items(): m = md5.new(k).hexdigest() req.write('"%s" -> "%s" ? %s\n' % (k, m, (m == v))) return apache.OK
