** Changed in: passenger (Debian)
Importance: Unknown => Undecided
** Changed in: passenger (Debian)
Remote watch: Debian Bug tracker #812103 => None
** Changed in: passenger (Debian)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
This bug was fixed in the package passenger -
2.2.11debian-2+deb6u1ubuntu12.04.2
---
passenger (2.2.11debian-2+deb6u1ubuntu12.04.2) precise-security; urgency=medium
* REGRESSION UPDATE: Fix for regression introduced in previous
CVE-2015-7519 fix. All HTTP headers were dropped
Trent, thanks for digging up a solution for this. I'll sponsor your
upload to security today.
** Changed in: passenger (Ubuntu)
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Uploading a copy of the same debdiff, but against the original version
(2.2.11debian-2). It's more clear exactly what is now changed and forms
the fix, for review purposes.
** Patch added: "lp1575220-against-original.diff"
I tracked down the source of the issue
The current patch modifies the addHeader() function itself to perform
the check, this is invalid because this function is used internally to
setup many headers from the environment such as the standard CGI
HTTP_HOST, REQUEST_URI, etc.
The correct patch
I have confirmed that this patch seems to *completely* break passenger
(v2) in precise, no variables are passed through at all.
This works as expected on xenial (Passenger 5) with the latest release
including the same fix, so I am fairly sure something went wrong in
backporting the patch which
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575220
Title:
puppet broken after libapache2-mod-passenger upgrade
To manage notifications about this bug go to:
Discussion about this in the upstream bug tracker, though no real progress at
this stage it's tagged for investigation for the next minor release:
https://tickets.puppetlabs.com/browse/PUP-6411
https://tickets.puppetlabs.com/browse/PUP-6458
https://tickets.puppetlabs.com/browse/PUP-6424
I downgraded to previous version of libapache2-mod-passenger, seems to
get puppetmaster up and running.
apt-get install libapache2-mod-passenger=2.2.11debian-2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi,
So what is the path forward here ?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575220
Title:
puppet broken after libapache2-mod-passenger upgrade
To manage notifications about this bug go
I agree with Brian; it looks like almost all environment variables are
missing. The only ones I, think I, get from Apache is:
"HTTPS"=>"on",
"CONTENT_LENGTH"=>nil,
then I get some variables from libapache2-mod-shib2 which is an
authentication module:
I also believe that this update has completely broken mod_passenger.
This affected us and stopped our puppetmasters from working. All of the
stuff that should be in the rack environment like REMOTE_ADDR went
missing, which led to fun-to-decipher error messages like "Could not
resolve : cannot
** Changed in: passenger (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575220
Title:
puppet broken after libapache2-mod-passenger upgrade
To manage
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: passenger (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1575220
Title:
** Bug watch added: Debian Bug tracker #812103
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812103
** Also affects: passenger (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812103
Importance: Unknown
Status: Unknown
--
You received this bug notification
15 matches
Mail list logo