Your message dated Wed, 11 Apr 2012 15:17:52 +0000
with message-id <[email protected]>
and subject line Bug#667695: fixed in sks 1.1.1+dpkgv3-7.1
has caused the Debian Bug report #667695,
regarding SKS recon process emits non-standards-compliant HTTP POSTs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
667695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=667695
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sks
Version: 1.1.1+dpkgv3-6
Forwarded: http://lists.nongnu.org/archive/html/sks-devel/2012-04/msg00005.html
Tags: patch upstream fixed-upsteam
SKS 1.1.1 emits non-standards-compliant POST requests from its recon
process (the part that synchronizes data with other keyservers). As a
result, it is incapable of fetching key updates from keyservers running
behind standards-compliant HTTP reverse proxies.
This is fixed in 1.1.2, by the trivial patch attached.
Details
-------
HTTP 0.9 did not specify a POST request method. The only valid request
method was GET. [0]
HTTP 1.0 explicitly requires an HTTP version indicator in the request
line. [1]
Since SKS emitted a request line of the form "POST /pks/hashquery", this
is neither valid HTTP 0.9 nor valid HTTP 1.0.
Since reverse HTTP proxies appear to be necessary to protect SKS
keyservers against a trivial denial of service attack [2], more SKS
deployments are adopting this approach; debian's 1.1.1 keyservers will
be unable to synchronize with any of these deployments without using the
attached patch.
Thanks for maintaining SKS in debian,
--dkg
[0] http://www.w3.org/Protocols/HTTP/AsImplemented.html
[1] https://tools.ietf.org/html/rfc1945#section-5.1
[2] http://lists.nongnu.org/archive/html/sks-devel/2012-03/msg00006.html
--- sks-1.1.1/reconComm.ml 2009-03-25 22:14:44.000000000 -0400
+++ sks-1.1.2/reconComm.ml 2011-10-01 08:23:23.000000000 -0400
@@ -81,7 +81,7 @@
let sout = Channel.new_buffer_outc 0 in
CMarshal.marshal_list ~f:CMarshal.marshal_string sout hashes;
let msg = sout#contents in
- cout#write_string "POST /pks/hashquery\r\n";
+ cout#write_string "POST /pks/hashquery HTTP/1.0\r\n";
cout#write_string (sprintf "content-length: %d\r\n\r\n"
(String.length msg));
cout#write_string msg;
pgpHobsf17dUY.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: sks
Source-Version: 1.1.1+dpkgv3-7.1
We believe that the bug you reported is fixed in the latest version of
sks, which is due to be installed in the Debian FTP archive:
sks_1.1.1+dpkgv3-7.1.debian.tar.gz
to main/s/sks/sks_1.1.1+dpkgv3-7.1.debian.tar.gz
sks_1.1.1+dpkgv3-7.1.dsc
to main/s/sks/sks_1.1.1+dpkgv3-7.1.dsc
sks_1.1.1+dpkgv3-7.1_powerpc.deb
to main/s/sks/sks_1.1.1+dpkgv3-7.1_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <[email protected]> (supplier of updated sks package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Apr 2012 10:36:48 -0400
Source: sks
Binary: sks
Architecture: source powerpc
Version: 1.1.1+dpkgv3-7.1
Distribution: unstable
Urgency: low
Maintainer: Christoph Martin <[email protected]>
Changed-By: Daniel Kahn Gillmor <[email protected]>
Description:
sks - Synchronizing OpenPGP Key Server
Closes: 667695
Changes:
sks (1.1.1+dpkgv3-7.1) unstable; urgency=low
.
* Non-Maintainer Upload.
* emit proper HTTP 1.0 POSTs from recon process (Closes: #667695)
Checksums-Sha1:
aec9191cae7f30b54441a07d6468348ceef51e96 2018 sks_1.1.1+dpkgv3-7.1.dsc
b2a63e87120be643efc4a719bf8732d7d257ee04 18378
sks_1.1.1+dpkgv3-7.1.debian.tar.gz
f3af5e12dfe79374025e8aa282d0b9eed4b3602c 771638
sks_1.1.1+dpkgv3-7.1_powerpc.deb
Checksums-Sha256:
bce3b46ed3d38a238ba28c2fa8beda2bf09b218f4aa7606ce543528f5fbcef5a 2018
sks_1.1.1+dpkgv3-7.1.dsc
5057603665eae3ac4407a8e3c0265e396f6560ecfbc21a7eb191694065171b26 18378
sks_1.1.1+dpkgv3-7.1.debian.tar.gz
d2b2dabbc017502fa1ad054c3fd53e72f333a3849800bf3aeebae1d0e9d454b6 771638
sks_1.1.1+dpkgv3-7.1_powerpc.deb
Files:
420f73ff93270201a967709af73eca43 2018 net optional sks_1.1.1+dpkgv3-7.1.dsc
a8981c74f5cd7ca4a854da4caebbde90 18378 net optional
sks_1.1.1+dpkgv3-7.1.debian.tar.gz
682c7319931743c181ca11bef7d6ab82 771638 net optional
sks_1.1.1+dpkgv3-7.1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQJ8BAEBCgBmBQJPfwLpXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD
Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznpcP4QAI8Q1NPxWOfgSRuQD7p75Y4k
xc1Zr6YPtQrG8ExZhpZSkdJV2MgeaURounfugiAuFt5Anm6Q4M3fSuCYVVVZGkp4
WA6e7EUKrHH1ofq8vr//DYr+8ZowTkyu6fGzCced+4qjrSUJxMoVzw1MPx1wjZlc
/pAcckxxP6LR4VDXvgs/avkUrcp4D3PBomzmYcEEXciIbDTy3D8IVDX4X4uajYmg
q13r72zt6+CkoTry8dceZXJ05karXOmVYUH+3MrA0BUx7u9UYA8SqD5hWX8xzSYH
hMzLnTTNJok48Oo+UiziBmCg9E4dRFaFz9p+Z5M9UGAufcSDPHgGNxz8bHGn5xd6
gmlsMmxh6mRWYnm9HXHcB4ZRzclvmoPp+MA/dG8zTWknuFzv58FbPut9Df7yR6w2
DrfzqIxmh9QYbQZwC3Bp8oPmr6RAcuoxCaoWSUie5DAayyUWbVpcJoISK6mJbrFZ
iz//PIwA+qGvZWJQ0Clu5sgth2+QwFEoQ53MzKrOWfbH4KQUYeEr80wn4asbtW0G
WGdDrdO2EoEcMSxS9Ga7mtiCe3a9J3SyAwjU/VyyZrAIPJomANBeU8JV74gkM0/z
pu7k+noCSHfBuWgFpPKZUKqhmijpU+yHaPrq4HalBAq+ouUQdt27tvdU9BU8qfRE
QTWcvAPZZLHgahoTCgsW
=7BRQ
-----END PGP SIGNATURE-----
--- End Message ---
