Your message dated Sun, 08 Jul 2018 10:34:52 +0000
with message-id <[email protected]>
and subject line Bug#888824: fixed in libapache2-mod-fcgid 1:2.3.9-2
has caused the Debian Bug report #888824,
regarding libapache2-mod-fcgid: Always loads whole request into memory,
unnecessary OOM
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
888824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888824
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libapache2-mod-fcgid
Version: 1:2.3.9-1
Severity: important
Tags: patch
Hi!
libapache2-mod-fcgid always loads the whole request (including large file
uploads)
into memory although it shouldn't, since it should read the stream in parts. See
FcgidMaxRequestInMem, default 65536 bytes.
The issue is reported at
https://bz.apache.org/bugzilla/show_bug.cgi?id=51747
including a working patch.
Since the issue has not been handled for 7 years now, can we please
include the patch at least in Debian?
Thanks in advance!
Best regards,
Roland Reichwein
-- System Information:
Debian Release: 9.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.36.4-vs2.3.0.36.39-nc (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages libapache2-mod-fcgid depends on:
pn apache2-api-20120211 <none>
pn apache2-bin <none>
ii libc6 2.24-11+deb9u1
libapache2-mod-fcgid recommends no packages.
libapache2-mod-fcgid suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libapache2-mod-fcgid
Source-Version: 1:2.3.9-2
We believe that the bug you reported is fixed in the latest version of
libapache2-mod-fcgid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felix Geyer <[email protected]> (supplier of updated libapache2-mod-fcgid
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 08 Jul 2018 12:08:17 +0200
Source: libapache2-mod-fcgid
Binary: libapache2-mod-fcgid
Architecture: source
Version: 1:2.3.9-2
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <[email protected]>
Changed-By: Felix Geyer <[email protected]>
Description:
libapache2-mod-fcgid - FastCGI interface module for Apache 2
Closes: 888824
Changes:
libapache2-mod-fcgid (1:2.3.9-2) unstable; urgency=low
.
* Orphan package.
* Import upstream gpg keys for uscan to verify the orig tarball.
* Fix: Always loads whole request into memory. (Closes: #888824)
- Add 40_fix_loading_large_requests.patch
* Migrate to dbgsym package.
* Set Rules-Requires-Root: binary-targets
* Add an autopkgtest.
Checksums-Sha1:
0c28e00037c10f8f8efa8452776c0f5ed616f8a2 2059 libapache2-mod-fcgid_2.3.9-2.dsc
9b6805805951acec52a429b91422f9af1657d28c 330412
libapache2-mod-fcgid_2.3.9-2.debian.tar.xz
Checksums-Sha256:
9e1e62b0ede2f03897959cd75799ab1896d68e4eb448f02b58cf3b94602fd192 2059
libapache2-mod-fcgid_2.3.9-2.dsc
6ac745f3e23a3c925d8ac8e4267bd8c7b16c4dda38e561e6478fb493d37c9315 330412
libapache2-mod-fcgid_2.3.9-2.debian.tar.xz
Files:
41b8272fa47139d96e90c041b81cd4fa 2059 httpd optional
libapache2-mod-fcgid_2.3.9-2.dsc
ab8978e18aa41ec7cf9f77c8825e584f 330412 httpd optional
libapache2-mod-fcgid_2.3.9-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAltB45kACgkQ/iLG/YMT
XUWLAxAAnd+RvM6K9zTmL4D8+PB34RYtfk8JwyRmMWpLTZIfqMO8v2aUAY6jU3N5
cXCss9VdFuCKA7uwtYFgkfZmy6nWmrV5lK8hk+B1nIWyk0RU8bYO6c4zfJHqfeTo
KPQWqvVfTCfwa5g2dG0Db4TuVTG5L2SeZRe2z1koJTwJCWbrBCgUjTiW6K76seYx
dlUZ33hEgYf7uBzD+3onv19ZMBJ5Hp/VuRRB7OLUsxxZ7Y3zFi+yeE2eQvajvtUP
BVH7kAae9Q0MfAuTrVlPO9U8AimItJ+gCevDLe4+dvb+4lWyLI5lv1WnjxsrwBuX
1SWt0g7T6rLAVPRLN7DMH+Um+JjKjB1QxNKOgUY4CGYBmNFC6dayLeciXF7VmosD
xF4XLehbo/cf6OGYcjCYR8HCAg6A7URYBSD2JFqGwfM83W3z8q1BfaoJHxxXTgK1
7wRVscW/or6tiTihUHQnR4VZsUbi/7hLDDmA8FBS7IOyth4akhmSsF2B2FQ6TVAV
Iz3t/qd7NFmAacNq0MUbaL8Qjjf7iWJBpZyY9vjeqNOtMNasSKgpvZdf7mzr9QiC
oqmpRz/eLFWF7NqMMFyKrNSBr2yyIIy/Byqj7q9Xic/kLaZRVcPfpnUBhROogLzq
Lv8ZNtBfS3ZEuzvaGot5xBo0dKGS6BGJC2y45t6Z2na7txQV/Gc=
=LBTG
-----END PGP SIGNATURE-----
--- End Message ---
