Your message dated Sun, 27 Dec 2020 11:18:38 +0000
with message-id <[email protected]>
and subject line Bug#977750: fixed in ruby-http-parser.rb 0.6.0-5.1
has caused the Debian Bug report #977750,
regarding ruby-http-parser.rb: Upcoming test suite regression with http-parser
2.9.4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
977750: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977750
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ruby-http-parser.rb
Version: 0.6.0-5+b1
Severity: important
Tags: upstream
Forwarded: https://github.com/tmm1/http_parser.rb/issues/68
Dear Maintainer,
the http-parser library will see an update to 2.9.4 (currently in
unstable: 2.9.2) fairly soon, it fixes a security issue¹. During a
regression check however I noticed your package will no longer build in
unstable due to a failing test:
| Failures:
|
| 1) HTTP::Parser should parse request: post identity body world
| Failure/Error: @parser << test['raw']
|
| HTTP::Parser::Error:
| Could not parse data entirely (116 != 122)
| # ./spec/parser_spec.rb:317:in `<<'
| # ./spec/parser_spec.rb:317:in `block (4 levels) in <top (required)>'
You can verify by re-building your package using the http-parser version
available in experimental (2.9.3).
Root cause is a stricter checking of HTTP request headers in
http-parser. This is a direct result of the fix, so this will affect
stable as well, more on that below. There's already a bug report
upstream (filed by yours truly):
https://github.com/tmm1/http_parser.rb/issues/68
Please follow closely and upload a new version as soon as a fix is
available. An alternative fix was to enable the "lenient" mode for that
test - but it seems that http-parser feature is not available in the
Ruby bindings.
Once http-parser 2.9.4 reaches unstable, I'll raise the bug severity and
prepare a NMU to prevent your package from falling out of testing.
Having issues handled by the maintainers themselves is still my
preferred way of action, though.
After that I will prepare a fixed http-parser for stable (10, "buster")
as well. This will forseeable affect the stable version of your package,
too. I'll do according checks and get back to you then.
Kind regards,
Christoph
¹ https://security-tracker.debian.org/tracker/CVE-2019-15605
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: ruby-http-parser.rb
Source-Version: 0.6.0-5.1
Done: Christoph Biedl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ruby-http-parser.rb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated
ruby-http-parser.rb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 20 Dec 2020 10:39:19 +0100
Source: ruby-http-parser.rb
Architecture: source
Version: 0.6.0-5.1
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 977750
Changes:
ruby-http-parser.rb (0.6.0-5.1) unstable; urgency=high
.
* Non-maintainer upload.
* Relax "post identity body world" test. Closes: #977750
Checksums-Sha1:
c86af76072183fd712a7b1ffb1ece735764448c9 2300 ruby-http-parser.rb_0.6.0-5.1.dsc
25090c174b317113000b5df85e69be54ac26132c 8320
ruby-http-parser.rb_0.6.0-5.1.debian.tar.xz
1e8a048230a62340227f0b28ad064353077c9f76 10021
ruby-http-parser.rb_0.6.0-5.1_powerpc.buildinfo
Checksums-Sha256:
b2d8182cb12ee17af8f66d6c16f088c4eb27e6e25f3133d65dc874a18a24cf0d 2300
ruby-http-parser.rb_0.6.0-5.1.dsc
f79abb9a39a11be83d6d9986b5d8bb0d3752b892a560e513499849cfa407270a 8320
ruby-http-parser.rb_0.6.0-5.1.debian.tar.xz
39b00ac9fee645cb6e14d65fd7e62d754e2ad37b81e69161a0225217af80e904 10021
ruby-http-parser.rb_0.6.0-5.1_powerpc.buildinfo
Files:
107fafa98d6565d5f6aed606e54548c0 2300 ruby optional
ruby-http-parser.rb_0.6.0-5.1.dsc
35cf48c66584e90610ae927ab0d45e45 8320 ruby optional
ruby-http-parser.rb_0.6.0-5.1.debian.tar.xz
cc7f146ba34103a4810db2f4dcb90ae3 10021 ruby optional
ruby-http-parser.rb_0.6.0-5.1_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAl/fKWgACgkQxCxY61kU
kv2PXQ//eunhieuuQ3k/s3bM+8hVT0kDaJJdKLVJ1m6K/dUCIu6NMYTIoIt9+WSt
OAxhocS2snGNV5+bglHnWTCSflBq5UGtFSnvzSkEIlVaXBVKkHBuzLFA96VLi8IY
WiPMtR6ETRbgxyOegr2IpMaVt0t5zZ+EYBdmPf1/C2ssVVTtDYyGwJrP8/Lncolj
BYUZ4hwPyXG2/NOqrVzh7jihnNu4bRpqEmBXfEer4WJUjS6rwTrifVjEBZidpLr7
iwhw6pPvqO1mUg0U2HE5IvxL+eI/lxb8xAtWoKCLVB4ZA37LIbwvGEd5IST0c7se
swjvoLvYX+vU82mnA+wRNmUYzfImYfj2bR9uWIPoxvQ+PLTlEzXOtw+lWavk+oB2
A8IPB4WWn0fVCKmqLh74Eg2C0fg3BU4mLnqEGi3WxTYE/Xj9GrVkzcOObR6Ndh8a
xxv/drs9rfOXM4hUoZ7uhbmr/hlfGpo3KlehwOuoUMBN1+h1Bz/LrXMvtrRKe19s
PuDkhE7XSg/gj9e8LBwzstJKDrigNpE1bheAKNDimQqdIQ+k+xnpHd2jXJ/KsuMd
sDKeo5ydSdx13XqeadxKwITgIGDkhbR3lUTO66w3QWjE8cucZAUqmachmMHyPqjb
JtZHEP9cQ6l1c0VU0B2tHTZN0wTofXQ86XsHUa0AjWq46XRkLdg=
=wCQL
-----END PGP SIGNATURE-----
--- End Message ---
