Processed: affects 996570
Processing commands for cont...@bugs.debian.org: > affects 996570 + security.debian.org,release.debian.org Bug #996570 [libapache2-mod-proxy-uwsgi] libapache2-mod-proxy-uwsgi: ProxyPass sends wrong PATH_INFO to uwsgi Added indication that 996570 affects security.debian.org and release.debian.org > thanks Stopping processing here. Please contact me if you need assistance. -- 996570: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996570 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#996570: libapache2-mod-proxy-uwsgi: ProxyPass sends wrong PATH_INFO to uwsgi
Package: libapache2-mod-proxy-uwsgi Version: 2.4.38-3+deb10u6 Severity: important Dear Maintainer, after installing version 2.4.38-3+deb10u6 our uwsgi webservice did not work anymore. The apache2 config contains the line ProxyPass /networks/v1/ unix:/var/run/uwsgi/networks-api.socket|uwsgi://networks/v1/ retry=0 A request to https://server.uni-paderborn.de/networks/v1/name/imt_infra_ntp used to result in PATH_INFO set to "/name/imt_infra_ntp", so stripping off the first two directories "/networks/v1/" as set in the config. Version 2.4.38-3+deb10u6 contains a security fix for setting PATH_INFO, but it seems to get confused with directories: In our case PATH_INFO is set to "/v1/name/imt_infra_ntp" which renders our uwsgi webservice useless. Thanks for fixing, Christopher -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-18-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libapache2-mod-proxy-uwsgi depends on: ii apache2 2.4.38-3+deb10u5 libapache2-mod-proxy-uwsgi recommends no packages. libapache2-mod-proxy-uwsgi suggests no packages. -- no debconf information
apache2_2.4.51-1~bpo10+1_sourceonly.changes ACCEPTED into oldstable-backports-sloppy->backports-policy, oldstable-backports-sloppy
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 12 Oct 2021 17:03:41 +0200 Source: apache2 Architecture: source Version: 2.4.51-1~bpo10+1 Distribution: buster-backports-sloppy Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Yadd Changes: apache2 (2.4.51-1~bpo10+1) buster-backports-sloppy; urgency=medium . * Rebuild for buster-backports-sloppy Checksums-Sha1: 34bb4b0a91a84267f48e1d47ad6b7605944a30d3 3506 apache2_2.4.51-1~bpo10+1.dsc 81aea15d1cc8934dd836d60a719eacfcb402a1bd 887972 apache2_2.4.51-1~bpo10+1.debian.tar.xz Checksums-Sha256: 7a968894398f9f5ce84cd9e0dea5784de3ec1d952e0dcb283ee30a224d32e65b 3506 apache2_2.4.51-1~bpo10+1.dsc 9b0d7dc3827db601ea42eefe9623633fe70a18d29e0d70f62e0cb33955e1ea15 887972 apache2_2.4.51-1~bpo10+1.debian.tar.xz Files: 4f840e98077d9cfbea254a49ceb2673c 3506 httpd optional apache2_2.4.51-1~bpo10+1.dsc 34218d53fbc22c710935697bc7c4f120 887972 httpd optional apache2_2.4.51-1~bpo10+1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmFlpfsACgkQ9tdMp8mZ 7ulxwg/+LF72ToPwMvzIYdQ3NJryk5YdeCTRECs85cCpNO5UFhSFWZIT+iaok15g 0u5I9lcDy/Np2Yj4IPtR2KFQc9ArxvzjH7zfiVKlbXabrJY1CnIXvPmdscQ3Bg3L 8IkHH/XUyWFm7DVy7YkO51c3HRicuxA1ajwAGkOeqSeBX0tIlCOKh4a+J+RBYUnv V9JGFz81LIQ1SFAp28jMKDiEWBtqgiOVmM85F1yOXLFDlkMv0pJNmEBgCld008es tiY+L2EgEyE9LCzJ6KNDnPkhnEFTDOfJBnJIuC2Fn5CbNAkDierpzNThmTVbmZFd i2Ld1Nh4rS4x/HVh7YeD06+mGD5WiPK3c27vrHZwbQTf1W9TLafa22NwnlPP5YRm c3RJxfnT/pwEzJ1whzkwsEtpZy1wbqwF5oImEAQwWbwde/V/drUl4Wp74T67SkHB k4Kg5KhZY135q9LybSXrpXK90x7CtzBXKudHhwmJqBo6HTJEn8RbbS2LQaCojqpF FRZT9uBia9nNZ5JKm62uR+MAJxMrjZu1pRIMBNBbch+tFyFSjZZT8EGuI6bvtrcQ VihfVOZEHq2hX/2k7YCytYPodQVvXD2UVkxpKMYfCBJRQb0y2wC9GSaq96S8npfO k7XmO3pFh1+fT/qawaWGZx57bY5JQouv2qsgT+HdZlttuhJQuzU= =ivR1 -END PGP SIGNATURE- Thank you for your contribution to Debian.