Debian Bug report logs - #674924
request-tracker3.8: Web interface periodically stops working after DSA-2480-1

version graph

Package: request-tracker3.8; Maintainer for request-tracker3.8 is Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>;

Reported by: Will Aoki <waoki@umnh.utah.edu>

Date: Mon, 28 May 2012 16:48:05 UTC

Severity: important

Merged with 675369

Found in version request-tracker3.8/3.8.8-7+squeeze3

Fixed in version request-tracker3.8/3.8.8-7+squeeze4

Done: Dominic Hargreaves <dom@earth.li>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Mon, 28 May 2012 16:48:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Will Aoki <waoki@umnh.utah.edu>:
New Bug report received and forwarded. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Mon, 28 May 2012 16:48:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Will Aoki <waoki@umnh.utah.edu>
To: submit@bugs.debian.org
Subject: request-tracker3.8: Web interface periodically stops working after DSA-2480-1
Date: Mon, 28 May 2012 10:33:40 -0600
Package: request-tracker3.8
Version: 3.8.8-7+squeeze2
Severity: important

After installing DSA-2480-1, the Request Tracker web interface
periodically stops responding. It does take whatever action the user
requested (e.g. it will send a reply), but no response comes back to the
user, and eventually the connection is reset.

Re-loading the page will sometimes make it work again -- for example, it
timed out loading my daashboard, but after five minutes I refreshed the
page, and it worked.

Apache (and indeed, the entire server) has been restarted since the
upgrade. The e-mail hotfix has been applied, which accounts for the
debsums error below.

(This upgrade was applied to the server before the serious problems with
this release became known.)

No information that I believe relevant is logged.

-- Version information of web server, database and MTA per reportbug note:
ii  apache2                2.2.16-6+squeeze7 Apache HTTP Server metapackage
ii  apache2-doc            2.2.16-6+squeeze7 Apache HTTP Server documentation
ii  apache2-mpm-prefork    2.2.16-6+squeeze7 Apache HTTP Server - traditional non-threaded model
ii  apache2-utils          2.2.16-6+squeeze7 utility programs for webservers
ii  apache2.2-bin          2.2.16-6+squeeze7 Apache HTTP Server common binary files
ii  apache2.2-common       2.2.16-6+squeeze7 Apache HTTP Server common files
ii  exim4                  4.72-6+squeeze2   metapackage to ease Exim MTA (v4) installation
ii  exim4-base             4.72-6+squeeze2   support files for all Exim MTA (v4) packages
ii  exim4-config           4.72-6+squeeze2   configuration for the Exim MTA (v4)
ii  exim4-daemon-light     4.72-6+squeeze2   lightweight Exim MTA (v4) daemon
ii  mysql-client           5.1.61-0+squeeze1 MySQL database client (metapackage depending on the latest version)
ii  mysql-client-5.1       5.1.61-0+squeeze1 MySQL database client binaries
ii  mysql-common           5.1.61-0+squeeze1 MySQL database common files, e.g. /etc/mysql/my.cnf
ii  mysql-server           5.1.61-0+squeeze1 MySQL database server (metapackage depending on the latest version)
ii  mysql-server-5.1       5.1.61-0+squeeze1 MySQL database server binaries and system database setup
ii  mysql-server-core-5.1  5.1.61-0+squeeze1 MySQL database server binaries


-- Package-specific info:
Changed files:
  usr/share/request-tracker3.8/lib/RT/Interface/Email.pm

There are locally modified files in /usr/local/share/request-tracker3.8/,
 these may (or may not) be the source of the problem.


-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages request-tracker3.8 depends on:
ii  dbconfig-common        1.8.46+squeeze.0  common framework for packaging dat
ii  debconf [debconf-2.0]  1.5.36.1          Debian configuration management sy
ii  exim4                  4.72-6+squeeze2   metapackage to ease Exim MTA (v4) 
ii  exim4-daemon-light [ma 4.72-6+squeeze2   lightweight Exim MTA (v4) daemon
ii  libapache-session-perl 1.87-1            Perl modules for keeping persisten
ii  libcache-simple-timede 0.27-2            Perl module to cache and expire ke
ii  libcalendar-simple-per 1.21-1            module for producing simple calend
ii  libcgi-fast-perl       5.10.1-17squeeze3 CGI::Fast Perl module
ii  libcgi-pm-perl         3.49-1squeeze1    module for Common Gateway Interfac
ii  libclass-returnvalue-p 0.55-1            A return-value object that lets yo
ii  libcss-squish-perl     0.09-1            module to compact many CSS files i
ii  libdata-ical-perl      0.16+dfsg-1       Perl module for manipulating iCale
ii  libdbi-perl            1.612-1           Perl Database Interface (DBI)
ii  libdbix-searchbuilder- 1.56-1            Perl implementation of a simple OR
ii  libdevel-stacktrace-pe 1.2100-1          Perl module containing stack trace
ii  libemail-address-perl  1.889-2           RFC 2822 Address Parsing and Creat
ii  libfcgi-procmanager-pe 0.18-2            Functions for managing FastCGI app
ii  libfile-sharedir-perl  1.00-0.1          Locate per-dist and per-module sha
ii  libgd-graph-perl       1.44-3            Graph Plotting Module for Perl 5
ii  libgd-text-perl        0.86-5            Text utilities for use with GD
ii  libgnupg-interface-per 0.42-3            Perl interface to GnuPG
ii  libgraphviz-perl       2.04-1            Perl interface to the GraphViz gra
ii  libhtml-mason-perl     1:1.44-1          HTML::Mason Perl module
ii  libhtml-parser-perl    3.66-1            collection of modules that parse H
ii  libhtml-rewriteattribu 0.03-1            concise attribute rewriting
ii  libhtml-scrubber-perl  0.08-4            Perl extension for scrubbing/sanit
ii  libipc-run-safehandles 0.02-1            Use IPC::Run and IPC::Run3 safely
ii  libjs-prototype        1.6.1-1           JavaScript Framework for dynamic w
ii  libjs-scriptaculous    1.8.3-1           JavaScript library for dynamic web
ii  liblocale-maketext-fuz 0.10-1            Maketext from already interpolated
ii  liblocale-maketext-lex 0.82-1            lexicon-handling backends for Loca
ii  liblog-dispatch-perl   2.22-1            Dispatches messages to multiple Lo
ii  libmailtools-perl      2.06-1            Manipulate email in perl programs
ii  libmime-tools-perl [li 5.428-1           Perl5 modules for MIME-compliant m
ii  libmime-types-perl     1.30-1            Perl extension for determining MIM
ii  libmodule-versions-rep 1.06-1            Report versions of all modules in 
ii  libperlio-eol-perl     0.14-1+b1         PerlIO layer for normalizing line 
ii  libregexp-common-perl  2010010201-1      module with common regular express
ii  libtext-autoformat-per 1.669002-1        module for automatic text wrapping
ii  libtext-quoted-perl    2.06-1            Perl module to extract the structu
ii  libtext-template-perl  1.45-1            Text::Template perl module
ii  libtext-wikiformat-per 0.78-1            translates Wiki formatted text int
ii  libtext-wrapper-perl   1.02-1            Simple word wrapping routine
ii  libtime-modules-perl   2006.0814-2       Various Perl modules for time/date
ii  libtimedate-perl       1.2000-1          collection of modules to manipulat
ii  libtree-simple-perl    1.18-1            A simple tree object
ii  libuniversal-require-p 0.13-1            Load modules from a variable
ii  libxml-rss-perl        1.48-1            Perl module for managing RSS (RDF 
ii  libxml-simple-perl     2.18-3            Perl module for reading and writin
ii  perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction 
ii  perl-modules [libcgi-p 5.10.1-17squeeze3 Core Perl modules
ii  rsyslog [system-log-da 4.6.4-2           enhanced multi-threaded syslogd
ii  rt3.8-apache2          3.8.8-7+squeeze2  Apache 2 specific files for reques
ii  rt3.8-clients          3.8.8-7+squeeze2  mail gateway and command-line inte
ii  rt3.8-db-mysql         3.8.8-7+squeeze2  MySQL database backend for request
ii  ucf                    3.0025+nmu1       Update Configuration File: preserv

Versions of packages request-tracker3.8 recommends:
ii  cron [cron-daemon]            3.0pl1-116 process scheduling daemon
ii  libdatetime-locale-perl       1:0.45-1   Perl extension providing localizat
ii  libdatetime-perl              2:0.6100-2 module for manipulating dates, tim
ii  speedy-cgi-perl               2.22-13    speed up perl scripts by making th

Versions of packages request-tracker3.8 suggests:
pn  rt3.8-rtfm                    <none>     (no description available)

-- debconf information:
* request-tracker3.8/organization: rt.umnh.utah.edu
  request-tracker3.8/pgsql/authmethod-user: password
  request-tracker3.8/install-error: abort
  request-tracker3.8/dbconfig-remove:
  request-tracker3.8/mysql/method: unix socket
  request-tracker3.8/dbconfig-reinstall: false
  request-tracker3.8/db/dbname: rtdb
  request-tracker3.8/missing-db-package-error: abort
* request-tracker3.8/dbconfig-install: true
  request-tracker3.8/remove-error: abort
  request-tracker3.8/warn-sqlite-file:
  request-tracker3.8/remote/newhost:
  request-tracker3.8/pgsql/admin-user: postgres
  request-tracker3.8/db/app-user: rtuser
  request-tracker3.8/remote/host:
* request-tracker3.8/rtname: RequestTracker.rt.umnh.utah.edu
  request-tracker3.8/internal/reconfiguring: false
  request-tracker3.8/passwords-do-not-match:
* request-tracker3.8/database-type: mysql
  request-tracker3.8/pgsql/no-empty-passwords:
* request-tracker3.8/handle-siteconfig-permissions: true
* request-tracker3.8/correspondaddress: support-do-not-reply@umnh.utah.edu__
* request-tracker3.8/install-cronjobs: true
  request-tracker3.8/upgrade-error: abort
  request-tracker3.8/mysql/admin-user: root
  request-tracker3.8/remote/port:
  request-tracker3.8/pgsql/changeconf: false
  request-tracker3.8/dbconfig-upgrade: true
  request-tracker3.8/pgsql/method: unix socket
  request-tracker3.8/purge: false
  request-tracker3.8/pgsql/authmethod-admin: ident
  request-tracker3.8/pgsql/manualconf:
* request-tracker3.8/webpath: /rt
  request-tracker3.8/upgrade-backup: true
  request-tracker3.8/db/basepath:
  request-tracker3.8/internal/skip-preseed: false
* request-tracker3.8/webbaseurl: https://rt.umnh.utah.edu
* request-tracker3.8/commentaddress: support-do-not-reply@umnh.utah.edu__

-- debsums errors found:
debsums: changed file /usr/share/request-tracker3.8/lib/RT/Interface/Email.pm (from request-tracker3.8 package)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Mon, 28 May 2012 17:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Mon, 28 May 2012 17:03:03 GMT) Full text and rfc822 format available.

Message #10 received at 674924@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: Will Aoki <waoki@umnh.utah.edu>, 674924@bugs.debian.org
Subject: Re: [request-tracker-maintainers] Bug#674924: request-tracker3.8: Web interface periodically stops working after DSA-2480-1
Date: Mon, 28 May 2012 18:00:56 +0100
On Mon, May 28, 2012 at 10:33:40AM -0600, Will Aoki wrote:
> After installing DSA-2480-1, the Request Tracker web interface
> periodically stops responding. It does take whatever action the user
> requested (e.g. it will send a reply), but no response comes back to the
> user, and eventually the connection is reset.
> 
> Re-loading the page will sometimes make it work again -- for example, it
> timed out loading my daashboard, but after five minutes I refreshed the
> page, and it worked.
> 
> Apache (and indeed, the entire server) has been restarted since the
> upgrade. The e-mail hotfix has been applied, which accounts for the
> debsums error below.
> 
> (This upgrade was applied to the server before the serious problems with
> this release became known.)
> 
> No information that I believe relevant is logged.

Could you check whether the problem goes away if you downgrade to
3.8.8-7+squeeze1 (making sure you stop and start apache afterwards)?

Is the host dedicated to RT or are there other applications/pages
being served from Apache?

Is it possible that other changes were made to the system configuration
which have only just been picked up at the point you upgraded?

Can you confirm which webserver mode you are using (fastcgi, mod_perl)
and any provide relevant config snippets (for example are you including
config from /etc/request-tracker3.8 in Apache, or configuring things
manually?

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Mon, 28 May 2012 18:48:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Will Aoki <waoki@umnh.utah.edu>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Mon, 28 May 2012 18:48:06 GMT) Full text and rfc822 format available.

Message #15 received at 674924@bugs.debian.org (full text, mbox):

From: Will Aoki <waoki@umnh.utah.edu>
To: Dominic Hargreaves <dom@earth.li>
Cc: 674924@bugs.debian.org
Subject: Re: [request-tracker-maintainers] Bug#674924: request-tracker3.8: Web interface periodically stops working after DSA-2480-1
Date: Mon, 28 May 2012 12:35:24 -0600
On Mon, May 28, 2012 at 06:00:56PM +0100, Dominic Hargreaves wrote:
> Could you check whether the problem goes away if you downgrade to
> 3.8.8-7+squeeze1 (making sure you stop and start apache afterwards)?

I'll do that and see if support staff still see the problem. It'll take
a day or so to be sure it's not happening.

> Is the host dedicated to RT or are there other applications/pages
> being served from Apache?

It's a dedicated virtual machine.

> Is it possible that other changes were made to the system configuration
> which have only just been picked up at the point you upgraded?

I don't have record of any configuration changes being made. The only
upgrade I see that might have touched something is the OpenSSL upgrade
installed on the 17th, if Apache wasn't restarted. Here's a transcript
of all upgrades since the last reboot before installing
3.8-3.8.8-7+squeeze2:

[May 17]
cfengine:rt:/bin/sh -c 'DEB: Preconfiguring packages ...
cfengine:rt:/bin/sh -c 'DEB: (Reading database ... 51406 files and directories currently installed.)
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace libssl0.9.8 0.9.8o-4squeeze12 (using .../libssl0.9.8_0.9.8o-4squeeze13_amd64.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement libssl0.9.8 ...
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace openssl 0.9.8o-4squeeze12 (using .../openssl_0.9.8o-4squeeze13_amd64.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement openssl ...
cfengine:rt:/bin/sh -c 'DEB: Processing triggers for man-db ...
cfengine:rt:/bin/sh -c 'DEB: Setting up libssl0.9.8 (0.9.8o-4squeeze13) ...
cfengine:rt:/bin/sh -c 'DEB: Setting up openssl (0.9.8o-4squeeze13) ...
[May 23]
cfengine:rt:/bin/sh -c 'DEB: (Reading database ... 51406 files and directories currently installed.)
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace libxml2 2.7.8.dfsg-2+squeeze3 (using .../libxml2_2.7.8.dfsg-2+squeeze4_amd64.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement libxml2 ...
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace sudo 1.7.4p4-2.squeeze.2 (using .../sudo_1.7.4p4-2.squeeze.3_amd64.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement sudo ...
cfengine:rt:/bin/sh -c 'DEB: Processing triggers for man-db ...
cfengine:rt:/bin/sh -c 'DEB: Setting up libxml2 (2.7.8.dfsg-2+squeeze4) ...
cfengine:rt:/bin/sh -c 'DEB: Setting up sudo (1.7.4p4-2.squeeze.3) ...
[May 24]
cfengine:rt:/bin/sh -c 'DEB: Preconfiguring packages ...
cfengine:rt:/bin/sh -c 'DEB: (Reading database ... 51406 files and directories currently installed.)
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace request-tracker3.8 3.8.8-7+squeeze1 (using .../request-tracker3.8_3.8.8-7+squeeze2_all.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement request-tracker3.8 ...
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace rt3.8-clients 3.8.8-7+squeeze1 (using .../rt3.8-clients_3.8.8-7+squeeze2_all.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement rt3.8-clients ...
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace rt3.8-apache2 3.8.8-7+squeeze1 (using .../rt3.8-apache2_3.8.8-7+squeeze2_all.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement rt3.8-apache2 ...
cfengine:rt:/bin/sh -c 'DEB: Preparing to replace rt3.8-db-mysql 3.8.8-7+squeeze1 (using .../rt3.8-db-mysql_3.8.8-7+squeeze2_all.deb) ...
cfengine:rt:/bin/sh -c 'DEB: Unpacking replacement rt3.8-db-mysql ...
cfengine:rt:/bin/sh -c 'DEB: Processing triggers for man-db ...
cfengine:rt:/bin/sh -c 'DEB: Setting up rt3.8-clients (3.8.8-7+squeeze2) ...
cfengine:rt:/bin/sh -c 'DEB: Setting up rt3.8-apache2 (3.8.8-7+squeeze2) ...
cfengine:rt:/bin/sh -c 'DEB: Setting up rt3.8-db-mysql (3.8.8-7+squeeze2) ...
cfengine:rt:/bin/sh -c 'DEB: Setting up request-tracker3.8 (3.8.8-7+squeeze2) ...
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  If you are using mod_perl or any form of persistent perl
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  process such as FastCGI or SpeedyCGI, you will need to
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  restart your web server and any persistent processes now.
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  If you are using mod_perl or any form of persistent perl
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  process such as FastCGI or SpeedyCGI, you will need to
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  restart your web server and any persistent processes now.
cfengine:rt:/bin/sh -c 'DEB: **WARNING**  
cfengine:rt:/bin/sh -c 'DEB: dbconfig-common: writing config to /etc/dbconfig-common/request-tracker3.8.conf
cfengine:rt:/bin/sh -c 'DEB: dbconfig-common: flushing administrative password
cfengine:rt:/bin/sh -c 'DEB: No users with unsalted or weak cryptography found.
cfengine:rt:/bin/sh -c 'DEB: pam_mount(spawn.c:102): error setting uid to 0
cfengine:rt:/bin/sh -c 'DEB: rt-vulnerable-passwords-3.8 invoked successfully on upgrade
cfengine:rt:/bin/sh -c 'DEB: Can't determine perl binary that RT uses; assuming /usr/bin/perl
cfengine:rt:/bin/sh -c 'DEB: Cleaning up 5 transactions
cfengine:rt:/bin/sh -c 'DEB: Done.
cfengine:rt:/bin/sh -c 'DEB: pam_mount(spawn.c:102): error setting uid to 0
cfengine:rt:/bin/sh -c 'DEB: rt-clean-user-txns-3.8 invoked successfully on upgrade

> Can you confirm which webserver mode you are using (fastcgi, mod_perl)
> and any provide relevant config snippets (for example are you including
> config from /etc/request-tracker3.8 in Apache, or configuring things
> manually?

It's using mod_perl.

---- BEGIN /etc/request-tracker3.8/apache2-modperl2.conf ----
# To use RT together with mod_perl2, available in the
# libapache2-mod-perl2 package, include this file with:
#
#   Include /etc/request-tracker3.8/apache2-modperl2.conf
#
# into your Apache configuration file, in a virtual host section.

# You will need to enable the Apache modules: perl, actions, rewrite
#
# The best place for this in the Debian Apache2 default situation is
# near the end of the VirtualHost section in the file
# /etc/apache2/sites-available/default.

# You might want to enable this line
# AddDefaultCharset UTF-8

PerlModule Apache2::RequestRec Apache2::compat
PerlModule Apache::DBI
PerlRequire /usr/share/request-tracker3.8/libexec/webmux.pl
PerlSetVar MasonArgsMethod CGI

# Normally a request for a directory will be rewritten to index.html
# (or similar) by default if that file exists. For some reason this does
# not happen with the handler being set to perl-script. We thus have to
# do it ourselves using mod_rewrite.

RewriteEngine on

# You might need to alter these two lines which refer to /rt to match
# whatever base URL you are using for your rt3 site.

RewriteRule ^/rt$ /rt/
RewriteRule ^/rt/(.*)$ /usr/share/request-tracker3.8/html/$1
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(/usr/share/request-tracker3.8/html.*)/$ $1/index.html

# We need this to prevent requests for images being sent through to
# the RT::Mason handler.

<Directory /usr/share/request-tracker3.8/html/NoAuth/images>
  SetHandler default-handler
</Directory>

<Directory /usr/share/request-tracker3.8/html>
  SetHandler perl-script
  PerlHandler RT::Mason
</Directory>

# Limit mail gateway access to localhost by default
---- END /etc/request-tracker3.8/apache2-modperl2.conf ----

Config for the SSL site we're accessing it from:

---- BEGIN /etc/apache2/sites-enabled/rt ----
<VirtualHost _default_:443>
	ServerAdmin [redacted due to spambots]
	
	DocumentRoot /www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
	Include "/etc/request-tracker3.8/apache2-modperl2.conf"

	#   SSL Engine Switch:
	#   Enable/Disable SSL for this virtual host.
	SSLEngine on

	#   A self-signed (snakeoil) certificate can be created by installing
	#   the ssl-cert package. See
	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
	#   If both key and certificate are stored in the same file, only the
	#   SSLCertificateFile directive is needed.
	SSLCertificateFile    [redacted]
	SSLCertificateKeyFile [redacted]

	#   Server Certificate Chain:
	#   Point SSLCertificateChainFile at a file containing the
	#   concatenation of PEM encoded CA certificates which form the
	#   certificate chain for the server certificate. Alternatively
	#   the referenced file can be the same as SSLCertificateFile
	#   when the CA certificates are directly appended to the server
	#   certificate for convinience.
	SSLCertificateChainFile [redacted]

	#   Certificate Authority (CA):
	#   Set the CA certificate verification path where to find CA
	#   certificates for client authentication or alternatively one
	#   huge file containing all of them (file must be PEM encoded)
	#   Note: Inside SSLCACertificatePath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCACertificatePath /etc/ssl/certs/
	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

	#   Certificate Revocation Lists (CRL):
	#   Set the CA revocation path where to find CA CRLs for client
	#   authentication or alternatively one huge file containing all
	#   of them (file must be PEM encoded)
	#   Note: Inside SSLCARevocationPath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCARevocationPath /etc/apache2/ssl.crl/
	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

	#   Client Authentication (Type):
	#   Client certificate verification type and depth.  Types are
	#   none, optional, require and optional_no_ca.  Depth is a
	#   number which specifies how deeply to verify the certificate
	#   issuer chain before deciding the certificate is not valid.
	#SSLVerifyClient require
	#SSLVerifyDepth  10

	#   Access Control:
	#   With SSLRequire you can do per-directory access control based
	#   on arbitrary complex boolean expressions containing server
	#   variable checks and other lookup directives.  The syntax is a
	#   mixture between C and Perl.  See the mod_ssl documentation
	#   for more details.
	#<Location />
	#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
	#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
	#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
	#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
	#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
	#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
	#</Location>

	#   SSL Engine Options:
	#   Set various options for the SSL engine.
	#   o FakeBasicAuth:
	#     Translate the client X.509 into a Basic Authorisation.  This means that
	#     the standard Auth/DBMAuth methods can be used for access control.  The
	#     user name is the `one line' version of the client's X.509 certificate.
	#     Note that no password is obtained from the user. Every entry in the user
	#     file needs this password: `xxj31ZMTZzkVA'.
	#   o ExportCertData:
	#     This exports two additional environment variables: SSL_CLIENT_CERT and
	#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
	#     server (always existing) and the client (only existing when client
	#     authentication is used). This can be used to import the certificates
	#     into CGI scripts.
	#   o StdEnvVars:
	#     This exports the standard SSL/TLS related `SSL_*' environment variables.
	#     Per default this exportation is switched off for performance reasons,
	#     because the extraction step is an expensive operation and is usually
	#     useless for serving static content. So one usually enables the
	#     exportation for CGI and SSI requests only.
	#   o StrictRequire:
	#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
	#     under a "Satisfy any" situation, i.e. when it applies access is denied
	#     and no other module can change it.
	#   o OptRenegotiate:
	#     This enables optimized SSL connection renegotiation handling when SSL
	#     directives are used in per-directory context.
	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>

	#   SSL Protocol Adjustments:
	#   The safe and default but still SSL/TLS standard compliant shutdown
	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
	#   the close notify alert from client. When you need a different shutdown
	#   approach you can use one of the following variables:
	#   o ssl-unclean-shutdown:
	#     This forces an unclean shutdown when the connection is closed, i.e. no
	#     SSL close notify alert is send or allowed to received.  This violates
	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
	#     this when you receive I/O errors because of the standard approach where
	#     mod_ssl sends the close notify alert.
	#   o ssl-accurate-shutdown:
	#     This forces an accurate shutdown when the connection is closed, i.e. a
	#     SSL close notify alert is send and mod_ssl waits for the close notify
	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
	#     practice often causes hanging connections with brain-dead browsers. Use
	#     this only for browsers where you know that their SSL implementation
	#     works correctly.
	#   Notice: Most problems of broken clients are also related to the HTTP
	#   keep-alive facility, so you usually additionally want to disable
	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
	#   "force-response-1.0" for this.
	BrowserMatch "MSIE [2-6]" \
		nokeepalive ssl-unclean-shutdown \
		downgrade-1.0 force-response-1.0
	# MSIE 7 and newer should be able to use keepalive
	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown



</VirtualHost>
---- END /etc/apache2/sites-enabled/rt ----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Tue, 29 May 2012 13:48:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Valentin Vidic <Valentin.Vidic@CARNet.hr>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Tue, 29 May 2012 13:48:05 GMT) Full text and rfc822 format available.

Message #20 received at 674924@bugs.debian.org (full text, mbox):

From: Valentin Vidic <Valentin.Vidic@CARNet.hr>
To: 674522@bugs.debian.org
Cc: 674924@bugs.debian.org
Subject: Mail bugfix causing TCP reset
Date: Tue, 29 May 2012 15:04:20 +0200
It seems that this bugfix resolves the sendmail issue but causes a
TCP reset if the TCP connection is on the FD 0:

  local *STDIN = IO::Handle->new_from_fd( 0, "r" );

This is described in Debian bug #674924.  It can be reproduced by
sending a ticket reply via web.  Mail gets set but the HTTP POST
connection is reset.  It looks like the above fix has some unexpected
side effects.

Reverting the following file from 3.8.8-7+squeeze1 makes both problems
disappear:

  /usr/share/request-tracker3.8/lib/RT/Interface/Email.pm

-- 
Valentin




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Wed, 30 May 2012 05:21:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christopher Samuel <samuel@unimelb.edu.au>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Wed, 30 May 2012 05:21:05 GMT) Full text and rfc822 format available.

Message #25 received at 674924@bugs.debian.org (full text, mbox):

From: Christopher Samuel <samuel@unimelb.edu.au>
To: 674924@bugs.debian.org
Subject: Re: request-tracker3.8: Web interface periodically stops working after DSA-2480-1
Date: Wed, 30 May 2012 15:09:13 +1000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We can confirm this same issue here at VLSCI and that reverting:

/usr/share/request-tracker3.8/lib/RT/Interface/Email.pm

to the version in request-tracker3.8_3.8.8-7+squeeze1_all.deb does
indeed fix the problem for us (phew!).

All the best,
Chris
- -- 
    Christopher Samuel - Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel@unimelb.edu.au Phone: +61 (0)3 903 55545
         http://www.vlsci.unimelb.edu.au/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/Fq3kACgkQO2KABBYQAh/SdwCdH13JCtU70OufNZRAsrK1zDZ5
3AMAniSrAzu2eim8WOH2BOUNhPnJHGGr
=jlpQ
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Wed, 30 May 2012 14:36:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Thomas Sibley <trs@bestpractical.com>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Wed, 30 May 2012 14:36:09 GMT) Full text and rfc822 format available.

Message #30 received at 674924@bugs.debian.org (full text, mbox):

From: Thomas Sibley <trs@bestpractical.com>
To: 674522@bugs.debian.org
Cc: 674924@bugs.debian.org
Subject: Bugfix for TCP resets
Date: Wed, 30 May 2012 10:29:34 -0400
3.8.13rc2 was released over the weekend with an additional fix on top of
the first fix in rc1.  The relevant bugfix patch is:

   https://github.com/bestpractical/rt/commit/38093f9f

rc2 also includes a small doc fix.  I don't believe the above patch is
in -squeeze2.

The symptoms of the "TCP resets" described are in line with what the
additional patch fixes.

Thomas




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Wed, 30 May 2012 15:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Will Aoki <waoki@umnh.utah.edu>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Wed, 30 May 2012 15:21:04 GMT) Full text and rfc822 format available.

Message #35 received at 674924@bugs.debian.org (full text, mbox):

From: Will Aoki <waoki@umnh.utah.edu>
To: Dominic Hargreaves <dom@earth.li>
Cc: 674924@bugs.debian.org
Subject: Re: [request-tracker-maintainers] Bug#674924: request-tracker3.8: Web interface periodically stops working after DSA-2480-1
Date: Wed, 30 May 2012 09:19:00 -0600
On Mon, May 28, 2012 at 12:35:24PM -0600, Will Aoki wrote:
> On Mon, May 28, 2012 at 06:00:56PM +0100, Dominic Hargreaves wrote:
> > Could you check whether the problem goes away if you downgrade to
> > 3.8.8-7+squeeze1 (making sure you stop and start apache afterwards)?
> 
> I'll do that and see if support staff still see the problem. It'll take
> a day or so to be sure it's not happening.

I've had no evidence of the problem since downgrading to
3.8.8-7+squeeze1.

-- 
William Aoki     KD7YAF    waoki@umnh.utah.edu    5-1924




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Wed, 30 May 2012 17:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Wed, 30 May 2012 17:30:05 GMT) Full text and rfc822 format available.

Message #40 received at 674924@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: Thomas Sibley <trs@bestpractical.com>, 674924@bugs.debian.org
Cc: waoki@umnh.utah.edu, Valentin.Vidic@CARNet.hr, samuel@unimelb.edu.au, control@bugs.debian.org
Subject: Re: [request-tracker-maintainers] Bug#674924: Bugfix for TCP resets
Date: Wed, 30 May 2012 18:26:28 +0100
notfound 3.8.8-7+squeeze2
found 3.8.8-7+squeeze3
thanks

On Wed, May 30, 2012 at 10:29:34AM -0400, Thomas Sibley wrote:
> 3.8.13rc2 was released over the weekend with an additional fix on top of
> the first fix in rc1.  The relevant bugfix patch is:
> 
>    https://github.com/bestpractical/rt/commit/38093f9f
> 
> rc2 also includes a small doc fix.  I don't believe the above patch is
> in -squeeze2.
> 
> The symptoms of the "TCP resets" described are in line with what the
> additional patch fixes.

Right, the initial consensus on IRC was that this didn't apply on
3.8.8 as the problematic code was introduced in 3.8.9. It now appears
that this is not the case (I was unable to do any thorough testing
of this over the weekend, regrettably; however a simple test with
mod_perl on squeeze and 3.8.8-7+squeeze3 does not demonstrate the
problem for me).

The original submitter of this bug had, I believed, encountered this
problem before it appeared in Debian, as he had, I believe, manually
applied https://github.com/bestpractical/rt/commit/b7a5a53 - I am
therefore updating the 'found' version number in an attempt to make
things a bit less confusing.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)




No longer marked as found in versions 3.8.8-7+squeeze2. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Wed, 30 May 2012 17:33:18 GMT) Full text and rfc822 format available.

Marked as found in versions request-tracker3.8/3.8.8-7+squeeze3. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Wed, 30 May 2012 17:33:19 GMT) Full text and rfc822 format available.

Added indication that 674924 affects release.debian.org Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Wed, 30 May 2012 18:09:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Wed, 30 May 2012 21:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Wed, 30 May 2012 21:54:03 GMT) Full text and rfc822 format available.

Message #51 received at 674924@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: Thomas Sibley <trs@bestpractical.com>, 674924@bugs.debian.org
Cc: waoki@umnh.utah.edu, samuel@unimelb.edu.au, Valentin.Vidic@CARNet.hr, Alex Vandiver <alexmv@bestpractical.com>
Subject: Re: [request-tracker-maintainers] Bug#674924: Bug#674924: Bugfix for TCP resets
Date: Wed, 30 May 2012 22:50:51 +0100
On Wed, May 30, 2012 at 06:26:28PM +0100, Dominic Hargreaves wrote:
> On Wed, May 30, 2012 at 10:29:34AM -0400, Thomas Sibley wrote:
> > 3.8.13rc2 was released over the weekend with an additional fix on top of
> > the first fix in rc1.  The relevant bugfix patch is:
> > 
> >    https://github.com/bestpractical/rt/commit/38093f9f
> > 
> > rc2 also includes a small doc fix.  I don't believe the above patch is
> > in -squeeze2.
> > 
> > The symptoms of the "TCP resets" described are in line with what the
> > additional patch fixes.
> 
> Right, the initial consensus on IRC was that this didn't apply on
> 3.8.8 as the problematic code was introduced in 3.8.9. It now appears
> that this is not the case (I was unable to do any thorough testing
> of this over the weekend, regrettably; however a simple test with
> mod_perl on squeeze and 3.8.8-7+squeeze3 does not demonstrate the
> problem for me).
> 
> The original submitter of this bug had, I believed, encountered this
> problem before it appeared in Debian, as he had, I believe, manually
> applied https://github.com/bestpractical/rt/commit/b7a5a53 - I am
> therefore updating the 'found' version number in an attempt to make
> things a bit less confusing.

After a bit more discussion with Alex from Best Practical, I've prepared
another package which includes the missing second fix based on
38093f9f. Please could those seeing this problems try out the packages
available from

http://people.debian.org/~dom/rt/ (3.8.8-7+squeeze4~test.1)

And let me know whether this fixes things for them?

(This is r1090 from svn://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/squeeze-security)

Thanks,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)




Merged 674924 675369 Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Thu, 31 May 2012 18:00:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Thu, 31 May 2012 23:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Will Aoki <waoki@umnh.utah.edu>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Thu, 31 May 2012 23:15:05 GMT) Full text and rfc822 format available.

Message #58 received at 674924@bugs.debian.org (full text, mbox):

From: Will Aoki <waoki@umnh.utah.edu>
To: Dominic Hargreaves <dom@earth.li>
Cc: Thomas Sibley <trs@bestpractical.com>, 674924@bugs.debian.org, samuel@unimelb.edu.au, Valentin.Vidic@CARNet.hr, Alex Vandiver <alexmv@bestpractical.com>
Subject: Re: [request-tracker-maintainers] Bug#674924: Bug#674924: Bugfix for TCP resets
Date: Thu, 31 May 2012 17:13:38 -0600
On Wed, May 30, 2012 at 10:50:51PM +0100, Dominic Hargreaves wrote:
> http://people.debian.org/~dom/rt/ (3.8.8-7+squeeze4~test.1)
> 
> And let me know whether this fixes things for them?

I've had it running all day without seeing or hearing of any problems.

Thanks!

-- 
William Aoki     KD7YAF    waoki@umnh.utah.edu    5-1924




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Fri, 01 Jun 2012 00:21:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christopher Samuel <samuel@unimelb.edu.au>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Fri, 01 Jun 2012 00:21:06 GMT) Full text and rfc822 format available.

Message #63 received at 674924@bugs.debian.org (full text, mbox):

From: Christopher Samuel <samuel@unimelb.edu.au>
To: 674924@bugs.debian.org
Subject: Re: Web interface periodically stops working after DSA-2480-1
Date: Fri, 01 Jun 2012 10:17:16 +1000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a test report on the other bug (bug #675369, now merged)
by Mike Bird which says:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675369#26

# 3.8.8-7+squeeze4~test.1 seems to fix the problem of command
# line "rt create" reporting 500, and the problem of a blank
# page after using web-reply to change a ticket's owner.
#
# It also seems to fix an (unreported?) problem of auto-refresh
# RT home page failing to refresh.
#
# It does not fix the problems of CCs not being added through
# the web interface when specified by username or real name.


- -- 
    Christopher Samuel - Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel@unimelb.edu.au Phone: +61 (0)3 903 55545
         http://www.vlsci.unimelb.edu.au/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/ICgwACgkQO2KABBYQAh8QxgCglEuZN5elRDcrS1M68ygCbNUr
ZY4AoIyDnfV6rY3JSFOutvqAcUTr4WiU
=GyM2
-----END PGP SIGNATURE-----




Added tag(s) pending. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Sun, 03 Jun 2012 18:36:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>:
Bug#674924; Package request-tracker3.8. (Wed, 06 Jun 2012 11:36:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Valentin Vidic <Valentin.Vidic@CARNet.hr>:
Extra info received and forwarded to list. Copy sent to Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>. (Wed, 06 Jun 2012 11:36:02 GMT) Full text and rfc822 format available.

Message #70 received at 674924@bugs.debian.org (full text, mbox):

From: Valentin Vidic <Valentin.Vidic@CARNet.hr>
To: Will Aoki <waoki@umnh.utah.edu>
Cc: Dominic Hargreaves <dom@earth.li>, Thomas Sibley <trs@bestpractical.com>, 674924@bugs.debian.org, samuel@unimelb.edu.au, Alex Vandiver <alexmv@bestpractical.com>
Subject: Re: [request-tracker-maintainers] Bug#674924: Bug#674924: Bugfix for TCP resets
Date: Wed, 6 Jun 2012 12:39:25 +0200
On Thu, May 31, 2012 at 05:13:38PM -0600, Will Aoki wrote:
> I've had it running all day without seeing or hearing of any problems.

After adding the webmux.pl fix, FD 0 is now always open with /dev/null and
the connection reset problem does not happen any more.

-- 
Valentin




Reply sent to Dominic Hargreaves <dom@earth.li>:
You have taken responsibility. (Thu, 07 Jun 2012 22:24:08 GMT) Full text and rfc822 format available.

Notification sent to Will Aoki <waoki@umnh.utah.edu>:
Bug acknowledged by developer. (Thu, 07 Jun 2012 22:24:08 GMT) Full text and rfc822 format available.

Message #75 received at 674924-close@bugs.debian.org (full text, mbox):

From: Dominic Hargreaves <dom@earth.li>
To: 674924-close@bugs.debian.org
Subject: Bug#674924: fixed in request-tracker3.8 3.8.8-7+squeeze4
Date: Thu, 07 Jun 2012 22:22:11 +0000
Source: request-tracker3.8
Source-Version: 3.8.8-7+squeeze4

We believe that the bug you reported is fixed in the latest version of
request-tracker3.8, which is due to be installed in the Debian FTP archive:

request-tracker3.8_3.8.8-7+squeeze4.diff.gz
  to main/r/request-tracker3.8/request-tracker3.8_3.8.8-7+squeeze4.diff.gz
request-tracker3.8_3.8.8-7+squeeze4.dsc
  to main/r/request-tracker3.8/request-tracker3.8_3.8.8-7+squeeze4.dsc
request-tracker3.8_3.8.8-7+squeeze4_all.deb
  to main/r/request-tracker3.8/request-tracker3.8_3.8.8-7+squeeze4_all.deb
rt3.8-apache2_3.8.8-7+squeeze4_all.deb
  to main/r/request-tracker3.8/rt3.8-apache2_3.8.8-7+squeeze4_all.deb
rt3.8-clients_3.8.8-7+squeeze4_all.deb
  to main/r/request-tracker3.8/rt3.8-clients_3.8.8-7+squeeze4_all.deb
rt3.8-db-mysql_3.8.8-7+squeeze4_all.deb
  to main/r/request-tracker3.8/rt3.8-db-mysql_3.8.8-7+squeeze4_all.deb
rt3.8-db-postgresql_3.8.8-7+squeeze4_all.deb
  to main/r/request-tracker3.8/rt3.8-db-postgresql_3.8.8-7+squeeze4_all.deb
rt3.8-db-sqlite_3.8.8-7+squeeze4_all.deb
  to main/r/request-tracker3.8/rt3.8-db-sqlite_3.8.8-7+squeeze4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 674924@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated request-tracker3.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 03 Jun 2012 19:31:47 +0100
Source: request-tracker3.8
Binary: request-tracker3.8 rt3.8-clients rt3.8-apache2 rt3.8-db-postgresql rt3.8-db-mysql rt3.8-db-sqlite
Architecture: source all
Version: 3.8.8-7+squeeze4
Distribution: stable-security
Urgency: low
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description: 
 request-tracker3.8 - extensible trouble-ticket tracking system
 rt3.8-apache2 - Apache 2 specific files for request-tracker3.8
 rt3.8-clients - mail gateway and command-line interface to request-tracker3.8
 rt3.8-db-mysql - MySQL database backend for request-tracker3.8
 rt3.8-db-postgresql - PostgreSQL database backend for request-tracker3.8
 rt3.8-db-sqlite - SQLite database backend for request-tracker3.8
Closes: 674924
Changes: 
 request-tracker3.8 (3.8.8-7+squeeze4) stable-security; urgency=low
 .
   * Apply second fix for regression introduced by previous security fix
     when sending email with mod_perl (Closes: #674924)
Checksums-Sha1: 
 5817e3944b18bee1d5b5600bf6725382132ed3b9 1635 request-tracker3.8_3.8.8-7+squeeze4.dsc
 fca34f97dd389d690ba05142817ca3c5acdb9b4e 115507 request-tracker3.8_3.8.8-7+squeeze4.diff.gz
 777ff821aabe3f135040529ddd41a89b71f84d84 4666756 request-tracker3.8_3.8.8-7+squeeze4_all.deb
 9e45ec48c434be71909ec741983ee4a85e863c7a 47628 rt3.8-clients_3.8.8-7+squeeze4_all.deb
 9b7438cc79e8ef37ae588c5a5b2ce4e43ab9c06b 12916 rt3.8-apache2_3.8.8-7+squeeze4_all.deb
 4b4b0c0f8ed909578feb6d2d3fc7dff9c1bb681c 11592 rt3.8-db-postgresql_3.8.8-7+squeeze4_all.deb
 a5e7b927d4bc65933a86c7fa42fbf9061848d422 11588 rt3.8-db-mysql_3.8.8-7+squeeze4_all.deb
 cb7e819bfdbe14039a797c170369461e5acf6c12 11680 rt3.8-db-sqlite_3.8.8-7+squeeze4_all.deb
Checksums-Sha256: 
 e4d23527316e16194d0a4a67dbe243006493c8dd6b28c823a677b42b04baf8a2 1635 request-tracker3.8_3.8.8-7+squeeze4.dsc
 2cb56797e05f1ac643a94ae1c0fbd1c80bb8c1b066c73c2d781b7e5f2484c634 115507 request-tracker3.8_3.8.8-7+squeeze4.diff.gz
 2f97387aeb7e037fad9d7bc8443544343336021a14deef9d3017f95c26c179c3 4666756 request-tracker3.8_3.8.8-7+squeeze4_all.deb
 5719773549ef4ac369152c065dd208192d9ca6b05730eee76ee4eea8786580d8 47628 rt3.8-clients_3.8.8-7+squeeze4_all.deb
 72352187da903dcfa2cde1aef29a915acaf8edb35c319ed9ba27b75376ea39ca 12916 rt3.8-apache2_3.8.8-7+squeeze4_all.deb
 896aa247126d156b9a08ecb42ba5e2f5b2f651ddc124b307d99878a960a30781 11592 rt3.8-db-postgresql_3.8.8-7+squeeze4_all.deb
 b5eecdf1ea5e3e55247479564ce0834795c2d0034bd5c14737039c0eef68b01c 11588 rt3.8-db-mysql_3.8.8-7+squeeze4_all.deb
 8dfc101b265cd0d5b4ce4e9d7fe5bceacdfcc5a0f613ea6d558afc4e15099d2b 11680 rt3.8-db-sqlite_3.8.8-7+squeeze4_all.deb
Files: 
 68943f2217a06f5204189cdbaf27b896 1635 misc optional request-tracker3.8_3.8.8-7+squeeze4.dsc
 3247c578b46caec5580ab3d27734c1b4 115507 misc optional request-tracker3.8_3.8.8-7+squeeze4.diff.gz
 cc22b7fd38fe72ddd3825e66e881fd14 4666756 misc optional request-tracker3.8_3.8.8-7+squeeze4_all.deb
 d831dea6891adb6e295fd27e061150a8 47628 misc optional rt3.8-clients_3.8.8-7+squeeze4_all.deb
 6732403a0837a67cb2e22a1bf0eabd3f 12916 misc optional rt3.8-apache2_3.8.8-7+squeeze4_all.deb
 b7857b85a6d2f1e45f14b124e6227fb2 11592 misc optional rt3.8-db-postgresql_3.8.8-7+squeeze4_all.deb
 27de4dd07e48a64bd115e0da27459b93 11588 misc optional rt3.8-db-mysql_3.8.8-7+squeeze4_all.deb
 1509fbafb91b175973bc33b5cbf94ffd 11680 misc optional rt3.8-db-sqlite_3.8.8-7+squeeze4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFPy63/YzuFKFF44qURAm20AJoD7nLJLntCzHzF8NwG21Y0/5wrYgCgzsAP
AmdTg7tKiaAdzpX9Nzzy8Jc=
=gvz/
-----END PGP SIGNATURE-----





Reply sent to Dominic Hargreaves <dom@earth.li>:
You have taken responsibility. (Thu, 07 Jun 2012 22:24:09 GMT) Full text and rfc822 format available.

Notification sent to Mike Bird <mgb@yosemite.net>:
Bug acknowledged by developer. (Thu, 07 Jun 2012 22:24:09 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 06 Jul 2012 07:38:45 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 15:58:15 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.