From owner-freebsd-www@FreeBSD.ORG Mon May 11 11:07:07 2009 Return-Path: Delivered-To: freebsd-www@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39331106567A for ; Mon, 11 May 2009 11:07:07 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0BBAF8FC13 for ; Mon, 11 May 2009 11:07:07 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4BB76nR086151 for ; Mon, 11 May 2009 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4BB7629086147 for freebsd-www@FreeBSD.org; Mon, 11 May 2009 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 11 May 2009 11:07:06 GMT Message-Id: <200905111107.n4BB7629086147@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-www@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-www@FreeBSD.org X-BeenThere: freebsd-www@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD Project Webmasters List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2009 11:07:07 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o www/133862 www 24 bit version of FreeBSD favicon o www/133730 www amd64 motherboard success report: Asrock A770DE AMD7 o www/133262 www FreeBSD on ASUS M2N-MX SE + f www/132178 www Soekris not listed amoung hardware vendors o www/132149 www Problem with submitting emails to freebsd-questions@fr o www/132091 www russian freebsd copyright - wrong translation f www/131863 www Please add to Commercial Vendors listing o www/131493 www sshd(8) and sshd_config(8) on-line man pages outdated o www/130627 www Submission for www/en/platforms/amd64/motherboards.sgm f www/130340 www Submission for ISP page o www/129969 www Need 301 moved permanently errors returned for www.fre o www/129923 www Need stylesheet for FreeBSD Subversion DAV tree o www/129622 www amd64 motherboard - new board to add to the supported o www/129401 www FreeBSD Multimedia page should automatically pick up Y o www/129331 www Supported motherboard Gigabyte GA-MA78GPM-DS2H o www/128943 www dmesg output for ASUS M3A79-T running FreeBSD-7.1-PRER o www/128113 www outdated port count graph in www.freebsd.org/ports o www/127497 www new entry to FreeBSD/amd64 Project -- motherboards f www/121391 www Please add us on the ISP pages... o www/116660 www docs.freebsd.org returns bad chunked encoding o www/116479 www cvsweb+enscript formatting bugfix s www/111791 www FreeBSD website messes up while using "links" browser o www/105333 www [patch] Base selection in events in libcommon.xsl does o www/103522 www Search interface oddity o www/98798 www Our statistics page is out of date o www/91539 www FreeBSD web site renders very badly s www/73551 www [request] fix list archive 'quoted-printable' corrupti o www/51135 www Problems with the mailing-lists search interface o www/44181 www www "Release Information" organization 29 problems total. From owner-freebsd-www@FreeBSD.ORG Wed May 13 08:20:04 2009 Return-Path: Delivered-To: freebsd-www@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9D418106566C for ; Wed, 13 May 2009 08:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 77B1F8FC1E for ; Wed, 13 May 2009 08:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n4D8K44W032848 for ; Wed, 13 May 2009 08:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n4D8K4JX032847; Wed, 13 May 2009 08:20:04 GMT (envelope-from gnats) Resent-Date: Wed, 13 May 2009 08:20:04 GMT Resent-Message-Id: <200905130820.n4D8K4JX032847@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-www@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Christian Ullrich Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B1681065716 for ; Wed, 13 May 2009 08:13:53 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 502D78FC2F for ; Wed, 13 May 2009 08:13:53 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n4D8DqVd027201 for ; Wed, 13 May 2009 08:13:52 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n4D8DqEe027200; Wed, 13 May 2009 08:13:52 GMT (envelope-from nobody) Message-Id: <200905130813.n4D8DqEe027200@www.freebsd.org> Date: Wed, 13 May 2009 08:13:52 GMT From: Christian Ullrich To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: www/134505: www.freebsd.org does not correctly process If-Modified-Since requests X-BeenThere: freebsd-www@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD Project Webmasters List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2009 08:20:04 -0000 >Number: 134505 >Category: www >Synopsis: www.freebsd.org does not correctly process If-Modified-Since requests >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-www >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 13 08:20:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Christian Ullrich >Release: n/a >Organization: >Environment: n/a >Description: (While this issue has security implications, it does not do so _directly_, so I think that a public bug report is OK. I'm calling it a "serious" bug anyway.) The HTTP server at www.freebsd.org fails to correctly process requests with the If-Modified-Since header (for HTTP/1.0, see RFC 1945, section 10.9). This affects, among other things, downloads of the portaudit vulnerability index file at . When portaudit accesses this file directly, it does not send an If-Modified-Since header, but if there is a cache in the way, the portaudit run that is part of the daily security cron job will fail. Sample HTTP dialog (some headers removed): > GET /ports/auditfile.tbz HTTP/1.0 > If-Modified-Since: Wed, 06 May 2009 10:10:07 GMT > Host: www.freebsd.org > User-Agent: fetch libfetch/2.0 > Via: 1.1 my.squid.local > Cache-Control: max-age=0 > Connection: keep-alive < HTTP/1.0 304 Not Modified < Connection: keep-alive < Content-Type: application/x-bzip-compressed-tar < Accept-Ranges: bytes < ETag: "1975729766" < Last-Modified: Wed, 13 May 2009 07:10:04 GMT < Date: Wed, 13 May 2009 07:33:00 GMT < Server: httpd/1.4.x LaHonda The 304 response leads to squid delivering its cached copy of the file. squid does not verify that the Last-Modified date the server provided is in fact less than or equal to the If-Modified-Since date squid sent, nor does it compare the ETag to that of the cached copy. In some experimental requests, I have come to the conclusion that the inclusion of an If-Modified-Since request header containing _any_ valid "rfc1123-date" (using the term from RFC 1945) will result in a 304 response. If the header values does not match this syntax, or if the date is invalid in a blatant way, a 200 response is sent. >How-To-Repeat: curl --header "If-Modified-Since: Thu, 1 Jan 1970 00:00:00 GMT" -I http://www.freebsd.org/ports/auditfile.tbz Note the 304 response. >Fix: >Release-Note: >Audit-Trail: >Unformatted: