Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Aug 2015 03:47:13 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 202637] www/lighttpd: 1.4.36 has header corruption, and breaks under load
Message-ID:  <bug-202637-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202637

            Bug ID: 202637
           Summary: www/lighttpd: 1.4.36 has header corruption, and breaks
                    under load
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs@FreeBSD.org
          Reporter: peter@FreeBSD.org
                CC: pkubaj@riseup.net
             Flags: maintainer-feedback?(pkubaj@riseup.net)
                CC: pkubaj@riseup.net

This is a preliminary report.  The 1.4.36 update badly breaks freebsd-update. 
It appears that lighttpd is decoding the http requests badly.

2015-08-25 03:13:47: (request.c.712) invalid character in key GET
/10.2-RELEASE/amd64/f/05a1e9b7b0583d98cdf1d5b6020f2f25446002a8efe0417395b75757a1ddefe5.gz
HTTP/1.1\r\nHost: update2.freebsd.org\r\nUs  0 -> 400 
2015-08-25 03:13:47: (request.c.715) request-header:\nGET
/10.2-RELEASE/amd64/f/05a1e9b7b0583d98cdf1d5b6020f2f25446002a8efe0417395b75757a1ddefe5.gz
HTTP/1.1\r\nHost: update2.freebsd.org\r\nUs 

This manifests in the freebsd-update / portsnap clients like this:
http://update2.freebsd.org/10.2-RELEASE/amd64/f/0c301f89e862e5165519e7c65dccffbb22b3b8c5ef5db7267f98dc04812feb4d.gz:
200 OK
http://update2.freebsd.org/10.2-RELEASE/amd64/f/0c302f734e8bc0df8e4a1c26f98e7c1fa1fa837858cc24769908a0ab46b0e313.gz:
400 Error (ignored)
http://update2.freebsd.org/10.2-RELEASE/amd64/f/41065db0a842bfe35bc8f79877b4c5c8077bab9ccd34a4451b09b3cf6e079e64.gz:
200 OK

We are seeing:
* 400 bad-request errors
* corrupt data transfers (this is the most serious problem)
* spurious, transient 404 not-found errors.

Reverting to 1.4.35_05 solves it, but obviously that's not a good solution.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202637-13>