Mailinglist Archive: opensuse-bugs (15090 mails)
| < Previous | Next > |
[Bug 325693] New: libzypp not compliant to HTTP/1.1 specification
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Mon, 17 Sep 2007 09:19:49 -0600 (MDT)
- Message-id: <bug-325693-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=325693
Summary: libzypp not compliant to HTTP/1.1 specification
Product: openSUSE 10.3
Version: Beta 3
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: libzypp
AssignedTo: kkaempf@xxxxxxxxxx
ReportedBy: poeml@xxxxxxxxxx
QAContact: kkaempf@xxxxxxxxxx
Found By: ---
libzypp does issue HTTP requests which don't comply to the HTTP/1.1
specification:
213.84.49.35 - - [17/Sep/2007:16:54:23 +0200] "GET
http://widehat.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/i586/ghostscript-library-8.15.3-94.i586.rpm
HTTP/1.1" 200 6427137 "-" "Novell ZYPP Installer"
213.17.12.182 - - [17/Sep/2007:16:54:33 +0200] "GET
http://widehat.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/i586/perl-TermReadLine-Gnu-1.16-36.i586.rpm
HTTP/1.1" 200 100948 "-" "Novell ZYPP Installer"
195.135.221.2 - - [17/Sep/2007:16:54:33 +0200] "GET
/distribution/SL-OSS-factory/inst-source/suse/noarch/yast2-ldap-client-2.15.12-27.noarch.rpm
HTTP/1.1" 200 101095 "-" "Novell ZYPP Installer"
80.130.246.208 - - [17/Sep/2007:16:54:29 +0200] "GET
/distribution/SL-OSS-factory/inst-source/suse/x86_64/libkde4-3.93.0.svn712047-2.x86_64.rpm
HTTP/1.1" 200 6333373 "-" "Novell ZYPP Installer"
The first two of these are wrong.
Acc. to rfc 2616, 5.1.2 the client MUST use the so-called abs_path URL form:
"The most common form of Request-URI is that used to identify a
resource on an origin server or gateway. In this case the absolute
path of the URI MUST be transmitted (see section 3.2.1, abs_path) as
the Request-URI, and the network location of the URI (authority) MUST
be transmitted in a Host header field."
The abs_path form is defined in rfc 2396, 3.
The effect of this is mitigated by the fact that
"To allow for transition to absoluteURIs in all requests in future
versions of HTTP, all HTTP/1.1 servers MUST accept the absoluteURI
form in requests, even though HTTP/1.1 clients will only generate
them in requests to proxies."
but it is clearly a violation of the protocol.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Summary: libzypp not compliant to HTTP/1.1 specification
Product: openSUSE 10.3
Version: Beta 3
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: libzypp
AssignedTo: kkaempf@xxxxxxxxxx
ReportedBy: poeml@xxxxxxxxxx
QAContact: kkaempf@xxxxxxxxxx
Found By: ---
libzypp does issue HTTP requests which don't comply to the HTTP/1.1
specification:
213.84.49.35 - - [17/Sep/2007:16:54:23 +0200] "GET
http://widehat.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/i586/ghostscript-library-8.15.3-94.i586.rpm
HTTP/1.1" 200 6427137 "-" "Novell ZYPP Installer"
213.17.12.182 - - [17/Sep/2007:16:54:33 +0200] "GET
http://widehat.opensuse.org/distribution/SL-OSS-factory/inst-source/suse/i586/perl-TermReadLine-Gnu-1.16-36.i586.rpm
HTTP/1.1" 200 100948 "-" "Novell ZYPP Installer"
195.135.221.2 - - [17/Sep/2007:16:54:33 +0200] "GET
/distribution/SL-OSS-factory/inst-source/suse/noarch/yast2-ldap-client-2.15.12-27.noarch.rpm
HTTP/1.1" 200 101095 "-" "Novell ZYPP Installer"
80.130.246.208 - - [17/Sep/2007:16:54:29 +0200] "GET
/distribution/SL-OSS-factory/inst-source/suse/x86_64/libkde4-3.93.0.svn712047-2.x86_64.rpm
HTTP/1.1" 200 6333373 "-" "Novell ZYPP Installer"
The first two of these are wrong.
Acc. to rfc 2616, 5.1.2 the client MUST use the so-called abs_path URL form:
"The most common form of Request-URI is that used to identify a
resource on an origin server or gateway. In this case the absolute
path of the URI MUST be transmitted (see section 3.2.1, abs_path) as
the Request-URI, and the network location of the URI (authority) MUST
be transmitted in a Host header field."
The abs_path form is defined in rfc 2396, 3.
The effect of this is mitigated by the fact that
"To allow for transition to absoluteURIs in all requests in future
versions of HTTP, all HTTP/1.1 servers MUST accept the absoluteURI
form in requests, even though HTTP/1.1 clients will only generate
them in requests to proxies."
but it is clearly a violation of the protocol.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |