[Bug 997935] New: api returns HTTP 500 if a PUT request does not contain a Content-type: header
http://bugzilla.suse.com/show_bug.cgi?id=997935 Bug ID: 997935 Summary: api returns HTTP 500 if a PUT request does not contain a Content-type: header Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: BuildService Assignee: bnc-team-screening@forge.provo.novell.com Reporter: mmarek@suse.com QA Contact: adrian@suse.com CC: afaerber@suse.com, jslaby@suse.com Found By: --- Blocker: --- The external Kernel:* and internal Devel:Kernel:* projects stopped updating recently, because the upload script is receiving HTTP 500 now. It can also be reproduced by curl: $ curl -n -T data.xml 'https://api.suse.de/source/home:michal-m:test/_meta?force=1' 500 Internal Server Error If you are the administrator of this website, then please read this web application's log file and/or the web server's log file to find out what went wrong. It does work with 'osc api -M PUT -f data.xml'. The difference turns out to be the Content-type header, which osc sends. I will fix the script to also send the header, but please fix the server so that it is not as picky. Ironically, the header value is not used anywhere: osc sends application/octet-stream when uploading XML and the server accepts anything: $ curl -n -T data.xml -H 'Content-type: yada/dada' 'https://api.suse.de/source/home:michal-m:test/_meta?force=1' <status code="ok"> <summary>Ok</summary> </status> -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 Chenzi Cao <chcao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |adrian@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c1 Adrian Schröter <adrian@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|adrian@suse.com |bgeuken@suse.com --- Comment #1 from Adrian Schröter <adrian@suse.com> --- Bjoern, might be a rails 5 issue? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 Björn Geuken <bgeuken@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |CONFIRMED -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c2 --- Comment #2 from Michal Marek <mmarek@suse.com> --- Björn, do you have any update? I just got like the 20th question about why is our kernel upload script failing with HTTP 500. We do have a workaround in git, but people sometimes need to work on older commits for various reasons. And this has been broken for about a month now. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c3 --- Comment #3 from Michal Marek <mmarek@suse.com> --- For reference, anybody getting an HTTP 500 error from 'scripts/osc_wrapper upload' in the kernel-source git needs commit 2cc93a061972 ("SUSE::MyBS: Add Content-type: application/octet-stream to data uploads"). It is present in all maintained branches now, so a rebase will fix the problem. If you can't rebase for some reason (working on a PTF for instance), do a git merge origin/scripts -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c5 Michal Marek <mmarek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |adrian@suse.com Flags| |needinfo?(adrian@suse.com) --- Comment #5 from Michal Marek <mmarek@suse.com> --- Adrian, any chance to have this regression resolved? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c6 Adrian Schröter <adrian@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(adrian@suse.com) | --- Comment #6 from Adrian Schröter <adrian@suse.com> --- We will work on this in next spring (starting next week). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c7 --- Comment #7 from Michal Marek <mmarek@suse.com> --- Thanks for the update! Let me know if you have issues reproducing this. But this should be sufficient (with an entry for api.suse.de in ~/.netrc): $ osc -A https://api.suse.de/ meta prj "$project" >data.xml $ curl -n -T data.xml "https://api.suse.de/source/$project/_meta?force=1" 500 Internal Server Error If you are the administrator of this website, then please read this web application's log file and/or the web server's log file to find out what went wrong. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c8 Christian Bruckmayer <cbruckmayer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cbruckmayer@suse.com --- Comment #8 from Christian Bruckmayer <cbruckmayer@suse.com> --- This is indeed a Rails bug introduced in Rails 5.0. There is already an upstream fix in master but no new version released yet. I added the patch to our rubygem package. This should be fixed after the next deployment for build.opensuse.org planned on Thursday. https://build.opensuse.org/request/show/443935 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c9 Christian Bruckmayer <cbruckmayer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #9 from Christian Bruckmayer <cbruckmayer@suse.com> --- See comment #8 for explanation -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c10 --- Comment #10 from Michal Marek <mmarek@suse.com> --- Thanks a lot, Christian, highly appreciated! Looking forward to the Thursday deployment. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c11 Michal Marek <mmarek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(cbruckmayer@suse. | |com) --- Comment #11 from Michal Marek <mmarek@suse.com> --- Did this deployment happen last week? I can still reproduce this issue in the IBS. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c12 Adrian Schröter <adrian@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(cbruckmayer@suse. | |com) | --- Comment #12 from Adrian Schröter <adrian@suse.com> --- I have updated the responsible rubygem package now. You should not be able to see the 500 anymore. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c13 --- Comment #13 from Michal Marek <mmarek@suse.com> --- I can confirm that the bug is fixed on both build service instances, thanks a lot to both of you! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 http://bugzilla.suse.com/show_bug.cgi?id=997935#c15 --- Comment #15 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2018:2374-1: An update that solves 6 vulnerabilities and has 63 fixes is now available. Category: security (important) Bug References: 1012382,1023711,1064232,1076110,1078216,1082653,1082979,1085042,1085536,1085657,1087081,1087659,1089343,1089525,1090123,1090340,1090435,1090888,1091107,1092001,1092207,1093777,1094120,1094244,1095453,1095643,1096790,1096978,1097034,1097501,1097771,1098599,1099306,1099713,1099792,1099810,1099858,1099918,1099966,1099993,1100089,1100132,1100340,1100843,1100930,1101296,1101331,1101658,1101789,1102188,1102197,1102203,1102205,1102207,1102211,1102214,1102215,1102340,1102394,1102683,1102851,1103097,1103119,1103580,1103717,1103745,1103884,1104174,997935 CVE References: CVE-2017-18344,CVE-2018-14734,CVE-2018-3620,CVE-2018-3646,CVE-2018-5390,CVE-2018-5391 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-azure-4.4.143-4.13.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-azure-4.4.143-4.13.1, kernel-source-azure-4.4.143-4.13.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:11122:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=997935 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:11122:important | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com