Regression in the FCGI wrapper for WWSympa #1020
Comments
|
Is this reporter running wwsympa.fcgi with CGI mode? If they are, CGI mode is obsoleted method. It is not available with Sympa 6.2.24 or later (See #69), even if wwsympa was wrapped by fcgiwrap. |
|
Version of the reporter is 6.2.16. And it worked before the upgrade with the wwsympa wrapper patch. |
|
Anyways the patch assumes that CGI mode has been deprecated. It is incompatible with CGI mode supported by earlier version of Sympa. |
|
Aha, thanks a lot. |
|
It is possible to connect to FastCGI server through TCP socket doing such as |
|
So the correct patch for older versions seems to be sympa-6.1.25-sa-2020-002-r2.patch. Will update the Debian bug report accordingly. |
Sorry. I (the initial reported of the Debian bug) did not find enough time yesterday to test this further - I will try to find some time tonight or latest during the week-end to test if the TCP socket versus socket approach changes anything. @racke suggested to ditch the wrapper and just go with a systemd controlled service which I tried yesterday morning and it works to that extend that I can get a valid session and log-in. But as the logged in user/listmaster cannot see any of the lists I fear I need to investigate further if I happen to have another issue lurking in the background. |
|
As indicated, I did not find enough time over the past few days - sorry! I was not able to get sympa running again with the mentioned 6.1.25 patch as nginx/fastcgi seems to rely heavily on environment variables for setting up sessions. As I do not want to weaken the patch by selectively allowing more environment variables to be passed through, I ditched the wrapper(s) and went with With The problem I referred to two days hence with being able to log-in ("get a valid session") but being stuck on the welcome page was simply an oversight from my side, namely having commenting out the following lines by accident After fixing this, sympa's web interface works again as before. Thus, my advice - at least for the "ancient" version of sympa (6.2.16) I am currently running behind a reverse proxy - would be to keep the patch for the wrappers as is and make a note that people ought to remove the wrapper and go with Thus, at least from my point of view, the issue is resolved (and I should upgrade to Thanks a lot! |
|
@carsten-AEI , thanks for input! This issue will be closed. |
From Debian bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972189
Dear Maintainer(s),
since applying the security update from 6.2.16
dfsg-3+deb9u2 todfsg-3+deb9u3 I found some troubles with the session handling,6.2.16
i.e. the web server reports
2020/10/13 11:59:18 [error] 2123#2123: *3525 FastCGI sent in stderr:
"Use of uninitialized value in string ne at /usr/share/sympa/lib/Sympa/Se
ssion.pm line 406.
Use of uninitialized value $remote_addr in string ne at
/usr/share/sympa/lib/Sympa/Session.pm line 406" while reading upstream,
client: 192.16
8.100.2, server: lists.welcomes-you.com, request: "POST /sympa
HTTP/1.0", upstream: "fastcgi://unix:/run/fcgiwrap.socket:", host:
"FQDN", referrer: "https://FQDN/sympa"
My configuration may be a bit "nasty" and may contribute here:
The external https access to sympa is TLS terminated by nginx acting as
a reverse proxy which then sends the requests via a virtual bridge to
the container where sympa is running.
After comparing the changes between u2 and u3 I fear this change here
char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL };
[..]
to the fcgi wrapper may cause the nginx set variable $ENV{'REMOTE_ADDR'}
not to be set and thus session handling will not work anymore.
The text was updated successfully, but these errors were encountered: