[DRE-maint] Bug#615026: mongrel: Updating Mongrel+Rails to Squeeze causes some systems to deliver incomplete headers

Gunnar Wolf gwolf at gwolf.org
Fri Feb 25 00:55:42 UTC 2011 

Package: mongrel
Version: 1.1.5-5
Severity: important
Tags: patch upstream squeeze wheezy sid

After the Lenny⇒Squeeze update, two out of my six Rails systems
(served under Mongrel) broke — Or rather, the systems continued
working, but giving incomplete headers (and thus rendering the results
useless).

I came across this similar description:

  https://rails.lighthouseapp.com/projects/8994/tickets/4690

It includes a very simple patch, which I'm inlining here:

------------------------------------------------------------
--- lib/mongrel/cgi.rb.orig	 2009-01-27 16:10:20.263513800 +0000
+++ lib/mongrel/cgi.rb		 2010-06-10 11:39:07.664959500 +0100
@@ -104,8 +104,13 @@
           cookie.each {|c| to['Set-Cookie'] = c.to_s }
         when Hash
           cookie.each_value {|c| to['Set-Cookie'] = c.to_s}
+        when String
+          cookies = cookie.split(/\n+/)
+          cookies.each do |c|
+            to['Set-Cookie'] = c
+          end
         else
-          to['Set-Cookie'] = options['cookie'].to_s
+          to['Set-Cookie'] = cookie.to_s
         end
         
         @head.delete('cookie')
------------------------------------------------------------

And the results are:

Before the patch:

$ HEAD http://172.16.10.6:8151/people/login
200 OK
Connection: close
Date: Fri, 25 Feb 2011 00:41:11 GMT
Content-Length: 0
Client-Date: Fri, 25 Feb 2011 00:41:11 GMT
Client-Peer: 172.16.10.6:8151
Client-Response-Num: 1

After the patch:

$ HEAD http://172.16.10.6:8151/people/login
200 OK
Cache-Control: private, max-age=0, must-revalidate
Connection: close
Date: Fri, 25 Feb 2011 00:41:51 GMT
ETag: "97ce551237db91b1a5260a9814bca7db"
Server: Mongrel 1.1.5
Content-Length: 3581
Content-Type: text/html; charset=utf-8
Client-Date: Fri, 25 Feb 2011 00:41:52 GMT
Client-Peer: 172.16.10.6:8151
Client-Response-Num: 1
Set-Cookie: lang=en; path=/; expires=Sat, 26-Feb-2011 00:41:51 GMT
Set-Cookie: _comas_session_id=59c6daad0f827132a3c5939585b96d18; path=/; HttpOnly
Status: 200
X-Runtime: 257

Currently, the Mongrel version in Stable, Testing and Unstable is the
same, and I guess the bug is present in all three suites. Please,
consider uploading a fixed version to squeeze-proposed-updates!

Please consider uploading a package fixing this problem to Squeeze!

-- System Information:
Debian Release: 6.0
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-openvz-686 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mongrel depends on:
ii  libc6                        2.11.2-10   Embedded GNU C Library: Shared lib
ii  libdaemons-ruby              1.0.10-2    Ruby daemons library
ii  libgemplugin-ruby            0.2.3-2     Gem Based Plugin System
ii  libruby1.8                   1.8.7.302-2 Libraries necessary to run Ruby 1.
ii  ruby1.8                      1.8.7.302-2 Interpreter of object-oriented scr
ii  rubygems1.8                  1.3.7-3     package management framework for R

mongrel recommends no packages.

Versions of packages mongrel suggests:
ii  mongrel-doc                   1.1.5-5    A small fast HTTP library and serv
ii  rails                         2.3.5-1.2  MVC ruby based framework geared fo

-- no debconf information

More information about the Pkg-ruby-extras-maintainers mailing list