[Koha] Bulk Patron Image upload zip file giving Error 500

Hector Gonzalez cacho at genac.org
Sat Jul 22 09:00:29 NZST 2017 

The problem is with the headers, the header names have whitespace before 
the text, and that became a problem after debian fixed a security bug 
related to this.

More information: https://blog.tigertech.net/posts/apache-cve-2016-8743/

Debian's fix: https://www.debian.org/security/2017/dsa-3796

In particular, the texts " extracting"  and "   inflating" have extra 
spaces before the header names.

can you check with Koha 17?

On 07/20/2017 11:29 PM, Sunil Sharma wrote:
> Hello Friends,
>
> If someone faced the problem mentioned in my previous mail attached below
> and having any solution, please guide.
>
> I am using Koha 16.05.12 with Debian 8.3 OS on my cloud server.
>
> Currently, I am facing a very strange problem while uploading a single
> patron image via Koha Bulk Patron image upload tool, the image file is
> uploading fine. But When I tried using *zip file* of all patron images with
> a mapped text file named as IDLINK.TXT, As soon as I browse the zip file
> and try to upload the images, the images are uploaded but instead of result
> page, the page will through error 500.
>
> I had checked many Koha versions i.e. Koha 3.22.x, Koha 16.05.x, Koha
> 16.11.x but same *error 500* will be the result.
>
> To troubleshoot the problem I had tested the same Koha versions with same
> zip file at my local virtual machine but the strange problem which I found,
> that* all Koha* versions with bulk patron upload feature *worked fine on
> Debian 8.2 *but *through error 500 with Debian 8.3 and onwards i.e. 8.4,
> 8.8 etc. *
>
> I had tested with different Apache versions but on Debian 8.2 all things
> worked fine, but on Debian 8.3 no success (may be any security fetch or
> something wrong is there)
>
> As there are a lot of other application are running on my cloud server so I
> can't change the OS. Please guide me what will I do?
>
> The Koha error logs are as given below:
>
>
>
>
>
> *[Thu Jul 12 13:43:02.2017] [http:error] [pid 16357] [client x.x.x.x]
> AH02429: Response header name ' extracting' contains invalid characters,
> aborting request, referer:
> http://example.com/cgi-bin/koha/tools/picture-upload.pl
> <http://example.com/cgi-bin/koha/tools/picture-upload.pl>[Thu Jul 12
> 13:50:38.2017] [http:error] [pid 14327] [client x.x.x.x] AH02429: Response
> header name '  inflating' contains invalid characters, aborting request,
> referer: http://example.com/cgi-bin/koha/tools/picture-upload.pl
> <http://example.com/cgi-bin/koha/tools/picture-upload.pl>[Thu Jul 12
> 13:59:27.2017] [http:error] [pid 25507] [client x.x.x.x] AH02429: Response
> header name '  inflating' contains invalid characters, aborting request,
> referer: http://example.com/cgi-bin/koha/tools/picture-upload.pl
> <http://example.com/cgi-bin/koha/tools/picture-upload.pl>*
>
>
> Any pointers would be of help.
>
>
> On Fri, Jul 14, 2017 at 3:19 PM, Sunil Sharma <koha.sunil007 at gmail.com>
> wrote:
>
>> Hi Ian Bays,
>>
>> Thank you very much for the valuable input.
>>
>> I had checked and you are right that all patron images are uploading
>> correctly but was failing when trying to show the results page with the
>> error 500 as you observed.
>>
>> Now, it is confirmed with your mail that something is wrong. Please guide
>> if you will find any solution for this problem.
>>
>> If someone else faced this problem and having solution, please guide.
>>
>>
>>
>> On Fri, Jul 14, 2017 at 2:19 PM, Ian Bays <ian.bays at ptfs-europe.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I have noticed the same problem uploading a zip file of patron images and
>>> saw similar messages in the log file.
>>>
>>> However on checking the patron records saw the images so I concluded that
>>> the upload was working correctly but was failing when trying to show the
>>> results page with the error 500.
>>>
>>> There is definitely something wrong but you might like to check to see if
>>> the upload actually worked OK.
>>>
>>> Best regards.
>>> Ian
>>>
>>> On 13/07/2017 06:32, Sunil Sharma wrote:
>>>
>>>> Hello Friends,
>>>>
>>>> I am using Koha 16.05.12 with Debian 8.3 OS on my cloud server.
>>>>
>>>> Currently, I am facing a very strange problem while uploading a single
>>>> patron image via Koha Bulk Patron image upload tool, the image file is
>>>> uploading fine. But When I tried using *zip file* of all patron images
>>>> with
>>>> a mapped text file named as IDLINK.TXT, As soon as I browse the zip file
>>>> and try to upload the file, the page will through error 500.
>>>>
>>>> I had checked many Koha versions i.e. Koha 3.22.x, Koha 16.05.x, Koha
>>>> 16.11.x but same *error 500* will be the result.
>>>>
>>>> To troubleshoot the problem I had tested the same Koha versions with same
>>>> zip file at my local virtual machine but the strange problem which I
>>>> found,
>>>> that* all Koha* versions with bulk patron upload feature *worked fine on
>>>> Debian 8.2 *but *through error 500 with Debian 8.3 *
>>>>
>>>> I had tested with different Apache versions but on Debian 8.2 all things
>>>> worked fine, but on Debian 8.3 no success (may be any security fetch or
>>>> something wrong is there)
>>>>
>>>> As there are a lot of other application are running on my cloud server
>>>> so I
>>>> can't change the OS. Please guide me what will I do?
>>>>
>>>> The Koha error logs are as given below:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *[Thu Jul 12 13:43:02.2017] [http:error] [pid 16357] [client x.x.x.x]
>>>> AH02429: Response header name ' extracting' contains invalid characters,
>>>> aborting request, referer:
>>>> http://example.com/cgi-bin/koha/tools/picture-upload.pl
>>>> <http://example.com/cgi-bin/koha/tools/picture-upload.pl>[Thu Jul 12
>>>> 13:50:38.2017] [http:error] [pid 14327] [client x.x.x.x] AH02429:
>>>> Response
>>>> header name '  inflating' contains invalid characters, aborting request,
>>>> referer: http://example.com/cgi-bin/koha/tools/picture-upload.pl
>>>> <http://example.com/cgi-bin/koha/tools/picture-upload.pl>[Thu Jul 12
>>>> 13:59:27.2017] [http:error] [pid 25507] [client x.x.x.x] AH02429:
>>>> Response
>>>> header name '  inflating' contains invalid characters, aborting request,
>>>> referer: http://example.com/cgi-bin/koha/tools/picture-upload.pl
>>>> <http://example.com/cgi-bin/koha/tools/picture-upload.pl>*
>>>>
>>>>
>>>>
>>>> Any pointers would be of help.
>>>>
>>>>
>>>>
>>> --
>>> Ian Bays
>>> Director of Projects, PTFS Europe Limited
>>> Content Management and Library Solutions
>>> +44 (0) 800 756 6803 (phone)
>>> +44 (0) 7774 995297 (mobile)
>>> +44 (0) 800 756 6384 (fax)
>>> skype: ian.bays
>>> email: ian.bays at ptfs-europe.com
>>>
>>> _______________________________________________
>>> Koha mailing list  http://koha-community.org
>>> Koha at lists.katipo.co.nz
>>> https://lists.katipo.co.nz/mailman/listinfo/koha
>>>
>>
>>
>> --
>> Thanks & Regards
>> Sunil Sharma
>>
>
>

-- 
Héctor González
cacho at genac.org

More information about the Koha mailing list