Copied to feisty-updates, thank you. Waiving the 7-days aging period
since this has already been sitting in -proposed for months before.
** Changed in: apache2 (Ubuntu Feisty)
Status: Fix Committed = Fix Released
--
/var/lock/apache2 has wrong owner and group for webdav
Mathias, thanks. I fixed the version number (must be bigger than current
-proposed), uploaded, and accepted into feisty-proposed. QA team, please
test this again. Thank you!
** Tags added: verification-needed
** Changed in: apache2 (Ubuntu Feisty)
Status: In Progress = Fix Committed
--
Verification completed, with apache2 version 2.2.3-3.2ubuntu2 the lock
index.html command using the cadaver client works as expected
(succeeds), thanks.
** Tags added: verification-done
** Tags removed: verification-needed
--
/var/lock/apache2 has wrong owner and group for webdav
I've attached a new debdiff based on the latest security update.
** Attachment added: apache2_2.2.3-3.2ubuntu0.2.debdiff
http://launchpadlibrarian.net/10503697/apache2_2.2.3-3.2ubuntu0.2.debdiff
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
Mathias, sorry, I noticed too late that I cannot move this to -updates:
You need to redo the upload and incorporate the security fix in
2.2.3-3.2ubuntu0.1. I can sponsor the upload if necessary.
I removed the current package from -proposed.
** Tags removed: verification-done
** Changed in:
** Description changed:
Binary package hint: apache2.2-common
I'm running apache2.2 (package apache2.2-common 2.2.3-3.2build1) as a
webdav server on feisty (amd64).
According to the apache documentation,
http://httpd.apache.org/docs/2.2/mod/mod_dav_fs.html, the directory
Test completed successfully.
On a Feisty Fawn installation:
With apache2 version 2.2.3-3.2ubuntu0.1, using the cadaver web dav client on
the command line, 'lock index.html' fails
with apache2 version 2.2.3-3.2ubuntu1, using the cadaver web dav client on the
command line, 'lock index.html'
This has been in -proposed for three months now. Christian, Mathias,
please make sure to get this verified. If it is not interesting any
more, I will remove it from -proposed. Thank you!
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You received
Mathias, is this already fixed in gutsy? If so, please close the task,
if not, please get it fixed.
The feisty patch looks good, it just has the wrong version number: Since
it introduces source changes, it needs to be 2.2.3-3.2ubuntu1, and you
need to do the Maintainer:/XSBC-Original-Maintainer:
** Changed in: apache2 (Ubuntu Feisty)
Assignee: (unassigned) = Mathias Gug
Status: New = Incomplete
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Changed in: apache2 (Debian)
Status: Unknown = Fix Released
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs
apache2 (2.2.3-3.2ubuntu1) feisty-proposed; urgency=low
* debian/apache2.2-common.init.d: make sure that /var/lock/apache2 is owned
by www-data. Fixes LP: #129920.
* debian/control: Set Maintainer to Ubuntu Core Dev and move Debian
maintainer to XSBC-Original-Maintainer.
-- Mathias
I am also closing the bug because the bug has been fixed in the latest
development version of Ubuntu - the Gutsy Gibbon.
** Changed in: apache2 (Ubuntu)
Status: In Progress = Fix Released
** Changed in: apache2 (Ubuntu Feisty)
Status: Incomplete = In Progress
** Changed in:
Sponsored upload and accepted into feisty-proposed. Please go ahead with
QA testing.
** Changed in: apache2 (Ubuntu Feisty)
Status: In Progress = Fix Committed
** Tags added: verification-needed
--
/var/lock/apache2 has wrong owner and group for webdav
I've attached a new debdiff that fixes the issues raised above.
** Attachment added: New debdiff.
http://launchpadlibrarian.net/8679527/apache2_2.2.3-3.2ubuntu1.debdiff
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You received this bug
** Changed in: apache2 (Ubuntu Feisty)
Status: Fix Released = Fix Committed
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
** Description changed:
Binary package hint: apache2.2-common
- I'm running apache2.2 (package apache2.2-common 2.2.3-3.2build1) als a
+ I'm running apache2.2 (package apache2.2-common 2.2.3-3.2build1) as a
webdav server on feisty (amd64).
According to the apache documentation,
Christian Riesch wrote:
Is it a good idea to fix it like this?
Without looking at the code - *no*. This will enable exploit in web
application to corrupt locking mechanism. For the same reason, web pages
aren't owned by www-data.
I'll take a look at this...
--
/var/lock/apache2 has wrong
I have just found this bug already reported for debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420101
They also fix it by changing ownership in /etc/init.d/apache2.
Christian
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You
** Also affects: apache2 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420101
Importance: Unknown
Status: Unknown
--
/var/lock/apache2 has wrong owner and group for webdav
https://bugs.launchpad.net/bugs/129920
You received this bug notification because you are a
I've attached a debdiff that fixes the problem for feisty.
The bug has also been fixed in the latest development version of Ubuntu
- the Gutsy Gibbon.
** Attachment added: apache2_2.2.3-3.2build2.debdiff
http://launchpadlibrarian.net/867/apache2_2.2.3-3.2build2.debdiff
** Changed in:
21 matches
Mail list logo