[Bug 436253] Re: fails to load libc.so.6 (apparmor profile trouble)
(Right, do not know why I filed it on n-m). FYI, I tried rerunning /etc/init.d/apparmor but it did not help. It also seems like the /etc/network/if-pre-up/dhclient-apparmor script runs fine. I suspect problems dealing with union file systems. I remember seeing a workaround for something sounding similar in a changelog. -- fails to load libc.so.6 (apparmor profile trouble) https://bugs.launchpad.net/bugs/436253 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6
I agree with spinkham. It is a shame that a security issue in a main package (and php5 is pretty prominent when it comes to servers) has a tested debdiff sitting untouched for 5 weeks. Can't blame Kees and his two other colleagues - they have certainly been busy - but yes, there are only 3 (three) persons in the ubuntu-security team. Is that size sane for a major Linux distro, which advertises its Server Edition with all that buzz? Sorry, I should probably ask this somewhere else. -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 38140] Re: dhclient3 keeps running after ifdown
jordg, the net_end label is in the right place on Hardy. Note that the labels net_start and net_end are used in place of a if-then structure. This is because udev rules can not use if-then clauses so one has to resort to good old spaghetti programming. If the subsystem is not "net" the whole script should be skipped. On the "add" action ifup is run, on "remove" ifdown is run. -- dhclient3 keeps running after ifdown https://bugs.launchpad.net/bugs/38140 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please backport security fixes from PHP 5.2.6
Test packages with the above debdiff applied are in my PPA. -- Please backport security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please Backport PHP 5.2.6 -- fixes important security bugs
Here's a debdiff with the 5 stripped down security patches: php5 (5.2.4-2ubuntu5.2) hardy-proposed; urgency=low . * Backport security fixes from 5.2.6: (LP: #227464) - debian/patches/security526-fastcgi.patch: + Fixed possible stack buffer overflow in FastCGI SAPI + Fixed sending of uninitialized paddings which may contain some information - debian/patches/security526-exec.patch: + Properly address incomplete multibyte chars inside escapeshellcmd() - debian/patches/security526-cgi_main.patch: + Fixed security issue detailed in CVE-2008-0599 - debian/patches/security526-interface.patch: + Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz - debian/patches/security526-pcre_compile.patch: + avoid stack overflow (fix from pcre 7.6) ** Attachment added: "debdiff from 5.2.4-2ubuntu5.1" http://launchpadlibrarian.net/15065228/php5_5.2.4-2ubuntu5.2.debdiff ** Summary changed: - Please Backport PHP 5.2.6 -- fixes important security bugs + Please backport security fixes from PHP 5.2.6 ** Changed in: hardy-backports Status: New => Invalid -- Please backport security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please Backport PHP 5.2.6 -- fixes important security bugs
I stripped out the documentation and comment changes in the "Upgraded PCRE to version 7.6 (Nuno)" patch. The remaining changes in config.h and pcre.h just bumps the version number. If this is not needed (by the other patches) only the pcre_compile.c changes should be left for SRU. diffstat nlopess-20080129202548.security.patch config.h |6 +++--- pcre.h |4 ++-- pcre_compile.c | 14 ++ 3 files changed, 19 insertions(+), 5 deletions(-) ** Attachment added: "stripped version of the last upstream patch" http://launchpadlibrarian.net/15057028/nlopess-20080129202548.security.patch -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please Backport PHP 5.2.6 -- fixes important security bugs
Sounds good. I think my point is really that people mix up backports and SRU, and justifying a request for a package backport by needing security fixes is wrong, unless it turns out that it is too difficult to backport those fixes. I don't see anyone requesting any of the new features here. So I disagree with Mathias's comment, and we should follow https://wiki.ubuntu.com/StableReleaseUpdates instead. I do acknowledge that it is faster to get a backport out than a SRU though, which is a little unfortunate. It would be ideal to have the SRU out first, so that people are not "tricked" into installing a backport that could cause incompatibility problems. BTW, the last, "huge" patch contains a lot of cosmetic fixes and changes in comments which should be taken out for the SRU patch (you might wonder why they squeezed all that into a "security fix"). I can take a look at it if that can speed up things. (Dustin, please don't quote people's email addresses in your bug posts) -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: Please Backport PHP 5.2.6 -- fixes important security bugs
Mathias, shouldn't all security fixes go as SRU in hardy-security (or hardy-updates) and not in backports? Backports are for new features. -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs