Your message dated Tue, 16 Dec 2003 12:32:20 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#223810: fixed in apache 1.3.29.0.1-2 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 15 Dec 2003 13:14:04 +0000 >From [EMAIL PROTECTED] Mon Dec 15 07:14:03 2003 Return-path: <[EMAIL PROTECTED]> Received: from (miranda.se.axis.com) [212.209.10.220] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1AVqG7-0005sK-00; Mon, 15 Dec 2003 04:47:27 -0600 Received: from zev.se.axis.com (zev.se.axis.com [10.0.1.13]) by miranda.se.axis.com (8.12.9/8.12.9/Debian-5local0.1) with ESMTP id hBFAlOXm001179 for <[EMAIL PROTECTED]>; Mon, 15 Dec 2003 11:47:24 +0100 Received: from zev.se.axis.com (localhost [127.0.0.1]) by zev.se.axis.com (8.12.10/8.12.10/Debian-5) with ESMTP id hBFAlN2C012040; Mon, 15 Dec 2003 11:47:24 +0100 Received: (from [EMAIL PROTECTED]) by zev.se.axis.com (8.12.10/8.12.10/Debian-5) id hBFAlNUX012038; Mon, 15 Dec 2003 11:47:23 +0100 Message-Id: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Joergen Haegg <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache: suexec compiled with uid>=1000, breaks internal systems X-Mailer: reportbug 2.37 Date: Mon, 15 Dec 2003 11:47:23 +0100 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15 (1.212-2003-09-23-exp) on master.debian.org X-Spam-Status: No, hits=-5.0 required=4.0 tests=FOOASDF,HAS_PACKAGE autolearn=no version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2003_12_15 X-Spam-Level: Package: apache Version: 1.3.29.0.1-1 Severity: normal Apache's suexec is compiled with min uid 1000 as of 1.3.27.0-2. This is of course as it should be, however, there are existing environments where it is difficult to change all user uids above 1000. (Most of these have been active for more than 10 years when system uids was below 100. :-) Also some of my internal packages (not in Debian) depends on being able to suexec and still have a system account. Because of this, would you consider adding an extra suexec, compiled with the old uidmin? The select mechanism is already in place, it's just an extra question that's needed. -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux zev 2.4.23-zev #1 Fri Dec 12 12:58:22 CET 2003 i686 Locale: LANG=C, LC_CTYPE=en_US.ISO-8859-1 Versions of packages apache depends on: ii apache-common 1.3.29.0.1-1 Support files for all Apache webse ii debconf 1.3.22 Debian configuration management sy ii dpkg 1.10.18 Package maintenance system for Deb ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an ii libdb4.1 4.1.25-10 Berkeley v4.1 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libmagic1 4.06-1 File type determination library us ii libpam0g 0.76-14 Pluggable Authentication Modules l ii logrotate 3.6.5-2 Log rotation utility ii mime-support 3.23-1 MIME files 'mime.types' & 'mailcap ii perl [perl5] 5.8.2-2 Larry Wall's Practical Extraction -- debconf information: * apache/enable-suexec: true * apache/server-name: zev.se.axis.com * apache/document-root: /var/www * apache/server-port: 80 * apache/init: true * apache/server-admin: [EMAIL PROTECTED] --------------------------------------- Received: (at 223810-close) by bugs.debian.org; 16 Dec 2003 18:27:40 +0000 >From [EMAIL PROTECTED] Tue Dec 16 12:27:40 2003 Return-path: <[EMAIL PROTECTED]> Received: from auric.debian.org [206.246.226.45] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1AWJ5D-0006gh-00; Tue, 16 Dec 2003 11:34:07 -0600 Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian)) id 1AWJ3U-0000ld-00; Tue, 16 Dec 2003 12:32:20 -0500 From: [EMAIL PROTECTED] (Fabio M. Di Nitto) To: [EMAIL PROTECTED] X-Katie: $Revision: 1.43 $ Subject: Bug#223810: fixed in apache 1.3.29.0.1-2 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Tue, 16 Dec 2003 12:32:20 -0500 Delivered-To: [EMAIL PROTECTED] Source: apache Source-Version: 1.3.29.0.1-2 We believe that the bug you reported is fixed in the latest version of apache, which is due to be installed in the Debian FTP archive: apache-common_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache-common_1.3.29.0.1-2_i386.deb apache-dbg_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache-dbg_1.3.29.0.1-2_i386.deb apache-dev_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache-dev_1.3.29.0.1-2_i386.deb apache-doc_1.3.29.0.1-2_all.deb to pool/main/a/apache/apache-doc_1.3.29.0.1-2_all.deb apache-perl_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache-perl_1.3.29.0.1-2_i386.deb apache-ssl_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache-ssl_1.3.29.0.1-2_i386.deb apache-utils_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache-utils_1.3.29.0.1-2_i386.deb apache_1.3.29.0.1-2.diff.gz to pool/main/a/apache/apache_1.3.29.0.1-2.diff.gz apache_1.3.29.0.1-2.dsc to pool/main/a/apache/apache_1.3.29.0.1-2.dsc apache_1.3.29.0.1-2_i386.deb to pool/main/a/apache/apache_1.3.29.0.1-2_i386.deb libapache-mod-perl_1.29.0.1-2_i386.deb to pool/main/a/apache/libapache-mod-perl_1.29.0.1-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Fabio M. Di Nitto <[EMAIL PROTECTED]> (supplier of updated apache package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 11 Dec 2003 21:05:37 +0100 Source: apache Binary: apache-dev apache-common apache-doc apache-utils apache apache-dbg apache-perl libapache-mod-perl apache-ssl Architecture: source i386 all Version: 1.3.29.0.1-2 Distribution: unstable Urgency: low Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org> Changed-By: Fabio M. Di Nitto <[EMAIL PROTECTED]> Description: apache - Versatile, high-performance HTTP server apache-common - Support files for all Apache webservers apache-dbg - Apache webservers (debugging versions) apache-dev - Apache webserver development kit apache-doc - Apache webserver docs apache-perl - Versatile, high-performance HTTP server with Perl support apache-ssl - Versatile, high-performance HTTP server with SSL support apache-utils - Utility programs for webservers libapache-mod-perl - Integration of perl with the Apache web server Closes: 223810 223829 223902 224035 Changes: apache (1.3.29.0.1-2) unstable; urgency=low . * (Fabio M. Di Nitto) - Fixed compilation options for suexec (Closes: #223810, #223902, #224035) - Fixed apache-perl postinst and modules-config (Closes: #223829) Files: 2bc1cbf1c502519d698985bca305de52 1085 web optional apache_1.3.29.0.1-2.dsc d39a69ea3ac1a4e1e54ed8754afab41e 364476 web optional apache_1.3.29.0.1-2.diff.gz fffcd9f46fbcab9b83c12ae466b9e2d4 1157070 doc optional apache-doc_1.3.29.0.1-2_all.deb 2ee887e316b2b433ca29007b2d716b8b 365012 web optional apache_1.3.29.0.1-2_i386.deb 0b2b28479307ca5b8f88215c3882f7e8 475866 web optional apache-ssl_1.3.29.0.1-2_i386.deb 780ff2db07865a55d994f45607a5c373 483382 web extra apache-perl_1.3.29.0.1-2_i386.deb 80f662193a6ef4add578cba72c1d7813 315352 devel extra apache-dev_1.3.29.0.1-2_i386.deb 6bdddc9b65d75aaab5a6409dae45acbc 9057030 devel extra apache-dbg_1.3.29.0.1-2_i386.deb 023dccdcf296e85643873633a4e8d7c2 811246 web optional apache-common_1.3.29.0.1-2_i386.deb aa3e465a8b2b3e0f0680e6b30878122a 252252 web optional apache-utils_1.3.29.0.1-2_i386.deb 32922121bd8384404c7ddf309fc45a4e 478996 web optional libapache-mod-perl_1.29.0.1-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/3z0uhCzbekR3nhgRAhUEAJ42M9QlCuNH/3CvmTcT6leZfnpyIgCeM5hI Si+MwwDWAicUlF15x6o+IEI= =qbKw -----END PGP SIGNATURE-----