Your message dated Mon, 07 Feb 2005 06:34:51 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#286225: fixed in php4 4:4.3.10-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 18 Dec 2004 15:31:46 +0000 >From [EMAIL PROTECTED] Sat Dec 18 07:31:46 2004 Return-path: <[EMAIL PROTECTED]> Received: from mail.aurisp.de [81.169.158.23] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CfgYc-00068t-00; Sat, 18 Dec 2004 07:31:46 -0800 Received: from localhost (localhost [127.0.0.1]) by mail.aurisp.de (Postfix) with ESMTP id 6C59B8064 for <[EMAIL PROTECTED]>; Sat, 18 Dec 2004 16:31:44 +0100 (CET) Received: from mail.aurisp.de ([127.0.0.1]) by localhost (mail.aurisp.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 06663-04; Sat, 18 Dec 2004 16:31:39 +0100 (CET) Received: from hitchhiker.hong.h42.net (cl-72.ham-01.de.sixxs.net [IPv6:2001:6f8:900:47::2]) by mail.aurisp.de (Postfix) with ESMTP id 922528082; Sat, 18 Dec 2004 16:31:39 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by hitchhiker.hong.h42.net (Postfix) with ESMTP id D598518427; Sat, 18 Dec 2004 16:31:37 +0100 (CET) Received: from hitchhiker.hong.h42.net ([127.0.0.1]) by localhost (hitchhiker.hong.h42.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 22508-02; Sat, 18 Dec 2004 16:31:26 +0100 (CET) Received: by hitchhiker.hong.h42.net (Postfix, from userid 1000) id 2E06F1840E; Sat, 18 Dec 2004 16:31:23 +0100 (CET) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Lars Ehrhardt <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: apache2: environment corruption bug X-Mailer: reportbug 3.2 Date: Sat, 18 Dec 2004 16:31:23 +0100 Message-Id: <[EMAIL PROTECTED]> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at hong.h42.net X-Virus-Scanned: by amavisd-maia-1.0.0-rc5 (Debian) at aurisp.de Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: apache2 Version: 2.0.52-3 Severity: important Hi, we've reported this earlier and I thought that a php4 update fixed this problem. Unfortunately, the bug reappeared this week again. It seems that there is an environment corruption bug. Minimal testcase: Create a php file, umask.php, with: ------------------ snipp -------------------------- <?php umask(0700); ?> ------------------ snipp -------------------------- Invoke w3m or another browser to open this file http://<hostname>/umask.php create a cgi file, test.pl, with: ------------------ snipp -------------------------- #!/usr/bin/perl -w $counter=`date`; open(TMP,">/tmp/test.log.$counter"); print TMP "foobar\n\n"; close TMP; ------------------ snipp -------------------------- Request this cgi script a couple of times, e.g: while true;do wget http://<hostname>/cgi-bin/test.pl;done The output will look like this: -rw-r--r-- 1 www-data www-data 7 Dec 18 15:27 test.log.Sat Dec 18 15:27:50 CET 2004 -r------w- 1 www-data www-data 7 Dec 18 15:27 test.log.Sat Dec 18 15:27:51 CET 2004 The permissions on the second file are wrong. This behaviour causes all sorts of funny side effects here. The cgi script is probably reusing the apache child environment of the php script and therefore creates the file with wrong permissions. We are using the debian testing php4 packages, 4.3.9. I am not sure, if this is a bug in apache2 or in php4, though. So, feel free to reassign, if necessary. Cheers, Lars -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.9-ac15 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.0.52-3 Traditional model for Apache2 -- no debconf information --------------------------------------- Received: (at 286225-close) by bugs.debian.org; 7 Feb 2005 11:39:39 +0000 >From [EMAIL PROTECTED] Mon Feb 07 03:39:39 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cy7Ex-0008G1-00; Mon, 07 Feb 2005 03:39:39 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Cy7AJ-00077I-00; Mon, 07 Feb 2005 06:34:51 -0500 From: Adam Conrad <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#286225: fixed in php4 4:4.3.10-3 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Mon, 07 Feb 2005 06:34:51 -0500 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 3 Source: php4 Source-Version: 4:4.3.10-3 We believe that the bug you reported is fixed in the latest version of php4, which is due to be installed in the Debian FTP archive: caudium-php4_4.3.10-3_i386.deb to pool/main/p/php4/caudium-php4_4.3.10-3_i386.deb caudium-php4_4.3.10-3_powerpc.deb to pool/main/p/php4/caudium-php4_4.3.10-3_powerpc.deb libapache-mod-php4_4.3.10-3_i386.deb to pool/main/p/php4/libapache-mod-php4_4.3.10-3_i386.deb libapache-mod-php4_4.3.10-3_powerpc.deb to pool/main/p/php4/libapache-mod-php4_4.3.10-3_powerpc.deb libapache2-mod-php4_4.3.10-3_i386.deb to pool/main/p/php4/libapache2-mod-php4_4.3.10-3_i386.deb libapache2-mod-php4_4.3.10-3_powerpc.deb to pool/main/p/php4/libapache2-mod-php4_4.3.10-3_powerpc.deb php4-cgi_4.3.10-3_i386.deb to pool/main/p/php4/php4-cgi_4.3.10-3_i386.deb php4-cgi_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-cgi_4.3.10-3_powerpc.deb php4-cli_4.3.10-3_i386.deb to pool/main/p/php4/php4-cli_4.3.10-3_i386.deb php4-cli_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-cli_4.3.10-3_powerpc.deb php4-common_4.3.10-3_i386.deb to pool/main/p/php4/php4-common_4.3.10-3_i386.deb php4-common_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-common_4.3.10-3_powerpc.deb php4-curl_4.3.10-3_i386.deb to pool/main/p/php4/php4-curl_4.3.10-3_i386.deb php4-curl_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-curl_4.3.10-3_powerpc.deb php4-dev_4.3.10-3_all.deb to pool/main/p/php4/php4-dev_4.3.10-3_all.deb php4-domxml_4.3.10-3_i386.deb to pool/main/p/php4/php4-domxml_4.3.10-3_i386.deb php4-domxml_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-domxml_4.3.10-3_powerpc.deb php4-gd_4.3.10-3_i386.deb to pool/main/p/php4/php4-gd_4.3.10-3_i386.deb php4-gd_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-gd_4.3.10-3_powerpc.deb php4-imap_4.3.10-3_i386.deb to pool/main/p/php4/php4-imap_4.3.10-3_i386.deb php4-imap_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-imap_4.3.10-3_powerpc.deb php4-ldap_4.3.10-3_i386.deb to pool/main/p/php4/php4-ldap_4.3.10-3_i386.deb php4-ldap_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-ldap_4.3.10-3_powerpc.deb php4-mcal_4.3.10-3_i386.deb to pool/main/p/php4/php4-mcal_4.3.10-3_i386.deb php4-mcal_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-mcal_4.3.10-3_powerpc.deb php4-mhash_4.3.10-3_i386.deb to pool/main/p/php4/php4-mhash_4.3.10-3_i386.deb php4-mhash_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-mhash_4.3.10-3_powerpc.deb php4-mysql_4.3.10-3_i386.deb to pool/main/p/php4/php4-mysql_4.3.10-3_i386.deb php4-mysql_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-mysql_4.3.10-3_powerpc.deb php4-odbc_4.3.10-3_i386.deb to pool/main/p/php4/php4-odbc_4.3.10-3_i386.deb php4-odbc_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-odbc_4.3.10-3_powerpc.deb php4-pear_4.3.10-3_all.deb to pool/main/p/php4/php4-pear_4.3.10-3_all.deb php4-recode_4.3.10-3_i386.deb to pool/main/p/php4/php4-recode_4.3.10-3_i386.deb php4-recode_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-recode_4.3.10-3_powerpc.deb php4-snmp_4.3.10-3_i386.deb to pool/main/p/php4/php4-snmp_4.3.10-3_i386.deb php4-snmp_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-snmp_4.3.10-3_powerpc.deb php4-sybase_4.3.10-3_i386.deb to pool/main/p/php4/php4-sybase_4.3.10-3_i386.deb php4-sybase_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-sybase_4.3.10-3_powerpc.deb php4-xslt_4.3.10-3_i386.deb to pool/main/p/php4/php4-xslt_4.3.10-3_i386.deb php4-xslt_4.3.10-3_powerpc.deb to pool/main/p/php4/php4-xslt_4.3.10-3_powerpc.deb php4_4.3.10-3.diff.gz to pool/main/p/php4/php4_4.3.10-3.diff.gz php4_4.3.10-3.dsc to pool/main/p/php4/php4_4.3.10-3.dsc php4_4.3.10-3_all.deb to pool/main/p/php4/php4_4.3.10-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adam Conrad <[EMAIL PROTECTED]> (supplier of updated php4 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 6 Feb 2005 05:32:11 -0700 Source: php4 Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal caudium-php4 php4-mhash Architecture: all i386 powerpc source Version: 4:4.3.10-3 Distribution: unstable Urgency: medium Maintainer: Adam Conrad <[EMAIL PROTECTED]> Changed-By: Adam Conrad <[EMAIL PROTECTED]> Description: caudium-php4 - server-side, HTML-embedded scripting language (caudium module) libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module) libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module) php4-cgi - server-side, HTML-embedded scripting language (CGI binary) php4-cli - command-line interpreter for the php4 scripting language php4-common - Common files for packages built from the php4 source php4-curl - CURL module for php4 php4-domxml - XMLv2 module for php4 php4-gd - GD module for php4 php4-imap - IMAP module for php4 php4-ldap - LDAP module for php4 php4-mcal - MCAL calendar module for php4 php4-mhash - MHASH module for php4 php4-mysql - MySQL module for php4 php4-odbc - ODBC module for php4 php4-recode - Character recoding module for php4 php4-snmp - SNMP module for php4 php4-sybase - Sybase / MS SQL Server module for php4 php4-xslt - XSLT module for php4 Closes: 264015 278212 286225 288534 288672 288679 288909 291392 291410 Changes: php4 (4:4.3.10-3) unstable; urgency=medium . * Update to CVS, as of 200502060530 (closes: #288672) - File uploads with "'" in them aren't cut off anymore (closes: #288679) - unserialize() is no longer ridiculously slow (closes: #291392) - Add 000-200502060530_CVS.patch - Adapt debian/rules to the realities of upstream's new buildconf - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's libtool, rather than using upstream's broken bundled libtool - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch - Adjust patches for offsets and fuzz - Force --with-pic, as policy demands it, and the build system doesn't * Added several patches, yanked from the Fedora PHP sources: - 034-apache2_umask_fix.patch, fixes umask not being properly reset after each request (closes: #286225) - 036-fd_setsize_fix.patch, fixes misuse of FD_SET() - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3 * Removed --with-libedit, as being able to background php is more useful, in my opinion, than using readline functions (see #286356) * Include zip support in all SAPIs (closes: #288534, #288909) * Enable Zend Thread Safety for all SAPIs, meaning that our modules are now compiled for ZTS APIs as well. (closes: #278212, #264015) - Make sure caudium-php4 now provides phpapi-$(ver), and modules can be configured with the caudium SAPI. - Add 039-reentrant_libs.patch to link to the reentrant versions of libldap and libmysqlclient * Stop suggesting phpdoc, as it's undistributable anyway. * Add 040-curl_open_basedir.patch, to make php4-curl respect the value of open_basedir, thanks to Martin Pitt (closes: #291410) * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and failing) to write persistent data every time it shuts down. Ugh. Files: 0235dc27a821dcbfd125bbe8a28de94f 1679786 web optional php4-cli_4.3.10-3_powerpc.deb 02d13fa04398cb0f5ad3238869b669f9 27668 web optional php4-odbc_4.3.10-3_i386.deb 04e8b767f856111b606d8f4531a16653 38792 web optional php4-imap_4.3.10-3_powerpc.deb 050bb39c66893a67798861d3be7737bb 163578 web optional php4-common_4.3.10-3_powerpc.deb 0904140269e197c60d703c73dfc0c50d 23986 web optional php4-sybase_4.3.10-3_powerpc.deb 1679f347deede4eed2ffe22bf4ebb875 163540 web optional php4-common_4.3.10-3_i386.deb 188774c5d0414bd786173af371e51789 743756 web optional php4_4.3.10-3.diff.gz 1a0eeb93290c8abbdc1d892dbd8ec3b8 1642072 web optional libapache2-mod-php4_4.3.10-3_i386.deb 1a4b90442839741e4e7c3c07ad3703fe 21924 web optional php4-ldap_4.3.10-3_powerpc.deb 1d4c1e68b92e089bffcc44c461ffc42f 1695270 web optional libapache-mod-php4_4.3.10-3_powerpc.deb 22034bb585c4409bae4b7628747e348f 349560 devel optional php4-dev_4.3.10-3_all.deb 2450109b8e0718c46fba61c5c5c2a6fd 29656 web optional php4-odbc_4.3.10-3_powerpc.deb 2f8de8ab714ad126ee3c2bde99aae7fa 18548 web optional php4-xslt_4.3.10-3_powerpc.deb 3848647260ccc77e14b99b849c371c41 21892 web optional php4-sybase_4.3.10-3_i386.deb 3ed38f3008c9fc0aa1cdf140cdd3e731 17884 web optional php4-mcal_4.3.10-3_i386.deb 3f6f207d435aafaf9f50b90a2ca933f9 38112 web optional php4-imap_4.3.10-3_i386.deb 5a9464d930731577a9ef76c90c7c2778 3267714 web optional php4-cgi_4.3.10-3_i386.deb 64ebb2341f935118d0e647dbf4930f88 249906 web optional php4-pear_4.3.10-3_all.deb 75653d01536d7e78c8d098af5c7fad9e 17918 web optional php4-curl_4.3.10-3_i386.deb 78fd7a6e240d75118004e554ba250ae7 9676 web optional php4-mhash_4.3.10-3_powerpc.deb 7edcdd682532b24889e2f1135f3dd536 1638584 web optional caudium-php4_4.3.10-3_i386.deb cfa5e8fe8c157eb04758cc604dbb79dc 1707 web optional php4_4.3.10-3.dsc 8a3d12010fe9ba3751a7ce9959ea4af8 23948 web optional php4-mysql_4.3.10-3_powerpc.deb 8c6dae2a6a2266422a84d8c33a43f3b1 32786 web optional php4-gd_4.3.10-3_i386.deb 931019210f1628fe7b1c20a63a27d51d 13414 web optional php4-snmp_4.3.10-3_i386.deb 9667403ca2c3d56ed826a27508efe46e 1693116 web optional libapache2-mod-php4_4.3.10-3_powerpc.deb 9917d6a2f476665445143b392d8c3013 15244 web optional php4-snmp_4.3.10-3_powerpc.deb 9ec4dc2e28aefc12bc787598ed2d7f4b 7982 web optional php4-mhash_4.3.10-3_i386.deb a29e978999dc50cda94767e08dcdbdd0 19990 web optional php4-mcal_4.3.10-3_powerpc.deb a6e9e918446f372ef1f7f146bb99deca 19830 web optional php4-curl_4.3.10-3_powerpc.deb af362440ac8586cfa9bf0f6e1e906682 38334 web optional php4-domxml_4.3.10-3_i386.deb b9bd6a3e5bf38c67829c308b880a4fa9 1328 web optional php4_4.3.10-3_all.deb c132e3bf5a5b0f937491951342d0ee4d 7798 web optional php4-recode_4.3.10-3_i386.deb c3571ab43492f31a58c08699b53f8cc0 1643740 web optional libapache-mod-php4_4.3.10-3_i386.deb c5d7a38f23f8b91257e7670d6e24a1ac 9388 web optional php4-recode_4.3.10-3_powerpc.deb c7fbbdff433c64b9571d28b5f3152a3d 35336 web optional php4-gd_4.3.10-3_powerpc.deb c9d7bebb9f392f5b3bc1222ce5800ae6 20236 web optional php4-ldap_4.3.10-3_i386.deb d8f7f687c22147e5b408167394e19e42 16670 web optional php4-xslt_4.3.10-3_i386.deb e17393db3346da81a4a8430982459500 40026 web optional php4-domxml_4.3.10-3_powerpc.deb e655825259073f699da5cf48e5256d29 22582 web optional php4-mysql_4.3.10-3_i386.deb ee4ac9ff487039d8f9f56909a630a5f1 3347194 web optional php4-cgi_4.3.10-3_powerpc.deb f401315647e53a1138acfeac874149f3 1689340 web optional caudium-php4_4.3.10-3_powerpc.deb fc7008cb97dfe57a6854f404b7619821 1638894 web optional php4-cli_4.3.10-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCB01wvjztR8bOoMkRAgUcAKCN7S87xCr/S6FhJGRCWtb2L3iHIwCg0mKM XnSmmkCSAPgfj00tc9LECPA= =Auqt -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]