Package: php4-common; Maintainer for php4-common is (unknown);
Reported by: Caveman <biocorporation@optusnet.com.au>
Date: Tue, 24 Aug 2004 02:33:03 UTC
Severity: important
Found in version 4:4.3.8-7
Fixed in version php4/4:4.3.8-8
Done: Adam Conrad <adconrad@0c3.net>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Adam Conrad <adconrad@0c3.net>:
Bug#267720; Package php4-common.
(full text, mbox, link).
Acknowledgement sent to Caveman <biocorporation@optusnet.com.au>:
New Bug report received and forwarded. Copy sent to Adam Conrad <adconrad@0c3.net>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php4-common Version: 4:4.3.8-7 Severity: important the php4-common package seems to set the wrong permissions on the /var/lib/php4 folder, which in turn breaks sessions as this is where session data is written. chmod a+rw /var/lib/php4 fixes the problem. Caveman -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8.1 Locale: LANG=C, LC_CTYPE=C
Information forwarded to debian-bugs-dist@lists.debian.org, Adam Conrad <adconrad@0c3.net>:
Bug#267720; Package php4-common.
(full text, mbox, link).
Acknowledgement sent to "Adam Conrad" <adconrad@0c3.net>:
Extra info received and forwarded to list. Copy sent to Adam Conrad <adconrad@0c3.net>.
(full text, mbox, link).
Message #10 received at 267720@bugs.debian.org (full text, mbox, reply):
Caveman wrote: > > the php4-common package seems to set the wrong permissions on the > /var/lib/php4 folder, which in turn breaks sessions as this is where > session data is written. > chmod a+rw /var/lib/php4 fixes the problem. ... and allows anyone on a multiuser machine to hijack sessions belonging to other users -- the specific reason we moved sessions out of /tmp in the first place. The correct fix for this is to just stop PHP's garbage collector from doing its thing, which I will be doing in the next upload. We have a cronjob instead (/etc/cron.d/php4) which does garbage collection as root, solving the issue. ... Adam
Reply sent to Adam Conrad <adconrad@0c3.net>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Caveman <biocorporation@optusnet.com.au>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 267720-close@bugs.debian.org (full text, mbox, reply):
Source: php4
Source-Version: 4:4.3.8-8
We believe that the bug you reported is fixed in the latest version of
php4, which is due to be installed in the Debian FTP archive:
caudium-php4_4.3.8-8_i386.deb
to pool/main/p/php4/caudium-php4_4.3.8-8_i386.deb
caudium-php4_4.3.8-8_powerpc.deb
to pool/main/p/php4/caudium-php4_4.3.8-8_powerpc.deb
libapache-mod-php4_4.3.8-8_i386.deb
to pool/main/p/php4/libapache-mod-php4_4.3.8-8_i386.deb
libapache-mod-php4_4.3.8-8_powerpc.deb
to pool/main/p/php4/libapache-mod-php4_4.3.8-8_powerpc.deb
libapache2-mod-php4_4.3.8-8_i386.deb
to pool/main/p/php4/libapache2-mod-php4_4.3.8-8_i386.deb
libapache2-mod-php4_4.3.8-8_powerpc.deb
to pool/main/p/php4/libapache2-mod-php4_4.3.8-8_powerpc.deb
php4-cgi_4.3.8-8_i386.deb
to pool/main/p/php4/php4-cgi_4.3.8-8_i386.deb
php4-cgi_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-cgi_4.3.8-8_powerpc.deb
php4-cli_4.3.8-8_i386.deb
to pool/main/p/php4/php4-cli_4.3.8-8_i386.deb
php4-cli_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-cli_4.3.8-8_powerpc.deb
php4-common_4.3.8-8_i386.deb
to pool/main/p/php4/php4-common_4.3.8-8_i386.deb
php4-common_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-common_4.3.8-8_powerpc.deb
php4-curl_4.3.8-8_i386.deb
to pool/main/p/php4/php4-curl_4.3.8-8_i386.deb
php4-curl_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-curl_4.3.8-8_powerpc.deb
php4-dev_4.3.8-8_all.deb
to pool/main/p/php4/php4-dev_4.3.8-8_all.deb
php4-domxml_4.3.8-8_i386.deb
to pool/main/p/php4/php4-domxml_4.3.8-8_i386.deb
php4-domxml_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-domxml_4.3.8-8_powerpc.deb
php4-gd_4.3.8-8_i386.deb
to pool/main/p/php4/php4-gd_4.3.8-8_i386.deb
php4-gd_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-gd_4.3.8-8_powerpc.deb
php4-imap_4.3.8-8_i386.deb
to pool/main/p/php4/php4-imap_4.3.8-8_i386.deb
php4-imap_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-imap_4.3.8-8_powerpc.deb
php4-ldap_4.3.8-8_i386.deb
to pool/main/p/php4/php4-ldap_4.3.8-8_i386.deb
php4-ldap_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-ldap_4.3.8-8_powerpc.deb
php4-mcal_4.3.8-8_i386.deb
to pool/main/p/php4/php4-mcal_4.3.8-8_i386.deb
php4-mcal_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-mcal_4.3.8-8_powerpc.deb
php4-mhash_4.3.8-8_i386.deb
to pool/main/p/php4/php4-mhash_4.3.8-8_i386.deb
php4-mhash_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-mhash_4.3.8-8_powerpc.deb
php4-mysql_4.3.8-8_i386.deb
to pool/main/p/php4/php4-mysql_4.3.8-8_i386.deb
php4-mysql_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-mysql_4.3.8-8_powerpc.deb
php4-odbc_4.3.8-8_i386.deb
to pool/main/p/php4/php4-odbc_4.3.8-8_i386.deb
php4-odbc_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-odbc_4.3.8-8_powerpc.deb
php4-pear_4.3.8-8_all.deb
to pool/main/p/php4/php4-pear_4.3.8-8_all.deb
php4-recode_4.3.8-8_i386.deb
to pool/main/p/php4/php4-recode_4.3.8-8_i386.deb
php4-recode_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-recode_4.3.8-8_powerpc.deb
php4-snmp_4.3.8-8_i386.deb
to pool/main/p/php4/php4-snmp_4.3.8-8_i386.deb
php4-snmp_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-snmp_4.3.8-8_powerpc.deb
php4-sybase_4.3.8-8_i386.deb
to pool/main/p/php4/php4-sybase_4.3.8-8_i386.deb
php4-sybase_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-sybase_4.3.8-8_powerpc.deb
php4-xslt_4.3.8-8_i386.deb
to pool/main/p/php4/php4-xslt_4.3.8-8_i386.deb
php4-xslt_4.3.8-8_powerpc.deb
to pool/main/p/php4/php4-xslt_4.3.8-8_powerpc.deb
php4_4.3.8-8.diff.gz
to pool/main/p/php4/php4_4.3.8-8.diff.gz
php4_4.3.8-8.dsc
to pool/main/p/php4/php4_4.3.8-8.dsc
php4_4.3.8-8_all.deb
to pool/main/p/php4/php4_4.3.8-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 267720@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam Conrad <adconrad@0c3.net> (supplier of updated php4 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 24 Aug 2004 03:09:43 -0600
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal caudium-php4 php4-mhash
Architecture: all i386 powerpc source
Version: 4:4.3.8-8
Distribution: unstable
Urgency: low
Maintainer: Adam Conrad <adconrad@0c3.net>
Changed-By: Adam Conrad <adconrad@0c3.net>
Description:
caudium-php4 - server-side, HTML-embedded scripting language (caudium module)
libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php4-cli - command-line interpreter for the php4 scripting language
php4-common - Common files for packages built from the php4 source
php4-curl - CURL module for php4
php4-domxml - XMLv2 module for php4
php4-gd - GD module for php4
php4-imap - IMAP module for php4
php4-ldap - LDAP module for php4
php4-mcal - MCAL calendar module for php4
php4-mhash - MHASH module for php4
php4-mysql - MySQL module for php4
php4-odbc - ODBC module for php4
php4-recode - Character recoding module for php4
php4-snmp - SNMP module for php4
php4-sybase - Sybase / MS SQL Server module for php4
php4-xslt - XSLT module for php4
Closes: 267720
Changes:
php4 (4:4.3.8-8) unstable; urgency=low
.
* Default session.save_path is now compiled in to php4, allowing
us to, again, comment out the value in php.ini.
* Comment out session.gc_probability in the default php.ini, as we've
now compiled in a default of 0, allowing the cronjob to do the
garbage collection for us instead. (closes: #267720)
* Make the 5 SAPI postinsts smarter, allowing them to poke around in
people's configs and make sure that sessions won't be broken
after we upgraded them from a perfectly functional system.
* Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of
floats with padding by sprintf().
* Make php4-common arch:any, and loosen up some of the other any->all
package dependencies to make sure binNMUs won't break.
Files:
0ae47e8a1ec9ae794c7e84f7e8b68d9c 31884 web optional php4-gd_4.3.8-8_i386.deb
0b555369510a27e2c028f51a2d51b80f 87290 web optional php4_4.3.8-8_all.deb
0cdfe01ff4738b4c76488dee9720b196 35368 web optional php4-imap_4.3.8-8_i386.deb
165fea66ad8cc4e6e83005a6e2d20c81 1555796 web optional php4-cli_4.3.8-8_i386.deb
26ad483a3d228b997afd8fb9762a7e9e 18892 web optional php4-curl_4.3.8-8_powerpc.deb
283c4845bc4a91b9ed6c4a01dbdbddd7 1719388 web optional caudium-php4_4.3.8-8_powerpc.deb
312508a90192a4718255ffd05805839d 21096 web optional php4-sybase_4.3.8-8_i386.deb
33d46cfde8ca8e77941bfc64a39261ea 1538654 web optional php4-cgi_4.3.8-8_i386.deb
35528271819164ba9632b41b84e9e5a6 331926 web optional php4-pear_4.3.8-8_all.deb
365347b4bc28d42d5194c63b0336f94b 16138 web optional php4-xslt_4.3.8-8_i386.deb
3a4db1b54a663dd609051c4ee46a5e9f 17090 web optional php4-curl_4.3.8-8_i386.deb
403cb3a2f140b3dc2aa3dc482a68ef5b 9356 web optional php4-mhash_4.3.8-8_powerpc.deb
440ce04453e74947c8e3d87ae381bd15 34142 web optional php4-gd_4.3.8-8_powerpc.deb
4a89c30a740f8533df808b15b7a8d28d 318988 devel optional php4-dev_4.3.8-8_all.deb
5354eb7a9897127321ad69a86930440e 19330 web optional php4-mcal_4.3.8-8_powerpc.deb
5a629ca34b2be851e3a4672d0a039a40 53104 web optional php4-common_4.3.8-8_i386.deb
5bedde0d2b610e10d9fd8f705a8bc63b 1615218 web optional php4-cli_4.3.8-8_powerpc.deb
679b70655dfcf0a8f0dfd9ec3b48b549 21480 web optional php4-ldap_4.3.8-8_powerpc.deb
7b73a45ea7d6f233df9154c7f5462489 1645788 web optional libapache-mod-php4_4.3.8-8_powerpc.deb
7e12fc6ebf2fbab6597e19e5c865d864 1600978 web optional libapache-mod-php4_4.3.8-8_i386.deb
7ff1d9bf87a00f9c0ec2dafb61de1641 12534 web optional php4-snmp_4.3.8-8_i386.deb
8298a6c07740221ed15a8efdee5a55a0 36782 web optional php4-imap_4.3.8-8_powerpc.deb
8402088347a2fc68e4c807495d470e6a 1666392 web optional caudium-php4_4.3.8-8_i386.deb
8abc02d04a57cc96fc426663a03c9e1d 7442 web optional php4-recode_4.3.8-8_i386.deb
8dfc89c87779774ce48f9049c3fb95db 7778 web optional php4-mhash_4.3.8-8_i386.deb
8e6431f5fa67a526605a5176413364b7 36872 web optional php4-domxml_4.3.8-8_i386.deb
8f1d7b2e34f45d5d9016de11baa26b07 9028 web optional php4-recode_4.3.8-8_powerpc.deb
98fc02e3742c090d842c518301baa6ba 17272 web optional php4-mcal_4.3.8-8_i386.deb
9db331c0c4a8542f8c8d569d5f9122d7 1641486 web optional libapache2-mod-php4_4.3.8-8_powerpc.deb
9ef9767bcaed3f34e24db4b9f925cbfd 22716 web optional php4-mysql_4.3.8-8_powerpc.deb
a69fe810df7c58ec7d0016903e2fd51d 22670 web optional php4-sybase_4.3.8-8_powerpc.deb
a93654e8d9b15a998e5017f2364678a2 28396 web optional php4-odbc_4.3.8-8_powerpc.deb
b738f7e126c65d78ea71d5a1131e54df 1597402 web optional libapache2-mod-php4_4.3.8-8_i386.deb
b89174e0c6ffd86c6101c03f7fbd7780 26806 web optional php4-odbc_4.3.8-8_i386.deb
c9382406314cc40f2f445e4ed96610c3 1601042 web optional php4-cgi_4.3.8-8_powerpc.deb
ee34324fbc6c7a4432cd0e96fc79655f 1805 web optional php4_4.3.8-8.dsc
d2309d9da4f607eb70c2d218f84c3107 38334 web optional php4-domxml_4.3.8-8_powerpc.deb
d38b553513062af874a4b726051a19e5 19788 web optional php4-ldap_4.3.8-8_i386.deb
ece40ff36f947ecd7dea20fb883bc074 18088 web optional php4-xslt_4.3.8-8_powerpc.deb
f39ea3c81e15a287ccc3e6395d492cb9 14362 web optional php4-snmp_4.3.8-8_powerpc.deb
f9ec1574136edf365415a54a9fe0d580 21306 web optional php4-mysql_4.3.8-8_i386.deb
fc3b9f7b6de21f01dc2d32aa61df05bf 53120 web optional php4-common_4.3.8-8_powerpc.deb
fd4e8b280d738a4671f8326bc5f9826e 566289 web optional php4_4.3.8-8.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBKziUvjztR8bOoMkRAoUKAJ91wbCMZ54a5TIDkuca/JQ8Xzay/wCfRAKU
BBZ4LevQRgbTVWEwp6ugngU=
=3rDe
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.