| 2010-03-18 08:07:35 |
Roy Liu |
bug |
|
|
added bug |
| 2010-03-19 13:30:56 |
Chuck Short |
apache2 (Ubuntu): status |
New |
Incomplete |
|
| 2010-03-19 13:32:06 |
Chuck Short |
apache2 (Ubuntu): importance |
Undecided |
Medium |
|
| 2010-03-29 16:45:21 |
Chuck Short |
apache2 (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2010-03-29 17:50:09 |
Launchpad Janitor |
apache2 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2010-04-07 00:01:28 |
Roy Liu |
apache2 (Ubuntu): status |
Fix Released |
Confirmed |
|
| 2010-04-07 00:01:33 |
Roy Liu |
apache2 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2010-06-12 20:53:35 |
Andreas Olsson |
apache2 (Ubuntu): status |
Fix Released |
Confirmed |
|
| 2010-06-18 17:35:10 |
Launchpad Janitor |
apache2 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2010-06-18 17:35:10 |
Launchpad Janitor |
cve linked |
|
2009-3555 |
|
| 2010-06-18 17:35:10 |
Launchpad Janitor |
cve linked |
|
2010-0408 |
|
| 2010-06-18 17:35:10 |
Launchpad Janitor |
cve linked |
|
2010-0434 |
|
| 2010-08-12 12:18:27 |
Marc Deslauriers |
cve unlinked |
2009-3555 |
|
|
| 2010-10-05 19:42:39 |
Florian Achleitner |
bug |
|
|
added subscriber Florian Achleitner |
| 2010-10-23 15:02:36 |
Joe Kislo |
nominated for series |
|
Ubuntu Lucid |
|
| 2010-10-24 08:16:04 |
Florian Achleitner |
apache2 (Ubuntu): status |
Fix Released |
Confirmed |
|
| 2010-10-24 08:31:06 |
Andreas Olsson |
apache2 (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2011-01-12 01:15:39 |
Alexander Fedorov |
bug |
|
|
added subscriber Alexander Fedorov |
| 2011-01-21 21:03:31 |
Launchpad Janitor |
branch linked |
|
lp:debian/sid/apache2 |
|
| 2011-06-25 09:36:05 |
Alex Tomlins |
bug |
|
|
added subscriber Alex Tomlins |
| 2011-10-04 03:31:44 |
Brad Marshall |
bug |
|
|
added subscriber The Canonical Sysadmins |
| 2011-10-04 19:10:11 |
Steve Magoun |
bug task added |
|
oem-priority |
|
| 2011-10-04 19:10:49 |
Steve Magoun |
nominated for series |
|
oem-priority/lucid |
|
| 2011-10-04 19:10:49 |
Steve Magoun |
bug task added |
|
oem-priority/lucid |
|
| 2011-10-04 19:11:38 |
Steve Magoun |
oem-priority/lucid: importance |
Undecided |
Medium |
|
| 2011-10-04 19:11:43 |
Steve Magoun |
oem-priority: importance |
Undecided |
Medium |
|
| 2011-10-24 19:32:45 |
Steve Magoun |
oem-priority: status |
New |
Triaged |
|
| 2011-10-24 19:32:46 |
Steve Magoun |
oem-priority/lucid: status |
New |
Triaged |
|
| 2011-10-24 22:19:30 |
Robbie Williamson |
bug task added |
|
apache2 (Ubuntu Lucid) |
|
| 2011-10-25 00:50:13 |
Robbie Williamson |
apache2 (Ubuntu Lucid): status |
New |
Confirmed |
|
| 2011-10-25 00:50:17 |
Robbie Williamson |
apache2 (Ubuntu Lucid): importance |
Undecided |
Medium |
|
| 2011-10-25 00:50:24 |
Robbie Williamson |
apache2 (Ubuntu Lucid): assignee |
|
Chuck Short (zulcss) |
|
| 2011-10-25 00:50:30 |
Robbie Williamson |
apache2 (Ubuntu Lucid): milestone |
|
lucid-updates |
|
| 2011-10-27 22:56:23 |
Launchpad Janitor |
branch linked |
|
lp:~jm-leddy/+junk/apache2 |
|
| 2011-11-15 18:47:06 |
Gary Lyons |
bug |
|
|
added subscriber Gary Lyons |
| 2011-11-30 14:10:32 |
Richard Bensch |
bug |
|
|
added subscriber Richard Bensch |
| 2011-12-02 01:14:45 |
James M. Leddy |
attachment added |
|
apache2.2-bin_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615355/+files/apache2.2-bin_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:23:13 |
James M. Leddy |
attachment added |
|
apache2.2-common_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615393/+files/apache2.2-common_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:23:25 |
James M. Leddy |
attachment added |
|
apache2_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615394/+files/apache2_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:23:42 |
James M. Leddy |
attachment added |
|
apache2-mpm-event_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615395/+files/apache2-mpm-event_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:23:44 |
James M. Leddy |
attachment added |
|
apache2-doc_2.2.14-5ubuntu8.8_all.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615396/+files/apache2-doc_2.2.14-5ubuntu8.8_all.deb |
|
| 2011-12-02 01:23:50 |
James M. Leddy |
attachment added |
|
apache2-mpm-itk_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615397/+files/apache2-mpm-itk_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:24:13 |
James M. Leddy |
attachment added |
|
apache2-mpm-prefork_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615398/+files/apache2-mpm-prefork_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:24:22 |
James M. Leddy |
attachment added |
|
apache2-mpm-worker_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615399/+files/apache2-mpm-worker_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:24:38 |
James M. Leddy |
attachment added |
|
apache2-prefork-dev_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615400/+files/apache2-prefork-dev_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:24:49 |
James M. Leddy |
attachment added |
|
apache2-suexec_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615401/+files/apache2-suexec_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:25:33 |
James M. Leddy |
attachment added |
|
apache2-suexec-custom_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615402/+files/apache2-suexec-custom_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:25:41 |
James M. Leddy |
attachment added |
|
apache2-threaded-dev_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615403/+files/apache2-threaded-dev_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 01:25:47 |
James M. Leddy |
attachment added |
|
apache2-utils_2.2.14-5ubuntu8.8_amd64.deb https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2615404/+files/apache2-utils_2.2.14-5ubuntu8.8_amd64.deb |
|
| 2011-12-02 21:59:47 |
James M. Leddy |
tags |
|
patch |
|
| 2011-12-02 21:59:59 |
James M. Leddy |
apache2 (Ubuntu): status |
Fix Released |
In Progress |
|
| 2011-12-02 22:00:10 |
James M. Leddy |
apache2 (Ubuntu Lucid): status |
Confirmed |
In Progress |
|
| 2011-12-02 22:01:42 |
James M. Leddy |
attachment added |
|
99-fix-mod-dav-permissions.dpatch https://bugs.launchpad.net/oem-priority/+bug/540747/+attachment/2617109/+files/99-fix-mod-dav-permissions.dpatch |
|
| 2011-12-02 22:05:56 |
James M. Leddy |
apache2 (Ubuntu): status |
In Progress |
Fix Released |
|
| 2011-12-05 20:14:51 |
Kevin Krafthefer |
oem-priority: status |
Triaged |
In Progress |
|
| 2011-12-05 20:15:12 |
Kevin Krafthefer |
oem-priority: assignee |
|
James M. Leddy (jm-leddy) |
|
| 2011-12-08 18:51:02 |
James M. Leddy |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2012-01-04 21:11:32 |
James M. Leddy |
description |
Binary package hint: apache2
I am a Git pull/push through Apache https user, and I also use the file-based protocol. Recently I noticed that the Git repository was filled with objects of permission -rw------ belonging to www-data, the Apache server username. After further digging, this is not Git's problem, but possibly mod_dav_fs's. In fact, any file transferred with a DAV "PUT" command results in said 0600 permissions.
Although this is arguably a feature of Ubuntu, I found that the behavior differs from a standard Apache server. To reproduce:
1) Download the original archive from http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz and build with "./configure --enable-dav-fs=shared --enable-dav-lock=shared --enable-dav=shared".
This should result in a mod_dav_fs.so library in modules/dav/fs/.libs. Place such a shared library in /usr/lib/apache/modules as a replacement for the one already there.
2) Set up a DAV location like so:
<IfModule dav_fs_module>
<Location "/test">
DAV on
</Location>
</IfModule>
3) Use "cadaver" to connect to your server and PUT a file in location "test". The idea is that the permissions come out as 0600 for the standard Lucid installation and 0644 for the vanilla Apache module.
Further evidence supporting the idea that the problem arises from Ubuntu packaging is the rather extensive modifications to mod_dav_fs code in the diff found at http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu3.diff.gz.
Thank you for your attention!
-Roy |
SRU information:
================
[Impact]
This bug stems from web dav modifying files to have permissions 600 instead of the standard 644. When this happens , it is impossible for Apache to then go serve out the pages. This basically makes the webdav unusable and makes a nasty crond chmod script necessary.
[Development Fix]
First fixed upstream, then brought down as part of apache 2.2.15-3
[Stable Fix]
see attached '99-fix-mod-dav-permissions.dpatch'
[Test Case]
1) Download the original archive from http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz and build with "./configure --enable-dav-fs=shared --enable-dav-lock=shared --enable-dav=shared".
This should result in a mod_dav_fs.so library in modules/dav/fs/.libs. Place such a shared library in /usr/lib/apache/modules as a replacement for the one already there.
2) Set up a DAV location like so:
<IfModule dav_fs_module>
<Location "/test">
DAV on
</Location>
</IfModule>
3) Use "cadaver" to connect to your server and PUT a file in location "test". The idea is that the permissions come out as 0600 for the standard Lucid installation and 0644 for the vanilla Apache module.
[Regression Potential]
Low. This has patch has already been applied upstream and is in use by however many 10.10, 11.04, and 11.10 users. The compiled LTS pachage has also tested by someone that is experiencing the original problem.
================
Original report:
================
Binary package hint: apache2
I am a Git pull/push through Apache https user, and I also use the file-based protocol. Recently I noticed that the Git repository was filled with objects of permission -rw------ belonging to www-data, the Apache server username. After further digging, this is not Git's problem, but possibly mod_dav_fs's. In fact, any file transferred with a DAV "PUT" command results in said 0600 permissions.
Although this is arguably a feature of Ubuntu, I found that the behavior differs from a standard Apache server. To reproduce:
1) Download the original archive from http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz and build with "./configure --enable-dav-fs=shared --enable-dav-lock=shared --enable-dav=shared".
This should result in a mod_dav_fs.so library in modules/dav/fs/.libs. Place such a shared library in /usr/lib/apache/modules as a replacement for the one already there.
2) Set up a DAV location like so:
<IfModule dav_fs_module>
<Location "/test">
DAV on
</Location>
</IfModule>
3) Use "cadaver" to connect to your server and PUT a file in location "test". The idea is that the permissions come out as 0600 for the standard Lucid installation and 0644 for the vanilla Apache module.
Further evidence supporting the idea that the problem arises from Ubuntu packaging is the rather extensive modifications to mod_dav_fs code in the diff found at http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu3.diff.gz.
Thank you for your attention!
-Roy |
|
| 2012-01-04 21:11:42 |
James M. Leddy |
oem-priority/lucid: status |
Triaged |
In Progress |
|
| 2012-01-23 20:29:51 |
Kevin Krafthefer |
oem-priority: status |
In Progress |
Won't Fix |
|
| 2012-01-25 18:57:35 |
James M. Leddy |
apache2 (Ubuntu Lucid): status |
In Progress |
Won't Fix |
|
| 2012-01-25 18:57:40 |
James M. Leddy |
oem-priority/lucid: status |
In Progress |
Won't Fix |
|
| 2012-02-26 13:25:24 |
Colin Watson |
apache2 (Ubuntu Lucid): status |
Won't Fix |
In Progress |
|
| 2012-03-05 16:37:39 |
Martin Pitt |
apache2 (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
| 2012-03-05 16:37:43 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
| 2012-03-05 16:37:51 |
Martin Pitt |
tags |
patch |
patch verification-needed |
|
| 2012-03-05 19:14:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/apache2 |
|
| 2012-03-05 21:38:37 |
Colin Watson |
tags |
patch verification-needed |
patch verification-done |
|
| 2012-03-14 19:48:13 |
Launchpad Janitor |
apache2 (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
| 2012-03-14 20:30:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-updates/apache2 |
|
