Bug#505178: marked as done (changing user does not clear supplementary group entries)

Fri, 21 Nov 2008 15:28:48 -0800 

Your message dated Fri, 21 Nov 2008 23:17:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#505178: fixed in tor 0.2.0.32-1
has caused the Debian Bug report #505178,
regarding changing user does not clear supplementary group entries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
505178: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505178
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: tor
Version: 0.2.0.31-1
Severity: serious
Tags: security

>From the 0.2.1.7-alpha chlog:
| The "User" and "Group" config options did not clear the supplementary
| group entries for the Tor process. The "User" option is now more
| robust, and we now set the groups to the specified user's primary
| group.  The "Group" option is now ignored. For more detailed logging
| on credential switching, set CREDENTIAL_LOG_LEVEL in common/compat.c
| to LOG_NOTICE or higher. Patch by Jacob Appelbaum and Steven Murdoch.
| Bugfix on 0.0.2pre14. Fixes bug 848.

A fix will be part of the upcoming 0.2.0.32 stable update.

--- End Message ---
--- Begin Message --- 
Source: tor
Source-Version: 0.2.0.32-1

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive:

tor-dbg_0.2.0.32-1_i386.deb
  to pool/main/t/tor/tor-dbg_0.2.0.32-1_i386.deb
tor-geoipdb_0.2.0.32-1_all.deb
  to pool/main/t/tor/tor-geoipdb_0.2.0.32-1_all.deb
tor_0.2.0.32-1.diff.gz
  to pool/main/t/tor/tor_0.2.0.32-1.diff.gz
tor_0.2.0.32-1.dsc
  to pool/main/t/tor/tor_0.2.0.32-1.dsc
tor_0.2.0.32-1_i386.deb
  to pool/main/t/tor/tor_0.2.0.32-1_i386.deb
tor_0.2.0.32.orig.tar.gz
  to pool/main/t/tor/tor_0.2.0.32.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <[EMAIL PROTECTED]> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 21 Nov 2008 23:33:15 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all i386
Version: 0.2.0.32-1
Distribution: unstable
Urgency: high
Maintainer: Peter Palfrader <[EMAIL PROTECTED]>
Changed-By: Peter Palfrader <[EMAIL PROTECTED]>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Closes: 505178
Changes: 
 tor (0.2.0.32-1) unstable; urgency=high
 .
   * New upstream version.
     - Properly drops privileges when being configured to do
       so (closes: #505178).
   * No longer set now obsolete Group setting in built-in debian config.
Checksums-Sha1: 
 ef74f70e94572df6e2ad27cac3c07598b22af726 1156 tor_0.2.0.32-1.dsc
 0e48d0706f1717afc6d19228a8878c3bc379b25d 2159864 tor_0.2.0.32.orig.tar.gz
 6c5bf23490e45554420420f330167c33f37087b1 77961 tor_0.2.0.32-1.diff.gz
 821b2847b71eaeee7393f1acc808540c026562a5 711338 tor-geoipdb_0.2.0.32-1_all.deb
 7eba05993bb7abe5315dda43545b9bc5e1de16fc 1210790 tor_0.2.0.32-1_i386.deb
 edfa2a2e587072562d6edd886fa860d34b57edb5 841464 tor-dbg_0.2.0.32-1_i386.deb
Checksums-Sha256: 
 fa0eb5d574a2fa3e687a52f2976f8a30dc357a27de3864a90efc34841ecdb42d 1156 
tor_0.2.0.32-1.dsc
 66669aa2cb74e7b0cf13db05472d88422f42c9c0129ce95ecd463aa123925d27 2159864 
tor_0.2.0.32.orig.tar.gz
 6c41fd533b26ed125a69afe11790dd30e65871c10e0da32cbb49acf2d67e6c2a 77961 
tor_0.2.0.32-1.diff.gz
 157d814e108d98124f4dd71bdf2de8b1d74caa1afb370480228247a5870e3b34 711338 
tor-geoipdb_0.2.0.32-1_all.deb
 85b796147a89e888078159c292310a608bed76cb3d823fa07b614789cf9bff97 1210790 
tor_0.2.0.32-1_i386.deb
 63ef759f8cddce9e78f7ec74b6c281057bb538244f918ca315d66668b5f9d8d7 841464 
tor-dbg_0.2.0.32-1_i386.deb
Files: 
 5fe4cb6a724987d8dc6c56a6b84ad8aa 1156 comm optional tor_0.2.0.32-1.dsc
 fd55489f7ad1ef53c0b0dac857696fc9 2159864 comm optional tor_0.2.0.32.orig.tar.gz
 dfa01d8a79a1476bc8cc0f9c1d1536bf 77961 comm optional tor_0.2.0.32-1.diff.gz
 d0214914c7c8cc419d210163aea58261 711338 comm extra 
tor-geoipdb_0.2.0.32-1_all.deb
 9d98f46fe344937e6a6a9918b109dbb1 1210790 comm optional tor_0.2.0.32-1_i386.deb
 f0f163a952d782bf6dc5a777a61b812b 841464 comm extra tor-dbg_0.2.0.32-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJJz6zz/ccs6+kS90RAoAEAJ4qcPHjhbQzhawOLOtyNf1cDCFsqACePDgf
fRjGF6iHe4fygwa2Kn2bq4I=
=IPrL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to