Bug#593633: marked as done (kgb-bot: dies when polygen is removed after daemon startup)

Fri, 10 Sep 2010 13:45:21 -0700 

Your message dated Fri, 10 Sep 2010 20:41:52 +0000
with message-id <[email protected]>
and subject line Bug#593633: fixed in kgb-bot 1.05-1
has caused the Debian Bug report #593633,
regarding kgb-bot: dies when polygen is removed after daemon startup
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
593633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593633
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: kgb-bot
Version: 1.03-1
Severity: important

Scenario:

 1. kgb-bot starts and detects polygen.
 2. aptitude remove polygen. since polygen is only a recommendation, 
    everything goes fine.
 3. someone talks to the bot
 4. the bot tries to reply using a polygen wisdom, but fails to run 
    the polygen binary and terminates

Sounds like a recipe for a DoS (although it requires that the local 
admin removed polygen, not really exploitable).

The fix would be to (a) detect polygen when needed (so that the 
upgrade of polygen ans subsequential move from /usr/bin to /usr/games 
doesn't go undetected) and (b) handle missing binary gracefuly.


-- System Information:
Debian Release: 5.0.5
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kgb-bot depends on:
ii  adduser                  3.110           add and remove users and groups
ii  kgb-client               1.01-3          client for KGB (IRC collaboration 
ii  libdigest-sha1-perl      2.11-2+b1       NIST SHA-1 message digest algorith
ii  libpoe-component-irc-per 5.84+dfsg-1     a fully event-driven IRC client mo
ii  libpoe-component-server- 1.12-1          POE component to publish event han
ii  libpoe-perl              2:1.0003-1      event driven component architectur
ii  libproc-pid-file-perl    1.24-6          Perl module for managing process i
ii  libyaml-perl             0.66-1          YAML Ain't Markup Language (tm)
ii  perl                     5.10.0-19lenny2 Larry Wall's Practical Extraction 

kgb-bot recommends no packages.

Versions of packages kgb-bot suggests:
ii  libipc-run-perl               0.80-2     Perl module for running processes
pn  polygen                       <none>     (no description available)

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: kgb-bot
Source-Version: 1.05-1

We believe that the bug you reported is fixed in the latest version of
kgb-bot, which is due to be installed in the Debian FTP archive:

kgb-bot_1.05-1.diff.gz
  to main/k/kgb-bot/kgb-bot_1.05-1.diff.gz
kgb-bot_1.05-1.dsc
  to main/k/kgb-bot/kgb-bot_1.05-1.dsc
kgb-bot_1.05-1_all.deb
  to main/k/kgb-bot/kgb-bot_1.05-1_all.deb
kgb-bot_1.05.orig.tar.gz
  to main/k/kgb-bot/kgb-bot_1.05.orig.tar.gz
kgb-client-git_1.05-1_all.deb
  to main/k/kgb-bot/kgb-client-git_1.05-1_all.deb
kgb-client_1.05-1_all.deb
  to main/k/kgb-bot/kgb-client_1.05-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Damyan Ivanov <[email protected]> (supplier of updated kgb-bot package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 10 Sep 2010 22:49:25 +0300
Source: kgb-bot
Binary: kgb-bot kgb-client kgb-client-git
Architecture: source all
Version: 1.05-1
Distribution: unstable
Urgency: low
Maintainer: Debian KGB Maintainers <[email protected]>
Changed-By: Damyan Ivanov <[email protected]>
Description: 
 kgb-bot    - IRC collaboration bot
 kgb-client - client for KGB (IRC collaboration bot)
 kgb-client-git - client for KGB (IRC collaboration bot) - Git support
Closes: 593631 593633
Changes: 
 kgb-bot (1.05-1) unstable; urgency=low
 .
   [ gregor herrmann, Damyan Ivanov ]
   * kgb-bot: use File::Which to find polygen binary; split out the
     polygen-finding function; add libfile-which-perl to Suggests;
     closes: #593631 -- can't access /usr/bin/polygen
   * kgb-bot: check existence of polygen binary just before using it;
     closes: #593633 -- dies when polygen is removed after daemon startup
   * any problems in finding/running polygen binary are logged only when debug
     is enabled as a counter-measure against remotely-assisted log abuse
Checksums-Sha1: 
 e815ae6e78aa4a127e8cc2bcaebbbe69c3046e15 2252 kgb-bot_1.05-1.dsc
 92bb53ee57f0dd5cb2e5bb27a1b0f1c917cc110b 41903 kgb-bot_1.05.orig.tar.gz
 984ecc0adbfb734d71b01f4aee535a26acd91737 6944 kgb-bot_1.05-1.diff.gz
 9004b766a5fc05646bd4e68cc7729b6c51493cd3 21490 kgb-bot_1.05-1_all.deb
 91869cb153cd6f18fb9e76c2dd97f7d75507793d 38446 kgb-client_1.05-1_all.deb
 d94466ae2ce1a7b6703aca03cfda80f6ca6eac06 16250 kgb-client-git_1.05-1_all.deb
Checksums-Sha256: 
 a31213678bc613a05a5b777a9a2408aaeb6f2ab2bb2ac9de82a7795bcb346b63 2252 
kgb-bot_1.05-1.dsc
 abae4d2fdc5f2bcd675e3005440445274dac9f34baa0144aa18e4b504e7343ff 41903 
kgb-bot_1.05.orig.tar.gz
 5cd681d4a509e60e29491285e4b334f2ff0a308dd390d655bb6ea8831b7f24a8 6944 
kgb-bot_1.05-1.diff.gz
 af0add3bd4416900f72fce54011a8ea0aaf69b2a78841083e3e067173f1dd625 21490 
kgb-bot_1.05-1_all.deb
 2a5ad4ec4b5e6112f54399765449eec5e59760271b1325b6e3e7de2ec8563d80 38446 
kgb-client_1.05-1_all.deb
 04654e5611fbc140931acdb62b3ad662723ce9c18243bb2d2ef17571e9371d6a 16250 
kgb-client-git_1.05-1_all.deb
Files: 
 9ef60a071cde2d96310d3275ea43b02a 2252 devel optional kgb-bot_1.05-1.dsc
 24bef3363a58ba4c8d37be629bfd35de 41903 devel optional kgb-bot_1.05.orig.tar.gz
 29524626d41b881987b045b6b753fce8 6944 devel optional kgb-bot_1.05-1.diff.gz
 09086a96da3f190d49357809935cf237 21490 devel optional kgb-bot_1.05-1_all.deb
 1f6b0d1b8f40211b2d94618d50927305 38446 devel optional kgb-client_1.05-1_all.deb
 544c66bcee364afce795e498186fc33e 16250 devel optional 
kgb-client-git_1.05-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJMio8dAAoJEOQbTFV/DYC+4UoP/2lvzqDPfAVY73LZAwJCo/AJ
N43nzoiedRbseGrgYSR4u9jpUxRrY3tDGmnvJqcpkgCiDVhZfBYW6oj0zPVzigMH
fwxrjNwC6asmN8DcfsLn39QzZ9QCqFkoWOAU1Kz7IyGDMLOkWeqryG071nSujNwe
MaZoHBNAPuu6mc7Ho7WEHVuB75tYo8j/6f2CIDCEJHBa3q9CCsNKOg6EiIfMt5UE
3olwmrXX/hpNpWwkyNZuay3PZxrv5kOsx3Bf2OnnML9J+xc5Fg7dRNNHwgw0L18q
/dmH6iSXQJM01ahqSuwFDff1k7LVoJL+Q2KrxDMz+0E/z47IHfvd0XvYGLZk3vFO
jXttQFlSaBvNPNpx6tAv4LEHtmXj4uQJTQ5cwLXaxY/Zv8kRV5gJVH2nN0G5+LFI
5jiRj3nZcqlofqUFT7NHn6sBajuRXKbCWceLsxu5mJ8/RlkB6fzJ16LtbLm4HIFg
OUxrntxVjB7t1FOPiHjyBpv6Q+c1uVHmmtTyYfLyt/NnTDEaZvENkQxTIHce+rM8
Zsa3wdkFec/4+SldNZXcT29GYSS0tKOpWu7nCTwfHDicTxWwY4trY5LoFVpITNeQ
8wWsOdXlaIMBECxG5SkL/1WkPqY2IGZUCPAS/g6fT7g7fe99VgGO14BfcAU0Nnn8
MTHdAtd1QIsY5z57hvo8
=zpU9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to