Your message dated Fri, 26 May 2006 16:32:14 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#355639: fixed in nvi 1.79-23
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: nvi
Version: 1.79-22
Just a warning; after checking my /etc/init.d, I notice that
/etc/init.d/nvi script will fall foul to this one.
Julian
----- Forwarded message from Christian Perrier <[EMAIL PROTECTED]> -----
Date: Mon, 6 Mar 2006 07:18:54 +0100
From: Christian Perrier <[EMAIL PROTECTED]>
Subject: Announcing changes in su
To: [email protected]
Mail-Followup-To: [email protected]
(initially sent to -devel by Nicolas Fran?ois and re-sent here after
some advices received in private, to give better visibility. The
message has been mostly elaborated by Nicolas who I thank for all the
great and patient work on this issue)
Hello,
Introduction
============
As reported in #276419, su in the login Debian package doesn't permit to
specify options to the invoked shell and doesn't respect quoted arguments.
We plan to revert this behavior and follow su's documentation and other
implementations.
Short details
=============
Packages passing a command in argument to su must use su's -c option
and must quote the command if it contains a space.
For example:
su - root -c "ls -l /"
The following commands won't work anymore:
su - root -c ls -l /
su - root "ls -l /"
su - root ls -l /
There will be no problems for backports. -c can be used and arguments
quoted, with the past and future versions.
Needed adaptations
==================
We tried to find the packages that will be affected by this transition.
We did not audit the full archive, but focused on [1]:
* maintainer scripts [2]
* packages with an init.d script (based on a sid Contents-i386)
* packages with an cron script (based on a sid Contents-i386)
* native packages (on sid i386)
(In general, archives embedded in source packages were not checked)
Package needing changes
-----------------------
Micah Anderson <[EMAIL PROTECTED]>
backupninja-0.9.2/handlers/pgsql
backupninja-0.9.2/handlers/mysql
backupninja-0.9.2/examples/example.rdiff
Raphael Bossek <[EMAIL PROTECTED]>
python-4suite-0.99cvs20051115/debian/python-4suite-server.init.d
Phil Brooke <[EMAIL PROTECTED]>
yiff-2.14.2/build_and_install
Arnaud Kyheng <[EMAIL PROTECTED]>
gnunet-0.7.0b/contrib/init_gnunet_ubuntu
Brian May <[EMAIL PROTECTED]>
amavisd-new-2.3.3/debian/amavisd-new.cron.daily
Peter Palfrader <[EMAIL PROTECTED]>
echolot-2.1.8/debian/echolot.init
To be checked
-------------
Roderick Schertler <[EMAIL PROTECTED]>
debget-1.5/debget
(It should be OK. According to the code, it works with GNU su)
maybe
-----
Stefan Hornburg (Racke) <[EMAIL PROTECTED]>
courier-0.52.1/courier.lpspec(.in)? (maybe not used on Debian)
courier-0.52.1/courier.spec(.in)? (maybe not used on Debian)
Kenneth J. Pronovici <[EMAIL PROTECTED]>
cedar-backup2-2.7.2/CedarBackup2/peer.py (depends on executeCommand)
Arnaud Quette <[EMAIL PROTECTED]>
nut-2.0.2/scripts/HP-UX/nut-drvctl.sh (maybe not used on Debian)
nut-2.0.2/scripts/HP-UX/nut-upsd.sh (maybe not used on Debian)
Taku YASUI <[EMAIL PROTECTED]>
murasaki-0.8.11/scripts/printer (su $USER -c $CMD, $CMD may have a
space)
Debian Webmin maintainers <[EMAIL PROTECTED]>
usermin-1.160/cron/config-aix (maybe not used on Debian)
usermin-1.160/web-lib-funcs.pl
usermin-1.160/shell/index.cgi
usermin-1.160/fetchmail/check.pl
usermin-1.160/commands/run.cgi
usermin-1.160/postgresql/postgresql-lib.pl
webmin-1.230/web-lib-funcs.pl
webmin-1.230/cron/config-aix
webmin-1.230/custom/run.cgi
In comments or documentation
----------------------------
Clint Adams <[EMAIL PROTECTED]>
bricolage-1.8.8/bin/bric_ftpd
Joel Aelwyn <[EMAIL PROTECTED]>
debpool-0.2.2/debian/README.User
Debian Qt/KDE Maintainers <[email protected]>
kdenetwork-3.5.0/kopete/protocols/meanwhile/README
Henrique de Moraes Holschuh <[EMAIL PROTECTED]>
cyrus21-imapd-2.1.18/debian/cyrus21-common.postinst
Robert Jordens <[EMAIL PROTECTED]>
remstats-1.0.13a/INSTALL
remstats-1.0.13a/docs/book.tex (and other formats)
remstats-1.0.13a/docs/install-user.pod
remstats-1.0.13a/docs/install.pod
remstats-1.0.13a/docs/install.txt
Matthias Klose <[EMAIL PROTECTED]>
sqlrelay-0.36.4/doc/gettingstarted/interbase.html
Guus Sliepen <[EMAIL PROTECTED]>
dhis-client-5.3/README
Craig Small <[EMAIL PROTECTED]>
lprng-3.8.28/DOCS/LPRng-Reference.html
lprng-3.8.28/DOCS/LPRng-Reference.sgml
lprng-3.8.28/DOCS/LPRng-Reference-Multipart/x9198.htm
Jonas Smedegaard <[EMAIL PROTECTED]>
pop-before-smtp-1.36/contrib/README.rootless-install
Transition plan
===============
A package will be first available for testing on experimental in the
next days. We will announce this in d-d-a.
If you know that your package uses su, it would be nice if you could test
it with the login package from experimental.
The SU_NO_SHELL_ARGS environment variable will restore the previous
behavior. The support for this variable should be dropped after Etch.
login will conflict with the packages of the first category. When fixed,
these packages do not need a versionned dependency on login.
Recommandation
==============
You should follow the following synopsis for your su commands.
(This will give you more chance to be portable and to work on
POSIXLY_CORRECT environments)
su [options] [-] [username [args]]
[args] are arguments passed to the shell
Specifically:
* It is preferable to provide -c in [args] rather than in [options].
* su - root -p doesn't work if the POSIXLY_CORRECT environment
variable is set.
The following packages don't follow these rules:
Stefan Hornburg (Racke) <[EMAIL PROTECTED]>
interchange-5.3.2/debian/interchange.cron.daily
interchange-5.3.2/scripts/restart.PL
Michael Biebl <[EMAIL PROTECTED]>
powersave-0.9.25/scripts/wm_shutdown
powersave-0.9.25/scripts/do_screen_saver
powersave-0.9.25/scripts/wm_logout
powersave-0.9.25/scripts/x_helper_functions
Popularity Contest Developers <[EMAIL PROTECTED]>
popularity-contest-1.31/debian/cron.weekly
popularity-contest-1.31/FAQ
Robert Luberda <[EMAIL PROTECTED]>
dwww-1.9.26/dwww-format-man
Andreas Metzler <[EMAIL PROTECTED]>
findutils-4.2.26/locate/updatedb.sh
Paul Waite <[EMAIL PROTECTED]>
axyl-2.1.9/db/postgres/install-db.sh
Debian Webmin maintainers <[EMAIL PROTECTED]>
usermin-1.160/web-lib-funcs.pl
usermin-1.160/commands/run.cgi
webmin: ditto
[1] The rationale is that we consider there is a greater chance to find
problems on Debian specific packages/scripts since it would have fail
on other OS (on RedHat, Gentoo, Mandriva, SunOS).
Probably 10% of the archive was audited.
[2] Thanks to Bill Allombert
http://lists.debian.org/debian-devel/2005/11/msg01215.html
----- End forwarded message -----
--- End Message ---
--- Begin Message ---
Source: nvi
Source-Version: 1.79-23
We believe that the bug you reported is fixed in the latest version of
nvi, which is due to be installed in the Debian FTP archive:
nvi_1.79-23.diff.gz
to pool/main/n/nvi/nvi_1.79-23.diff.gz
nvi_1.79-23.dsc
to pool/main/n/nvi/nvi_1.79-23.dsc
nvi_1.79-23_i386.deb
to pool/main/n/nvi/nvi_1.79-23_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Greenland <[EMAIL PROTECTED]> (supplier of updated nvi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 26 May 2006 18:06:04 -0500
Source: nvi
Binary: nvi
Architecture: source i386
Version: 1.79-23
Distribution: unstable
Urgency: low
Maintainer: Steve Greenland <[EMAIL PROTECTED]>
Changed-By: Steve Greenland <[EMAIL PROTECTED]>
Description:
nvi - 4.4BSD re-implementation of vi
Closes: 193498 195914 220049 276051 294767 340742 355639 360168 367933
Changes:
nvi (1.79-23) unstable; urgency=low
.
* Update config.sub and config.guess during build (closes: #195914)
* Adjust priorities so that vim-tiny replaces nvi as default minimal vi
without changing vi alternative on upgrade. (closes: #367933,#360168)
* Fix invocation of su in init.d/nvi to use quotes (closes: #355639)
* Fix crash due to buggy '(' movement, patch from Tommy Pettersson
(closes: #193498)
* Always use -f for rm in init.d/nvi to avoid prompting/hangs during
boot (closes: #220049)
* More 64bit regex breakage fixes from Al Viro (closes: #276051)
* Remove spurious space from init.d/nvi output (closes: #294767)
* In init.d/nvi output, distinguish between finding sessions to recover
and otherwise (closes: #340742)
* update debhelper compatibility to v5.
Files:
2712b816124aa00e5e12f495f5139850 570 editors optional nvi_1.79-23.dsc
21391732ab33cbf14fcd7918bace1c86 13503 editors optional nvi_1.79-23.diff.gz
06c46b9d6f4e6ce959f8692818f9dd21 293570 editors optional nvi_1.79-23_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEd4uhdiZsUPux21MRAmQWAJ93VJUP7av0CsB5G2LS4+tXXatE7gCfXj6n
XAk0J57XvhYPYQPwuNYqBLE=
=Pyze
-----END PGP SIGNATURE-----
--- End Message ---
