Bug#991075: marked as done (jailkit: python2 code causes jk_update to fail, leaving outdated jails)

[Debian Bug Tracking System]

Your message dated Fri, 16 Jul 2021 16:18:34 +0000
with message-id <e1m4qxq-000bxs...@fasolo.debian.org>
and subject line Bug#991075: fixed in jailkit 2.21-4
has caused the Debian Bug report #991075,
regarding jailkit: python2 code causes jk_update to fail, leaving outdated jails
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991075: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: jailkit
Version: 2.21-3
Severity: important

Dear Maintainer,

  The jailkit package needs updated to from upstream.  In particular
there is a bugfix for some python2 code within jk_update which causes
it to fail, which has security implications (jails can no longer
be updated with package/security updates to the base system).

  If for some reason the package cannot be updated to the current
version, I have tested the changes at
https://cvs.savannah.nongnu.org/viewvc/jailkit/jailkit/py/jk_update.in?r1=1.16&r2=1.17
and they are adequate to allow jk_update to run.

Thanks!


-- System Information:
Debian Release: 10.10
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_SOFTLOCKUP
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages jailkit depends on:
ii  libc6    2.28-10
ii  python3  3.7.3-1

jailkit recommends no packages.

jailkit suggests no packages.

-- Configuration Files:
/etc/jailkit/jk_chrootsh.ini changed:
[DEFAULT]
skip_injail_passwd_check=1
injail_shell=/bin/bash
env = TERM, PATH, LANG

/etc/jailkit/jk_init.ini changed:
[uidbasics]
comment = common files for all jails that need user/group information
paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, 
/lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, 
/lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, 
/lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.1, 
/lib/arm-linux-gnueabihf/libnss*.so.2, /lib/aarch64-linux-gnu/libnsl.so.1, 
/lib/aarch64-linux-gnu/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf
[netbasics]
comment = common files for all jails that need any internet connectivity
paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, 
/lib/i386-linux-gnu/libnss_dns.so.2, /lib/x86_64-linux-gnu/libnss_dns.so.2, 
/lib/arm-linux-gnueabihf/libnss_dns.so.2, 
/lib/aarch64-linux-gnu/libnss_dns.so.2, /etc/resolv.conf, /etc/host.conf, 
/etc/hosts, /etc/protocols, /etc/services, /etc/ssl/certs/, /usr/lib/ssl/certs
[logbasics]
comment = timezone information and log sockets
paths = /etc/localtime
need_logsocket = 1
[jk_lsh]
comment = Jailkit limited shell
paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
users = root
groups = root
includesections = uidbasics, logbasics
[limitedshell]
comment = alias for jk_lsh
includesections = jk_lsh
[cvs]
comment = Concurrent Versions System
paths = cvs
devices = /dev/null
[git]
comment = Fast Version Control System
paths = /usr/bin/git*, /usr/lib/git-core, /usr/share/git-core, /usr/bin/pager
includesections = editors, perl, netbasics, basicshell, coreutils
[scp]
comment = ssh secure copy
paths = scp
includesections = netbasics, uidbasics
devices = /dev/urandom
[sftp]
comment = ssh secure ftp
paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, 
/usr/lib/misc/sftp-server, /usr/libexec/sftp-server, 
/usr/lib/openssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
[ssh]
comment = ssh secure shell
paths = ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null
[rsync]
paths = rsync
includesections = netbasics, uidbasics
[procmail]
comment = procmail mail delivery
paths = procmail, /bin/sh
devices = /dev/null
[basicshell]
comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, 
false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, 
rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, 
/etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, 
/usr/lib/locale/en_US.utf8, uname, expr, xargs
users = root
groups = root
includesections = uidbasics
[midnightcommander]
comment = Midnight Commander
paths = mc, mcedit, mcview, /usr/share/mc
includesections = basicshell, terminfo
[extendedshell]
comment = bash shell including things like awk, bzip, tail, less
paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, 
md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
includesections = basicshell, midnightcommander, editors
[terminfo]
comment = terminfo databases, required for example for ncurses or vim 
paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo
[editors]
comment = vim, joe and nano
includesections = terminfo
paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim
[netutils]
comment = several internet utilities like wget, ftp, rsync, scp, ssh
paths = wget, lynx, ftp, host, rsync, smbclient
includesections = netbasics, ssh, sftp, scp
[apacheutils]
comment = htpasswd utility
paths = htpasswd
[extshellplusnet]
comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils
[openvpn]
comment = jail for the openvpn daemon
paths = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1
[apache]
comment = the apache webserver, very basic setup, probably too limited for you
paths = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics
[perl]
comment = the perl interpreter and libraries
paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
[xauth]
comment = getting X authentication to work
paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
[xclients]
comment = minimal files for X clients
paths = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth
[vncserver]
comment = the VNC server program
paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
includesections = xclients
[ping]
comment = Ping program
paths_w_setuid = /bin/ping
[coreutils]
comment = non-sbin progs from coreutils
paths = cat, chgrp, chmod, chown, cp, date, dd, df, dir, echo, false, ln, ls, 
mkdir, mknod, mktemp, mv, pwd, readlink, rm, rmdir, sleep, stty, sync, touch, 
true, uname, vdir, [, arch, b2sum, base32, base64, basename, chcon, cksum, 
comm, csplit, cut, dircolors, dirname, du, env, expand, expr, factor, fmt, 
fold, groups, head, hostid, id, install, join, link, logname, md5sum, mkfifo, 
nice, nl, nohup, nproc, numfmt, od, paste, pathchk, pinky, pr, printenv, 
printf, ptx, realpath, runcon, seq, sha1sum, sha224sum, sha256sum, sha384sum, 
sha512sum, shred, shuf, sort, split, stat, stdbuf, sum, tac, tail, tee, test, 
timeout, tr, truncate, tsort, tty, unexpand, uniq, unlink, users, wc, who, 
whoami, yes, md5sum.textutils
[wp]
comment = WordPress Command Line
paths = wp, /usr/local/bin/php
includesections = php, mysql-client
[mysql-client]
comment = mysql client
paths = mysql, mysqldump, mysqlshow, /usr/lib/libmysqlclient.so, 
/usr/lib/i386-linux-gnu/libmariadb.so.3, /usr/lib/i386-linux-gnu/mariadb19, 
/usr/lib/x86_64-linux-gnu/libmariadb.so.3, /usr/lib/x86_64-linux-gnu/mariadb19, 
/usr/lib/arm-linux-gnueabihf/libmariadb.so.3, 
/usr/lib/arm-linux-gnueabihf/mariadb19, 
/usr/lib/aarch64-linux-gnu/libmariadb.so.3, /usr/lib/aarch64-linux-gnu/mariadb19
includesections = netbasics
[composer]
comment = composer
paths = composer, /usr/local/bin/composer, /usr/share/doc/composer
includesections = php, uidbasics, netbasics
[node]
comment = NodeJS
paths = npm, node, nodejs, /usr/lib/nodejs, /usr/share/npm, 
/usr/share/node-mime, /usr/lib/node_modules, /usr/local/lib/nodejs, 
/usr/local/lib/node_modules, elmi-to-json, /usr/local/bin/elmi-to-json
[env]
comment = /usr/bin/env for environment variables
paths = env
[php]
comment = default php version and libraries
paths = /usr/bin/php
includesections = php_common, php7_3
[php_common]
comment = common php directories and libraries
paths = /usr/bin/php, /usr/lib/php/, /usr/share/php/, /usr/share/zoneinfo/
includesections = env, logbasics, netbasics
[php5_6]
comment = php version 5.6
paths = /usr/bin/php5.6, /usr/lib/php/5.6/, /usr/lib/php/20131226/, 
/usr/share/php/5.6/, /etc/php/5.6/cli/, /etc/php/5.6/mods-available/
includesections = php_common
[php7_0]
comment = php version 7.0
paths = /usr/bin/php7.0, /usr/lib/php/7.0/, /usr/lib/php/20151012/, 
/usr/share/php/7.0/, /etc/php/7.0/cli/, /etc/php/7.0/mods-available/
includesections = php_common
[php7_1]
comment = php version 7.1
paths = /usr/bin/php7.1, /usr/lib/php/7.1/, /usr/lib/php/20160303/, 
/usr/share/php/7.1/, /etc/php/7.1/cli/, /etc/php/7.1/mods-available/
includesections = php_common
[php7_2]
comment = php version 7.2
paths = /usr/bin/php7.2, /usr/lib/php/7.2/, /usr/lib/php/20170718/, 
/usr/share/php/7.2/, /etc/php/7.2/cli/, /etc/php/7.2/mods-available/
includesections = php_common
[php7_3]
comment = php version 7.3
paths = /usr/bin/php7.3, /usr/lib/php/7.3/, /usr/lib/php/20180731/, 
/usr/share/php/7.3/, /etc/php/7.3/cli/, /etc/php/7.3/mods-available/
includesections = php_common
[php7_4]
comment = php version 7.4
paths = /usr/bin/php7.4, /usr/lib/php/7.4/, /usr/lib/php/20190902/, 
/usr/share/php/7.4/, /etc/php/7.4/cli/, /etc/php/7.4/mods-available/
includesections = php_common
[imagemagick]
comment = ImageMagick needed for php-imagemagick extension
paths = /usr/share/ImageMagick-*, /etc/ImageMagick-*, 
/usr/lib/i386-linux-gnu/ImageMagick-*, /usr/lib/x86_64-linux-gnu/ImageMagick-*, 
/usr/lib/arm-linux-gnueabihf/ImageMagick-*, 
/usr/lib/aarch64-linux-gnu/ImageMagick-*
[php8_0]
comment = php version 8.0
paths = /usr/bin/php8.0, /usr/lib/php/8.0/, /usr/lib/php/20200930/, 
/usr/share/php/8.0/, /etc/php/8.0/cli/, /etc/php/8.0/mods-available/
includesections = php_common

/etc/jailkit/jk_socketd.ini changed:
[/var/www/clients/client3/web2/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client1/web10/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client8/web17/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client17/web26/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client11/web40/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client23/web42/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client24/web43/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client1/web7/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client5/web27/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client10/web48/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client25/web49/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client5/web50/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client5/web32/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client27/web51/dev/log]
base=512
peak=2048
interval=10
[/var/www/clients/client1/web53/dev/log]
base=512
peak=2048
interval=10


-- no debconf information

-- debsums errors found:
debsums: changed file /usr/sbin/jk_update (from jailkit package)

--- End Message ---

--- Begin Message ---

Source: jailkit
Source-Version: 2.21-4
Done: Joao Eriberto Mota Filho <eribe...@debian.org>

We believe that the bug you reported is fixed in the latest version of
jailkit, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 991...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joao Eriberto Mota Filho <eribe...@debian.org> (supplier of updated jailkit 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 16 Jul 2021 11:31:18 -0300
Source: jailkit
Architecture: source
Version: 2.21-4
Distribution: unstable
Urgency: medium
Maintainer: Joao Eriberto Mota Filho <eribe...@debian.org>
Changed-By: Joao Eriberto Mota Filho <eribe...@debian.org>
Closes: 991075
Changes:
 jailkit (2.21-4) unstable; urgency=medium
 .
   * debian/control: bumped Standards-Version to 4.5.1.
   * debian/copyright: updated upstream and packaging copyright years.
   * debian/patches/040_fix-crash-jk_update.patch: created to migrate two lines
     from Python2 to 3, fixing Python3 compatibility and avoiding a crash when
     updating the jail. (Closes: #991075)
Checksums-Sha1:
 a0597719553b20d2c98f564d345cc410516f1d8f 1868 jailkit_2.21-4.dsc
 19ce025b23ba1fd2a2f155b56357091b6f12c26f 15960 jailkit_2.21-4.debian.tar.xz
 5212459cee8983bab79aeeb3b038e8a627c9c3fb 5900 jailkit_2.21-4_source.buildinfo
Checksums-Sha256:
 3e5a97dc2b8731e4c3f02e4d57ae7a13856b871f82b3489d1a83f0b92f3f422e 1868 
jailkit_2.21-4.dsc
 a367cc9be34e684511ff600e8274f583a677a000bf50ffdd856b0223bbe1bb4a 15960 
jailkit_2.21-4.debian.tar.xz
 cafbac7f0902b96757bf0c9f2ca3733ad9bf1b90bb6549101d5718626dd3010b 5900 
jailkit_2.21-4_source.buildinfo
Files:
 6c22ab220addcb9e17c730ab4b29166d 1868 utils optional jailkit_2.21-4.dsc
 a843bd28815659de2599d4ef6411c4b0 15960 utils optional 
jailkit_2.21-4.debian.tar.xz
 b29cd97b5ed6e2cfa9d284bc36140eb5 5900 utils optional 
jailkit_2.21-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENX3LDuyVoBrrofDS3mO5xwTr6e8FAmDxrF8ACgkQ3mO5xwTr
6e+zfg//WObuFj6v+JeJt1gCcIX3/qyAlNdaQtnlDxp+fPW2St9FrXdWRTkzh00z
VFIlTDH13ZzquyNG/lUUOYSOtOivkraVnB2E2pXv3boAXe/ZMHszyQqjtjJh0Faw
EvtXmgWTnRExVNrQwDqSN1puOUa+9As/XsfsHORANQF6YnJZ6OxcxB9kl25PMvDl
fPWp7cbSImrjGjQ6suTMk21czpFj2fu3RSD62NHkd6c4Kq97V71dpZA7oDibzwon
loYKZCCSYxZT6kwsY3EEzw/JU2f3ojDO/Cz+YNWDE7hh/v+ZofHfzCfYSCrp2wWJ
SVGTF5KfZ8ZEzpuFrCPX109AifQp2wpeaQAnFkivQMohRDW6nRmZRgM5LCygJPke
PkRQXkBhCtfyjeFIoORAhteOZfBWaboUKrbnUhCUp7oH1SU02QdnkULmOy1iFYHL
f31cBzXBTL9C42gPfv3lS9y3EUw7al5pfeGVVq+ap0O09E/xc87t+SZEJApE71cB
qN/faHdRl4yK5k2NEmZGNTfIjLTKIY+11xkETqQgQizqvvFryNF4hk6x3C61uqyp
X3VKQLzhRAGq+spTIpyzU8mV71pZbXMlG+v5SK5iI32q709XKe+kpY+aLAEtMYSr
BgM8uOzjmAazm0zFXYShvaKZ1r17QSx7/r/i5/ttYHAdS0jZ4nw=
=FvNt
-----END PGP SIGNATURE-----

--- End Message ---