Your message dated Fri, 08 Aug 2025 17:33:32 +0000
with message-id <[email protected]>
and subject line Bug#1053358: fixed in sanoid 2.3.0-1
has caused the Debian Bug report #1053358,
regarding Breaks if user-defined zfs properties contain whitespace
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1053358: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053358
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sanoid
Version: 2.2.0-1
Severity: important
Tags: upstream patch
Hi,
line 496 of syncoid reads
$recvoptions .= " -o $key=$value";
this string is then apparently passed to a shell, which will split $value into
words on whitespace, causing the zfs command line to become invalid at best and
do something nasty at worst (think e.g. "zfs set foo='; zpool destroy tank'" or
"zfs set foo='$(cat /path/to/secret/file)'" -- I haven't determined whether
these would "work" but they might).
The following looks like a valid quick fix, but I don't know enough perl to be
sure:
$recvoptions .= " -o $key='''$value'''";
Justification for severity 'important': this is serious (potentially security
relevant) breakage but it doesn't affect everyone.
AndrĂ¡s
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (350, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8
Init: runit (via /run/runit.stopit)
sanoid recommends no packages.
sanoid suggests no packages.
--
I've often asked myself what kind of idiot makes up taglines, and now I know.
--- End Message ---
--- Begin Message ---
Source: sanoid
Source-Version: 2.3.0-1
Done: Michael Jeanson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
sanoid, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Jeanson <[email protected]> (supplier of updated sanoid package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 08 Aug 2025 13:21:03 -0400
Source: sanoid
Architecture: source
Version: 2.3.0-1
Distribution: unstable
Urgency: medium
Maintainer: Michael Jeanson <[email protected]>
Changed-By: Michael Jeanson <[email protected]>
Closes: 1053358
Changes:
sanoid (2.3.0-1) unstable; urgency=medium
.
* [e27b1df] New upstream version 2.3.0 (Closes: #1053358)
* [7369fe6] Bump standards version to 4.7.2
* [826df1c] Refresh patches for 2.3.0
* [bb6433a] Update man pages
* [ecc05ce] Update lintian-overrides
Checksums-Sha1:
25273a509bb90d9c088417e0ef3415c6950b7d4c 1834 sanoid_2.3.0-1.dsc
36212def706ddbe52819a3dd3fcef32841853a6c 86514 sanoid_2.3.0.orig.tar.gz
0c672079f7d7bd0b7abebc33d3eff73e14291bc7 6156 sanoid_2.3.0-1.debian.tar.xz
b4b351d4d875eceb83702ca960b259c2c7a8f0da 5823 sanoid_2.3.0-1_source.buildinfo
Checksums-Sha256:
2b6bc84d00e861cd5cf6b557cd910ec00f5a4b741a2760246a042d70d5a8dd4d 1834
sanoid_2.3.0-1.dsc
1d8735a271a34ec87ea46313a66f6f20bd38b583886924574d3c1f72ea173620 86514
sanoid_2.3.0.orig.tar.gz
88c19ee974684da4616b21dd63da82ecb45ebbfbe4c8f445b8f7de4036936e9f 6156
sanoid_2.3.0-1.debian.tar.xz
698c872d5f8a38f52c590bf2c1372685d9af9a730748b582c4ca8b30d3c0595b 5823
sanoid_2.3.0-1_source.buildinfo
Files:
e489af4146b76eb25579fc0976c18b4a 1834 admin optional sanoid_2.3.0-1.dsc
597ab95d9e9bded065a06a423de23abd 86514 admin optional sanoid_2.3.0.orig.tar.gz
ec76875122eec29c6568b7b4210534ad 6156 admin optional
sanoid_2.3.0-1.debian.tar.xz
b46abfaabde45ee281cbc7e1ca6d0424 5823 admin optional
sanoid_2.3.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEmGYkMkK2Qid54gtihlYfRSGA/P4FAmiWMmoUHG1qZWFuc29u
QGRlYmlhbi5vcmcACgkQhlYfRSGA/P4BoQ//ely5OpbYnfQGX78pLIjA9ekt4bGx
i80yv/YXxo5A6wTUqOtlr5vAyn3uAnA4S3v7JqHgwfAuObl/+rsMKDF9Z8atCH5n
JhyDfZBV4PYBfyfr52nJ1B/6pkXY0DSV3weeG7aBVE407YshSuvEUq7BqGLHO9lw
Z/rmo54+Z+bgs385d6sJ0Dn5YeMGvsVt/IxPQx0CEqkW/9lrvUCSuvChlxCX5NEd
2FJI0w+Rhr7vujn+30dtQN/1dM4nefdES9bIuen2uWrq7Et8hLlTGjspSLz1P8gX
0qMgtHAe7dH7Ip9ANuwccO/uYvtwMuGIJ/ro/q5MXqOLiM3P1AKNGg+sLA1W8fUa
eOiKal9bqbfPOrSvcBS+nGnt14Jb+Fz5CEbUC+bsYeVtaWRiIFD8TiZE4lYRZVJ2
QuKOISQxUyeyntrB7Q/aLQlREHQUIdGxn6ZnPDCDoYhR/4eICsHqR5dLK4uB2a9b
VWJ4/GQigPkl7eCCujqqJbBSLUh7SrF2iWEXwxe5HnsP46EhkZMFBsk0NaSQ8nBN
Fg7By9yC28/5YHHaJf/pv+mQ4ZZztTqHnGbG2LoNPRdj79EqH3e67/p61dtMk2A6
eVbH4UxVVbQAnAcQ2FJtlmupjHPEiyUn6duk5/oGqce/r145PKcNW49qhe0gK8Mf
T1VnxHnC60LsqW8=
=VIgn
-----END PGP SIGNATURE-----
pgp_nHiSV_UJZ.pgp
Description: PGP signature
--- End Message ---
