Bug#961884: add init script / systemd unit for clamonacc background scanner
On 18/01/2023 21:59, Sébastien Villemot wrote: On Tue, 29 Jun 2021 22:08:31 +0200 Sebastian Andrzej Siewior wrote: On 2020-05-30 19:53:49 [+], Patrick Schleizer wrote: package clamav-daemon ships a file /usr/bin/clamonacc which is a background virus scaning guard / real-time protection. It's currently non-trivial to use. sudo clamonacc ERROR: Clamonacc: at least one of OnAccessExcludeUID, OnAccessExcludeUname, or OnAccessExcludeRootUID must be specified ... it is reccomended you exclude the clamd instance UID or uname to prevent infinite event scanning loops May I suggest adding an init script / systemd unit file which runs the clamonacc background scanner? The config file has to be touched manually to configure it properly. In the past this was part of clamd and people managed to lockup / deadlock their systems. Therefore I hesitate to add an initscript here. However I agree that even with proper configuration an initscript would be nice here since there is no need to over complicate it. Feel free to post something (by someone who is actually using it), otherwise I try to add something later on. As of clamav-daemon 1.0.0+dfsg-5, a systemd unit is provided for clamonacc, so it looks like this issue has been addressed. However, the unit is enabled by default. This looks like a bug, because the service fails to start with the default configuration. IMHO it doesn't make sense to be enabled as default even if it would start properly. Most common use of ClamAV is to scan emails. Regards Racke -- Automation expert - Ansible and friends Linux administrator & Debian maintainer Perl Dancer & conference hopper
Bug#1019421: Improper permission for sympa.log after logrotate-ing
On 09/09/2022 06:19, IKEDA Soji wrote: Package: sympa Version: 6.2.68~dfsg Severity: important After run of logrotate, permission of /var/log/sympa.log is set as: -rw-r- sympa sympa and therefore logging is no longer possible. I suppose this is because /etc/logrotate.d/sympa contains create 640 sympa sympa which should be create 640 syslog sympa The latest version in Debian is 6.2.66~dfsg-2. Also Debian uses "create 640 sympa adm" in that file. Ubuntu uses the syslog user. Regards Racke -- Automation expert - Ansible and friends Linux administrator & Debian maintainer Perl Dancer & conference hopper
Bug#1005823: Use restart on-failure for WWSympa and SOAP systemd units
package: sympa version: 6.2.66~dfsg-2 "on-failure" seems to be the recommended mode for the Restart directive. Regards Racke -- Automation expert - Ansible and friends Linux administrator & Debian maintainer Perl Dancer & conference hopper OpenPGP_signature Description: OpenPGP digital signature
Bug#1004682: src:pure-ftpd: fails to migrate to testing for too long: uploader built arch:all binaries
On 31/01/2022 19:39, Paul Gevers wrote: Source: pure-ftpd Version: 1.0.49-4.1 Severity: serious Control: close -1 1.0.50-2 Tags: sid bookworm pending User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 60 days as having a Release Critical bug in testing [1]. Your package src:pure-ftpd has been trying to migrate for 61 days [2]. Hence, I am filing this bug. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and bookworm, so it doesn't affect (old-)stable. Your package is only blocked because the arch:all binary package(s) aren't built on a buildd. Unfortunately the Debian infrastructure doesn't allow arch:all packages to be properly binNMU'ed. Hence, I will shortly do a no-changes source-only upload to DELAYED/15, closing this bug. Please let me know if I should delay or cancel that upload. Paul [1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html [2] https://qa.debian.org/excuses.php?package=pure-ftpd Hello Paul, I will do a source-only upload in the next few days. Thanks for the report. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. OpenPGP_signature Description: OpenPGP digital signature
Bug#965723: mhonarc: diff for NMU version 2.6.19-2.2
Control: tags 965723 + patch Control: tags 965723 + pending Dear maintainer, I've prepared an NMU for mhonarc (versioned as 2.6.19-2.2) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. Regards. diff -u mhonarc-2.6.19/debian/changelog mhonarc-2.6.19/debian/changelog --- mhonarc-2.6.19/debian/changelog +++ mhonarc-2.6.19/debian/changelog @@ -1,3 +1,10 @@ +mhonarc (2.6.19-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Increased debhelper compat level to 11 (closes: #965723) + + -- Stefan Hornburg (Racke) Sat, 25 Dec 2021 07:39:51 +0100 + mhonarc (2.6.19-2.1) unstable; urgency=medium * Non maintainer upload by the Reproducible Builds team. diff -u mhonarc-2.6.19/debian/compat mhonarc-2.6.19/debian/compat --- mhonarc-2.6.19/debian/compat +++ mhonarc-2.6.19/debian/compat @@ -1 +1 @@ -5 \ No newline at end of file +11 \ No newline at end of file diff -u mhonarc-2.6.19/debian/control mhonarc-2.6.19/debian/control --- mhonarc-2.6.19/debian/control +++ mhonarc-2.6.19/debian/control @@ -3,7 +3,7 @@ Priority: optional Maintainer: Jeff Breidenbach Standards-Version: 3.9.6 -Build-Depends: debhelper (>=5) +Build-Depends: debhelper (>=11) Package: mhonarc Architecture: all
Bug#1001381: Multiple instances for WWSympa and SOAP server
package: sympa version: 6.2.66~dfsg-1 severity: important -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. OpenPGP_signature Description: OpenPGP digital signature
Bug#981387: closed by Debian FTP Masters (reply to Stefan Hornburg (Racke) ) (Bug#981387: fixed in pure-ftpd 1.0.50-1)
On 03/12/2021 19:59, Helmut Grohne wrote: On Fri, Dec 03, 2021 at 07:43:49PM +0100, Stefan Hornburg (Racke) wrote: are you going to create a patch that fixes the problem for good? I don't think that would make sense. Suppose I were to regenerate configure and diff the present configure with the new one. You'd get a giant diff that essentially replaces configure. How would you review tens of thousands of lines changed? Instead, you should locally regenerate configure before uploading. The alternative chosen by most maintainers (due to being automatically enabled in debhelper compat level >= 10) is using dh_autoreconf. It will ignore the shipped configure and regenerate it during build. You're presently using compat level 9, which happens to be deprecated. Helmut Hello Helmet, thanks for your advice. I bumped up the compat level for the next release of the package. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. OpenPGP_signature Description: OpenPGP digital signature
Bug#981387: closed by Debian FTP Masters (reply to Stefan Hornburg (Racke) ) (Bug#981387: fixed in pure-ftpd 1.0.50-1)
On 03/12/2021 19:29, Helmut Grohne wrote: Control: reopen -1 On Wed, Dec 01, 2021 at 09:36:10AM +, Debian Bug Tracking System wrote: It has been closed by Debian FTP Masters (reply to Stefan Hornburg (Racke) ). I think the bug is only partially fixed. While configure.ac has been patched, configure wasn't updated and since it isn't regenerated during build, the unfixed version is actually being used. Helmut Hello Helmut, are you going to create a patch that fixes the problem for good? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. OpenPGP_signature Description: OpenPGP digital signature
Bug#980561: Fix für Bullseye
On 20/06/2021 13:28, Philipp Kolmann wrote: Hi, I have faced the same issue and with several sources across the internet I was able to fix it for me. 1.) Adding a wwsympa.service 2.) Changing the apache config. Maybe this helps someone facing the issues while updating to bullseye. cheers Philipp Hello Philipp, I will checkout your changes and apply them if possible. Thanks for your help! Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#987127: sympa: `apache2/conf-available/sympa.conf` not updated
On 4/18/21 10:17 AM, Paul Menzel wrote: > Package: sympa > Version: 6.2.60~dfsg-4 > Severity: normal > > > Dear Debian folks, > > > Upgrading *sympa* from 6.2.40~dfsg-1+deb10u1 to 6.2.60~dfsg-4 the Apache > HTTPD configuration file > `/etc/apache2/conf-available/sympa.conf` wasn’t updated, and there is also no > `/etc/apache2/conf-available/sympa.conf.dpkg-new`. > > That causes the URL paths like `css-sympa` to be invalid. > > > Kind regards, > > Paul > > > [1]: > https://salsa.debian.org/sympa-team/sympa/-/blob/master/debian/conf/apache2/sympa.conf > Updated through https://salsa.debian.org/sympa-team/sympa/-/commit/e17012877a4ea2de1df9ca1c77984661bf662a3a Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#986385: sympa: Package `wwsympa.service`
On 4/4/21 11:30 PM, Paul Menzel wrote: > Package: sympa > Version: 6.2.60~dfsg-4 > Severity: normal > > > Dear Debian folks, > > > Thank you for maintaining the package *sympa*. > > It’d be great, if you packaged the systemd service unit `wwsympa.service` so > the template [1] does not need to be adapted. > Hello Paul, added in https://salsa.debian.org/sympa-team/sympa/-/commit/067161653738894661404556f61a15d164d2ea8b, albeit as native systemd service. Regards Racke > ``` > [Unit] > Description=WWSympa - Web interface for Sympa mailing list manager > After=syslog.target sympa.service > > [Service] > Type=forking > PIDFile=--piddir--/wwsympa.pid > ExecStart=/usr/bin/spawn-fcgi -F $FCGI_CHILDREN \ > -P --piddir--/wwsympa.pid \ > -s --piddir--/wwsympa.socket \ > -u $FCGI_USER -g $FCGI_GROUP $FCGI_OPTS -- \ > --execcgidir--/wwsympa.fcgi > Environment="FCGI_CHILDREN=5" > Environment="FCGI_USER=--USER--" > Environment="FCGI_GROUP=--GROUP--" > Environment="FCGI_OPTS=-M 0600 -U nginx" > EnvironmentFile=-/etc/sysconfig/sympa > Restart=always > > [Install] > WantedBy=multi-user.target > ``` > > > Kind regards, > > Paul > > > [1]: > https://github.com/sympa-community/sympa/blob/3f44b653a3c174a29920768e5bab530e76d245f4/src/etc/script/wwsympa.servicein > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#987657: New upstream release 6.2.62
package: sympa severity: normal New version of Sympa was released today: https://github.com/sympa-community/sympa/releases/tag/6.2.62 Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#986395: sympa: Update `apache2/conf-available/sympa{,-soap}.conf`
On 4/5/21 8:24 AM, Paul Menzel wrote: > Package: sympa > Version: 6.2.60~dfsg-4 > Severity: normal > > > Dear Debian folks, > > > The shipped Apache HTTPD drop-in still uses the removed FCGI wrappers. That is indeed true, but your change will only replace the 404 with an internal server error due to missing permissions. Running Apache as sympa user might work though. Regards Racke > > ``` > $ dpkg -S apache2/conf-available/sympa > sympa: /etc/apache2/conf-available/sympa-soap.conf > sympa: /etc/apache2/conf-available/sympa.conf > ``` > > ``` > diff --git a/apache2/conf-available/sympa-soap.conf > b/apache2/conf-available/sympa-soap.conf > index 57e5f6b..16168a9 100644 > --- a/apache2/conf-available/sympa-soap.conf > +++ b/apache2/conf-available/sympa-soap.conf > @@ -3,7 +3,7 @@ > # > > > - ScriptAlias /sympasoap > /usr/lib/cgi-bin/sympa/sympa_soap_server-wrapper.fcgi > + ScriptAlias /sympasoap /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi > > Require all granted > > diff --git a/apache2/conf-available/sympa.conf > b/apache2/conf-available/sympa.conf > index e266eca..9795e52 100644 > --- a/apache2/conf-available/sympa.conf > +++ b/apache2/conf-available/sympa.conf > @@ -18,7 +18,7 @@ > Require all granted > > > - ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi > + ScriptAlias /wws /usr/lib/cgi-bin/sympa/wwsympa.fcgi > > Require all granted > > ``` > > > Kind regards, > > Paul > > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#986388: sympa: Migrate lines with backticks
On 4/5/21 12:37 AM, Paul Menzel wrote: > Package: sympa > Version: 6.2.60~dfsg-4 > Severity: normal > > > Dear Debian folks, > > > Sympa fails to start, if `sympa.conf` has lines with backticks in it. It’d be > great, if these could be migrated > automatically, or the `NEWS.Debian` would list the change, so users reading > the NEWS files before upgrading can prepare > for that change. > > In my case, I did: > > -#syslog `cat /etc/sympa/facility` > +#syslog LOCAL1 > > > Kind regards, > > Paul > Hello Paul, this looks like an upgrade. Which version did you upgrade from? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#943874: pure-ftpd: pure-ftp error on upgrade
On 1/18/21 11:55 PM, Andreas Beckmann wrote: > Followup-For: Bug #943874 > Control: tag -1 patch pending > > Hi, > > I'm attaching a patch that tries to clean up the docdir symlink mess. > The package is already uploaded to DELAYED/5. > > > Andreas > Thanks a lot for your fixes! Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#980561: Apache configuration files outdated
package: sympa version: 6.2.58~dfsg-4 severity: important found: 6.2.60~dfsg-2 found: 6.2.60~dfsg-1 The configuration files for Apache (/etc/apache2/conf-available/sympa.conf and /etc/apache2/conf-available/sympa-soap.conf) will not work anymore as the FCGI wrappers were removed due to security reasons. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#980451: Execution of commands from the configuration file through backtick syntax
package: sympa severity: important tags: security, patch Upstream bug report: https://github.com/sympa-community/sympa/issues/1086 Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. diff --git a/src/lib/Conf.pm b/src/lib/Conf.pm index ce5ce13d0..e8f99cc3a 100644 --- a/src/lib/Conf.pm +++ b/src/lib/Conf.pm @@ -1728,12 +1728,6 @@ sub _load_config_file_to_hash { my ($keyword, $value) = ($1, $2); $value =~ s/\s*$//; -# Special case: `command` -if ($value =~ /^\`(.*)\`$/) { -$value = qx/$1/; -chomp($value); -} - $keyword = $Sympa::Config::Schema::obsolete_robot_params{$keyword} // $keyword; OpenPGP_signature Description: OpenPGP digital signature
Bug#978932: sympa: webinterface broken after installing 6.2.40~dfsg-1+deb10u1
On 1/10/21 6:33 PM, Tobias Frost wrote: > Hi Racke, > > thanks for your quick mail and sorry for the late reply, didn't find time > until > now. > > Am Thu, Dec 31, 2020 at 06:17:45PM +0100 schrieb Stefan Hornburg (Racke): >> Yes, please share the part of your Nginx configuration with regards to Sympa >> and your WWSympa FCGI service setup. >> If you use the wwsympa wrapper, please drop it. > > This is probably the hint I needed. Did not find time to evaluate properly, > but my config looks like the one on > https://wiki.debian.org/Sympa/Nginx (I probably stole it from there :)), and > I guess the line > > fastcgi_param SCRIPT_FILENAME$document_root/wwsympa-wrapper.fcgi; > > is saying that I'm indeed using the said wrapper… > > it will take me a few more days until I'll be able to check if updating > my configuration fill fix it, but I'll send an update to the BTS… > > Cheers, > tobi > > Hello Tobi, thanks for the update. I'll try to find time to correct that page and/or include a Nginx snippet into the Debian package. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#978932: sympa: webinterface broken after installing 6.2.40~dfsg-1+deb10u1
On 12/31/20 5:41 PM, Tobias Frost wrote: > Package: sympa > Version: 6.2.40~dfsg-1+deb10u1 > Severity: important > > Dear Maintainer, > > After installation of the security update the web isterface is defunct. > It still loads the "default" site (here: https://$DOMAIN/wws/) but that also > the site that will be loaded when selecting an menue entry, for example > "Login". > (IOW, Login not possible as the login form is not presented) > > Downgrading to 6.2.40~dfsg-1 makes it work again. > > Webserver is an nginx instance. > > The only hint I got (could be a red herring) is this in the nginx error log, > the sympa log is silent… > > Heres a example of the nginx one: > (There are many of those…) > > 2020/12/27 12:13:57 [error] 8193#8193: *2819965 FastCGI sent in stderr: "[Sun > Dec 27 12:13:57 2020] wwsympa.fcgi: Use of uninitialized value in string ne > at /usr/share/sympa/lib/Sympa/WWW/Session.pm line 408.^M > [Sun Dec 27 12:13:57 2020] wwsympa.fcgi: Use of uninitialized value > $remote_addr in string ne at /usr/share/sympa/lib/Sympa/WWW/Session.pm line > 408" while reading upstream, client: 80.209.204.233, server: > lists.regensburg-repariert.de, request: "GET /wws/reviewbouncing/info > HTTP/2.0", upstream: "fastcgi://unix:/run/fcgiwrap.socket:", host: > "lists.regensburg-repariert.de" > 2020/12/27 12:14:21 [error] 8193#8193: *2819965 FastCGI sent in stderr: "[Sun > Dec 27 12:14:21 2020] wwsympa.fcgi: Use of uninitialized value in string ne > at /usr/share/sympa/lib/Sympa/WWW/Session.pm line 408.^M > > (Those started exactly on Dec 24, after unattende-upgrades pulled in the > security update) > > Let me know if I can provide more information… > > Cheers, > Yes, please share the part of your Nginx configuration with regards to Sympa and your WWSympa FCGI service setup. If you use the wwsympa wrapper, please drop it. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#978661: sympa: Security update 6.2.40~dfsg-1+deb10u1 fails to install - related to bash(?)
On 12/30/20 4:57 PM, Harri Suutari wrote: > Problem solved (sort of) by commenting out lines in /etc/profile: > > ## include /etc/bash.bashrc if it exists > #if [ -f /etc/bash.bashrc ]; then > # . /etc/bash.bashrc > #fi > > I had had this inclusion in /etc/profile for at least 15 years, and this > seemed to be the 1st time it caused a problem. > I read "man dash" and noticed Dash also uses /etc/profile, so probably Bash > specific configuration there is not a good > idea anymore. > > Update of Debian to Buster earlier asked about changing from sh to dash, so I > let it do it. > >>>> Error logs seem to be: >>>> -sh: 11: /etc/bash.bashrc: shopt: not found >>>> -sh: 35: /etc/bash.bashrc: shopt: not found >>>> -sh: 26: /usr/share/bash-completion/bash_completion: Syntax error: "(" >>>> unexpected >>>> >>> This appears to come from the following command in the postinst script: >>> >>> su -l sympa -s /bin/sh -c "/usr/lib/sympa/bin/sympa.pl >>> --upgrade_config_location" >>> >>> Which shell is used for the Sympa user (getent passwd sympa) ? >>> >>> Which shell is /bin/sh on your system? >>> > # getent passwd sympa > sympa:x:148:159:Sympa mailing list manager,,,:/var/lib/sympa:/bin/false > > # ls -al /bin/sh > lrwxrwxrwx 1 root root 4 Feb 10 2020 /bin/sh -> dash > > >> It might be a similar problem to >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737621. > > Yes, directly related to bash / dash / sh shells. Older systems have had > different defaults during installation, which > seems to backfire sometimes. > > Thanks for the information. That helps me to reproduce the problem and maybe prevent the error. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#978661: sympa: Security update 6.2.40~dfsg-1+deb10u1 fails to install - related to bash(?)
On 12/30/20 9:15 AM, Stefan Hornburg (Racke) wrote: > On 12/29/20 9:28 PM, Harri Suutari wrote: >> Package: sympa >> Version: 6.2.40~dfsg-1+deb10u1 >> Severity: important >> >> Dear Maintainer, >> >> The latest Sympa security update fails to install normally on my Debian >> Buster, >> but works normally, if restarted manually after the package install failure. >> >> Error logs seem to be: >> -sh: 11: /etc/bash.bashrc: shopt: not found >> -sh: 35: /etc/bash.bashrc: shopt: not found >> -sh: 26: /usr/share/bash-completion/bash_completion: Syntax error: "(" >> unexpected >> > > This appears to come from the following command in the postinst script: > > su -l sympa -s /bin/sh -c "/usr/lib/sympa/bin/sympa.pl > --upgrade_config_location" > > Which shell is used for the Sympa user (getent passwd sympa) ? > > Which shell is /bin/sh on your system? > > Regards >Racke It might be a similar problem to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737621. Regards Racke > >> === >> >> # dpkg -s sympa >> Package: sympa >> Status: install ok half-configured >> Priority: optional >> Section: mail >> Installed-Size: 15323 >> Maintainer: Debian Sympa team >> Architecture: i386 >> Version: 6.2.40~dfsg-1+deb10u1 >> Config-Version: 6.2.40~dfsg-1 >> >> >> # apt upgrade >> Reading package lists... Done >> Building dependency tree >> Reading state information... Done >> Calculating upgrade... Done >> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. >> 1 not fully installed or removed. >> After this operation, 0 B of additional disk space will be used. >> Do you want to continue? [Y/n] >> >> Setting up sympa (6.2.40~dfsg-1+deb10u1) ... >> Determining localhost credentials from /etc/mysql/debian.cnf: succeeded. >> dbconfig-common: writing config to /etc/dbconfig-common/sympa.conf >> dbconfig-common: flushing administrative password >> Ensuring that permissions and ownerships are right (this can take a while)... >> apache2_invoke sympa.conf: already enabled >> apache2_invoke sympa-soap.conf: already enabled >> Moving configuration files for Sympa >= 6.2 (if required) >> -sh: 11: /etc/bash.bashrc: shopt: not found >> -sh: 35: /etc/bash.bashrc: shopt: not found >> -sh: 26: /usr/share/bash-completion/bash_completion: Syntax error: "(" >> unexpected >> dpkg: error processing package sympa (--configure): >> installed sympa package post-installation script subprocess returned error >> exit status 2 >> Errors were encountered while processing: >> sympa >> E: Sub-process /usr/bin/dpkg returned an error code (1) >> >> >> # service sympa status >> ● sympa.service - SYMPA mailing list manager >>Loaded: loaded (/lib/systemd/system/sympa.service; enabled; vendor preset: >> enabled) >>Active: inactive (dead) since Tue 2020-12-29 22:20:13 EET; 28s ago >> Docs: man:sympa_msg(8) >> Main PID: 4977 (code=exited, status=0/SUCCESS) >> >> Dec 29 21:39:46 kallio systemd[1]: Starting SYMPA mailing list manager... >> Dec 29 21:39:48 kallio sympa_msg[4960]: info main::_load() Configuration file >> read, default log level 0 >> Dec 29 21:39:48 kallio sympa_msg[4960]: notice Sympa::Process::daemonize() >> Starting sympa/msg daemon, PID 4977 >> Dec 29 21:39:48 kallio sympa_msg[4977]: notice main:: Sympa/msg 6.2.40 >> Started >> Dec 29 21:39:48 kallio systemd[1]: Started SYMPA mailing list manager. >> Dec 29 22:20:13 kallio systemd[1]: Stopping SYMPA mailing list manager... >> Dec 29 22:20:13 kallio sympa_msg[4977]: notice main::sigterm() Signal TERM >> received, still processing current task >> Dec 29 22:20:13 kallio sympa_msg[4977]: notice main:: Sympa/msg exited >> normally >> due to signal >> Dec 29 22:20:13 kallio systemd[1]: sympa.service: Succeeded. >> Dec 29 22:20:13 kallio systemd[1]: Stopped SYMPA mailing list manager. >> >> # service sympa restart >> >> # service sympa status >> ● sympa.service - SYMPA mailing list manager >>Loaded: loaded (/lib/systemd/system/sympa.service; enabled; vendor preset: >> enabled) >>Active: active (running) since Tue 2020-12-29 22:21:36 EET; 15s ago >> Docs: man:sympa_msg(8) >> Process: 23068 ExecStartPre=/bin/mkdir -p /run/sympa (code=exited, >> status=0/SUCCESS) >> Process: 23072 ExecStartPre=/bin/chown sympa:sympa /run/sympa (code=exited, >> status=0/SUCCESS)
Bug#978661: sympa: Security update 6.2.40~dfsg-1+deb10u1 fails to install - related to bash(?)
On 12/29/20 9:28 PM, Harri Suutari wrote: > Package: sympa > Version: 6.2.40~dfsg-1+deb10u1 > Severity: important > > Dear Maintainer, > > The latest Sympa security update fails to install normally on my Debian > Buster, > but works normally, if restarted manually after the package install failure. > > Error logs seem to be: > -sh: 11: /etc/bash.bashrc: shopt: not found > -sh: 35: /etc/bash.bashrc: shopt: not found > -sh: 26: /usr/share/bash-completion/bash_completion: Syntax error: "(" > unexpected > This appears to come from the following command in the postinst script: su -l sympa -s /bin/sh -c "/usr/lib/sympa/bin/sympa.pl --upgrade_config_location" Which shell is used for the Sympa user (getent passwd sympa) ? Which shell is /bin/sh on your system? Regards Racke > === > > # dpkg -s sympa > Package: sympa > Status: install ok half-configured > Priority: optional > Section: mail > Installed-Size: 15323 > Maintainer: Debian Sympa team > Architecture: i386 > Version: 6.2.40~dfsg-1+deb10u1 > Config-Version: 6.2.40~dfsg-1 > > > # apt upgrade > Reading package lists... Done > Building dependency tree > Reading state information... Done > Calculating upgrade... Done > 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > 1 not fully installed or removed. > After this operation, 0 B of additional disk space will be used. > Do you want to continue? [Y/n] > > Setting up sympa (6.2.40~dfsg-1+deb10u1) ... > Determining localhost credentials from /etc/mysql/debian.cnf: succeeded. > dbconfig-common: writing config to /etc/dbconfig-common/sympa.conf > dbconfig-common: flushing administrative password > Ensuring that permissions and ownerships are right (this can take a while)... > apache2_invoke sympa.conf: already enabled > apache2_invoke sympa-soap.conf: already enabled > Moving configuration files for Sympa >= 6.2 (if required) > -sh: 11: /etc/bash.bashrc: shopt: not found > -sh: 35: /etc/bash.bashrc: shopt: not found > -sh: 26: /usr/share/bash-completion/bash_completion: Syntax error: "(" > unexpected > dpkg: error processing package sympa (--configure): > installed sympa package post-installation script subprocess returned error > exit status 2 > Errors were encountered while processing: > sympa > E: Sub-process /usr/bin/dpkg returned an error code (1) > > > # service sympa status > ● sympa.service - SYMPA mailing list manager >Loaded: loaded (/lib/systemd/system/sympa.service; enabled; vendor preset: > enabled) >Active: inactive (dead) since Tue 2020-12-29 22:20:13 EET; 28s ago > Docs: man:sympa_msg(8) > Main PID: 4977 (code=exited, status=0/SUCCESS) > > Dec 29 21:39:46 kallio systemd[1]: Starting SYMPA mailing list manager... > Dec 29 21:39:48 kallio sympa_msg[4960]: info main::_load() Configuration file > read, default log level 0 > Dec 29 21:39:48 kallio sympa_msg[4960]: notice Sympa::Process::daemonize() > Starting sympa/msg daemon, PID 4977 > Dec 29 21:39:48 kallio sympa_msg[4977]: notice main:: Sympa/msg 6.2.40 Started > Dec 29 21:39:48 kallio systemd[1]: Started SYMPA mailing list manager. > Dec 29 22:20:13 kallio systemd[1]: Stopping SYMPA mailing list manager... > Dec 29 22:20:13 kallio sympa_msg[4977]: notice main::sigterm() Signal TERM > received, still processing current task > Dec 29 22:20:13 kallio sympa_msg[4977]: notice main:: Sympa/msg exited > normally > due to signal > Dec 29 22:20:13 kallio systemd[1]: sympa.service: Succeeded. > Dec 29 22:20:13 kallio systemd[1]: Stopped SYMPA mailing list manager. > > # service sympa restart > > # service sympa status > ● sympa.service - SYMPA mailing list manager >Loaded: loaded (/lib/systemd/system/sympa.service; enabled; vendor preset: > enabled) >Active: active (running) since Tue 2020-12-29 22:21:36 EET; 15s ago > Docs: man:sympa_msg(8) > Process: 23068 ExecStartPre=/bin/mkdir -p /run/sympa (code=exited, > status=0/SUCCESS) > Process: 23072 ExecStartPre=/bin/chown sympa:sympa /run/sympa (code=exited, > status=0/SUCCESS) > Process: 23076 ExecStart=/usr/lib/sympa/bin/sympa_msg.pl (code=exited, > status=0/SUCCESS) > Main PID: 23095 (sympa_msg.pl) > Tasks: 1 (limit: 4915) >Memory: 49.1M >CGroup: /system.slice/sympa.service >└─23095 /usr/bin/perl /usr/lib/sympa/bin/sympa_msg.pl > > Dec 29 22:21:35 kallio systemd[1]: Starting SYMPA mailing list manager... > Dec 29 22:21:36 kallio sympa_msg[23076]: info main::_load() Configuration file > read, default log level 0 > Dec 29 22:21:36 kallio sympa_msg[23076]: notice Sympa::Process::daemonize() > Starting sympa/msg daemon,
Bug#978395: sympa: Debconf upgrade script does not take into account on mounted arc subdir
On 12/26/20 11:25 PM, Marco Gaiarin wrote: > Package: sympa > Version: 6.2.40~dfsg-1+deb10u1 > Severity: normal > > Dear Maintainer, > > I've tried to upgrade sympa, and lead to debocnf error because i've mounted a > filesystem > for 'arc' subdir: > > root@mail:~# df -h > File system Dim. Usati Dispon. Uso% Montato su > /dev/loop1 2,9G 1,9G904M 68% / > /dev/loop11 9,8G 744M8,6G 8% /home > /dev/loop12 4,9G 1,6G3,1G 35% /var/lib/sympa/arc > > and debconf complain that cannot chown 'lost+found' dir (and indeed is true). Hello Marco, this is indeed a part of the postinst script that should be fixed. The recursive chown should not necessary any more with recent Sympa releases, as Sympa creates missing directories when needed. Thus the owner of the top directories (/var/spool/sympa and /var/lib/sympa) could be set by a non-recursive chown. Thanks for the report! Regards Racke > > I've tried to modify the postinst script, and at last i've commented the > guilty find, > let debconf to end: > > --- /var/lib/dpkg/info/sympa.postinst.dist 2020-12-10 14:39:54.0 > +0100 > +++ /var/lib/dpkg/info/sympa.postinst2020-12-26 23:01:15.342509840 > +0100 > @@ -221,9 +221,9 @@ > > # It's better to search files and directories with wrong owner/group and fix > # them instead of recursively doing it, even if it's not needed (see > #630384) > -find /var/spool/sympa /var/lib/sympa \ > -\( -not -user sympa -or -not -group sympa \) \ > --exec chown sympa:sympa {} \; > +#find /var/spool/sympa /var/lib/sympa \ > +#\( -not -user sympa -or -not -group sympa \) -not -name 'lost+found' \ > +#-exec chown sympa:sympa {} \; > > # Fix permissions on CGI wrappers > chown sympa:sympa /usr/lib/cgi-bin/sympa/wwsympa-wrapper.fcgi \ > > I think a better find have to be setup, but i was not able to do that... > > > Thanks. > > -- System Information: > Debian Release: 10.7 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.15.18-14-pve (SMP w/2 CPU cores) > Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), > LANGUAGE=it_IT.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser3.118 > ii ca-certificates20200601~deb10u1 > ii dbconfig-common2.0.11+deb10u1 > ii debconf [debconf-2.0] 1.5.71 > ii exim4-daemon-heavy [mail-transport-agent] 4.92-8+deb10u4 > ii fonts-font-awesome 5.0.10+really4.7.0~dfsg-1 > ii libarchive-zip-perl1.64-1 > ii libc6 2.28-10 > ii libcgi-fast-perl 1:2.13-1 > ii libcgi-pm-perl 4.40-1 > ii libclass-singleton-perl1.5-1 > ii libcrypt-eksblowfish-perl 0.009-2+b5 > ii libcrypt-openssl-x509-perl 1.8.12-1 > ii libcrypt-smime-perl0.25-1+b1 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl0.5300-1 > ii libdbd-mysql-perl 4.050-2 > ii libdbd-pg-perl 3.7.4-3 > ii libdbd-sqlite3-perl1.62-3 > ii libdbi-perl1.642-1+deb10u1 > ii libfcgi-perl 0.78-2+b3 > ii libfile-copy-recursive-perl0.44-1 > ii libfile-nfslock-perl 1.29-1 > ii libhtml-format-perl2.12-1 > ii libhtml-stripscripts-parser-perl 1.03-2 > ii libhtml-tree-perl 5.07-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl 2.111-3 > ii libjs-jquery 3.3.1~dfsg-3 > ii libjs-jquery-migrate-1 1.4.1-1 > ii libjs-jquery-minicolors2.2.6+dfsg-3 > ii libjs-jquery-ui1.12.1+dfsg-5 > ii libmail-dkim-perl 0.54-1 > ii libmailtools-perl 2.18-1 > ii libmime-charset-perl 1.012.2-1 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl 1.24-3 > ii libmime-tools-perl 5.509-1 > ii libnet-cidr-perl 0.19-1 > ii libnet-dns-perl
Bug#936020: /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator upon removal
On 12/8/20 6:23 PM, Chris Halls wrote: > reassign 936020 dbconfig-common > > tags 936020 + patch > > thanks > > > Hello > > On Thu, 29 Aug 2019 12:36:50 +0200 Olivier Berger > wrote: > >> >> /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator > > This comes from dbconfig-common, not directly from sympa itself. > > The problem happens if there is no database configured when the prerm script > is invoked. I was able to trigger this on > another package by installing without a database (question > dbconfig-install=false), and then running dpkg-reconfigure on > the package. > > Patched attached to add the missing quotes. > > Thanks > > Chris > Hello Chris, thanks a lot for the patch! Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#961491: CVE-2020-10936: Security flaws in setuid wrappers
On 12/7/20 10:52 AM, Sylvain Beucler wrote: > Hi, > > On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)" > wrote: >> On 10/7/20 3:03 PM, Sylvain Beucler wrote: >> > I noticed this local root escalation yesterday and I'm working on a >> > Stretch LTS update. >> > See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 >> > > Are there plans to update buster? >> >> Hello Sylvain, >> >> thanks a lot of for your patch! >> >> I will talk to the security team concerning buster. > > This high-severity issue was marked with: > [buster] - sympa (Will be fixed via point release) > > Consequently I am surprised that it wasn't part of last week's Debian 10.7 > point release. > > What happened? > Can we consider switching to a DSA? > > Sylvain Beucler > Debian LTS Team > > Yes, sorry I missed that point release. If you want a DSA, that's fine for me. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#954475: Mangled mail with dkim_feature on
On 3/22/20 4:08 AM, David Prévot wrote: > Package: sympa > Version: 6.2.40~dfsg-1 > Severity: normal > > Hi, > > Once dkim_feature is activated on a list, the messages received from > sympa get mangled: the following headers are added *after* the messages > body (at the end of the message): > > Message-Id: <…[random string from the server]…> > From: Sympa mailing list manager <…[list address]…> > Date: [date] > > Because of that, the messages appear empty in any MUA (but are properly > added and visible in the web archive). > > Please note that the DKIM-Signature header properly gets added on the > messages. > > I’ve added the following options in robot.conf: dkim_private_key_path > and dkim_selector, and then activated dkim_feature for one list > (actually, I initially noticed the issue with “dkim_feature on” in > robot.conf, and removed it to not break all hosted lists). The server is > running on Buster. > > Regards > > David > Hello David, that indeed seems a bug in Sympa, see https://github.com/sympa-community/sympa/issues/1036. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#976020: Unauthorized access to review call of the SOAP API
package: sympa version: 6.2.58~dfsg-2 severity: important tags: security forwarded: https://github.com/sympa-community/sympa/issues/1041 It is possible to retrieve the email addresses of a list through the SOAP API without proper authentication. This requires the following knowledge: - name of the list - email of an user that is allowed to see the email addresses OR a valid session id The SOAP API is not activated with the default Debconf settings. Patch attached. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. commit 52157b54583e2052cfc1625a7311f80c94f3aed9 Author: Stefan Hornburg (Racke) Date: Fri Nov 27 23:28:14 2020 +0100 Properly check email and session id in authenticateAndRun SOAP call (#1041). diff --git a/src/lib/Sympa/WWW/SOAP.pm b/src/lib/Sympa/WWW/SOAP.pm index 188a8b221..735963dc4 100644 --- a/src/lib/Sympa/WWW/SOAP.pm +++ b/src/lib/Sympa/WWW/SOAP.pm @@ -321,19 +321,16 @@ sub authenticateAndRun { ## session_table instead my $session = Sympa::WWW::Session->new($ENV{'SYMPA_ROBOT'}, {cookie => $cookie}); -if (defined $session) { -$email = $session->{'email'}; -$session_id = $session->{'id_session'}; -} -unless ($email or $email eq 'unknown') { -$log->syslog('err', 'Failed to authenticate user with session ID %s', -$session_id); + +unless (defined $session && ! $session->{'new_session'} && $session->{'email'} eq $email) { +$log->syslog('err', 'Failed to authenticate user %s with session ID %s', +$email, $cookie); die SOAP::Fault->faultcode('Client') ->faultstring('Could not get email from cookie')->faultdetail(''); } $ENV{'USER_EMAIL'} = $email; -$ENV{'SESSION_ID'} = $session_id; +$ENV{'SESSION_ID'} = $session->{'id_session'}; no strict 'refs'; $service->($self, @$parameters); OpenPGP_signature Description: OpenPGP digital signature
Bug#974898: new release upstream fixed several problems
On 11/26/20 1:47 PM, PICCORO McKAY Lenz wrote: > seems do you not read the mails, several issues are solved upstream, > but still are happened cos there's no new release. (not so difficult > to make it) > > same for courier, several bug reports are not taken in consideration > (solved of course) and now today make a separate package for maildrop > is nonsense cos is part of courier-mta suite.. it belongs to that > suite, but upstream committed some of the requested features The question is what the plan of the current maintainer is. He did some work here: https://salsa.debian.org/debian/courier, but didn't do an upload since the beginning of 2019. Regards Racke > > El jue, 26 de nov. de 2020 a la(s) 07:56, Josip Rodin > (j...@debbugs.entuzijast.net) escribió: >> >> >> Why are you posting these agitated bug reports? Can I suggest that you first >> calm down and try to compose your thoughts, and then put that in writing >> while bearing in mind that an assumption of good faith is the only proper >> way to operate? >> >> On Mon, Nov 16, 2020 at 04:08:21AM -0400, PICCORO McKAY Lenz wrote: >>> Package: maildrop >>> Version: 2.9.3-2 >>> Severity: important >>> >>> The maildrop package in debian is severely out of sync and outdated: >>> >>> First of all stop of "Upstream is not willing to add another feature", >>> seems people dont understan maildrop are made for courier, and if need >>> can proposed a fork for that! >>> >>> Second: **several problems where aborted upstream**, the most >>> important ones are: >>> * libs/maildrop/deliver.C (delivery): Always return 75 upon >>> delivery failure, for the standalone maildrop build. related to #481223 >>> * libs/maildir/maildirmake.c (main): maildirmake's -q option >>> will create the maildir if it does not exist. related to #501557 >>> * libs/rfc2045/reformime.c (main2): Fix crash when the -s option is >>> not valid. related to #71625 >>> * rfc2045/reformime.c (main2): fix crash if -x or -X is specified >>> without the corresponding -s option. related to #71625 >>> >>> A new maildrop pack is required and this must either come from the >>> same courier sources (#867121) or update the one... this last seems >>> quite stupid as courier is the official sources of maildrop and >>> although it is offered separately by the author upstream, unifying it >>> will improve maintenance from a team, and as you guys notice lack of >>> interest/avaliable time in the courier suite (reading the last >>> changelog, seems changes are more to complain with debian package >>> policy that is innecesary respect real issues) >>> >>> ... and as far as I can see you are looking for the sources in sf >>> instead of the right place which is the courier oficial download page, >>> additional while the courier-mta sources are up to date in >>> salsa-debian, the maildrop one in salsa-debian are too old respect the >>> mta suite! >>> >>> while I made my own package on OBS vegnuli home for Devuan and Debian, >>> is you guys need help i'm a often user of the complete suite and not >>> just parts or toys of, maildrop can be build with two ways: >>> * set GID mail without restricted caller (maildrop) >>> * set UID root with restricted caller for courier-mta >>>(maildrop-courier) -- missing and the way i set in my package cos >>> is the need by the original suite the courier-mta >>> >>> >>> NOTE: Courier maildrop in debian present a very not proper behaviour.. >>> original sources are from courier and any other implementation are >>> non-related and users can fork the software, cases like #375589 are >>> not valid cos seems maildrop (as author make it for courier filtering) >>> is a courier implementation if applies! so any external specific usage >>> are purely optional >>> >>> This are related to #910380 (separate makemime from sources) #204187, >>> #596057 & #375589#26 (bad usage cos is not made for), #481223 >>> (changed behaviour cos is not made for, what?), #592585 (dovecot >>> specific crap) and go and go.. seems people thinks that maildrop are >>> made for others rather than the courier suite... funny please close >>> all of those package cos seems many of them are not supported by >>> upstream and community must make a fork in those several cases! >>> >>> Lenz McKAY Gerardo (PICCORO) >>> http://qgqlochekone.blogspot.com >> >> -- >> Josip Rodin > > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#972114: sympa: CVE-2020-26880
On 11/5/20 3:19 PM, Sylvain Beucler wrote: > Hi, > > @racke, following your work at > https://github.com/sympa-community/sympa/pull/1015 > it seems we'd need a new debconf question to ask the user whether they want > the setuid wrapper to be activated or not. > Yes, good idea. But it would make sense to add some more documentation and maybe we can also ask about the mail server in use. E.g. with Exim you don't need to run the alias command at all. > This could be added even before the pull request merged I think, as toggling > the setuid bit on the wrapper is equivalent > to introducing 'alias_wrapper' + setting it of 'off' + removing the wrapper > (IIUC). > My plan was to release 6.2.58 with that patch, as it is a no-op unless you turn alias_wrapper off. Regards Racke > What do you think? > > If you're OK with this direction I can provide a patch, which I'll probably > backport to stretch to mitigate this > vulnerability > (aka fix it for every MTA but sendmail AFAICS) > > Cheers! > Sylvain Beucler > Debian LTS Team > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_0x5B93015BFA2720F8.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature
Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables
On 10/14/20 8:02 AM, Carsten Aulbert wrote: > Package: sympa > Version: 6.2.16~dfsg-3+deb9u3 > Severity: important > > Dear Maintainer(s), > > since applying the security update from 6.2.16~dfsg-3+deb9u2 to > 6.2.16~dfsg-3+deb9u3 I found some troubles with the session handling, > i.e. the web server reports > > 2020/10/13 11:59:18 [error] 2123#2123: *3525 FastCGI sent in stderr: > "Use of uninitialized value in string ne at /usr/share/sympa/lib/Sympa/Se > ssion.pm line 406. > Use of uninitialized value $remote_addr in string ne at > /usr/share/sympa/lib/Sympa/Session.pm line 406" while reading upstream, > client: 192.16 > 8.100.2, server: lists.welcomes-you.com, request: "POST /sympa > HTTP/1.0", upstream: "fastcgi://unix:/run/fcgiwrap.socket:", host: > "FQDN", referrer: "https://FQDN/sympa; > > My configuration may be a bit "nasty" and may contribute here: > > The external https access to sympa is TLS terminated by nginx acting as > a reverse proxy which then sends the requests via a virtual bridge to > the container where sympa is running. > > After comparing the changes between u2 and u3 I fear this change here > > char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; > [..] > -return execve(WWSYMPA,argv,envp); > +return execve(WWSYMPA, argv, myenvp); > > to the fcgi wrapper may cause the nginx set variable $ENV{'REMOTE_ADDR'} > not to be set and thus session handling will not work anymore. > > Cheers > > Carsten Comment from upstream: Anyways the patch assumes that CGI mode has been deprecated. It is incompatible with CGI mode supported by earlier version of Sympa. https://github.com/sympa-community/sympa/issues/1020#issuecomment-708223858 Regards Racke > > -- System Information: > Debian Release: 9.13 > APT prefers oldstable > APT policy: (500, 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-12-amd64 (SMP w/8 CPU cores) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser 3.115 > ii ca-certificates 20200601~deb9u1 > ii dbconfig-common 2.0.8 > ii debconf [debconf-2.0] 1.5.61 > ii fonts-font-awesome4.7.0~dfsg-1 > ii init-system-helpers 1.48 > ii libarchive-zip-perl 1.59-1+deb9u1 > ii libc6 2.24-11+deb9u4 > ii libcgi-fast-perl 1:2.12-1 > ii libcgi-pm-perl4.35-1 > ii libclass-singleton-perl 1.5-1 > ii libcrypt-openssl-x509-perl1.8.7-3 > ii libcrypt-smime-perl 0.19-2 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl 0.4900-1 > ii libdbd-mysql-perl 4.041-2 > ii libdbd-pg-perl3.5.3-1+b2 > ii libdbd-sqlite3-perl 1.54-1 > ii libdbi-perl 1.636-1+deb9u1 > ii libfcgi-perl 0.78-2 > ii libfile-copy-recursive-perl 0.38-1 > ii libfile-nfslock-perl 1.27-1 > ii libhtml-format-perl 2.12-1 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl2.111-2 > ii libjs-jquery 3.1.1-2+deb9u1 > ii libjs-jquery-migrate-11.4.1-1 > ii libjs-jquery-placeholder 2.3.1-2 > ii libjs-jquery-ui 1.12.1+dfsg-4 > ii libjs-modernizr 2.6.2+ds1-1 > ii libjs-twitter-bootstrap 2.0.2+dfsg-10 > ii libmail-dkim-perl 0.40-1 > ii libmailtools-perl 2.18-1 > ii libmime-charset-perl 1.012-2 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl1.24-2 > ii libmime-tools-perl5.508-1 > ii libmsgcat-perl1.03-6+b3 > ii libnet-cidr-perl 0.18-1 > ii libnet-dns-perl 1.07-1 > ii libnet-ldap-perl 1:0.6500+dfsg-1 > ii libnet-netmask-perl 1.9022-1 > ii libregexp-common-perl 2016060801-1 > ii libsoap-lite-perl 1.20-1 > ii libtemplate-perl 2.24-1.2+b3 > ii libterm-progressbar-perl 2.18-1 > ii libunicode-linebreak-perl 0.0.20160702-1+b1 > ii libxml-libxml-perl2.0128+dfsg
Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables
On 10/14/20 8:02 AM, Carsten Aulbert wrote: > Package: sympa > Version: 6.2.16~dfsg-3+deb9u3 > Severity: important > > Dear Maintainer(s), > > since applying the security update from 6.2.16~dfsg-3+deb9u2 to > 6.2.16~dfsg-3+deb9u3 I found some troubles with the session handling, > i.e. the web server reports > > 2020/10/13 11:59:18 [error] 2123#2123: *3525 FastCGI sent in stderr: > "Use of uninitialized value in string ne at /usr/share/sympa/lib/Sympa/Se > ssion.pm line 406. > Use of uninitialized value $remote_addr in string ne at > /usr/share/sympa/lib/Sympa/Session.pm line 406" while reading upstream, > client: 192.16 > 8.100.2, server: lists.welcomes-you.com, request: "POST /sympa > HTTP/1.0", upstream: "fastcgi://unix:/run/fcgiwrap.socket:", host: > "FQDN", referrer: "https://FQDN/sympa; > > My configuration may be a bit "nasty" and may contribute here: > > The external https access to sympa is TLS terminated by nginx acting as > a reverse proxy which then sends the requests via a virtual bridge to > the container where sympa is running. > > After comparing the changes between u2 and u3 I fear this change here > > char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; > [..] > -return execve(WWSYMPA,argv,envp); > +return execve(WWSYMPA, argv, myenvp); > > to the fcgi wrapper may cause the nginx set variable $ENV{'REMOTE_ADDR'} > not to be set and thus session handling will not work anymore. > > Cheers > > Carsten Looks like the attached patch is the correct one for older Sympa versions. Regards Racke > > -- System Information: > Debian Release: 9.13 > APT prefers oldstable > APT policy: (500, 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-12-amd64 (SMP w/8 CPU cores) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 > (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser 3.115 > ii ca-certificates 20200601~deb9u1 > ii dbconfig-common 2.0.8 > ii debconf [debconf-2.0] 1.5.61 > ii fonts-font-awesome4.7.0~dfsg-1 > ii init-system-helpers 1.48 > ii libarchive-zip-perl 1.59-1+deb9u1 > ii libc6 2.24-11+deb9u4 > ii libcgi-fast-perl 1:2.12-1 > ii libcgi-pm-perl4.35-1 > ii libclass-singleton-perl 1.5-1 > ii libcrypt-openssl-x509-perl1.8.7-3 > ii libcrypt-smime-perl 0.19-2 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl 0.4900-1 > ii libdbd-mysql-perl 4.041-2 > ii libdbd-pg-perl3.5.3-1+b2 > ii libdbd-sqlite3-perl 1.54-1 > ii libdbi-perl 1.636-1+deb9u1 > ii libfcgi-perl 0.78-2 > ii libfile-copy-recursive-perl 0.38-1 > ii libfile-nfslock-perl 1.27-1 > ii libhtml-format-perl 2.12-1 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl2.111-2 > ii libjs-jquery 3.1.1-2+deb9u1 > ii libjs-jquery-migrate-11.4.1-1 > ii libjs-jquery-placeholder 2.3.1-2 > ii libjs-jquery-ui 1.12.1+dfsg-4 > ii libjs-modernizr 2.6.2+ds1-1 > ii libjs-twitter-bootstrap 2.0.2+dfsg-10 > ii libmail-dkim-perl 0.40-1 > ii libmailtools-perl 2.18-1 > ii libmime-charset-perl 1.012-2 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl1.24-2 > ii libmime-tools-perl5.508-1 > ii libmsgcat-perl1.03-6+b3 > ii libnet-cidr-perl 0.18-1 > ii libnet-dns-perl 1.07-1 > ii libnet-ldap-perl 1:0.6500+dfsg-1 > ii libnet-netmask-perl 1.9022-1 > ii libregexp-common-perl 2016060801-1 > ii libsoap-lite-perl 1.20-1 > ii libtemplate-perl 2.24-1.2+b3 > ii libterm-progressbar-perl 2.18-1 > ii libunicode-linebreak-perl 0.0.20160702-1+b1 > ii libxml-libxml-perl2.0128+dfsg-1+deb9u1 > ii lsb-base 9.20161125 > ii mhonarc 2.6.19-2 > ii perl
Bug#961491: fixed in sympa 6.2.40~dfsg-5
On 10/7/20 3:03 PM, Sylvain Beucler wrote: > Hi, > > I noticed this local root escalation yesterday and I'm working on a > Stretch LTS update. > See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 > > Are there plans to update buster? > > Cheers! > Sylvain > Hello Sylvain, thanks a lot of for your patch! I will talk to the security team concerning buster. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#961491: CVE-2020-10936: Security flaws in setuid wrappers
package: sympa severity: critical tags: upstream security patch Security advisory: https://sympa-community.github.io/security/2020-002.html Excerpt: --snip-- A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers: FastCGI wrappers newaliases wrapper The FastCGI wrappers (wwsympa-wrapper.fcgi and sympa_soap_server-wrapper.fcgi) were used to make the web interface running under privileges of a dedicated user. The newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update the alias database with root privileges. Since these setuid wrappers did not clear environment variables, if environment variables like PERL5LIB were injected, forged code might be loaded and executed under privileges of setuid-ed users. --snap-- Affects all versions of Sympa. Patch is attached. The following change should also be considered to switch off installation as setuid, which is not needed in most cases: https://github.com/sympa-community/sympa/pull/944/commits/bc9579c7abddc77c92ad51897bd16aba12383d5f See also https://github.com/sympa-community/sympa/issues/943#issuecomment-633278517 which claims that the patch is incomplete. CVE is not yet published. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. commit 3f8449c647e5ab32cf6f8837cb600c1756b6189c Author: IKEDA Soji Date: Fri Mar 27 21:28:18 2020 +0900 Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment variables to avoid exploits. diff --git a/src/cgi/sympa_soap_server-wrapper.fcgi.c b/src/cgi/sympa_soap_server-wrapper.fcgi.c index f4c6a66..435d40c 100644 --- a/src/cgi/sympa_soap_server-wrapper.fcgi.c +++ b/src/cgi/sympa_soap_server-wrapper.fcgi.c @@ -6,6 +6,9 @@ Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER + Copyright 2020 The Sympa Community. See the AUTHORS.md + file at the top-level directory of this distribution and at + <https://github.com/sympa-community/sympa.git>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,8 +27,10 @@ #include int main(int argn, char **argv, char **envp) { +char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; + setreuid(geteuid(),geteuid()); setregid(getegid(),getegid()); argv[0] = SYMPASOAP; -return execve(SYMPASOAP,argv,envp); +return execve(SYMPASOAP, argv, myenvp); } diff --git a/src/cgi/wwsympa-wrapper.fcgi.c b/src/cgi/wwsympa-wrapper.fcgi.c index c66c7f8..34198ec 100644 --- a/src/cgi/wwsympa-wrapper.fcgi.c +++ b/src/cgi/wwsympa-wrapper.fcgi.c @@ -6,6 +6,9 @@ Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER + Copyright 2020 The Sympa Community. See the AUTHORS.md + file at the top-level directory of this distribution and at + <https://github.com/sympa-community/sympa.git>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,8 +27,10 @@ #include int main(int argn, char **argv, char **envp) { +char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; + setreuid(geteuid(),geteuid()); // Added to fix the segfault setregid(getegid(),getegid()); // Added to fix the segfault argv[0] = WWSYMPA; -return execve(WWSYMPA,argv,envp); +return execve(WWSYMPA, argv, myenvp); } diff --git a/src/libexec/sympa_newaliases-wrapper.c b/src/libexec/sympa_newaliases-wrapper.c index a399218..a1e5935 100644 --- a/src/libexec/sympa_newaliases-wrapper.c +++ b/src/libexec/sympa_newaliases-wrapper.c @@ -6,6 +6,9 @@ Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER + Copyright 2020 The Sympa Community. See the AUTHORS.md + file at the top-level directory of this distribution and at + <https://github.com/sympa-community/sympa.git>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,8 +27,10 @@ #include int main(int argn, char **argv, char **envp) { +char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; + setreuid(geteuid(),geteuid()); setregid(getegid(),getegid()); argv[0] = SYMPA_NEWALIASES; -return execve(SY
Bug#955301: sympa: archived broken after upgrade to debian 9 - Command /usr/bin/mhonarc failed with exit code 255
On 4/4/20 5:56 PM, Christophe Moille wrote: > Le vendredi 03 avril 2020 à 11:28:42 (+0200), Stefan Hornburg (Racke) a écrit > : >> On 4/3/20 11:22 AM, Christophe Moille wrote: >>> Le vendredi 03 avril 2020 à 10:50:11 (+0200), Stefan Hornburg (Racke) a >>> écrit : >>>> >>>> Hello Christophe, >>>> >>>> /usr/sbin/mhonarc should use the scripts located in /usr/share/mhonarc, so >>>> it looks like >>>> your local (Perl) setup causes the problems. >>>> >>>> Regards >>> >>> I used `/usr/lib/sympa/bin/sympa_wizard.pl --check` on my instance when >>> it was debian 8, and I have executed again when debian 9. >>> >>> Maybe that's a contribution to the problem. Is there knowed problems >>> with this script on debian 9 ? >>> >> >> Yes, that sounds like a reasonable explanation for your problem. I suggest >> to remove these Mhonarc scripts >> from /usr/local/share/perl/5.24.1. > > I dunno if it's a good solution but this modification fixed the problem: > > added line in /usr/sbin/mhonarc l37 before unshift(@INC, 'lib'); > > unshift(@INC, '/usr/share/mhonarc/'); > > OK, so from my point of view this is a local problem and sympa_wizard --check doesn't make much sense for a Debian package installation. So I'm going to close this bug. Please contact Sympa mailing list if you need more assistance. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#955301: sympa: archived broken after upgrade to debian 9 - Command /usr/bin/mhonarc failed with exit code 255
On 4/3/20 11:22 AM, Christophe Moille wrote: > Le vendredi 03 avril 2020 à 10:50:11 (+0200), Stefan Hornburg (Racke) a écrit > : >> On 4/3/20 9:57 AM, Christophe Moille wrote: >>> Le lundi 30 mars 2020 à 13:19:14 (+0200), Christophe Moille a écrit : >>>> >>>> Can't locate mhamain.pl: lib/mhamain.pl: Permission non accordée at >>>> /usr/bin/mhonarc line 39. >>> >>> Got some new result tests: >>> >>> root@zat:/home/whilelm# sudo su sympa -s/bin/bash >>> sympa@zat:/home/whilelm$ /usr/bin/mhonarc >>> Can't locate mhamain.pl: lib/mhamain.pl: Permission non accordée at >>> /usr/bin/mhonarc line 39. >>> sympa@zat:/home/whilelm$ cd >>> sympa@zat:~$ /usr/bin/mhonarc >>> Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) >>> at /usr/local/share/perl/5.24.1/mhamain.pl line 1565. >>> Compilation failed in require at /usr/bin/mhonarc line 39. >>> sympa@zat:~$ >>> >>> If I comment l36 of >>> #unshift(@INC, 'lib'); # Should I leave this line in? >>> >>> I have no more permission denied error >>> >>> root@zat:/home/whilelm# sudo su sympa -s/bin/bash >>> sympa@zat:/home/whilelm$ /usr/bin/mhonarc >>> Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) >>> at /usr/local/share/perl/5.24.1/mhamain.pl line 1565. >>> Compilation failed in require at /usr/bin/mhonarc line 39. >>> sympa@zat:/home/whilelm$ >>> >>> >>> Regards >>> >> >> Hello Christophe, >> >> /usr/sbin/mhonarc should use the scripts located in /usr/share/mhonarc, so >> it looks like >> your local (Perl) setup causes the problems. >> >> Regards > > I used `/usr/lib/sympa/bin/sympa_wizard.pl --check` on my instance when > it was debian 8, and I have executed again when debian 9. > > Maybe that's a contribution to the problem. Is there knowed problems > with this script on debian 9 ? > > Regards > > Yes, that sounds like a reasonable explanation for your problem. I suggest to remove these Mhonarc scripts from /usr/local/share/perl/5.24.1. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#955301: sympa: archived broken after upgrade to debian 9 - Command /usr/bin/mhonarc failed with exit code 255
On 4/3/20 9:57 AM, Christophe Moille wrote: > Le lundi 30 mars 2020 à 13:19:14 (+0200), Christophe Moille a écrit : >> >> Can't locate mhamain.pl: lib/mhamain.pl: Permission non accordée at >> /usr/bin/mhonarc line 39. > > Got some new result tests: > > root@zat:/home/whilelm# sudo su sympa -s/bin/bash > sympa@zat:/home/whilelm$ /usr/bin/mhonarc > Can't locate mhamain.pl: lib/mhamain.pl: Permission non accordée at > /usr/bin/mhonarc line 39. > sympa@zat:/home/whilelm$ cd > sympa@zat:~$ /usr/bin/mhonarc > Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) > at /usr/local/share/perl/5.24.1/mhamain.pl line 1565. > Compilation failed in require at /usr/bin/mhonarc line 39. > sympa@zat:~$ > > If I comment l36 of > #unshift(@INC, 'lib'); # Should I leave this line in? > > I have no more permission denied error > > root@zat:/home/whilelm# sudo su sympa -s/bin/bash > sympa@zat:/home/whilelm$ /usr/bin/mhonarc > Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) > at /usr/local/share/perl/5.24.1/mhamain.pl line 1565. > Compilation failed in require at /usr/bin/mhonarc line 39. > sympa@zat:/home/whilelm$ > > > Regards > Hello Christophe, /usr/sbin/mhonarc should use the scripts located in /usr/share/mhonarc, so it looks like your local (Perl) setup causes the problems. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#955301: sympa: archived broken after upgrade to debian 9 - Command /usr/bin/mhonarc failed with exit code 255
On 3/29/20 5:22 PM, Christophe Moille wrote: > Package: sympa > Version: 6.2.16~dfsg-3+deb9u2 > Severity: normal > > Since upgrade, I can't access archives of the lists, and I get this error in > logs: > Mar 29 16:34:09 hostname1 archived[29225]: err main::#159 > > Sympa::Spindle::spin#80 > > Sympa::Spindle::ProcessArchive::_twist#117 > > Sympa::Spindle::ProcessArchive::_mail2arc#362 > > Sympa::Archive::html_store#538 Command /usr/bin/mhonarc -add > -addressmodifycode 1 -rcfile > /usr/share/sympa/default/mhonarc-ressources.tt2 -outdir > /var/lib/sympa/wwsarchive/t...@liste.domain1.tld/2020-03 -definevars > listname='tous' > hostname=liste.domain1.tld =2020 mois=03 mm=2020-03 > wdir=/var/lib/sympa/wwsarchive > base=http://liste.domain1.tld/wws/arc tag=81ca7fb838 with_tslice=1 > with_powered_by=1 -umask 027 failed with > exit code 255 > > I can't find where it come from, nor how to fix it. > Can you reproduce the problem from the commandline by running the command as Sympa user? Regards Racke > > -- System Information: > Debian Release: 9.12 > APT prefers oldstable > APT policy: (500, 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-12-amd64 (SMP w/2 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), > LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser 3.115 > ii ca-certificates 20161130+nmu1+deb9u1 > ii dbconfig-common 2.0.8 > ii debconf [debconf-2.0] 1.5.61 > ii fonts-font-awesome4.7.0~dfsg-1 > ii init-system-helpers 1.48 > ii libarchive-zip-perl 1.59-1+deb9u1 > ii libc6 2.24-11+deb9u4 > ii libcgi-fast-perl 1:2.12-1 > ii libcgi-pm-perl4.35-1 > ii libclass-singleton-perl 1.5-1 > ii libcrypt-openssl-x509-perl1.8.7-3 > ii libcrypt-smime-perl 0.19-2 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl 0.4900-1 > ii libdbd-mysql-perl 4.041-2 > ii libdbd-pg-perl3.5.3-1+b2 > ii libdbd-sqlite3-perl 1.54-1 > ii libdbi-perl 1.636-1+b1 > ii libfcgi-perl 0.78-2 > ii libfile-copy-recursive-perl 0.38-1 > ii libfile-nfslock-perl 1.27-1 > ii libhtml-format-perl 2.12-1 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl2.111-2 > ii libjs-jquery 3.1.1-2+deb9u1 > ii libjs-jquery-migrate-11.4.1-1 > ii libjs-jquery-placeholder 2.3.1-2 > ii libjs-jquery-ui 1.12.1+dfsg-4 > ii libjs-modernizr 2.6.2+ds1-1 > ii libjs-twitter-bootstrap 2.0.2+dfsg-10 > ii libmail-dkim-perl 0.40-1 > ii libmailtools-perl 2.18-1 > ii libmime-charset-perl 1.012-2 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl1.24-2 > ii libmime-tools-perl5.508-1 > ii libmsgcat-perl1.03-6+b3 > ii libnet-cidr-perl 0.18-1 > ii libnet-dns-perl 1.07-1 > ii libnet-ldap-perl 1:0.6500+dfsg-1 > ii libnet-netmask-perl 1.9022-1 > ii libregexp-common-perl 2016060801-1 > ii libsoap-lite-perl 1.20-1 > ii libtemplate-perl 2.24-1.2+b3 > ii libterm-progressbar-perl 2.18-1 > ii libunicode-linebreak-perl 0.0.20160702-1+b1 > ii libxml-libxml-perl2.0128+dfsg-1+deb9u1 > ii lsb-base 9.20161125 > ii mhonarc 2.6.19-2 > ii perl 5.24.1-3+deb9u6 > ii postfix [mail-transport-agent]3.1.14-0+deb9u1 > ii rsyslog [system-log-daemon] 8.24.0-1 > ii sqlite3 3.16.2-5+deb9u1 > > Versions of packages sympa recommends: > ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3+deb9u9 > ii default-mysql-server 1.0.2 > ii doc-base 0.10.7 > ii libapache2-mod-fcgid 1:2.3.9-1+b1 > ii libcrypt-ciphersaber-perl 0.61-4 > ii libio-socket-ssl-perl 2.044-1 > ii locales
Bug#952428: Security flaws in CSRF prevention
package: sympa severity: critical version: 6.2.40~dfsg-3 tags: patch A vulnerability has been discovered in Sympa web interface that can cause denial of service (DoS) attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it allows to originate excessive notification messages to listmasters. Full advisory: https://sympa-community.github.io/security/2020-001.html Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. From 9b86fb3f0337d70221d63392db7d1a52b439dc8f Mon Sep 17 00:00:00 2001 From: IKEDA Soji Date: Tue, 11 Feb 2020 17:52:22 +0900 Subject: [PATCH] Sympa SA 2020-001 (candidate). Denial of service caused by malformed CSRF token. --- src/cgi/wwsympa.fcgi.in | 25 +++-- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/src/cgi/wwsympa.fcgi.in b/src/cgi/wwsympa.fcgi.in index 2eb8aec..c7b5195 100644 --- a/src/cgi/wwsympa.fcgi.in +++ b/src/cgi/wwsympa.fcgi.in @@ -992,9 +992,6 @@ our %in_regexp = ( # Role 'role' => 'member|editor|owner', - -## CSRF token is a lower case MD5 hash -'csrftoken' => '^[0-9a-f]{32}$', ); ## Regexp applied on incoming parameters (%in) @@ -1262,8 +1259,6 @@ while ($query = CGI::Fast->new) { # affected to another anonymous session. undef $ENV{'HTTP_COOKIE'}; unless (defined $session) { -Sympa::send_notify_to_listmaster($robot, -'failed_to_create_web_session', {}); wwslog('info', 'Failed to create session'); $session = Sympa::WWW::Session->new($robot, {}); } @@ -2149,32 +2144,18 @@ sub get_parameters { if ($one_p !~ /^$regexp$/s || (defined $negative_regexp && $one_p =~ /$negative_regexp/s) ) { -## Dump parameters in a tmp file for later analysis -my $dump_file = - Conf::get_robot_conf($robot, 'tmpdir') -. '/sympa_dump.' -. time . '.' -. $PID; -unless (open DUMP, ">$dump_file") { -wwslog('err', 'Failed to create %s: %s', -$dump_file, $ERRNO); -} -Sympa::Tools::Data::dump_var(\%in, 0, \*DUMP); -close DUMP; - Sympa::WWW::Report::reject_report_web('user', 'syntax_errors', {p_name => $p}, '', ''); wwslog( 'err', -'Syntax error for parameter %s value "%s" not conform to regexp:%s; dumped vars in %s', +'Syntax error for parameter %s value "%s" not conform to regexp:%s', $pname, $one_p, -$regexp, -$dump_file +$regexp ); $in{$p} = ''; -next; +last; } } } -- 1.8.3.1 signature.asc Description: OpenPGP digital signature
Bug#932388: pure-ftpd-postgresql: Postgresql-based auth fails without error after buster upgrade
On 1/29/20 4:21 PM, Roman wrote: > Faced, very likely, same issue on Debian Buster with pure-ftpd-postgresql > version 1.0.47-3. My pure-ftpd is configured > via SaltStack so configuration is exactly the same between hosts, but after > setting up new Debian 10 host and rolling > out my SaltStack config on it, I found that authentication always fails. > > What does not help: > > * I checked PostgreSQL queries from pure-ftpd to PostgreSQL with tcpdump > and found that they are exactly same as on > old Debian 9 host. > * I tried switching to cleartext "encryption" and supply md5 hash as a > password in ftp client - no luck > > What proves that the problem is caused by Buster packages (in my case version > 1.0.47-3): > > * I've installed packages v. 1.0.43-3 from Stretch to Buster and with same > config files everything work flawlessly. > > What helped: > > * I've changed 'PGSQLCrypt' from 'md5' to 'any' and everything start to > work as expected with Buster version 1.0.47-3 > packages. > > > -- > Roman > Hello Roman, I see the problem but at this point I have no idea what causes it. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#943874: pure-ftpd: pure-ftp error on upgrade
On 11/7/19 10:46 PM, Guy Geens wrote: > Hello > > I also encountered this error. > > As far as I can see, the documentation (/usr/share/doc/pure-ftp) is > included in both pure-ftp and pure-ftp-common packages. > Hello, the build procedure for pure-ftpd is quite complex (different flavours for SQL+LDAP, virtualchroot). It hasn't changed since last release, but apparently the build tools behave differently. I'm going to try to fix the build soon. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#943874: pure-ftpd: pure-ftp error on upgrade
On 10/31/19 8:54 AM, Antonio wrote: > Package: pure-ftpd > Version: 1.0.49-1 > Severity: important > > Dear Maintainer, > there is an error on pure-ftpd-common package when I try to upgrade pure-ftp > > Preparativi per estrarre .../pure-ftpd-common_1.0.49-1_all.deb... > Estrazione di pure-ftpd-common (1.0.49-1) su (1.0.47-3)... > dpkg: errore nell'elaborare l'archivio /var/cache/apt/archives/pure-ftpd- > common_1.0.49-1_all.deb (--unpack): > impossibile aprire "/usr/share/doc/pure-ftpd-common/README.Authentication- > Modules.gz.dpkg-new": File o directory non esistente > Si sono verificati degli errori nell'elaborazione: > /var/cache/apt/archives/pure-ftpd-common_1.0.49-1_all.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > > Thanks, > Antonio > Hello Antonio, I can reproduce the problem but can't explain why it happens. Thanks for the report. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#942172: clamav-daemon: After upgrade, clamd cannon create /var/run/clamav/clamd.ctl and stop.
On 10/12/19 6:32 PM, Hugo Lefeuvre wrote: > Hi, > > I did not notice this bug during my tests. I have just tried to reproduce > it by upgrading a jessie system from 0.100.3+dfsg-0+deb8u1 to > 0.101.4+dfsg-0+deb8u1 and did not experience any issue restarting > clamav-daemon. > > Furthermore, /var/run/clamav/ belonging to root:root or clamav:root does > not seem to change anything on my system. My understanding is that > /var/run/clamav/clamd.ctl is created by systemd, not by the daemon itself. > > Also, I don't think chown clamav /var/run/clamav should survive a restart. > > Filipe: did you also experience this bug? > > Thanks. > > regards, > Hugo > Hello, I noticed this problem as well on a few Jessie servers. It looks like it takes ClamAV a long time to read/update the virus definitions and thus hits a timeout set by systemd. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#940505: pure-ftpd: TLS 1.3 support broken
On 9/16/19 3:53 PM, Thomas Deutschmann wrote: > Source: pure-ftpd > Severity: grave > Justification: causes non-serious data loss > > Dear Maintainer, > > please consider disabling TLS 1.3 support. > > While you added TLS 1.3 compatibility through bug 918630, this uncovered > a grave bug in pure-ftpd, see https://github.com/jedisct1/pure-ftpd/issues/102 > or https://bugzilla.redhat.com/show_bug.cgi?id=1654838#c5 > > It's fixed in newer pure-ftpd versions. However, it's not easy to backport > because upstream refactored TLS code while fixing this bug. > > That's why I am requesting to disable TLS 1.3 to avoid data loss. So this affects the package version 1.0.47-3 in stable + testing? And the problem is supposed to fixed in the latest version ... I will take a look. Regards Racke > > > -- System Information: > Debian Release: 9.9 > APT prefers stable > APT policy: (1001, 'stable'), (990, 'oldstable'), (500, 'oldstable-updates') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#939636: Large lists sync_include lock problem
package: sympa severity: important version: 6.2.40~dfsg-1 affects: 6.2.40~dfsg-2 tag: patch From https://github.com/sympa-community/sympa/issues/744: When instanciating a list by family (with sympa.pl), the task_manager take over the lock in sync_include. This happens with big lists (over 100,000 subscribers in my tests). Patch attached. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. --- a/src/lib/Sympa/List.pm 2019-08-22 09:50:38.56800 +0200 +++ b/src/lib/Sympa/List.pm 2019-08-22 09:51:38.34000 +0200 @@ -6491,6 +6491,14 @@ my $total = 0; my $errors_occurred = 0; +## Get an Exclusive lock +my $lock_fh = +Sympa::LockedFile->new($self->{'dir'} . '/include', 10 * 60, '+'); +unless ($lock_fh) { +$log->syslog('err', 'Could not create new lock'); +return undef; +} + ## Load a hash with the old subscribers for ( my $user = $self->get_first_list_member(); @@ -6612,14 +6620,6 @@ my $users_added = 0; my $users_updated = 0; -## Get an Exclusive lock -my $lock_fh = -Sympa::LockedFile->new($self->{'dir'} . '/include', 10 * 60, '+'); -unless ($lock_fh) { -$log->syslog('err', 'Could not create new lock'); -return undef; -} - ## Go through previous list of users my $users_removed = 0; my $user_removed; signature.asc Description: OpenPGP digital signature
Bug#936020: /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator upon removal
On 8/29/19 9:49 AM, Olivier Berger wrote: > Package: sympa > Version: 6.2.40~dfsg-1 > Severity: normal > > Dear Maintainer, > > Upon removal of sympa (not purge), I got: > Suppression de sympa (6.2.40~dfsg-1) ... > /var/lib/dpkg/info/sympa.prerm: 33: [: =: unexpected operator > Conf sympa disabled. > apache2_invoke postrm: Disable configuration sympa.conf > apache2_invoke sympa-soap.conf postrm: No action required > > That "unexpected operator" message doesn't look great... Hello Olivier, I can not reproduce this problem. Which shell is used as /bin/sh? Also this part is injected by deb helpers. Regards Racke > > Hope this helps, > > Best regards, > > -- System Information: > Debian Release: bullseye/sid > APT prefers testing > APT policy: (500, 'testing'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), > LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages sympa depends on: > ii adduser3.118 > ii ca-certificates20190110 > pn dbconfig-common > ii debconf [debconf-2.0] 1.5.73 > ii exim4-daemon-light [mail-transport-agent] 4.92.1-2 > ii fonts-font-awesome 5.0.10+really4.7.0~dfsg-1 > ii libarchive-zip-perl1.64-1 > ii libc6 2.28-10 > ii libcgi-fast-perl 1:2.15-1 > ii libcgi-pm-perl 4.44-1 > pn libclass-singleton-perl > pn libcrypt-eksblowfish-perl > pn libcrypt-openssl-x509-perl > pn libcrypt-smime-perl > pn libdatetime-format-mail-perl > pn libdbd-csv-perl > pn libdbd-mysql-perl > pn libdbd-pg-perl > pn libdbd-sqlite3-perl > ii libdbi-perl1.642-1+b1 > ii libfcgi-perl 0.78-2+b3 > pn libfile-copy-recursive-perl > pn libfile-nfslock-perl > ii libhtml-format-perl2.12-1 > pn libhtml-stripscripts-parser-perl > ii libhtml-tree-perl 5.07-2 > pn libintl-perl > ii libio-stringy-perl 2.111-3 > ii libjs-jquery 3.3.1~dfsg-3 > pn libjs-jquery-migrate-1 > pn libjs-jquery-minicolors > ii libjs-jquery-ui1.12.1+dfsg-5 > pn libmail-dkim-perl > ii libmailtools-perl 2.21-1 > ii libmime-charset-perl 1.012.2-1 > pn libmime-encwords-perl > pn libmime-lite-html-perl > ii libmime-tools-perl 5.509-1 > pn libnet-cidr-perl > ii libnet-dns-perl1.20-1 > pn libnet-ldap-perl > pn libnet-netmask-perl > pn libregexp-common-perl > ii libsoap-lite-perl 1.27-1 > ii libtemplate-perl 2.27-1+b1 > pn libterm-progressbar-perl > ii libunicode-linebreak-perl 0.0.20190101-1+b1 > ii libxml-libxml-perl 2.0134+dfsg-1 > ii lsb-base 11.1.0 > pn mhonarc > ii perl 5.28.1-6 > ii rsyslog [system-log-daemon]8.1907.0-1 > ii sqlite33.29.0-2 > > Versions of packages sympa recommends: > pn apache2-suexec > pn default-mysql-server | postgresql > pn doc-base > pn libapache2-mod-fcgid > pn libcrypt-ciphersaber-perl > ii libio-socket-ssl-perl 2.066-1 > ii locales2.28-10 > ii logrotate 3.14.0-4 > > Versions of packages sympa suggests: > ii apache2 [httpd-cgi] 2.4.41-1 > pn libauthcas-perl > pn libdbd-odbc-perl > pn libdbd-oracle-perl > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#935882: debian/config uses Invalid option -fqdn
package: sympa The correct option for hostname is --fqdn. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#932018: Use systemd unit file
package: pure-ftpd severity: wishlist Marc Palau suggested to use unit files and provided the following example: [Unit] Documentation=man:pure-ftpd(8) Description=Pure-FTPd FTP server After=syslog.target network.target [Service] Type=forking PIDFile=/var/run/pure-ftpd/pure-ftpd.pid ExecStart=/usr/sbin/pure-ftpd-wrapper Restart=on-failure [Install] WantedBy=multi-user.target Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#929157: sympa: wwsympa stops working after upgrade: Can't locate object method "host_port" via package "URI::_generic"
On 5/18/19 1:21 PM, Tobias Frost wrote: > On Sat, 18 May 2019 12:32:08 +0200 Tobias Frost > wrote: > >> Mai 18 12:06:45 wwsympa[16168]: err main::#1489 > > Sympa::WWW::Tools::get_my_url#223 > Sympa::get_url#762 DIED: Can't > locate object method "host_port" via package "URI::_generic" at > /usr/share/sympa/lib/Sympa.pm line 762. > > Additional information: I've commented that line and at least wwsympa > does not bark as loud as before and I get a web interface showing in > the browser (I did not test functionality yet) > > With that, there is another hint in nginx's error log: > > 2019/05/18 13:20:22 [error] 21610#21610: *150 FastCGI sent in stderr: > "[Sat May 18 13:20:22 2019] wwsympa.fcgi: Use of uninitialized value in > string eq at /usr/share/sympa/lib/Sympa.pm line 759" while reading > upstream, client: 87.166.233.22, server: , request: "GET /wws/ > HTTP/2.0", upstream: "fastcgi://unix:/run/fcgiwrap.socket:", host: > "" That's odd - the URI module itself certainly supports ->host_port. What is the configuration value of wwsympa_url (global and/or robot setting). Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#927005: New upstream release 0.55 needed to fix bug in Sympa
Package: libmail-dkim-perl Please consider to package the new upstream release of Mail::DKIM, which is needed to fix a Sympa ARC problem (https://github.com/sympa-community/sympa/issues/575, Debian bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927002). The new version requires Mail::AuthenticationResults, which is not packaged yet. Let me know if you need a hand. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#927002: No arc header added
Package: sympa Version: 6.2.40~dfsg-1 Tags: fixed-upstream See https://github.com/sympa-community/sympa/issues/575 for more info. For a fix we need Mail-DKIM 0.55, which in turns requires Mail::AuthenticationResults (not packaged yet). Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#920011: Recursive chmod
package: sympa W: sympa: maintainer-script-should-not-use-recursive-chown-or-chmod postinst:207 N: N:The maintainer script appears to call chmod or chown with a N:--recursive/-R argument, or uses find(1) in a similar manner. N: N:This is vulnerable to hardlink attacks on mainline, non-Debian kernels N:that do not have fs.protected_hardlinks=1, N: N:This arises through altering permissions or ownership within a directory N:that may be owned by a non-privileged user - such a user can link to N:files that they do not own such as /etc/shadow or files within N:/var/lib/dpkg/. The promiscuous chown or chmod would convert the N:ownership or permissions of these files so that they are manipulable by N:the non-privileged user. N: N:Ways to avoid this problem include: N: N: - If your package uses a static uid, please perform the chown at N: package build time instead of installation time. N: - Use a non-recursive call instead, ensuring that you do not change N: ownership of files that are in user-controlled directories. N: - Use runuser(1) to perform any initialization work as the N: user you were previously chowning to. N: N:Refer to https://bugs.debian.org/889060, https://bugs.debian.org/889488, N:and the runuser(1) manual page for details. N: N:Severity: normal, Certainty: certain N: N:Check: scripts, Type: binary N: W: sympa: maintainer-script-should-not-use-recursive-chown-or-chmod postinst:220 W: sympa: maintainer-script-should-not-use-recursive-chown-or-chmod postinst:226 -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#920010: Use maintscript files
package: sympa severity: minor W: sympa: maintainer-script-should-not-use-dpkg-maintscript-helper postinst:56 N: N:The maintainer script seems to make manual calls to the N:dpkg-maintscript-helper(1) utility. N: N:Please use package.maintscript files instead; the dh_installdeb(1) tool N:will do some basic validation of some of the commands listed in this N:file to catch common mistakes. N: N:Refer to the dpkg-maintscript-helper(1) manual page and the N:dh_installdeb(1) manual page for details. N: N:Severity: minor, Certainty: certain N: N:Check: scripts, Type: binary N: W: sympa: maintainer-script-should-not-use-dpkg-maintscript-helper postinst:58 W: sympa: maintainer-script-should-not-use-dpkg-maintscript-helper postinst:71 -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#920008: Manpage has errors
package: sympa severity: minor W: sympa: manpage-has-errors-from-man usr/share/man/man5/sympa.conf.5.gz 222: warning [p 2, 2.2i]: can't break line N: N:This man page provokes warnings or errors from man. N: N:"cannot adjust" or "can't break" are trouble with paragraph filling, N:usually related to long lines. Adjustment can be helped by left N:justifying, breaks can be helped with hyphenation, see "Manipulating N:Filling and Adjusting" and "Manipulating Hyphenation" in the groff N:manual (see info groff). N: N:"can't find numbered character" usually means latin1 etc in the input, N:and this warning indicates characters will be missing from the output. N:You can change to escapes like \[:a] described on the groff_char man N:page. N: N:Other warnings are often formatting typos, like missing quotes around a N:string argument to .IP. These are likely to result in lost or malformed N:output. See the groff_man (or groff_mdoc if using mdoc) man page for N:information on macros. N: N:This test uses man's --warnings option to enable groff warnings that N:catch common mistakes, such as putting . or ' characters at the start of N:a line when they are intended as literal text rather than groff N:commands. This can be fixed either by reformatting the paragraph so that N:these characters are not at the start of a line, or by adding a N:zero-width space (\&) immediately before them. N: N:At worst, warning messages can be disabled with the .warn directive, see N:"Debugging" in the groff manual. N: N:Lintian also stricter in regards to declaring manpage preprocessors. N: N:To test this for yourself you can use the following command: N: LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 \ N:man --warnings -E UTF-8 -l -Tutf8 -Z >/dev/null N: N:Refer to the groff_man(7) manual page and the groff_mdoc(7) manual page N:for details. N: N:Severity: normal, Certainty: certain N: N:Check: manpages, Type: binary -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#920005: Embedded JavaScript Library
package: sympa version: 6.2.40~dfsg-1 W: sympa: embedded-javascript-library usr/share/sympa/static_content/js/html5shiv/html5shiv.js please use libjs-html5shiv N: N:This package contains an embedded copy of JavaScript libraries that are N:now available in their own packages (for example, JQuery, Prototype, N:Mochikit or "Cropper"). Please depend on the appropriate package and N:symlink the library into the appropriate location. N: N:Refer to Debian Policy Manual section 4.13 (Convenience copies of code) N:for details. N: N:Severity: normal, Certainty: possible N: N:Check: files, Type: binary, udeb -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#907883: Solution provided
A possible solution has been provided and I think this isn't a problem with packaging. Feel free to reopen this bug if you have a different opinion, but please provide more details. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#898178: Gmail attachements
Hello Alexander, did you find any information about why this email didn't get send to the lists in the log files? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#907883: Database encoding
Hello Jiri, please check whether your database has the correct encoding. I could reproduce your problem with the database encoding set to LATIN1. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#671644: Login problem confirmed
Hello Daniel, sorry for the very, very late answer to your bug report. This problem still exists in current Sympa and I actually suspect that you are correct and this a problem with Cookie handling. It actually results in *changing* the current password. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#907883: Error is reproducible with current version
I can reproduce this problem, but I'm not sure what is exactly causing it. Can you tell me which web server you using in front of sympa? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#909383: Patch to skip install for Xemacs21
Hello, attached is a patch to skip install of python-mode for Xemacs21. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. --- python-mode-6.2.3/debian/emacsen-install 2017-01-17 22:33:55.0 +0100 +++ python-mode-6.2.3-fixed/debian/emacsen-install 2018-12-01 11:21:02.899381546 +0100 @@ -20,6 +20,11 @@ exit 0 fi +if [ ${FLAVOR} = xemacs21 ]; then +echo "$PACKAGE fails on ((string-to-syntax)) - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909383; +exit 0 +fi + echo install/${PACKAGE}: Handling install for emacsen flavor ${FLAVOR} FLAVORTEST=`echo $FLAVOR | cut -c-6` signature.asc Description: OpenPGP digital signature
Bug#909383: xemacs21 stale
I think the main problem is that xemacs21 is quite stale, latest upstream release dating back to 2013. Thus it doesn't support (string-to-syntax) Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#909383: Fails to install
This even happens on a normal system - looks like it enters an infinite loop: Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Regards from BSP in Bern Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#914776: sympa: Preseeding installation with debconf-set-selections not possible
On 11/27/18 8:53 AM, Sampo Sorsa wrote: > Package: sympa > Version: 6.2.16~dfsg-3+deb9u1 > Severity: normal > > Dear Maintainer, > > It's not possible to use dpkg-set-selections to preseed the following debconf > items: > > sympa/language > sympa/hostname > sympa/listmaster > wwsympa/wwsympa_url > > This is due to debian/config always using db_set to overwrite these values. > > Instead of always using the values set under "# Default values", the config > script should check whether the debconf > database already has entries for these items, and use them instead. Yes, this should be possible. I'll take a look at it. Thanks for the report. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#898358: sympa: dependency differences from upstream
On 5/10/18 8:56 PM, Matt Taggart wrote: > Package: sympa > Version: 6.2.32~dfsg-1 > > I was reviewing upstream src/lib/Sympa/ModDef.pm, and comparing with the > package Depends and found the following > differences in dependencies in debian/control that I didn't understand. Maybe > there are reasons for them or maybe they > need to be added? > > Missing Depends: > ModDef.pm debian package name > > Clone libclone-perl (but pulled in via libdbd* -> > libdbi-perl -> libclone-perl) > Crypt::Eksblowfish libcrypt-eksblowfish-perl > Data::Password libdata-password-perl > DateTime::TimeZone libdatetime-timezone-perl (but pulled in > via libdatetime-format-mail-perl -> > libdatetime-perl -> libdatetime-timezone-perl ) > Encode::Locale libencode-locale-perl > List::Util::XS N/A, ModDef.pm says: > # The pure-perl version of Scalar::Util::looks_like_number() was unstable. > # To force using XS version, check existence of List::Util::XS. > URI::Escape liburi-perl > > Depends but not in ModDef.pm: > libmsgcat-perl > > libcrypt-ciphersaber-perl is in recommends, the text in ModDef.pm says: > Crypt::CipherSaber > this module provides reversible encryption of user passwords in the database. > Useful when updating from old version with password reversible encryption, > or if secure session cookies in non-SSL environments are required. > > Is that always used or optional? > libcrypt-eksblowfish-perl is part of the dependencies of the actual package. The reference to List::Util::XS is four years old and I think isn't relevant anymore. FYI: ModDef.pm has been recently removed from the Sympa sources. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#898358: sympa: dependency differences from upstream
On 5/10/18 8:56 PM, Matt Taggart wrote: > Package: sympa > Version: 6.2.32~dfsg-1 > > I was reviewing upstream src/lib/Sympa/ModDef.pm, and comparing with the > package Depends and found the following > differences in dependencies in debian/control that I didn't understand. Maybe > there are reasons for them or maybe they > need to be added? > > Missing Depends: > ModDef.pm debian package name > > Clone libclone-perl (but pulled in via libdbd* -> > libdbi-perl -> libclone-perl) > Crypt::Eksblowfish libcrypt-eksblowfish-perl > Data::Password libdata-password-perl > DateTime::TimeZone libdatetime-timezone-perl (but pulled in > via libdatetime-format-mail-perl -> > libdatetime-perl -> libdatetime-timezone-perl ) > Encode::Locale libencode-locale-perl > List::Util::XS N/A, ModDef.pm says: > # The pure-perl version of Scalar::Util::looks_like_number() was unstable. > # To force using XS version, check existence of List::Util::XS. > URI::Escape liburi-perl > > Depends but not in ModDef.pm: > libmsgcat-perl Hello Matt, thanks for checking out the dependencies! Sympa itself stopped to use the msgcat Perl module a long time ago, so I removed it from the control file: https://salsa.debian.org/sympa-team/sympa/commit/50a1ef0c938fe887b8e234fc3a952ba1009f347c Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#881336: dockerization of sympa impossible with current packaging
On 11/11/17 12:05 AM, Marc Chantreux wrote: > hello, > > thanks to the help of racke and kolter on the freenode #sympa channel, > i have a sympa installed from buster packages in a docker. > > https://github.com/sympa-community/sympa-docker/tree/master/registry/sympa:buster > > i also tried to help about the invoke-rc.d thing. see the pactch in > attachement > > many thanks for help > > regards > The maintainer scripts have quite old code inside, so I'm looking at a better to do without using invoke-rc.d. At any rate, docker isn't part of the Debian distribution. So I think this patch isn't appropriate and is not needed - this probably can be solved by more smart usage of apt/dpkg in the Dockerfile. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#908165: sympa: CVE-2018-1000671
On 9/6/18 10:36 PM, Salvatore Bonaccorso wrote: > Source: sympa > Version: 6.2.16~dfsg-3 > Severity: important > Tags: security upstream > Forwarded: https://github.com/sympa-community/sympa/issues/268 > > Hi, > > The following vulnerability was published for sympa, filled to start > tracking the upstream issue. AFAIK, there is no fix avaialbe yet. > > CVE-2018-1000671[0]: > | sympa version 6.2.16 and later contains a CWE-601: URL Redirection to > | Untrusted Site ('Open Redirect') vulnerability in The "referer" > | parameter of the wwsympa.fcgi login action. that can result in Open > | redirection and reflected XSS via data URIs. This attack appear to be > | exploitable via Victim's browser must follow a URL supplied by the > | attacker. This vulnerability appears to have been fixed in none > | available. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2018-1000671 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000671 > [1] https://github.com/sympa-community/sympa/issues/268 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > Hello Salvatore, upstream is working on a fix for this problem, so we can expect a patch in the next few days. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#889346: pure-ftpd-mysql: pure-ftpd fails to start on newer MariaDB servers
On 02/03/2018 04:29 PM, Demetris Demetriou wrote: > Package: pure-ftpd-mysql > Severity: important > > Hello, > > Pure-ftpd fails to start on newer MariaDB versions (>=10.2) due to an issue > with my_make_scrambled_password. Full comment by MariaDB developers below. > More > info at > https://jira.mariadb.org/browse/MDEV-12889?focusedCommentId=97156=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment- > tabpanel#comment-97156 > > Quoted comment: > "There is definitely an issue with pureftpd. Or, rather, there was. Here's the > full story: > > In its early days, say, about 20 years ago, libmysqlclient did not version > symbols and did not limit their visibility. Some functions were documented — > they were client API, and we promised to keep them stable, working over years. > Other functions were not documented, they were internal, no promises. But they > were exported and available too. > > Later, in MariaDB time, we took a closer look at that. RedHat was versioning > libmysqlclient symbols. Old symbols from libmysqlclient.so.16.0.0 had the > version libmysqlclient_16, newer symbols had the version libmysqlclient_18. > Internal symols was hidden, with few exceptions. One of such exceptions was > my_make_scrambled_password, because pureftpd started using it since the old > days, when everything was kind of allowed. Debian had a different, simpler > (and > less correct) approach to versioning, all symbols had libmysqlclient_18 > version. In MariaDB we managed to create a library compatible with both > approaches. my_make_scrambled_password was not hidden, with the comment "for > pureftpd". > > Now, a couple of days ago, I wanted to report this bug to pureftpd, to have it > finally fixed and not use internal non-public libmysqlclient symbols. And I > found that pureftpd source have this: > > # ifdef HAVE_MY_MAKE_SCRAMBLED_PASSWORD > my_make_scrambled_password(scrambled_password, password, >strlen(password)); > # elif defined(HAVE_MAKE_SCRAMBLED_PASSWORD) > make_scrambled_password(scrambled_password, password); > # else > { > SHA1_CTX ctx; > unsigned char h0[20], h1[20]; > char *p; > > SHA1Init(); > SHA1Update(, password, strlen(password)); > SHA1Final(h0, ); > SHA1Init(); > SHA1Update(, h0, sizeof h0); > pure_memzero(h0, sizeof h0); > SHA1Final(h1, ); > *scrambled_password = '*'; > hexify(scrambled_password + 1U, h1, >(sizeof scrambled_password) - 1U, sizeof h1); > *(p = scrambled_password) = '*'; > while (*p++ != 0) { > *p = (char) toupper((unsigned char) *p); > } > } > # endif > That is, it only uses make_scrambled_password if it's available, otherwise it > can perfectly do without. So, now it's Debian bug, because they build pureftpd > to use internal libmysqlclient symbols, while they perfectly can avoid that. > > Even more, I've found that in the latest pureftpd sources on github, they've > removed this ifdef and don't use make_scrambled_password at all anymore. > https://github.com/jedisct1/pure- > ftpd/commit/27443b29320d85352d8b52c0120836843e10c0f9 > > So it was pureftpd issue, and they've fixed it. > Sergei Golubchik > Missing versioning is our issue and we'll fix it." - Sergei Golubchik > > > Waiting for the newer version to trickle down through the normal release cycle > would mean that every one that uses pure-ftpd with newer MariaDB servers will > wait at least a couple of years for a solution, which in production > environments is not an acceptable solution. The easiest solution would be to > provide an up-to-date version through debian-backports, or alternatively bump > up the package in Debian stable to the latest version through an exception to > the normal release schedule. > Hello Demetris, I will checkout your suggestions how to solve this problems. Thanks for your report. Regards Racke > > > > -- System Information: > Debian Release: 9.3 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), > LANGUAGE=en_US:en (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages pure-ftpd-mysql depends on: > ii libc6 2.24-11+deb9u1 >
Bug#886212: pure-ftpd FTCBFS: configures for the build architecture
On 01/03/2018 08:21 AM, Helmut Grohne wrote: > Source: pure-ftpd > Version: 1.0.46-1 > Tags: patch > User: helm...@debian.org > Usertags: rebootstrap > > pure-ftpd fails to cross build from source, because it does not pass the > required --host flag to ./configure. The easiest way of doing that is > deferring the task to dh_auto_configure. After doing so, pure-ftpd still > fails to cross build, because it uses AC_RUN_IFELSE without a default. > Most of the checks can be converted to AC_COMPILE_IFELSE or > AC_LINK_IFELSE with little loss, but that requires autoreconfing the > package and that is quite difficult to achieve with the current > packaging. Thus I ask you to just apply the attached patch and closing > this bug when doing so to make the AC_RUN_IFELSE issue apparent to cross > builders. It would also be nice to run autoreconf to be able to fix the > other issues. > > Helmut > Hello Helmut, I'm going to upload packages with this fix applied on this weekend. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#881336: dockerization of sympa impossible with current packaging
On 11/10/2017 02:14 PM, Marc Chantreux wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > > hello, > > the current debian packaging of sympa install and starts everything > required for sympa to be up and running which is great but don't fit > the docker strategy when every service must be started as pid 1 > in a container. > > i thnk that in the best scenario, sympa should be split on multiple packages > > digraph { > libtask-sympa-perl > -> sympa-common > -> { sympa-archived , sympa-bulkd , sympa-fastcgi , sympa-* } > -> sympa > } > > here is the current situation: > > cat sympa:buster/Dockerfile > >> FROM debian:buster >> ENV DEBIAN_FRONTEND noninteractive >> RUN apt -y update &&\ >> apt -y upgrade &&\ >> apt -y install sympa > > docker build -t sympacrashdemo sympa:buster > > ... lot of output, then ... > >> Creating config file /etc/dbconfig-common/sympa.conf with new version >> ERROR 2002 (HY000): Can't connect to local MySQL server through socket >> '/var/run/mysqld/mysqld.sock' (2 "No such file or directory"). >> unable to connect to mysql server. >> error encountered creating user: >> ERROR 2002 (HY000): Can't connect to local MySQL server through socket >> '/var/run/mysqld/mysqld.sock' (2 "No such file or directory") >> dbconfig-common: sympa configure: noninteractive fail. >> dbconfig-common: sympa configure: ignoring errors from here forwards >> dbconfig-common: flushing administrative password >> Ensuring that permissions and ownerships are right (this can take a while)... >> FastCGI module not installed or enabled, skipping. >> Moving configuration files for Sympa >= 6.2 (if required) >> Sympa configuration already located at /etc/sympa/sympa/sympa.conf >> Upgrading Sympa internals (health check) >> err Conf::_set_listmasters_entry() Robot config: Listmaster address >> "listmaster@f06ba360c7bc" is not a valid email >> err Conf::_set_listmasters_entry() Robot config: All the listmasters >> addresses found were not valid. Out of 1 addresses provided, 0 only are >> valid email addresses >> setlogsock(): type='unix': path not available at >> /usr/share/sympa/lib/Sympa/Log.pm line 222. >> Database sympa defined in sympa.conf has not the right structure or is >> unreachable. verify db_xxx parameters in sympa.conf >> dpkg: error processing package sympa (--configure): >> installed sympa package post-installation script subprocess returned error >> exit status 255 >> Processing triggers for libc-bin (2.24-17) ... >> Processing triggers for ca-certificates (20170717) ... >> Updating certificates in /etc/ssl/certs... >> 0 added, 0 removed; done. >> Running hooks in /etc/ca-certificates/update.d... >> done. >> Processing triggers for rsyslog (8.29.0-2) ... >> invoke-rc.d: could not determine current runlevel >> invoke-rc.d: policy-rc.d denied execution of try-restart. >> Errors were encountered while processing: >> sympa >> E: Sub-process /usr/bin/dpkg returned an error code (1) >> The command '/bin/sh -c apt -y update &&apt -y upgrade &&apt -y >> install sympa' returned a non-zero code: 100 > > I suppose you need to seed debconf in order to connect to a database. BTW: Buster has already Sympa package version 6.2.22~dfsg-1. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#861307: sympa: when using cookie spam_protection, user is not redirected to their originally requested page
On 04/27/2017 11:07 AM, Sabine Lorenz wrote: > Package: sympa > Version: 6.1.23~dfsg-2+deb8u1 > Severity: normal > > Dear Maintainer, > > when directly loading the URL of an email in the archive the user is > requested to click the button "I am not a spammer" and after doing that the > user is redirected to the main archiv page of the list instead of the > originally requested page. > Hello, I tested this on Sympa 6.2.18 installed from Debian package and I got to the correct page. Which type of list we are talking about? Regards Racke > -- System Information: > Debian Release: 8.7 > Architecture: amd64 (x86_64) > > Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) > Locale: LANG=C, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser3.113+nmu3 > ii ca-certificates20141019+deb8u2 > ii dbconfig-common1.8.47+nmu3+deb8u1 > ii debconf [debconf-2.0] 1.5.56 > ii exim4-daemon-light [mail-transport-agent] 4.84.2-2+deb8u3 > ii libarchive-zip-perl1.39-1 > ii libc6 2.19-18+deb8u7 > ii libcgi-fast-perl 1:2.04-1 > ii libcgi-pm-perl 4.09-1 > ii libdbd-mysql-perl 4.028-2+deb8u2 > ii libdbd-pg-perl 3.4.2-1 > ii libdbd-sqlite3-perl1.44-1 > ii libdbd-sybase-perl 1.14-1+b2 > ii libdbi-perl1.631-3+b1 > ii libfcgi-perl 0.77-1+deb8u1 > ii libfile-copy-recursive-perl0.38-1 > ii libhtml-format-perl2.11-1 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-1 > ii libintl-perl 1.23-1+deb8u1 > ii libio-stringy-perl 2.110-5 > ii libmailtools-perl 2.13-1 > ii libmime-charset-perl 1.011.1-1+deb8u2 > ii libmime-encwords-perl 1.014.3-1+deb8u1 > ii libmime-lite-html-perl 1.24-1 > ii libmime-tools-perl 5.505-1 > ii libmsgcat-perl 1.03-6+b1 > ii libnet-ldap-perl 1:0.6400+dfsg-2 > ii libnet-netmask-perl1.9021-1 > ii libregexp-common-perl 2013031301-1 > ii libsoap-lite-perl 1.11-1 > ii libtemplate-perl 2.24-1.2+b1 > ii libterm-progressbar-perl 2.16-1 > ii libunicode-linebreak-perl 0.0.20140601-2+deb8u2 > ii libxml-libxml-perl 2.0116+dfsg-1+deb8u1 > ii lsb-base 4.1+Debian13+nmu1 > ii mhonarc2.6.19-1 > ii perl 5.20.2-3+deb8u6 > ii perl-modules 5.20.2-3+deb8u6 > ii rsyslog [system-log-daemon]8.4.2-1+deb8u2 > ii sqlite33.8.7.1-1+deb8u2 > > Versions of packages sympa recommends: > ii apache2-suexec2.4.10-10+deb8u8 > ii apache2-suexec-pristine [apache2-suexec] 2.4.10-10+deb8u8 > ii doc-base 0.10.6 > ii libapache2-mod-fcgid 1:2.3.9-1+b1 > ii libcrypt-ciphersaber-perl 0.61-4 > ii libfile-nfslock-perl 1.24-1 > ii libio-socket-ssl-perl 2.002-2+deb8u2 > ii libmail-dkim-perl 0.40-1 > ii locales 2.19-18+deb8u7 > ii logrotate 3.8.7-1+b1 > ii mysql-server 5.5.55-0+deb8u1 > > Versions of packages sympa suggests: > ii apache2 [httpd-cgi] 2.4.10-10+deb8u8 > pn libauthcas-perl > pn libdbd-oracle-perl > pn libtext-wrap-perl > ii openssl 1.0.1t-1+deb8u6 > > -- Configuration Files: > /etc/sympa/auth.conf changed [not included] > /etc/sympa/topics.conf changed [not included] > > -- debconf information: > sympa/db/dbname: sympa > sympa/passwords-do-not-match: > sympa/internal/reconfiguring: false > sympa/dbconfig-install: true > sympa/pgsql/method: unix socket > sympa/upgrade-backup: true > sympa/pgsql/authmethod-admin: ident > sympa/data
Bug#846864: sympa: Error upgrading with mariadb database
On 12/03/2016 08:53 PM, e-mmanuel wrote: > Package: sympa > Version: 6.2.16~dfsg-2 > Severity: important > > Dear Maintainer, > > When upgrading, I have the following error : > > Paramétrage de sympa (6.2.16~dfsg-2) ... > Unsupported database type . > dpkg: erreur de traitement du paquet sympa (--configure) : > le sous-processus script post-installation installé a retourné une erreur de > sortie d'état 1 > Des erreurs ont été rencontrées pendant l'exécution : > sympa > E: Sub-process /usr/bin/dpkg returned an error code (1) > Paramétrage de sympa (6.2.16~dfsg-2) ... > Unsupported database type . > dpkg: erreur de traitement du paquet sympa (--configure) : > le sous-processus script post-installation installé a retourné une erreur de > sortie d'état 1 > Des erreurs ont été rencontrées pendant l'exécution : > sympa > > > I have mariadb database. Sorry, I cannot reproduce this bug. Regards Racke > > > -- System Information: > Debian Release: stretch/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser 3.115 > ii ca-certificates 20161102 > ii dbconfig-common 2.0.6 > ii debconf [debconf-2.0] 1.5.59 > ii fonts-font-awesome 4.7.0~dfsg-1 > ii init-system-helpers 1.46 > ii libarchive-zip-perl 1.59-1 > ii libc6 2.24-7 > ii libcgi-fast-perl 1:2.11-1 > ii libcgi-pm-perl 4.35-1 > ii libclass-singleton-perl 1.5-1 > ii libcrypt-openssl-x509-perl 1.8.7-2 > ii libcrypt-smime-perl 0.18-1 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl 0.4900-1 > ii libdbd-mysql-perl 4.040-1 > ii libdbd-pg-perl 3.5.3-1+b2 > ii libdbd-sqlite3-perl 1.52-1 > ii libdbi-perl 1.636-1+b1 > ii libfcgi-perl 0.78-2 > ii libfile-copy-recursive-perl 0.38-1 > ii libfile-nfslock-perl 1.27-1 > ii libhtml-format-perl 2.11-2 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl 2.111-2 > ii libjs-jquery 3.1.1-1 > ii libjs-jquery-placeholder 2.3.1-2 > ii libjs-jquery-ui 1.12.1+dfsg-1 > ii libjs-modernizr 2.6.2+ds1-1 > ii libjs-twitter-bootstrap 2.0.2+dfsg-10 > ii libmail-dkim-perl 0.40-1 > ii libmailtools-perl 2.13-1 > ii libmime-charset-perl 1.012-2 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl 1.24-2 > ii libmime-tools-perl 5.508-1 > ii libmsgcat-perl 1.03-6+b3 > ii libnet-cidr-perl 0.18-1 > ii libnet-ldap-perl 1:0.6500+dfsg-1 > ii libnet-netmask-perl 1.9022-1 > ii libregexp-common-perl 2016060801-1 > ii libsoap-lite-perl 1.20-1 > ii libtemplate-perl 2.24-1.2+b3 > ii libterm-progressbar-perl 2.17-3 > ii libunicode-linebreak-perl 0.0.20160702-1+b1 > ii libxml-libxml-perl 2.0128+dfsg-1+b1 > ii lsb-base 9.20161125 > ii mhonarc 2.6.19-2 > ii perl 5.24.1~rc4-1 > pn perl:any > ii postfix [mail-transport-agent] 3.1.3-4 > ii rsyslog [system-log-daemon] 8.23.0-2 > ii sqlite3 3.15.1-1 > > Versions of packages sympa recommends: > ii apache2-suexec-pristine [apache2-suexec] 2.4.23-8 > ii default-mysql-server 1.0.1 > ii doc-base 0.10.7 > ii libapache2-mod-fcgid 1:2.3.9-1+b1 > ii libcrypt-ciphersaber-perl 1.01-1 > ii libio-socket-ssl-perl 2.039-1 > ii locales 2.24-7 > ii logrotate 3.8.7-2 > > Versions of packages sympa suggests: > ii apache2 [httpd-cgi] 2.4.23-8 > pn libauthcas-perl > pn libdbd-odbc-perl > pn libdbd-oracle-perl &
Bug#877173: Critical Errors in 6.2.20 Release
Package: sympa Version: 6.2.20~dfsg-2 Severity: serious upgrade_send_spool.pl could leave some messages not upgraded [diff] "sympa.pl --change_user_email" was broken GH #65 Next release is planned for 1st of October. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#876272: sympa: MHonArc depedency not detected by sympa_wizard
Package: sympa Version: 6.2.18~dfsg-1 Severity: minor See https://github.com/sympa-community/sympa/issues/59. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages sympa depends on: ii adduser3.116 ii ca-certificates20170717 ii dbconfig-common2.0.9 ii debconf1.5.63 ii exim4-daemon-light [mail-transport-agent] 4.89-6 ii fonts-font-awesome 4.7.0~dfsg-3 ii init-system-helpers1.49 ii libarchive-zip-perl1.59-1 ii libc6 2.24-17 ii libcgi-fast-perl 1:2.12-1 ii libcgi-pm-perl 4.36-1 ii libclass-singleton-perl1.5-1 ii libcrypt-openssl-x509-perl 1.8.7-3+b2 ii libcrypt-smime-perl0.19-2+b1 ii libdatetime-format-mail-perl 0.4030-1 ii libdbd-csv-perl0.4900-1 ii libdbd-mysql-perl 4.041-2+b1 ii libdbd-pg-perl 3.6.2-2 ii libdbd-sqlite3-perl1.54-2 ii libdbi-perl1.636-1+b3 ii libfcgi-perl 0.78-2+b2 ii libfile-copy-recursive-perl0.38-1 ii libfile-nfslock-perl 1.27-1 ii libhtml-format-perl2.12-1 ii libhtml-stripscripts-parser-perl 1.03-1 ii libhtml-tree-perl 5.03-2 ii libintl-perl 1.26-2 ii libio-stringy-perl 2.111-2 ii libjs-jquery 3.2.1-1 ii libjs-jquery-migrate-1 1.4.1-1 ii libjs-jquery-placeholder 2.3.1-2 ii libjs-jquery-ui1.12.1+dfsg-5 ii libjs-modernizr2.6.2+ds1-1 ii libjs-twitter-bootstrap2.0.2+dfsg-10 ii libmail-dkim-perl 0.40-1 ii libmailtools-perl 2.18-1 ii libmime-charset-perl 1.012-2 ii libmime-encwords-perl 1.014.3-2 ii libmime-lite-html-perl 1.24-2 ii libmime-tools-perl 5.508-1 ii libmsgcat-perl 1.03-6+b5 ii libnet-cidr-perl 0.18-1 ii libnet-dns-perl1.10-2 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl1.9022-1 ii libregexp-common-perl 2017060201-1 ii libsoap-lite-perl 1.22-1 ii libtemplate-perl 2.24-1.2+b5 ii libterm-progressbar-perl 2.21-1 ii libunicode-linebreak-perl 0.0.20160702-1+b3 ii libxml-libxml-perl 2.0128+dfsg-3 ii lsb-base 9.20170808 ii mhonarc2.6.19-2 ii perl 5.26.0-8 ii rsyslog [system-log-daemon]8.29.0-2 ii sqlite33.20.1-1 Versions of packages sympa recommends: ii apache2-suexec-pristine [apache2-suexec] 2.4.27-5 ii default-mysql-server 1.0.3 ii doc-base 0.10.7 ii libapache2-mod-fcgid 1:2.3.9-1+b1 ii libcrypt-ciphersaber-perl 1.01-2.1 ii libio-socket-ssl-perl 2.051-1 ii locales 2.24-17 ii logrotate 3.11.0-0.1 ii postgresql9.6+184 Versions of packages sympa suggests: pn libauthcas-perl pn libdbd-odbc-perl pn libdbd-oracle-perl ii nginx-full [httpd-cgi] 1.13.5-1 -- debconf information excluded
Bug#863631: Also affects sympa: trashes configuration on update without asking
On 07/05/2017 10:42 PM, Daniel Gnoutcheff wrote: > Control: found -1 6.1.23~dfsg-2+deb8u1 > > I've experienced this on jessie as well when upgrading from > 6.1.23~dfsg-2 to 6.1.23~dfsg-2+deb8u1 for the 8.7 point release. > > The listmaster directive in /etc/sympa/sympa.conf got clobbered, locking > me out of my own server until I tracked this down. > I can confirm that the listmaster was reset to default on the following upgrade: -sympa 6.1.23~dfsg-2+deb8u1 amd64 +sympa 6.2.16~dfsg-3 amd64 I will try to find a solution for this bad mistake on upgrade. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. signature.asc Description: OpenPGP digital signature
Bug#867380: pure-ftpd-mysql.service: Failed to start pure-ftpd-mysql.service.
On 07/06/2017 08:46 AM, Tumeski wrote: > Package: pure-ftpd-mysql > Version: 1.0.43-3 > Severity: important > > Hello, > > After upgrading Debian 8 to Debian 9 pure-ftpd-mysql package fails with > MariaDB. > > I had previously used MariaDB in Debian 8 enviroment too and package worked > fine. Hello Tumeski, you ran into a PureFTPd bug: https://jira.mariadb.org/browse/MDEV-12889 Patch attached. Thanks for the report Racke > > Setting up pure-ftpd-mysql (1.0.43-3) ... > Job for pure-ftpd-mysql.service failed because the control process exited > with error code. > See "systemctl status pure-ftpd-mysql.service" and "journalctl -xe" for > details. > invoke-rc.d: initscript pure-ftpd-mysql, action "start" failed. > ● pure-ftpd-mysql.service >Loaded: loaded (/etc/init.d/pure-ftpd-mysql; generated; vendor preset: > enabled) >Active: failed (Result: exit-code) since Thu 2017-07-06 09:42:08 EEST; > 36ms ago > Docs: man:systemd-sysv-generator(8) > Process: 31513 ExecStart=/etc/init.d/pure-ftpd-mysql start (code=exited, > status=127) > > Jul 06 09:42:08 megajorma systemd[1]: Starting pure-ftpd-mysql.service... > Jul 06 09:42:08 megajorma pure-ftpd-mysql[31513]: Starting ftp server: > Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l > mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -D -b -E -O > clf:/var/log/pure-ftpd/…GH -8 UTF-8 -A -B > Jul 06 09:42:08 megajorma pure-ftpd-mysql[31513]: > /usr/sbin/pure-ftpd-mysql-virtualchroot: > /usr/lib/x86_64-linux-gnu/libmariadbclient.so.18: no version information > available (required by /usr/sbin/pure-ftp…ql-virtualchroot) > Jul 06 09:42:08 megajorma pure-ftpd-mysql[31513]: > /usr/sbin/pure-ftpd-mysql-virtualchroot: relocation error: > /usr/sbin/pure-ftpd-mysql-virtualchroot: symbol my_make_scrambled_password, > version libmariadbcl…nk time reference > Jul 06 09:42:08 megajorma systemd[1]: pure-ftpd-mysql.service: Control > process exited, code=exited status=127 > Jul 06 09:42:08 megajorma systemd[1]: Failed to start pure-ftpd-mysql.service. > Jul 06 09:42:08 megajorma systemd[1]: pure-ftpd-mysql.service: Unit entered > failed state. > Jul 06 09:42:08 megajorma systemd[1]: pure-ftpd-mysql.service: Failed with > result 'exit-code'. > Hint: Some lines were ellipsized, use -l to show in full. > dpkg: error processing package pure-ftpd-mysql (--configure): > subprocess installed post-installation script returned error exit status 1 > Errors were encountered while processing: > pure-ftpd-mysql > E: Sub-process /usr/bin/dpkg returned an error code (1) > > > -- System Information: > Debian Release: 9.0 > APT prefers stable > APT policy: (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > Init: systemd (via /run/systemd/system) > > Versions of packages pure-ftpd-mysql depends on: > ii libc6 2.24-11+deb9u1 > ii libcap2 1:2.25-1 > ii libmariadb3 [libmariadbclient18] 10.2.6+maria~stretch > ii libmariadbclient1810.2.6+maria~stretch > ii libpam0g 1.1.8-3.6 > ii libssl1.1 1.1.0f-3 > ii lsb-base 9.20161125 > ii openbsd-inetd [inet-superserver] 0.20160825-2 > ii pure-ftpd-common 1.0.43-3 > ii zlib1g1:1.2.8.dfsg-5 > > pure-ftpd-mysql recommends no packages. > > pure-ftpd-mysql suggests no packages. > > -- Configuration Files: > /etc/pure-ftpd/db/mysql.conf changed: > MYSQLServer 127.0.0.1 > MYSQLUser IRemovedThese > MYSQLPassword IRemovedThese > MYSQLDatabase IRemovedThese > MYSQLCrypt crypt > MYSQLGetPW SELECT password FROM ftp_user WHERE active = 'y' AND > server_id = '1' AND username="\L" AND (expires IS NULL OR expires="-00-00 > 00:00:00" OR expires > NOW()) > MYSQLGetUID SELECT uid FROM ftp_user WHERE active = 'y' AND server_id = > '1' AND username="\L" AND (expires IS NULL OR expires="-00-00 00:00:00" > OR expires > NOW()) > MYSQLGetGID SELECT gid FROM ftp_user WHERE active = 'y' AND server_id = > '1' AND username="\L" AND (expires IS NULL OR expires="-00-00 00:00:00" > OR expires > NOW()) > MYSQLGetDir SELECT dir FROM ftp_user WHERE active = 'y' AND server_id = > '1' AND username="\L" AND (expires IS NULL OR expires="-00-00 00:00:00" > OR expires
Bug#868720: sympa FTBFS: configure: error: invalid value /usr/sbin/newaliases for newaliases command
On 07/18/2017 01:02 AM, Adrian Bunk wrote: > Source: sympa > Version: 6.2.16~dfsg-4 > Severity: serious > > https://buildd.debian.org/status/package.php?p=sympa=sid > > ... > checking for pod2man... /usr/bin/pod2man > checking for makemap... /usr/bin/makemap > checking user-supplied newaliases command... non-existing > configure: error: invalid value /usr/sbin/newaliases for newaliases command > > Apparently sympa checks for the presence of this binary on the build system. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#868289: sympa: Package sets wrong path for sendmail binary
On 07/14/2017 10:56 AM, Daniel ".koolfy" Faucon wrote: > > Upon closer inspection, this may be related to the fact that opensmtpd > is installed in the system and has replaced and maybe displaced the > newaliases command: > > root@web:~# ls -lht /usr/sbin/newaliases > lrwxrwxrwx 1 root root 7 mars 7 15:33 /usr/sbin/newaliases -> smtpctl > > > Patch attached. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. diff --git a/debian/rules b/debian/rules index bd4785d..cca3518 100755 --- a/debian/rules +++ b/debian/rules @@ -27,6 +27,7 @@ override_dh_auto_configure: --with-user=sympa \ --with-group=sympa \ --with-aliases_file=/etc/mail/sympa/aliases \ + --with-newaliases=/usr/sbin/newaliases \ --disable-smtpc # Backup upstream stuff for file in $(UPSTREAMSTUFF); do \
Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in
On 06/10/2017 02:02 PM, Andreas Beckmann wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package modifies conffiles. > This is forbidden by the policy, see > https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files > > 10.7.3: "[...] The easy way to achieve this behavior is to make the > configuration file a conffile. [...] This implies that the default > version will be part of the package distribution, and must not be > modified by the maintainer scripts during installation (or at any > other time)." > > Note that once a package ships a modified version of that conffile, > dpkg will prompt the user for an action how to handle the upgrade of > this modified conffile (that was not modified by the user). > > Further in 10.7.3: "[...] must not ask unnecessary questions > (particularly during upgrades) [...]" > > If a configuration file is customized by a maintainer script after > having asked some debconf questions, it may not be marked as a > conffile. Instead a template could be installed in /usr/share and used > by the postinst script to fill in the custom values and create (or > update) the configuration file (preserving any user modifications!). > This file must be removed during postrm purge. > ucf(1) may help with these tasks. > See also https://wiki.debian.org/DpkgConffileHandling > > In https://lists.debian.org/debian-devel/2012/09/msg00412.html and > followups it has been agreed that these bugs are to be filed with > severity serious. > > debsums reports modification of the following files, > from the attached log (scroll to the bottom...): > > 3m56.7s ERROR: FAIL: debsums reports modifications inside the chroot: > debsums: missing file /etc/sympa/sympa.conf-smime.in (from sympa package) > > > If the conffile is actually obsolete, please use > dpkg-maintscript-helper rm_conffile > to remove it properly (also from dpkg's database). > > > cheers, > > Andreas > Patch attached. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. commit eede19d78fe07fcf0b0b888efd0bcf40ade9f2f4 Author: Stefan Hornburg (Racke) <ra...@linuxia.de> Date: Sat Jun 24 19:56:37 2017 +0200 Add call for removing sympa.conf-smime.in by maintainer scripts. diff --git a/debian/sympa.maintscript b/debian/sympa.maintscript index 05f3dc1..62e713d 100644 --- a/debian/sympa.maintscript +++ b/debian/sympa.maintscript @@ -1 +1,2 @@ rm_conffile /etc/sympa/sympa/sympa.conf "6.2.16~dfsg-2~" +rm_conffile /etc/sympa/sympa.conf-smime.in "6.2.16~dfsg-4~" commit 21830c49e4f545bf1b8f6e2118a68859350d834f Author: Stefan Hornburg (Racke) <ra...@linuxia.de> Date: Sun Jun 18 15:53:42 2017 +0200 Remove /etc/sympa/sympa.conf-smime.in from conffiles (#864546). diff --git a/debian/sympa.install b/debian/sympa.install index 22ce80c..3f16eea 100644 --- a/debian/sympa.install +++ b/debian/sympa.install @@ -3,7 +3,6 @@ debian/conf/rsyslog/facilityetc/sympa debian/conf/apache2/sympa.conf etc/apache2/conf-available debian/conf/apache2/sympa-soap.conf etc/apache2/conf-available debian/conf/auth.conf etc/sympa -debian/conf/sympa.conf-smime.in etc/sympa debian/conf/topics.conf etc/sympa #debian/dbconfig-common/*usr/share/dbconfig-common/data/sympa src/bin/sympa_soap_client.plusr/share/doc/sympa/examples/script
Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in
On 06/10/2017 03:06 PM, Stefan Hornburg (Racke) wrote: > On 06/10/2017 02:02 PM, Andreas Beckmann wrote: >> Package: sympa >> Version: 6.2.16~dfsg-3 >> Severity: serious >> User: debian...@lists.debian.org >> Usertags: piuparts >> >> Hi, >> >> during a test with piuparts I noticed your package modifies conffiles. >> This is forbidden by the policy, see >> https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files >> >> 10.7.3: "[...] The easy way to achieve this behavior is to make the >> configuration file a conffile. [...] This implies that the default >> version will be part of the package distribution, and must not be >> modified by the maintainer scripts during installation (or at any >> other time)." >> >> Note that once a package ships a modified version of that conffile, >> dpkg will prompt the user for an action how to handle the upgrade of >> this modified conffile (that was not modified by the user). >> >> Further in 10.7.3: "[...] must not ask unnecessary questions >> (particularly during upgrades) [...]" >> >> If a configuration file is customized by a maintainer script after >> having asked some debconf questions, it may not be marked as a >> conffile. Instead a template could be installed in /usr/share and used >> by the postinst script to fill in the custom values and create (or >> update) the configuration file (preserving any user modifications!). >> This file must be removed during postrm purge. >> ucf(1) may help with these tasks. >> See also https://wiki.debian.org/DpkgConffileHandling >> >> In https://lists.debian.org/debian-devel/2012/09/msg00412.html and >> followups it has been agreed that these bugs are to be filed with >> severity serious. >> >> debsums reports modification of the following files, >> from the attached log (scroll to the bottom...): >> >> 3m56.7s ERROR: FAIL: debsums reports modifications inside the chroot: >> debsums: missing file /etc/sympa/sympa.conf-smime.in (from sympa package) >> >> >> If the conffile is actually obsolete, please use >> dpkg-maintscript-helper rm_conffile >> to remove it properly (also from dpkg's database). >> > > This file looks like an artifact, so we are probably going to remove it. > > Regards >Racke > It is definitely an artifact, as the SMIME configuration was integrated into main configuration file. Thanks for your hint above how to deal with it. Regards Racke >> >> cheers, >> >> Andreas >> > > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in
On 06/10/2017 02:02 PM, Andreas Beckmann wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package modifies conffiles. > This is forbidden by the policy, see > https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files > > 10.7.3: "[...] The easy way to achieve this behavior is to make the > configuration file a conffile. [...] This implies that the default > version will be part of the package distribution, and must not be > modified by the maintainer scripts during installation (or at any > other time)." > > Note that once a package ships a modified version of that conffile, > dpkg will prompt the user for an action how to handle the upgrade of > this modified conffile (that was not modified by the user). > > Further in 10.7.3: "[...] must not ask unnecessary questions > (particularly during upgrades) [...]" > > If a configuration file is customized by a maintainer script after > having asked some debconf questions, it may not be marked as a > conffile. Instead a template could be installed in /usr/share and used > by the postinst script to fill in the custom values and create (or > update) the configuration file (preserving any user modifications!). > This file must be removed during postrm purge. > ucf(1) may help with these tasks. > See also https://wiki.debian.org/DpkgConffileHandling > > In https://lists.debian.org/debian-devel/2012/09/msg00412.html and > followups it has been agreed that these bugs are to be filed with > severity serious. > > debsums reports modification of the following files, > from the attached log (scroll to the bottom...): > > 3m56.7s ERROR: FAIL: debsums reports modifications inside the chroot: > debsums: missing file /etc/sympa/sympa.conf-smime.in (from sympa package) > > > If the conffile is actually obsolete, please use > dpkg-maintscript-helper rm_conffile > to remove it properly (also from dpkg's database). > This file looks like an artifact, so we are probably going to remove it. Regards Racke > > cheers, > > Andreas > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863701: sympa: insists that cookie has changed when it hasn't
On 05/30/2017 03:38 PM, Dominik George wrote: > Hi, > >> In this case the head command might not be in the path Sympa is seeing. >> Could you please test if >> `/usr/bin/head ...` works for you? > > Yes, it does. > > -nik > OK, thanks a lot. I'll adjust the default settings for the configuratoin in the packaging code and also poke the Sympa community for configuration file inclusion. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863701: sympa: insists that cookie has changed when it hasn't
On 05/30/2017 10:35 AM, Dominik George wrote: > Hi, > >> The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian >> package, >> so this hasn't changed? > > Confirmed. > >> >> What are the permissions of the cookie file? > > 640 owned by sympa:sympa > > I have placed debugging prints into Conf.pm and found that $current is empty > right at the beginning of cookie_changed. It seems the `head... command is > not evaluated. > > I placed the cookie in the config file directly, which makes it working again. > > -nik > Using a command in the configuration file is really awkward, but we didn't find a better way to do that as Sympa doesn't support inclusion of other files in the configuration step. In this case the head command might not be in the path Sympa is seeing. Could you please test if `/usr/bin/head ...` works for you? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863701: sympa: insists that cookie has changed when it hasn't
On 05/30/2017 09:37 AM, Dominik George wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: grave > Justification: renders package unusable > > SYMPA suddenly refuses to start with: > > May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter > has changed. You may have severe inconsitencies into password storage. > Restore previous cookie or write some tool to re-encrypt password in database > and check spools contents (look at /etc/sympa/cookies.history file). at > /usr/lib/sympa/bin/sympa_msg.pl line 310. > May 30 09:35:20 terra sympa_msg.pl[22389]: at > /usr/lib/sympa/bin/sympa_msg.pl line 310. > May 30 09:35:20 terra sympa_msg.pl[22389]: main::_load() called at > /usr/lib/sympa/bin/sympa_msg.pl line 87 > > Now, while I see why this protection is in place, unfortunately, the > cookie has not changed. Neither has the parameter in the config file > changed (checked with etckeeper), nor has the contents of the cookie > file changed (checked with etckeeper), nor is anything different in > cookies.history. > > SYMPA just decided to block startup. The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian package, so this hasn't changed? What are the permissions of the cookie file? Regards Racke > > -- System Information: > Debian Release: 9.0 > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 > (x86_64) > > Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser 3.115 > ii ca-certificates 20161130+nmu1 > ii dbconfig-common 2.0.8 > ii debconf [debconf-2.0] 1.5.60 > ii fonts-font-awesome4.7.0~dfsg-1 > ii init-system-helpers 1.48 > ii libarchive-zip-perl 1.59-1 > ii libc6 2.24-10 > ii libcgi-fast-perl 1:2.12-1 > ii libcgi-pm-perl4.35-1 > ii libclass-singleton-perl 1.5-1 > ii libcrypt-openssl-x509-perl1.8.7-3 > ii libcrypt-smime-perl 0.19-2 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl 0.4900-1 > ii libdbd-mysql-perl 4.041-2 > ii libdbd-pg-perl3.5.3-1+b2 > ii libdbd-sqlite3-perl 1.54-1 > ii libdbi-perl 1.636-1+b1 > ii libfcgi-perl 0.78-2 > ii libfile-copy-recursive-perl 0.38-1 > ii libfile-nfslock-perl 1.27-1 > ii libhtml-format-perl 2.12-1 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl2.111-2 > ii libjs-jquery 3.1.1-2 > ii libjs-jquery-migrate-11.4.1-1 > ii libjs-jquery-placeholder 2.3.1-2 > ii libjs-jquery-ui 1.12.1+dfsg-4 > ii libjs-modernizr 2.6.2+ds1-1 > ii libjs-twitter-bootstrap 2.0.2+dfsg-10 > ii libmail-dkim-perl 0.40-1 > ii libmailtools-perl 2.18-1 > ii libmime-charset-perl 1.012-2 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl1.24-2 > ii libmime-tools-perl5.508-1 > ii libmsgcat-perl1.03-6+b3 > ii libnet-cidr-perl 0.18-1 > ii libnet-dns-perl 1.07-1 > ii libnet-ldap-perl 1:0.6500+dfsg-1 > ii libnet-netmask-perl 1.9022-1 > ii libregexp-common-perl 2016060801-1 > ii libsoap-lite-perl 1.20-1 > ii libtemplate-perl 2.24-1.2+b3 > ii libterm-progressbar-perl 2.18-1 > ii libunicode-linebreak-perl 0.0.20160702-1+b1 > ii libxml-libxml-perl2.0128+dfsg-1+b1 > ii lsb-base 9.20161125 > ii mhonarc 2.6.19-2 > ii perl 5.24.1-2 > pn perl:any > ii postfix [mail-transport-agent]3.1.4-4 > ii rsyslog [system-log-daemon] 8.24.0-1 > ii sqlite3 3.16.2-3 > > Versions of packages sympa recommends: > ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 > ii doc-base 0.10.7 > ii libapache2-mod-fcgid 1:2.3.9-1+b1 > pn libcrypt-ciph
Bug#861159: New upstream release (1.0.46)
package: pure-ftpd severity: wishlist -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#848015: ciphersaber: diff for NMU version 1.01-2.1
On 04/04/2017 07:01 AM, Mattia Rizzolo wrote: > Control: tags 848015 + patch > Control: tags 848015 + pending > > Dear maintainer, > > I've prepared an NMU for ciphersaber (versioned as 1.01-2.1) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should delay it longer. > > Regards. > Dear Mattia, the patch looks good to me. Thanks a lot Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. signature.asc Description: OpenPGP digital signature
Bug#696934: Missing pure-ftpd.conf file of pure-ftpd?
We don't use pure-ftpd.conf in the Debian packages, for more information please run "man pure-ftpd-wrapper". Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#682620: LIST command fails with blank characters in argument
Hello Harald, why do you see this as bug? You need to escape whitespace in the shell as well. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#652936: Github PR for this bug
https://github.com/jedisct1/pure-ftpd/pull/46 Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#829477: courier-mta: fails to install: Invalid command 'gendh'
On 07/03/2016 07:07 PM, Andreas Beckmann wrote: > Package: courier-mta > Version: 0.76.1-3+exp1 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package failed to install. As > per definition of the release team this makes the package too buggy for > a release, thus the severity. > >>From the attached log (scroll to the bottom...): > > Selecting previously unselected package courier-mta. > (Reading database ... > (Reading database ... 10293 files and directories currently installed.) > Preparing to unpack .../courier-mta_0.76.1-3+exp1_amd64.deb ... > Adding 'diversion of /usr/bin/addcr to /usr/bin/addcr.ucspi-tcp by > courier-mta' > Adding 'diversion of /usr/share/man/man1/addcr.1.gz to > /usr/share/man/man1/addcr.ucspi-tcp.1.gz by courier-mta' > Unpacking courier-mta (0.76.1-3+exp1) ... > Setting up courier-mta (0.76.1-3+exp1) ... > update-alternatives: using /usr/bin/lockmail.courier to provide > /usr/bin/lockmail (lockmail) in auto mode > update-alternatives: using /usr/bin/preline.courier to provide > /usr/bin/preline (preline) in auto mode > /run/courier/esmtpd.pid.lock: No such file or directory > Generating a 4096 bit RSA private key > ..++ > > .++ > writing new private key to '/etc/courier/esmtpd.pem' > - > Invalid command 'gendh'; type "help" for a list. > dpkg: error processing package courier-mta (--configure): >subprocess installed post-installation script returned error exit status 1 > Errors were encountered while processing: >courier-mta > > > cheers, > > Andreas > I believe this line in the script /usr/lib/courier/mkesmtpdcert causes the error: /usr/bin/openssl gendh -rand "$PEMFILE".rand 512 >>"$PEMFILE" || cleanup Why openssl doesn't know about it on piuparts eludes me. Regards Racke
Bug#839728: Odd changes to Sympa configuration files
On 10/05/2016 12:59 PM, Emmanuel Bouthenot wrote: > On Wed, Oct 05, 2016 at 12:27:46PM +0200, Stefan Hornburg (Racke) wrote: > [...] > >> Sorry, I meant --sysconfdir=/etc. > It means that the other "config" files required by sympa will move to > /etc: > > /etc/sympa/auth.conf -> /etc/auth.conf > /etc/sympa/data_structure.version -> /etc/data_structure.version > /etc/sympa/$robot_dir -> /etc/$robot_dir > ... > > I'm not sure that it is what we want :) > > Regards, > > M. > Hello Emmanuel, I recently updated a manually installed Sympa to 6.2 with --sysconfdir=/etc and the auth.conf and data_structure.version ended up in /etc/sympa. So maybe some other flag gets in the way, e.g. --enable-fhs? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#839728: Odd changes to Sympa configuration files
On 10/05/2016 12:25 PM, Emmanuel Bouthenot wrote: > Racke, > > On Wed, Oct 05, 2016 at 11:59:44AM +0200, Stefan Hornburg (Racke) wrote: > [...] > >>>> I produced a backport of the new 6.2 packages and the main configuration >>>> file ends up >>>> as /etc/sympa/sympa/sympa.conf which seems quite odd to me. >> >> Wouldn't --sysconfdir=/etc/sympa put the configuration file in the supposed >> location >> /etc/sympa/sympa.conf instead of /etc/sympa/sympa/sympa.conf? > It is already the case: > https://anonscm.debian.org/cgit/collab-maint/sympa.git/tree/debian/rules#n16 > > Regards, > Sorry, I meant --sysconfdir=/etc. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#839728: Odd changes to Sympa configuration files
On 10/04/2016 06:14 PM, Emmanuel Bouthenot wrote: > Racke, > > On Tue, Oct 04, 2016 at 12:03:13PM +0200, Stefan Hornburg (Racke) wrote: > [...] > >> I produced a backport of the new 6.2 packages and the main configuration >> file ends up >> as /etc/sympa/sympa/sympa.conf which seems quite odd to me. Wouldn't --sysconfdir=/etc/sympa put the configuration file in the supposed location /etc/sympa/sympa.conf instead of /etc/sympa/sympa/sympa.conf? Regards Racke > This is an upstream choice: > > See https://www.sympa.org/index > > """ > Default config location is now /etc/sympa/ (or $sysconfig/sympa/) > instead of /etc/. This solves the problem of config file lock creation > being denied when trying to read the binary version of the config file > at startup > """ > >> The other problem is that the user isn't notified about the new location and >> the >> fact that wwsympa.conf was merged as well. > Yes, I agree that we could add some informations about this in > debian/NEWS. > > Regards, > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#839755: sympa: Sympa should depends on libjs-jquery >= 1.11
On 10/04/2016 05:50 PM, Olivier Tétard wrote: > Package: sympa > Version: 6.2.16~dfsg-1 > Severity: minor > > Hi, > > Sympa embeds Foundation 5 which requires jQuery >= 1.11 (in fact, Foundation > doesn’t load correctly with jQuery version that is available on stable). > > Thanks for you work. > > Cheers, > Olivier; > Hello, attached is a patch to resolve this bug. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. commit b7793497bc8aa636f63149a0749bfd2b4fff8733 Author: Stefan Hornburg (Racke) <ra...@linuxia.de> Date: Wed Oct 5 10:38:04 2016 +0200 Add version to libjs-query dependency as Foundation 5 needs this as minimum (#839755). diff --git a/debian/control b/debian/control index b709895..a152b81 100644 --- a/debian/control +++ b/debian/control @@ -87,7 +87,7 @@ Depends: libunicode-linebreak-perl, libsoap-lite-perl, fonts-font-awesome, -libjs-jquery, +libjs-jquery (>= 1.11), libjs-jquery-ui, libjs-jquery-placeholder, libjs-modernizr,
Bug#839755: sympa: Sympa should depends on libjs-jquery >= 1.11
On 10/04/2016 05:50 PM, Olivier Tétard wrote: > Package: sympa > Version: 6.2.16~dfsg-1 > Severity: minor > > Hi, > > Sympa embeds Foundation 5 which requires jQuery >= 1.11 (in fact, Foundation > doesn’t load correctly with jQuery version that is available on stable). > > Thanks for you work. > > Cheers, > Olivier; Hello Olivier, I ran into an issue with the Foundation package as well, and I also suggest to add this requirement. Regards Racke > > > -- System Information: > Debian Release: stretch/sid > APT prefers testing > APT policy: (650, 'testing'), (600, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#839728: Odd changes to Sympa configuration files
package: sympa version: 6.2.16~dfsg-1 Hello, I produced a backport of the new 6.2 packages and the main configuration file ends up as /etc/sympa/sympa/sympa.conf which seems quite odd to me. The other problem is that the user isn't notified about the new location and the fact that wwsympa.conf was merged as well. So what happened to me was that the FCGI connector didn't work and it took me a while to figure out that changing /etc/sympa/wwsympa.conf didn't help at all. I hope we can fix that before the new package hits testing. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#814426: sympa: New upstream version available (6.2.12)
On 09/17/2016 10:50 AM, Stefan Hornburg (Racke) wrote: > On 09/17/2016 10:10 AM, Emmanuel Bouthenot wrote: >> Racke, >> >> On Fri, Sep 16, 2016 at 09:23:10PM +0200, Stefan Hornburg (Racke) wrote: >> [...] >> >>>> it doesn't look like your branch is available in the Git repository: >>>> >>>> https://anonscm.debian.org/cgit/collab-maint/sympa.git >> >> I will push the changes before the end of the week (tomorrow), I'm currently >> testing installation from scratch and the upgrade path of the new sympa 6.2 >> package. >> >> I've still some minor issues to fix, and I will commit the changes >> accordingly. > > Great :-). > >> >> While testing upgrade/installation, I noticed that >> libcrypt-ciphersaber-perl is still a recommends and that it is no more >> available in sid. >> As you are the maintainer, could you take a look and upload the latest >> release in unstable? >> >> Regards, >> > > Yes, I'll take a look into it this weekend. > > Regards > Racke > It uploaded the latest release, this is now in the NEW queue. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#814426: sympa: New upstream version available (6.2.12)
On 09/17/2016 10:10 AM, Emmanuel Bouthenot wrote: > Racke, > > On Fri, Sep 16, 2016 at 09:23:10PM +0200, Stefan Hornburg (Racke) wrote: > [...] > >>> it doesn't look like your branch is available in the Git repository: >>> >>> https://anonscm.debian.org/cgit/collab-maint/sympa.git > > I will push the changes before the end of the week (tomorrow), I'm currently > testing installation from scratch and the upgrade path of the new sympa 6.2 > package. > > I've still some minor issues to fix, and I will commit the changes > accordingly. Great :-). > > While testing upgrade/installation, I noticed that > libcrypt-ciphersaber-perl is still a recommends and that it is no more > available in sid. > As you are the maintainer, could you take a look and upload the latest > release in unstable? > > Regards, > Yes, I'll take a look into it this weekend. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#814426: sympa: New upstream version available (6.2.12)
On 09/11/2016 09:15 AM, Stefan Hornburg (Racke) wrote: > On 06/21/2016 07:23 AM, Emmanuel Bouthenot wrote: >> Jérôme, >> >> On Mon, Jun 20, 2016 at 09:34:39PM +0200, Jérôme Lebleu wrote: >> [...] >> >>> Is there any news about this new version please? >>> >>> According to the VCS history, the last activity is 10 months ago... Do >>> you still have time to maintain it? If not, I would be glad to help! It >>> would be sad to not have a Debian package for Sympa anymore - and >>> up-to-date by the way... >> >> I've already started to work on it, but there is a lot of work (a bunch >> of third party modules were added, among others: fonts, at least half a >> dozen of new jquery plugins, foundation CSS framework, foundation icons, >> etc.). >> >> Howewer, Sympa team has released sympa 6.1.25 a few days ago and I will >> upload it before the end of the week. >> >> I will also push my 6.2 branch in the same so you will be able to take a >> look and work on it. >> >> As said by Jonas, any help will be very appreciated. >> >> Regards, >> >> M. >> > > Hello Emmanuel, > > it doesn't look like your branch is available in the Git repository: > > https://anonscm.debian.org/cgit/collab-maint/sympa.git > > I would like to help with releasing 6.2 packages. > > Regards > Racke > > Alternatively, how do I import a new upstream release into the Git repository? I tried the following, but it failed: racke@ambas:~/sympa/pkg$ gbp import-orig --uscan --pristine-tar gbp:info: Launching uscan... uscan: Newest version of sympa on remote site is 6.2.16, local version is 6.1.24~dfsg (mangled local version is 6.1.24) uscan:=> Newer package available from http://www.sympa.org/distribution/sympa-6.2.16.tar.gz gbp:info: using ../sympa_6.2.16.orig.tar.gz What is the upstream version? [6.2.16] gbp:info: Importing '../sympa_6.2.16.orig.tar.gz' to branch 'upstream' (filtering out ['po*.gmo'])... gbp:info: Source package is sympa gbp:info: Upstream version is 6.2.16 gbp:info: Merging to 'master' gbp:error: Automatic merge failed. gbp:error: Error detected, Will roll back changes. gbp:info: Rolling back branch upstream by resetting it to d74c49fa58ac8276d9ee2f18595436b5dc34127a gbp:info: Rolling back branch pristine-tar by resetting it to eb3acb2e41048ec2bfba9b8b89422e58023e740e gbp:info: Rolling back tag upstream/6.2.16 by deleting it gbp:info: Rolling back branch master by resetting it to 1179913f606c6bea53c9221aa8cff8a36a97d822 gbp:info: Rolling back failed merge of upstream/6.2.16 gbp:error: Rolled back changes after import error. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#814426: sympa: New upstream version available (6.2.12)
On 06/21/2016 07:23 AM, Emmanuel Bouthenot wrote: > Jérôme, > > On Mon, Jun 20, 2016 at 09:34:39PM +0200, Jérôme Lebleu wrote: > [...] > >> Is there any news about this new version please? >> >> According to the VCS history, the last activity is 10 months ago... Do >> you still have time to maintain it? If not, I would be glad to help! It >> would be sad to not have a Debian package for Sympa anymore - and >> up-to-date by the way... > > I've already started to work on it, but there is a lot of work (a bunch > of third party modules were added, among others: fonts, at least half a > dozen of new jquery plugins, foundation CSS framework, foundation icons, > etc.). > > Howewer, Sympa team has released sympa 6.1.25 a few days ago and I will > upload it before the end of the week. > > I will also push my 6.2 branch in the same so you will be able to take a > look and work on it. > > As said by Jonas, any help will be very appreciated. > > Regards, > > M. > Hello Emmanuel, it doesn't look like your branch is available in the Git repository: https://anonscm.debian.org/cgit/collab-maint/sympa.git I would like to help with releasing 6.2 packages. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming.