Bug#705254: Provide "is-enabled" command for update-rc.d
I'm working on update-rc.d to add this feature (got bitten by this using
saltstack service states on Jessie w/ systemd).
I simplified Michael's idea a little bit (I think).
Instead of checking if links correspond to Default-Start + Default-Stop,
i'm just checking if there are all the Default-Start links available.
For is-disabled I'm only checking that there are no S links present in
Default-Start runlevels.
IMO, no links == disabled (I know they get recreated on upgrades, but
that is out of scope for this feature).
Here is a function I added to update-rc.d. I welcome any comments. It
seems to work for me, but is more of a proof of concepts, needs cleaning
up (there's also a few lines in insserv_updatercd to call it when action
is is-enabled or is-disabled).
sub is_enabled_disabled {
my ($act, $name) = (shift, shift);
my ($defstart_lvls, $defstop_lvls, @start_links, $lvl);
my $lsb_header = lsb_header_for_script($name);
my @runlevels = split('','S2345');
($defstart_lvls, $defstop_lvls) = parse_def_start_stop($lsb_header);
#print "start levels: @$defstart_lvls\n";
#print "stop levels: @$defstop_lvls\n";
foreach $lvl (@runlevels) {
push(@start_links,$_) for glob("/etc/rc$lvl.d/S[0-9][0-9]$name");
}
if("is-enabled" eq $act) {
foreach $lvl (@$defstart_lvls) {
if ( !grep( m{^/etc/rc$lvl.d/}, @start_links) ) {
#not enabled in all runlevels, return error
print "$name not started in runlevel $lvl\n";
exit 1;
}
}
exit 0;
}
if("is-disabled" eq $act) {
foreach $lvl (@$defstart_lvls) {
if ( grep( m{^/etc/rc$lvl.d/}, @start_links) ) {
print "$name starts in runlevel $lvl, not disabled.\n";
exit 1;
}
}
exit 0;
}
}
Bug#710294: cyrus-imapd-2.4: Clarification of new db scheme in wheezy
On Wed 29 May 2013 06:15:53 PM CEST, Nestor A Diaz wrote: I have updated from squeeze to wheezy, cyrus 2.4 is working fine, however i have some annoying problems, that have not affected the system, but i would like to know if i can obey those problem or how can i fix them, i notice that /var/lib/cyrus/db directory is gone, but the system keeps working, with the following messages on syslog: Another unsure user here... I've been wary upgrading my cyrus boxes to wheezy because I remember the pain with previous Cyrus major version upgrades. I did it on one of the smaller ones (so the possible restore from backups wouldn't take long :) and I'm experiencing the same errors as Mr. Diaz. Although they don't seem to affect the server operation they don't exactly inspire confidence so I've decided not to upgrade any other machines until I'm sure it can't become a problem. May 29 11:12:56 pascacio cyrus/imapintranet[14074]: fetching user_deny.db entry for 'theuser' May 29 11:12:56 pascacio cyrus/imapintranet[14074]: fetching user_deny.db entry for 'theuser' These seem harmless... I don't have user_deny.db and would consider just blocking them at the syslog level, based on past experience they're probably hardcoded somewhere in the source and can't be turned off. I welcome better suggestions. Best regards and thanks for the good work you're doing on the Cyrus packages. Borut Mrak. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#619599: Enhancement: start/stop pure-authd when /etc/pure-ftpd/conf/ExtAuth is present
Package: pure-ftpd
Version: 1.0.21-11.4
Severity: wishlist
Tags: patch
I needed to enable the external authentication daemon pure-authd.
Found out about /etc/pure-ftpd/conf/ExtAuth, but the FTP daemon would not
start, because the socket (which gets created by pure-authd) was missing.
It seemed illogical to create another init script, since the upload handler
is already started from the pure-ftpd init script. The auth daemon has to be
started before pure-ftpd because it needs to create the authentication
socket first (configured in ExtAuth, but in my opinion it should be static,
the ExtAuth value changed to boolean, like CallUploadScript[B)
I'm attaching the diff from the old init script (I did this on Lenny, but I
checked the sid init script and it doesn't seem like anything changed).
I'm also attaching an example python external authentication script which
could be a little more polished, but it was just a proof of concept for me.
If you're interested in including it, I'm willing to spruce it up a little.
There are also a few new variables to be set in
/etc/default/pure-ftpd-common:
AUTHDSCRIPT=/path/to/authhandler[B
AUTHDUID=
AUTHDGID=
in line with the variables used for upload handler.
-- System Information:
Debian Release: 5.0.8
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pure-ftpd depends on:
ii libc6 2.7-18lenny7 GNU C Library: Shared libraries
ii libcap11:1.10-14 support for getting/setting POSIX.
ii libpam0g 1.0.1-5+lenny1Pluggable Authentication Modules l
ii libssl0.9.80.9.8g-15+lenny11 SSL shared libraries
ii pure-ftpd-common 1.0.21-11.4 Pure-FTPd FTP server (Common Files
pure-ftpd recommends no packages.
pure-ftpd suggests no packages.
-- no debconf information
#!/usr/bin/python
"""
pure-authd authentication handler
Checks for username/password files on the filesystem which allow chrooted FTP
access to a directory.
"""
import sys
import os
from os import environ as env
from syslog import *
# Requires getent - hg clone https://bitbucket.org/maze/getent
import getent
openlog('pure-authhandler.py[%s]' % os.getpid(),LOG_INFO,LOG_DAEMON)
syslog('starting operation.')
try:
AUTHD_ACCOUNT = env['AUTHD_ACCOUNT']
AUTHD_PASSWORD = env['AUTHD_PASSWORD']
AUTHD_LOCAL_IP = env['AUTHD_LOCAL_IP']
AUTHD_LOCAL_PORT = env['AUTHD_LOCAL_PORT']
AUTHD_REMOTE_IP = env['AUTHD_REMOTE_IP']
except KeyError, e:
syslog('Parameter error: missing environment variable %s' % e)
print "auth_ok:0\nend"
sys.exit(1)
# Split the username on @
try:
(subuser,sysuser) = AUTHD_ACCOUNT.split('@')
except ValueError, e:
syslog('username %s not in subuser@systemuser format: %s' %
(AUTHD_ACCOUNT, e))
print "auth_ok:0\nend"
sys.exit(0)
try:
website = getent.passwd(sysuser)
if not website:
syslog('user/website %s does not exist' % sysuser)
print "auth_ok:0\nend"
sys.exit(0)
if website.uid < 1000:
syslog('uid of user %s is less than 1000 (%s), denied' %
(sysuser, website.uid) )
print "auth_ok:-1\nend"
sys.exit(0)
subdir = website.dir + '/FTP/' + subuser
subpassfile = subdir + '.passwd'
if os.path.isdir(subdir) and os.path.isfile(subpassfile):
passfile = open(subpassfile)
password = passfile.readline().rstrip()
if password != AUTHD_PASSWORD:
#syslog('Password for user %s does not match: is %s,
should be %s' % (AUTHD_ACCOUNT,password,AUTHD_PASSWORD) )
syslog('Authentication failure for user %s: wrong
password' % AUTHD_ACCOUNT )
print "auth_ok:-1\nend"
sys.exit(0)
else:
syslog('User %s successfully authenticated' %
AUTHD_ACCOUNT)
print "auth_ok:1\nuid:%s\ngid:%s\ndir:%s\nend" %
(website.uid,website.gid,subdir+'/./')
sys.exit(0)
else:
syslog('subuser %s does not exist' % AUTHD_ACCOUNT)
print "auth_ok:0\nend"
sys.exit(0)
except Exception, e:
syslog('Exception checking credentials: %s' % e)
print "auth_ok:0\nend"
sys.exit(0)
--- /etc/init.d/pure-ftpd.ORIG 2011-03-25 13:59:43.0 +0100
+++ /etc/init.d/pure-ftpd 2011-03-25 14:21:04.0 +0100
@@ -18,6 +18,10 @@
UDDESC="ftp upload handler"
WRAPPER=/usr/sbin/pure-ftpd-wrapper
+AUTHDAEMON=/usr/sbin/pure-authd
+ADNAME=pure-authd
+ADDESC="external authentication daemon"
+
# try to figur
Bug#456186: This bug seems to be fixed.
Hello, I've just started using netatalk for the first time in 10 years I think :) I stumbled on this bug report by accident and I can say that the keyword "options" works, just like the docs say. I think this bug can be closed. I'm using Lenny, netatalk 2.1.2-2~0lenny1 thanks for the good work, BM. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
I hope this will be of some help.
If it's OK, someone tag this bug with PATCH or whatever is appropriate:
sorry about the long URL:
http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/STATUS?rev=208744&view=diff&r1=208744&r2=208743&p1=httpd/httpd/branches/2.0.x/STATUS&p2=/httpd/httpd/branches/2.0.x/STATUS
and from there:
http://people.apache.org/~jorton/ap_tevscl.diff
Pasting in case that URL goes 404:
Index: server/protocol.c
===
--- server/protocol.c (revision 208743)
+++ server/protocol.c (working copy)
@@ -885,6 +885,15 @@
apr_brigade_destroy(tmp_bb);
return r;
}
+
+if (apr_table_get(r->headers_in, "Transfer-Encoding")
+&& apr_table_get(r->headers_in, "Content-Length")) {
+/* 2616 section 4.4, point 3: "if both Transfer-Encoding
+ * and Content-Length are received, the latter MUST be
+ * ignored"; so unset it here to prevent any confusion
+ * later. */
+apr_table_unset(r->headers_in, "Content-Length");
+}
}
else {
if (r->header_only) {
It seems this is the vulnerability-specific part of the patch.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
