Bug#705254: Provide "is-enabled" command for update-rc.d
I'm working on update-rc.d to add this feature (got bitten by this using saltstack service states on Jessie w/ systemd). I simplified Michael's idea a little bit (I think). Instead of checking if links correspond to Default-Start + Default-Stop, i'm just checking if there are all the Default-Start links available. For is-disabled I'm only checking that there are no S links present in Default-Start runlevels. IMO, no links == disabled (I know they get recreated on upgrades, but that is out of scope for this feature). Here is a function I added to update-rc.d. I welcome any comments. It seems to work for me, but is more of a proof of concepts, needs cleaning up (there's also a few lines in insserv_updatercd to call it when action is is-enabled or is-disabled). sub is_enabled_disabled { my ($act, $name) = (shift, shift); my ($defstart_lvls, $defstop_lvls, @start_links, $lvl); my $lsb_header = lsb_header_for_script($name); my @runlevels = split('','S2345'); ($defstart_lvls, $defstop_lvls) = parse_def_start_stop($lsb_header); #print "start levels: @$defstart_lvls\n"; #print "stop levels: @$defstop_lvls\n"; foreach $lvl (@runlevels) { push(@start_links,$_) for glob("/etc/rc$lvl.d/S[0-9][0-9]$name"); } if("is-enabled" eq $act) { foreach $lvl (@$defstart_lvls) { if ( !grep( m{^/etc/rc$lvl.d/}, @start_links) ) { #not enabled in all runlevels, return error print "$name not started in runlevel $lvl\n"; exit 1; } } exit 0; } if("is-disabled" eq $act) { foreach $lvl (@$defstart_lvls) { if ( grep( m{^/etc/rc$lvl.d/}, @start_links) ) { print "$name starts in runlevel $lvl, not disabled.\n"; exit 1; } } exit 0; } }
Bug#710294: cyrus-imapd-2.4: Clarification of new db scheme in wheezy
On Wed 29 May 2013 06:15:53 PM CEST, Nestor A Diaz wrote: I have updated from squeeze to wheezy, cyrus 2.4 is working fine, however i have some annoying problems, that have not affected the system, but i would like to know if i can obey those problem or how can i fix them, i notice that /var/lib/cyrus/db directory is gone, but the system keeps working, with the following messages on syslog: Another unsure user here... I've been wary upgrading my cyrus boxes to wheezy because I remember the pain with previous Cyrus major version upgrades. I did it on one of the smaller ones (so the possible restore from backups wouldn't take long :) and I'm experiencing the same errors as Mr. Diaz. Although they don't seem to affect the server operation they don't exactly inspire confidence so I've decided not to upgrade any other machines until I'm sure it can't become a problem. May 29 11:12:56 pascacio cyrus/imapintranet[14074]: fetching user_deny.db entry for 'theuser' May 29 11:12:56 pascacio cyrus/imapintranet[14074]: fetching user_deny.db entry for 'theuser' These seem harmless... I don't have user_deny.db and would consider just blocking them at the syslog level, based on past experience they're probably hardcoded somewhere in the source and can't be turned off. I welcome better suggestions. Best regards and thanks for the good work you're doing on the Cyrus packages. Borut Mrak. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#619599: Enhancement: start/stop pure-authd when /etc/pure-ftpd/conf/ExtAuth is present
Package: pure-ftpd Version: 1.0.21-11.4 Severity: wishlist Tags: patch I needed to enable the external authentication daemon pure-authd. Found out about /etc/pure-ftpd/conf/ExtAuth, but the FTP daemon would not start, because the socket (which gets created by pure-authd) was missing. It seemed illogical to create another init script, since the upload handler is already started from the pure-ftpd init script. The auth daemon has to be started before pure-ftpd because it needs to create the authentication socket first (configured in ExtAuth, but in my opinion it should be static, the ExtAuth value changed to boolean, like CallUploadScript[B) I'm attaching the diff from the old init script (I did this on Lenny, but I checked the sid init script and it doesn't seem like anything changed). I'm also attaching an example python external authentication script which could be a little more polished, but it was just a proof of concept for me. If you're interested in including it, I'm willing to spruce it up a little. There are also a few new variables to be set in /etc/default/pure-ftpd-common: AUTHDSCRIPT=/path/to/authhandler[B AUTHDUID= AUTHDGID= in line with the variables used for upload handler. -- System Information: Debian Release: 5.0.8 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pure-ftpd depends on: ii libc6 2.7-18lenny7 GNU C Library: Shared libraries ii libcap11:1.10-14 support for getting/setting POSIX. ii libpam0g 1.0.1-5+lenny1Pluggable Authentication Modules l ii libssl0.9.80.9.8g-15+lenny11 SSL shared libraries ii pure-ftpd-common 1.0.21-11.4 Pure-FTPd FTP server (Common Files pure-ftpd recommends no packages. pure-ftpd suggests no packages. -- no debconf information #!/usr/bin/python """ pure-authd authentication handler Checks for username/password files on the filesystem which allow chrooted FTP access to a directory. """ import sys import os from os import environ as env from syslog import * # Requires getent - hg clone https://bitbucket.org/maze/getent import getent openlog('pure-authhandler.py[%s]' % os.getpid(),LOG_INFO,LOG_DAEMON) syslog('starting operation.') try: AUTHD_ACCOUNT = env['AUTHD_ACCOUNT'] AUTHD_PASSWORD = env['AUTHD_PASSWORD'] AUTHD_LOCAL_IP = env['AUTHD_LOCAL_IP'] AUTHD_LOCAL_PORT = env['AUTHD_LOCAL_PORT'] AUTHD_REMOTE_IP = env['AUTHD_REMOTE_IP'] except KeyError, e: syslog('Parameter error: missing environment variable %s' % e) print "auth_ok:0\nend" sys.exit(1) # Split the username on @ try: (subuser,sysuser) = AUTHD_ACCOUNT.split('@') except ValueError, e: syslog('username %s not in subuser@systemuser format: %s' % (AUTHD_ACCOUNT, e)) print "auth_ok:0\nend" sys.exit(0) try: website = getent.passwd(sysuser) if not website: syslog('user/website %s does not exist' % sysuser) print "auth_ok:0\nend" sys.exit(0) if website.uid < 1000: syslog('uid of user %s is less than 1000 (%s), denied' % (sysuser, website.uid) ) print "auth_ok:-1\nend" sys.exit(0) subdir = website.dir + '/FTP/' + subuser subpassfile = subdir + '.passwd' if os.path.isdir(subdir) and os.path.isfile(subpassfile): passfile = open(subpassfile) password = passfile.readline().rstrip() if password != AUTHD_PASSWORD: #syslog('Password for user %s does not match: is %s, should be %s' % (AUTHD_ACCOUNT,password,AUTHD_PASSWORD) ) syslog('Authentication failure for user %s: wrong password' % AUTHD_ACCOUNT ) print "auth_ok:-1\nend" sys.exit(0) else: syslog('User %s successfully authenticated' % AUTHD_ACCOUNT) print "auth_ok:1\nuid:%s\ngid:%s\ndir:%s\nend" % (website.uid,website.gid,subdir+'/./') sys.exit(0) else: syslog('subuser %s does not exist' % AUTHD_ACCOUNT) print "auth_ok:0\nend" sys.exit(0) except Exception, e: syslog('Exception checking credentials: %s' % e) print "auth_ok:0\nend" sys.exit(0) --- /etc/init.d/pure-ftpd.ORIG 2011-03-25 13:59:43.0 +0100 +++ /etc/init.d/pure-ftpd 2011-03-25 14:21:04.0 +0100 @@ -18,6 +18,10 @@ UDDESC="ftp upload handler" WRAPPER=/usr/sbin/pure-ftpd-wrapper +AUTHDAEMON=/usr/sbin/pure-authd +ADNAME=pure-authd +ADDESC="external authentication daemon" + # try to figur
Bug#456186: This bug seems to be fixed.
Hello, I've just started using netatalk for the first time in 10 years I think :) I stumbled on this bug report by accident and I can say that the keyword "options" works, just like the docs say. I think this bug can be closed. I'm using Lenny, netatalk 2.1.2-2~0lenny1 thanks for the good work, BM. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#316173: apache2: Security issues in HTTP proxy responses with both Transfer-Encoding and Content-Length headers
I hope this will be of some help. If it's OK, someone tag this bug with PATCH or whatever is appropriate: sorry about the long URL: http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/STATUS?rev=208744&view=diff&r1=208744&r2=208743&p1=httpd/httpd/branches/2.0.x/STATUS&p2=/httpd/httpd/branches/2.0.x/STATUS and from there: http://people.apache.org/~jorton/ap_tevscl.diff Pasting in case that URL goes 404: Index: server/protocol.c === --- server/protocol.c (revision 208743) +++ server/protocol.c (working copy) @@ -885,6 +885,15 @@ apr_brigade_destroy(tmp_bb); return r; } + +if (apr_table_get(r->headers_in, "Transfer-Encoding") +&& apr_table_get(r->headers_in, "Content-Length")) { +/* 2616 section 4.4, point 3: "if both Transfer-Encoding + * and Content-Length are received, the latter MUST be + * ignored"; so unset it here to prevent any confusion + * later. */ +apr_table_unset(r->headers_in, "Content-Length"); +} } else { if (r->header_only) { It seems this is the vulnerability-specific part of the patch. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]