[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2018-01-02 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019

Fedora Update System  changed:

   What|Removed |Added

 Status|ON_QA   |CLOSED
   Fixed In Version||selinux-policy-3.13.1-260.1
   ||8.fc26
 Resolution|--- |ERRATA
Last Closed||2018-01-02 11:21:57



--- Comment #12 from Fedora Update System  ---
selinux-policy-3.13.1-260.18.fc26 has been pushed to the Fedora 26 stable
repository. If problems still persist, please make note of it in this bug
report.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-12-13 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019

Fedora Update System  changed:

   What|Removed |Added

 Status|MODIFIED|ON_QA



--- Comment #11 from Fedora Update System  ---
selinux-policy-3.13.1-260.18.fc26 has been pushed to the Fedora 26 testing
repository. If problems still persist, please make note of it in this bug
report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5ac57e518

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-12-13 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #10 from Fedora Update System  ---
selinux-policy-3.13.1-260.18.fc26 has been submitted as an update to Fedora 26.
https://bodhi.fedoraproject.org/updates/FEDORA-2017-b5ac57e518

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-11-22 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019

Emmanuel Seyman  changed:

   What|Removed |Added

 CC||dwa...@redhat.com,
   ||lvra...@redhat.com,
   ||mgr...@redhat.com,
   ||plaut...@redhat.com,
   ||pmo...@redhat.com
  Component|bugzilla|selinux-policy
   Assignee|emman...@seyman.fr  |lvra...@redhat.com



--- Comment #9 from Emmanuel Seyman  ---
According to advice on #fedora-devel, this is a selinux-policy.
Re-assigning.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-11-17 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019

Hugh  changed:

   What|Removed |Added

Version|25  |26



-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-11-16 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #8 from Fedora End Of Life  ---
This message is a reminder that Fedora 25 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 25. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '25'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 25 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-10-08 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #7 from Hugh  ---
It's definitely selinux causing the problem. If I switch to non-enforcing, it
works.
It turned out I had silent denials and had to turn off the dontaudit policy in
semodule.
I ended up with this policy, which works. There are still some silent denials
for httpd triggered by the editparams.cgi script in bugzilla, but they don't
appear to be an issue for this problem.
I only tested it with smtpserver change, I ended up with this policy (hth):

module local-bugzilla 1.0;

require {
type bugzilla_script_t ;
class netlink_route_socket { bind create getattr nlmsg_read write read
};
class udp_socket { connect create getattr write read };
}

#= bugzilla_script_t ==

allow bugzilla_script_t self:netlink_route_socket { bind create getattr
nlmsg_read write read };

allow bugzilla_script_t self:udp_socket { connect create getattr write read };


I hope you can pass this onto the bugzilla selinux package maintainers for fc
25 and 26.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-10-07 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #6 from Hugh  ---
I upgraded and installed some more modules to make it look more similar to the
windows installation. No difference. What I do notice is that mod_perl and
Net-SMTP-SSL are not installed on the windows installation, but they are on
Fedora. In fact, bugzilla is dependent on this module in Fedora but not in
windows.

These are the only entries in the journalctl:

-- Unit httpd.service has begun starting up.
Oct 08 06:09:27 fc25.localdomain systemd[1]: Started The Apache HTTP Server.
-- Subject: Unit httpd.service has finished start-up
-- Defined-By: systemd
-- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has finished starting up.
--
-- The start-up result is done.
Oct 08 06:09:27 fc25.localdomain audit[1]: SERVICE_START pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Oct 08 06:16:13 fc25.localdomain audit[29901]: USER_AUTH pid=29901 uid=0
auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:authentication grantors=pam_rootok acct="apache" exe="/usr/bin/su"
hostname=fc25.localdomain addr=? terminal=pts/0 res=success'
Oct 08 06:16:13 fc25.localdomain audit[29901]: USER_ACCT pid=29901 uid=0
auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:accounting grantors=pam_succeed_if acct="apache" exe="/usr/bin/su"
hostname=fc25.localdomain addr=? terminal=pts/0 res=success'
Oct 08 06:16:13 fc25.localdomain audit[29901]: CRED_ACQ pid=29901 uid=0
auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:setcred grantors=pam_rootok acct="apache" exe="/usr/bin/su"
hostname=fc25.localdomain addr=? terminal=pts/0 res=success'
Oct 08 06:16:13 fc25.localdomain audit[29901]: USER_START pid=29901 uid=0
auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:session_open
grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth
acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0
res=success'
Oct 08 06:16:13 fc25.localdomain su[29901]: (to apache) admin on pts/0
Oct 08 06:16:13 fc25.localdomain su[29901]: pam_systemd(su-l:session): Cannot
create session: Already running in a session
Oct 08 06:16:13 fc25.localdomain su[29901]: pam_unix(su-l:session): session
opened for user apache by admin(uid=0)
Oct 08 06:17:18 fc25.localdomain su[29901]: pam_unix(su-l:session): session
closed for user apache
Oct 08 06:17:18 fc25.localdomain audit[29901]: USER_END pid=29901 uid=0
auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:session_close
grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth
acct="apache" exe="/usr/bin/su" hostname=fc25.localdomain addr=? terminal=pts/0
res=success'
Oct 08 06:17:18 fc25.localdomain audit[29901]: CRED_DISP pid=29901 uid=0
auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:setcred grantors=pam_rootok acct="apache" exe="/usr/bin/su"
hostname=fc25.localdomain addr=? terminal=pts/0 res=success'


There is nothing selinux related there.


This is the apache ssl_error_log:
[Sun Oct 08 06:09:27.334135 2017] [ssl:warn] [pid 29841] AH01909:
fc25.localdomain:443:0 server certificate does NOT include an ID which matches
the server name
apache ssl_access_log
192.168.0.117 - - [08/Oct/2017:06:19:36 +1000] "POST /bugzilla/editparams.cgi
HTTP/1.1" 200 6490


The following is the output from checksetup.pl --check-modules on each.
*** Windows:
C:\Progs\bugzilla>checksetup.pl --check-modules
* This is Bugzilla 5.0.3 on perl 5.20.2
* Running on WinVista Build 6002 (Service Pack 2)

Checking perl modules...
Checking for   CGI.pm (v3.51) ok: found v3.64
Checking for   Digest-SHA (any)   ok: found v5.95
Checking for TimeDate (v2.23) ok: found v2.24
Checking for DateTime (v0.75) ok: found v1.21
Checking forDateTime-TimeZone (v1.64) ok: found v1.95
Checking for  DBI (v1.614)ok: found v1.633
Checking for Template-Toolkit (v2.24) ok: found v2.26
Checking for Email-Sender (v1.300011) ok: found v1.300021
Checking for   Email-MIME (v1.904)ok: found v1.937
Checking for  URI (v1.55) ok: found v1.67
Checking for   List-MoreUtils (v0.32) ok: found v0.412
Checking forMath-Random-ISAAC (v1.0.1)ok: found v1.004
Checking for   File-Slurp (v.13)  ok: found v.19
Checking for  JSON-XS (v2.01) ok: found v3.01
Checking forWin32 (v0.35) ok: found v0.51
Checking forWin32-API (v0.55) ok: found v0.82
Checking for DateTime-TimeZone-Local-Win32 (v1.64) ok: found v1.87
Checking for

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-06-15 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #5 from Emmanuel Seyman  ---
Having tried pretty much every other option, I came back to the selinux thing.

I have a selinux file that reads:

module my-editparamscgi 1.0;

require {
type bugzilla_script_t;
class netlink_route_socket create;
class udp_socket create;
}

#= bugzilla_script_t ==
allow bugzilla_script_t self:netlink_route_socket create;

# This avc is allowed in the current policy
allow bugzilla_script_t self:udp_socket create;

With this, I can change the smtpserver anyway I want (provided smtp_username
and smtp_password have valid contents) but that doesn't seem very different
from what you tried.

I'll run more tests.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-04-06 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #4 from Hugh  ---
I added these rules, but I still get the same error.
No more selinux complaints and nothing in the httpd logs either.


module local-bugzilla 1.0;

require {
type bugzilla_script_t;
class netlink_route_socket { bind create getattr };
class udp_socket { connect create };
}

#= bugzilla_script_t ==

allow bugzilla_script_t self:netlink_route_socket { bind create getattr };

allow bugzilla_script_t self:udp_socket { connect create };

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-04-05 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #3 from Emmanuel Seyman  ---
This is an selinux issue:
type=AVC msg=audit(1491427462.96:1206): avc:  denied  { create } for  pid=21885
comm="editparams.cgi" scontext=system_u:system_r:bugzilla_script_t:s0
tcontext=system_u:system_r:bugzilla_script_t:s0 tclass=netlink_route_socket
permissive=0

I'm not sure how to handle this. I'll investigate...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-04-05 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019

Emmanuel Seyman  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
   Assignee|ita...@ispbrasil.com.br |emman...@seyman.fr



-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-03-03 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019



--- Comment #2 from Hugh  ---
I'd like to mention that this bug prevents me from configuring the server
correctly. I'd like to amend the priority to high as this blocks my continued
migration process. I suspect it doesn't only affect me, but anyone making a
fresh install of bugzilla on fc25.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org

[Bug 1427019] The new value for smtpserver is invalid: Cannot connect to

2017-02-27 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1427019

Kevin Fenzi  changed:

   What|Removed |Added

 CC||bazanlui...@gmail.com,
   ||emman...@seyman.fr,
   ||ita...@ispbrasil.com.br,
   ||perl-devel@lists.fedoraproj
   ||ect.org
  Component|distribution|bugzilla
   Assignee|vpav...@redhat.com  |ita...@ispbrasil.com.br



--- Comment #1 from Kevin Fenzi  ---
moving this to bugzilla package...

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org