Re: Sympa's wwsympa Fails "Can't locate CGI/Fast.pm in @INC"

2020-03-21 Thread nik...@rpgresearch.com 
On Tue, 17 Mar 2020 11:25:35 +0100
Jeremie Courreges-Anglas  wrote:

> On Mon, Mar 16 2020, Ian McWilliam 
> wrote:
> > You'll actually need to add CGI::Fast as a package as it is missing.
> >
> > pkg_add p5-CGI-Fast  
> 
> FastCGI is indeed optional in this release of sympa, later releases
> make it mandatory[0].  The README already describes a FastCGI setup,
> and I suspect most users use FastCGI for sp33d these days, so the port
> could help the user a bit more.  What about adding p5-CGI-Fast to
> RUN_DEPENDS?
> 
> I'll note that our sympa port is out of date, 6.2.16 vs 6.2.54, and
> that it's probably affected by CVE-2018-1000550[1].
> 
> [0]
> https://sympa-community.github.io/manual/upgrade/notes.html#from-versions-prior-to-6224
> [1] https://sympa-community.github.io/security/index.html
> 

So I am still having the problem that I reported earlier, having fixed the 
original problem. But I've realized that the only relevant log that I can 
really find is in /var/www/logs/error.log.

There is no association that I can find with any logs produced by sympa or 
wwsympa.

What is additionally strange is that the password reset function partially 
works. I can enter in an email address for login, hit Reset Password and 
nothing will happen. But if simply attempt to login with an invalid password I 
am directly dropped into the password reset page. I can reset my password and 
receive the password reset email from Sympa. When I try to visit the link, it 
doesn't recognize it and simply reverts to the main page.

In doing so it produces an error in /var/www/logs/error.log:

>2020/03/21 14:30:35 [error] 85255#0: *24 kevent() reported that
>connect() failed (61: Connection refused) while connecting to
>upstream, client: 11.11.11.11, server: domain.com,
>request: "GET /ticket/88026461536332 HTTP/2.0", upstream:
>"fastcgi://[::1]:1026", host: "domain.com"

I search for wwsympa errors and it appears clean of any error typed logs. Sympa 
is working normally with email as shown by the password reset emails and "help" 
tests.

This doesnt look like an nginx issue, which I basically copied from the package 
maintainers readme. And there are very little to no changes that I could make 
to wwsympa. Its .fcgi is publicly r and x.

Hopefully there is something I am missing.


Thank you all.

Re: Sympa's wwsympa Fails "Can't locate CGI/Fast.pm in @INC"

2020-03-18 Thread nik...@rpgresearch.com 
On Tue, 17 Mar 2020 11:25:35 +0100
Jeremie Courreges-Anglas  wrote:

> On Mon, Mar 16 2020, Ian McWilliam 
> wrote:
> > You'll actually need to add CGI::Fast as a package as it is missing.
> >
> > pkg_add p5-CGI-Fast  
> 
> FastCGI is indeed optional in this release of sympa, later releases
> make it mandatory[0].  The README already describes a FastCGI setup,
> and I suspect most users use FastCGI for sp33d these days, so the port
> could help the user a bit more.  What about adding p5-CGI-Fast to
> RUN_DEPENDS?
> 
> I'll note that our sympa port is out of date, 6.2.16 vs 6.2.54, and
> that it's probably affected by CVE-2018-1000550[1].
> 
> [0]
> https://sympa-community.github.io/manual/upgrade/notes.html#from-versions-prior-to-6224
> [1] https://sympa-community.github.io/security/index.html
> 

Thank you for letting me know about the CVE.

I'll explore options for limiting access to the site as a mitigation, since 
users have the option to send commands via email anyway and only a couple 
admins really need access to the webportal.


I am actually stuck on a newer problem where I'm at a loss of how to 
troubleshoot it.


The Sympa web portal seems responsive on the main page, but when I try to set 
my login for admin through "First Login" the page appears to just refresh to 
the main page without taking me to the requested page.

I checked nginx logs:

2020/03/18 18:49:33 [error] 24697#0: *1 kevent() reported that connect() failed 
(61: Connection refused) while connecting to upstream, client: 11.11.11.11, 
server: domain.com, request: "GET / HTTP/2.0", upstream: 
"fastcgi://127.0.0.1:1026", host: "domain.com"
2020/03/18 18:49:33 [error] 24697#0: *1 kevent() reported that connect() failed 
(61: Connection refused) while connecting to upstream, client: 11.11.11.11, 
server: domain.com, request: "GET / HTTP/2.0", upstream: 
"fastcgi://[::1]:1026", host: "domain.com" 2020/03/18 18:49:47 [error] 24697#0: 
*1 kevent() reported that connect() failed (61: Connection refused) while 
connecting to upstream, client: 11.11.11.11, server: domain.com, request: "GET 
/HTTP/2.0", upstream: "fastcgi://[::1]:1026", host: "domain.com"


I checked /var/log/messages for wwsympa and got the following:

/var/log/messages:Mar 17 03:46:55 o wwsympa[82960]: err main::#1279 > 
main::get_parameters#2370 [robot domain.com] [client 11.11.11.11] Syntax error 
for parameter POSTDATA value "\^BB" not conform to regexp:[\\w\\-\\.]+; dumped 
vars in /var/spool/sympa/tmp/sympa_dump.1584442015.82960  /var/log/messages:Mar 
17 03:46:55 o wwsympa[82960]: err main::#1279 > main::get_parameters#2370 
[robot domain.com] [client 11.11.11.11] Syntax error for parameter POSTDATA 
value "\^\\^P\^Q" not conform to regexp:[\\w\\-\\.]+; dumped vars in 
/var/spool/sympa/tmp/sympa_dump.1584442015.82960 

/var/log/messages:Mar 18 00:24:04 o wwsympa[82960]: err main::#1279 > 
main::get_parameters#2370 [robot domain.com] [client 22.22.22.22] Syntax error 
for parameter s value "/Index/\\think\\app/invokefunction" not conform to 
regexp:[\\w\\-\\.]+; dumped vars in 
/var/spool/sympa/tmp/sympa_dump.1584516244.80



Your help is very much appareciated.

Thank you.

Re: Sympa's wwsympa Fails "Can't locate CGI/Fast.pm in @INC"

2020-03-16 Thread nik...@rpgresearch.com 
On Mon, 16 Mar 2020 04:12:41 +
Ian McWilliam  wrote:

> Did you pkg_add p5-CGI-Fast at some point?
> 
> What does your pkg_info | grep -i p5-CGI look like?
> 
> Ian McWilliam
> 
> From: owner-po...@openbsd.org  on behalf of
> nik...@rpgresearch.com  Sent: Monday, 16
> March 2020 12:35 PM To: ports@openbsd.org 
> Subject: Sympa's wwsympa Fails "Can't locate CGI/Fast.pm in @INC"
> 
> I have been working on setting up Sympa on OpenBSD.
> 
> I have OpenSMTPd working with the Sympa daemon, but I'm getting stuck
> on the wwsympa set up with nginx (I hope to switch to OpenBSD's HTTPd
> after I get Nginx working).
> 
> I used the Nginx config provided by the port maintainer:
> 
> >server {
> >   server_name domain.com;
> >   listen on 0.0.0.0:80;
> >
> >   location /static-sympa {
> >   alias /var/www/sympa/;
> >   }
> >
> >
> >   location / {
> >   fastcgi_pass localhost:1026;
> >   fastcgi_split_path_info ^(/sympa)(.+)$;
> >   include fastcgi_params;
> >   fastcgi_param PATH_INFO $fastcgi_path_info;
> >   fastcgi_param
> >   SCRIPT_FILENAME /usr/local/libexec/sympa/wwsympa-wrapper.fcgi; }
> >}  
> 
> When I launch all the services, wwsympa crashes out with the following
> error in /var/log/messages.
> 
> >wwsympa[40272]: err main::#138 DIED: Can't locate CGI/Fast.pm in @INC
> >(you may need to install the CGI::Fast module) (@INC
> >contains: /usr/local/libdata/perl5/site_perl/amd64-openbsd 
> >/usr/local/libdata/perl5/site_perl /usr/libdata/perl5/amd64-openbsd 
> >/usr/libdata/perl5)
> >at /usr/local/libexec/sympa/wwsympa.fcgi line 139  
> 
> I will now make this email unbearably long by sharing this dump:
> 
> >ls /usr/local/libdata/perl5/site_perl/  
> AppConfigEncode   MIME
> Role iso8859.pl   mhsingle.pl
> AppConfig.pm ErrorMLDBM
> SQL  libwww   mhthread.pl
> Archive  Error.pm MLDBM.pm
> Sort mhamain.pl   mhtime.pl
> BEval MRO
> StackTrace   mhdb.pl  mhtxtenrich.pl
> Bundle   Exporter Mail
> Sub  mhdysub.pl   mhtxthtml.pl
> CGI  Fh.pmMath
> Sympamhexternal.plmhtxtplain.pl
> CGI.pm   File MaxMind
> Sympa.pm mhfile.plmhtxttsv.pl
> CGI.pod  Font Method
> Term mhidxrc.pl   mhusage.pl
> ClassFreezeThaw.pmModule
> Test mhindex.pl   mhutil.pl
> CloneGeoIP2   MojoX
> Throwablemhinit.plnamespace
> Conf.pm  GeoIP2.pmMoo
> Throwable.pm mhlock.ploo.pm Convert
> HTML Moo.pm   Time
> mhmimetypes.pl   osinit.pl Crypt
> HTTP MooX Try
> mhmsgextbody.pl  qprint.pl DDP.pm
> IO   Mozilla  URI
> mhmsgfile.pl readmail.pl Data
> JSON MuninURI.pm
> mhnote.plspamassassin-run.pod Date
> LWP  Net  WWW
> mhnull.plstrictures DateTime
> LWP.pm   OpenBSD  XML
> mhopt.pl strictures.pm Devel
> List POD2 amd64-openbsd
> mhrcfile.pl Digest   Locale
> Package  base64.plmhrcvars.pl
> Dist Log  RPC
> ewhutil.pl   mhrmm.pl EmailMHonArc
> RRDp.pm  iso2022jp.pl mhscan.pl
> 
> Is this a dependency issue, or is there a step that I could be
> missing? I am not familiar with CGI in general.
> 
> 
> Thank you all!
> 

Thank you for responding so quickly:

>pkg_info | grep -i p5-CGI
 
>p5-CGI-4.43 handle Common Gateway Interface requests and
>responses

It does appear to be a listed dependency and is installed:

>cat /var/db/pkg/sympa-6.2.16p2/+REQUIRING  | grep p5-CGI-4.43
>p5-CGI-4.43