Your message dated Sun, 16 Feb 2014 19:04:27 +0000
with message-id <[email protected]>
and subject line Bug#734728: fixed in request-tracker4 4.0.19-1
has caused the Debian Bug report #734728,
regarding request-tracker4: upgrade code broken by change in www-data's shell
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
734728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: request-tracker4
Version: 4.0.18-1
Severity: normal
Tags: patch
User: [email protected]
Usertags: shell-fallout
In base-passwd 3.5.30, I changed www-data's shell to /usr/sbin/nologin
(a change that I really should have made about ten years ago). This has
unfortunately had a bit of collateral damage: some upgrade code in
request-tracker4's postinst will behave improperly. Here's a fix.
* Pass "-s /bin/sh" to "su www-data" to cope with the change of www-data's
shell in base-passwd 3.5.30.
diff -Nru request-tracker4-4.0.18/debian/postinst
request-tracker4-4.0.18/debian/postinst
--- request-tracker4-4.0.18/debian/postinst 2013-10-26 13:09:50.000000000
+0100
+++ request-tracker4-4.0.18/debian/postinst 2014-01-09 12:28:24.000000000
+0000
@@ -143,7 +143,7 @@
if [ "$1" = "configure" ] && [ -n "$2" ] && \
dpkg --compare-versions "$2" lt 4.0.5-3
then
- if su -c "RTHOME=/usr/share/request-tracker4
/usr/share/request-tracker4/etc/upgrade/vulnerable-passwords --fix" www-data;
then
+ if su -s /bin/sh -c "RTHOME=/usr/share/request-tracker4
/usr/share/request-tracker4/etc/upgrade/vulnerable-passwords --fix" www-data;
then
echo "rt-vulnerable-passwords-4 invoked successfully on upgrade"
else
echo "rt-vulnerable-passwords-4 exited with an error but the"
Sorry,
--
Colin Watson [[email protected]]
--- End Message ---
--- Begin Message ---
Source: request-tracker4
Source-Version: 4.0.19-1
We believe that the bug you reported is fixed in the latest version of
request-tracker4, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated request-tracker4
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 16 Feb 2014 16:15:23 +0000
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-fcgi rt4-apache2 rt4-db-postgresql
rt4-db-mysql rt4-db-sqlite rt4-doc-html
Architecture: source all
Version: 4.0.19-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Request Tracker Group
<[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description:
request-tracker4 - extensible trouble-ticket tracking system
rt4-apache2 - Apache 2 specific files for request-tracker4
rt4-clients - mail gateway and command-line interface to request-tracker4
rt4-db-mysql - MySQL database backend for request-tracker4
rt4-db-postgresql - PostgreSQL database backend for request-tracker4
rt4-db-sqlite - SQLite database backend for request-tracker4
rt4-doc-html - HTML documentation for request-tracker4
rt4-fcgi - External FastCGI support for request-tracker4
Closes: 734728
Changes:
request-tracker4 (4.0.19-1) unstable; urgency=medium
.
* Pass "-s /bin/sh" to "su www-data" to cope with the change of www-data's
shell in base-passwd 3.5.30. Thanks to Colin Watson for the bug report
and patch (Closes: #734728)
* New upstream release
* Include database upgrade scripts/NEWS
* Don't fetch logo from bestpractical.com from 'broken install'
page (fixes Lintian privacy error)
Checksums-Sha1:
061ef71ede61e913a6626e938fb630c3d8f396a2 5135 request-tracker4_4.0.19-1.dsc
73930510411a4310d0f8d7af6b10337364650cd4 1144907
request-tracker4_4.0.19.orig-third-party-source.tar.gz
ce7bae429ed56603fef9e7a46d976d1ea9ed1e14 6938409
request-tracker4_4.0.19.orig.tar.gz
58eb4b45da77c3f7e5b4ce06318b41aea0fdd644 69652
request-tracker4_4.0.19-1.debian.tar.xz
fd4cbeeaaff05b0a2e64db1f8a52a6b0a0671056 2597630
request-tracker4_4.0.19-1_all.deb
49e829594aa14d63f6325fdfd2bf3f21fe1d4574 50220 rt4-clients_4.0.19-1_all.deb
c6ce3d9347fd35051ece90d1aa3e72f9a54adcfa 17246 rt4-fcgi_4.0.19-1_all.deb
22b8effefa9a3df1c24534b5814b4e7d65ee4291 16174 rt4-apache2_4.0.19-1_all.deb
2237fc56a8b089091dfb884751dc417bbfc45952 15500
rt4-db-postgresql_4.0.19-1_all.deb
477b3d6a3748b1193a63a394714e5fa57a8cc234 15512 rt4-db-mysql_4.0.19-1_all.deb
ea6b9e774d4f6039a241bbe0904203d70509e0a1 15624 rt4-db-sqlite_4.0.19-1_all.deb
4db8d90fe3a77dcd30e2e0311a281c9d0e31927e 570842 rt4-doc-html_4.0.19-1_all.deb
Checksums-Sha256:
c55806ec5721919e24ac939268e9c7349a322d9da11d80d9e023eb0dd5c81827 5135
request-tracker4_4.0.19-1.dsc
739f298985ba901b24831facbaa1b0d5ae4b9717fc2697f9137cd47d14c8bc36 1144907
request-tracker4_4.0.19.orig-third-party-source.tar.gz
2ce03fc43c9c07ef69377fb63e14a2b1b65a91c1a722cfbfaf6eee1f0fd06d69 6938409
request-tracker4_4.0.19.orig.tar.gz
6aa7af615be29bef16e096eb7b05431a28eec4ad46b1530e53236aea39a11490 69652
request-tracker4_4.0.19-1.debian.tar.xz
c54298452cc17f8d0cdd4a0a7c2bdeac63d2784517a7a8f1dde866ae3943b115 2597630
request-tracker4_4.0.19-1_all.deb
b6f43d1a2f2571864246ba3dc0fa405026d11e62be85c9d559ccefa6ff14d968 50220
rt4-clients_4.0.19-1_all.deb
b2e1b9bc9f8c7d05d2bbb4ef74eee8f01a432457d83dcd0bdff53d478c162cd0 17246
rt4-fcgi_4.0.19-1_all.deb
5051f73a6dc93d21028f8cfeaa41cb939a6a3fd4e11ec9c3b9da877714939bee 16174
rt4-apache2_4.0.19-1_all.deb
b1156b3a7b542a74ddcf1ea7a4a698f7479b135ab95c55fbb18d226fbc99c648 15500
rt4-db-postgresql_4.0.19-1_all.deb
1dc584d0e078b1fad25e5b7793e313e18cec4403db0cc3e97a9e26dc58bd52a2 15512
rt4-db-mysql_4.0.19-1_all.deb
a7cd272cc99d8905cfe6679c28232181b8275be932fbc34e6e6a5e36651a0cc6 15624
rt4-db-sqlite_4.0.19-1_all.deb
3957df3de15fa2b1f6b792fa24d0f7193d0992708f188dafacd7b63db3296a01 570842
rt4-doc-html_4.0.19-1_all.deb
Files:
5949dfab4bfcae74b1a8e295d6f51632 5135 misc optional
request-tracker4_4.0.19-1.dsc
6b606857180b74033defbae25dc61f1a 1144907 misc optional
request-tracker4_4.0.19.orig-third-party-source.tar.gz
84e0fe8614a86a6cd88813c3e71681c5 6938409 misc optional
request-tracker4_4.0.19.orig.tar.gz
8863de028843613d9a30748b84aab661 69652 misc optional
request-tracker4_4.0.19-1.debian.tar.xz
fbe719d276530b3d3e6f39f60dea3504 2597630 misc optional
request-tracker4_4.0.19-1_all.deb
6c048bc58d405106e4493ef86b3c3c34 50220 misc optional
rt4-clients_4.0.19-1_all.deb
461ec0e516dee31e5cd49b49dceb0479 17246 misc optional rt4-fcgi_4.0.19-1_all.deb
3206d3ec5c9725334f3a106a70b3bc21 16174 misc optional
rt4-apache2_4.0.19-1_all.deb
614c1eb8d0a0946f2d01c1fb1255504b 15500 misc optional
rt4-db-postgresql_4.0.19-1_all.deb
48b71177847a6efd7555540ef099a1d9 15512 misc optional
rt4-db-mysql_4.0.19-1_all.deb
3676e40678839ce2ca750db36db91c3f 15624 misc optional
rt4-db-sqlite_4.0.19-1_all.deb
3d82179d921cf505e3b6ceef0b7ac159 570842 doc optional
rt4-doc-html_4.0.19-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJTAQfsAAoJEMAFfnFNaU+yBIMQAKPfPYi/41tnDZBx+EhRc+bR
k70lgxvL2HxJB0qCPQA+h/3pzTvVRL7L9pn6sktyX4wZdUKXhstLHg7yEezyBih6
vYFbK9KxkoyHd+AXvdqI0p+MgJYKqHPbVL2XyyakeqYs+4KKQwuY7xgM+XvnXYBl
QOTANfg+8MTiwqRCyuIvWzZA9fOjdpHatmjXra2XHDbFB0CmDKNltow29MDkaCM3
kEqJkVkgFVjNQDSLYnLMRuIx3SKnKd9W4xpw9x7l7mkE3X+/pH3IdUTiv0ygoNVn
yieK9KTrvt0nLKQpkPvpNQqk5QWw46YhQZQWe+WjJ67beWMEXqsDLiOh5pw3wX7z
e77apQgEykxqEOmgo+7dyuTC59Jt45HN6Hjg/GzN7IXT0Pa8N/MITNEz3kZ2kbnX
4z2kF8MUVjoFT1EPz7KCYKk1hMJYJqKRLAisVbNueTR6gzEtYpESZVaB9LmR6oIo
Z3jTDhuvXkJaS9dOPIZ+52x2Y+reFmir3YF3l/20T74Y1ZzNhc1tEdahvEZO+/+N
KuHUdQm8B8yA+4oUv2uZQYPpxt8CpkCyCIe+ISgacBnuN6WhHlGETya4/MqtpYae
UDtJw0M6aamn2Dle4ojhI8E5rW/p4O07YIPEKxdM6JKGXHJCBOiNgLfv3rsuID5n
niEmN5skUD9/ojcJBwNE
=et2a
-----END PGP SIGNATURE-----
--- End Message ---
