Your message dated Mon, 22 Aug 2022 13:42:00 +0200 with message-id <[email protected]> and subject line Fixed in previous NMUs, and in the latest has caused the Debian Bug report #994910, regarding tripwire segfaults while reading files in /etc to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 994910: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994910 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: tripwire Version: 2.4.3.7-3+b3 Severity: grave Justification: renders package unusable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Maintainer, I've been using tripwire for several years now, and never had troubles with it until this morning (perhaps [not] coincidentally with the updated glibc6). Now it segfaults a short time after starting. An strace of it comes out something like this at the end: openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=545, ...}) = 0 read(3, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 545 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xe0} --- write(2, "Software interrupt forced exit: "..., 51Software interrupt forced exit: Segmentation Fault ) = 51 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x421} --- +++ killed by SIGSEGV (core dumped) +++ I did this several times, and other files in /etc failed instead of nsswitch.conf (passwd was one). Since there's no dbgsym package for this version of tripwire, I rebuilt from source (using gcc 10), and, after installing, it worked fine with no segfault. However, this was version 2.4.3.7-3, not 2.4.3.7-3+b3: there doesn't seem to be a source for the "+b3" version. I have coredumps and full strace if anyone needs it. - -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.14.7.khufu (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tripwire depends on: ii debconf [debconf-2.0] 1.5.77 ii sendmail-bin [mail-transport-agent] 8.15.2-23 tripwire recommends no packages. tripwire suggests no packages. - -- Configuration Files: /etc/tripwire/twpol.txt changed: @@section GLOBAL TWBIN = /usr/sbin; TWETC = /etc/tripwire; TWVAR = /var/lib/tripwire; @@section FS SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change SEC_BIN = $(ReadOnly) ; # Binaries that should not change SEC_CONFIG = $(Dynamic) ; # Config files that are changed # infrequently but accessed # often SEC_LOG = $(Growing) ; # Files that grow, but that # should never change ownership SEC_INVARIANT = +tpug ; # Directories that should never # change permission or ownership SIG_LOW = 33 ; # Non-critical files that are of # minimal security impact SIG_MED = 66 ; # Non-critical files that are of # significant security impact SIG_HI = 100 ; # Critical files that are # significant points of # vulnerability ( rulename = "Tripwire Binaries", severity = $(SIG_HI) ) { $(TWBIN)/siggen -> $(SEC_BIN) ; $(TWBIN)/tripwire -> $(SEC_BIN) ; $(TWBIN)/twadmin -> $(SEC_BIN) ; $(TWBIN)/twprint -> $(SEC_BIN) ; } ( rulename = "Tripwire Data Files", severity = $(SIG_HI) ) { $(TWVAR)/$(HOSTNAME).twd -> $(SEC_CONFIG) -i ; $(TWETC)/tw.pol -> $(SEC_BIN) -i ; $(TWETC)/tw.cfg -> $(SEC_BIN) -i ; $(TWETC)/$(HOSTNAME)-local.key -> $(SEC_BIN) ; $(TWETC)/site.key -> $(SEC_BIN) ; #don't scan the individual reports $(TWVAR)/report -> $(SEC_CONFIG) (recurse=0) ; } ( rulename = "Critical system boot files", severity = $(SIG_HI) ) { /boot -> $(SEC_CRIT) ; /lib/modules -> $(SEC_CRIT) ; } ( rulename = "Boot Scripts", severity = $(SIG_HI) ) { /etc/init.d -> $(SEC_BIN) ; /etc/rcS.d -> $(SEC_BIN) ; /etc/rc0.d -> $(SEC_BIN) ; /etc/rc1.d -> $(SEC_BIN) ; /etc/rc2.d -> $(SEC_BIN) ; /etc/rc3.d -> $(SEC_BIN) ; /etc/rc4.d -> $(SEC_BIN) ; /etc/rc5.d -> $(SEC_BIN) ; /etc/rc6.d -> $(SEC_BIN) ; /etc/systemd -> $(SEC_BIN) ; } ( rulename = "Root file-system executables", severity = $(SIG_HI) ) { /bin -> $(SEC_BIN) ; /sbin -> $(SEC_BIN) ; } ( rulename = "Root file-system libraries", severity = $(SIG_HI) ) { /lib -> $(SEC_BIN) ; } ( rulename = "Security Control", severity = $(SIG_MED) ) { /etc/passwd -> $(SEC_CONFIG) ; /etc/shadow -> $(SEC_CONFIG) ; } ( rulename = "Root config files", severity = 100 ) { /root -> $(SEC_CRIT) ; # Catch all additions to /root /root/.bashrc -> $(SEC_CONFIG) ; /root/.bash_profile -> $(SEC_CONFIG) ; /root/.Xdefaults -> $(SEC_CONFIG) ; /root/.Xauthority -> $(SEC_CONFIG) -i ; # Changes Inode number on login /root/.ICEauthority -> $(SEC_CONFIG) ; } ( rulename = "Devices & Kernel information", severity = $(SIG_HI), ) { /dev -> $(Device) ; } ( rulename = "Things that change all the time", severity = 0 ) { /etc/cups/printers.conf -> $(IgnoreAll) ; /etc/cups/printers.conf.O -> $(IgnoreAll) ; /etc/cups/subscriptions.conf -> $(IgnoreAll) ; /etc/cups/subscriptions.conf.O -> $(IgnoreAll) ; /root/.bash_history -> $(IgnoreAll) ; /root/.cache/dconf/user -> $(IgnoreAll) ; /root/.emacs.d/auto-save-list -> $(IgnoreAll) ; /root/.gnupg/random_seed -> $(IgnoreAll) ; /root/.lesshst -> $(IgnoreAll) ; /root/.local/share/lftp/transfer_log -> $(IgnoreAll) ; /root/.mc -> $(IgnoreAll) ; /root/.viminfo -> $(IgnoreAll) ; /root/.xsession-errors -> $(IgnoreAll) ; } ( rulename = "Other configuration files", severity = $(SIG_MED) ) { /etc -> $(SEC_BIN) ; } ( rulename = "Other binaries", severity = $(SIG_MED) ) { /usr/local/sbin -> $(SEC_BIN) ; /usr/local/bin -> $(SEC_BIN) ; /usr/sbin -> $(SEC_BIN) ; /usr/bin -> $(SEC_BIN) ; /opt -> $(SEC_BIN) ; } ( rulename = "Other libraries", severity = $(SIG_MED) ) { /usr/local/lib -> $(SEC_BIN) ; /usr/lib -> $(SEC_BIN) ; /usr/share/perl5 -> $(SEC_BIN) ; } ( rulename = "Invariant Directories", severity = $(SIG_MED) ) { / -> $(SEC_INVARIANT) (recurse = 0) ; /home -> $(SEC_INVARIANT) (recurse = 0) ; /tmp -> $(SEC_INVARIANT) (recurse = 0) ; /usr -> $(SEC_INVARIANT) (recurse = 0) ; /var -> $(SEC_INVARIANT) (recurse = 0) ; /var/tmp -> $(SEC_INVARIANT) (recurse = 0) ; } - -- debconf information: * tripwire/installed: tripwire/site-passphrase-incorrect: false * tripwire/use-sitekey: true tripwire/broken-passphrase: * tripwire/rebuild-config: true * tripwire/rebuild-policy: true tripwire/upgrade: true tripwire/local-passphrase-incorrect: false tripwire/email-report: tripwire/change-in-default-policy: * tripwire/use-localkey: true -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEETZlw4yMXM0sUHntjEvfoZbXi52EFAmFLxPYOHHJqbXhAcmpt eC5uZXQACgkQEvfoZbXi52HqdxAAggiE34Qpa7D9oDBkj0PmtHPs7Gb4KfqRcaU7 ngJoDwJkVakOj0WgB594tsgn5pkyJjQvz/sjm+hiZsFECOVlsWS4CDQmjNs9shhJ z7n0+NeVGjGNelTyc1JD+IutOTXdHdZ8+nyjAU3yi+e9+5XI8W6+P4XBPbGPqFXT HmSQqHnccWbkJLhBxuX3W1+fiqvsM8UBV5Pb34VIZ4nfE9vGTJFxd2Zgv9pOv/K7 X9c6/3h/cdeM+k+eKoDTcpWvaeVtmHUxWzVWXfTrNFP1itQYIUYkAUJafiYUGr/g 2z90lDlcBaezeXEa+SPlDvevzTZp3BFKg5yTbuNw5bXDA5iJrLP1Kjnp5BySKp1F /7cAo5JEKbx8cB7KLlBgMISIDiJCP41dFpDKaExAFFWLFnsr8Tw60xKu+odtIdkp jDlyQKIXCYTiawDhCO0Xp7u8jylv1U6Bfe99lBSBIhvesl5T7j84a9hhN8SIUQeW XruQONL41hURSlvj9OQknC7/cGeu2UUJZqgFVgTLJkYEXV1BJQT5U6yv4fl1Xxpm HIhFquDs8RIncrEajzmek27oPhfDk+PKjo3ZfmzwzuCk+0D+1cLO9xpX2bVCQvPy k2s6olVEzkNpm+OJYcOaUbMkmuZYOJFBTQkzUuW1AyXP7h4LyXFTmKELiu1qAtb7 nfaquU8= =dEqf -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Hi, This issue in the current package version has been fixed with 2.4.3.7-4+b3. Regards, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: [email protected] | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
--- End Message ---
