Hoi Paul, As I already mentioned on IRC - we're running into this issue (Apache stopped running periodically) and since a patch has been available for a few months I took the liberty to schedule a NMU in DELAYED/5 with this fix.
Let me know if you object or even if you want me to go ahead without delay. If this fix has no issues I'll also propose a fix for Buster since that is what we're running. Cheers, Thijs
diff -Nru tmpreaper-1.6.14/ChangeLog tmpreaper-1.6.14+nmu1/ChangeLog --- tmpreaper-1.6.14/ChangeLog 2019-01-11 12:27:15.000000000 +0000 +++ tmpreaper-1.6.14+nmu1/ChangeLog 2019-09-06 13:20:49.000000000 +0000 @@ -1,3 +1,11 @@ +tmpreaper (1.6.14+nmu1) unstable; urgency=medium + + * Non-maintainer upload. + * Add `--protect '/tmp/systemd-private*/*'` to cron job to prevent + breaking systemd services that have PrivateTmp=true (closes: #881725). + + -- Thijs Kinkhorst <[email protected]> Fri, 06 Sep 2019 13:20:49 +0000 + tmpreaper (1.6.14) unstable; urgency=medium * Upload to unstable to fix the race condition described in CVE-2019-3461: diff -Nru tmpreaper-1.6.14/debian/changelog tmpreaper-1.6.14+nmu1/debian/changelog --- tmpreaper-1.6.14/debian/changelog 2019-01-11 12:27:15.000000000 +0000 +++ tmpreaper-1.6.14+nmu1/debian/changelog 2019-09-06 13:20:49.000000000 +0000 @@ -1,3 +1,11 @@ +tmpreaper (1.6.14+nmu1) unstable; urgency=medium + + * Non-maintainer upload. + * Add `--protect '/tmp/systemd-private*/*'` to cron job to prevent + breaking systemd services that have PrivateTmp=true (closes: #881725). + + -- Thijs Kinkhorst <[email protected]> Fri, 06 Sep 2019 13:20:49 +0000 + tmpreaper (1.6.14) unstable; urgency=medium * Upload to unstable to fix the race condition described in CVE-2019-3461: diff -Nru tmpreaper-1.6.14/debian/cron.daily tmpreaper-1.6.14+nmu1/debian/cron.daily --- tmpreaper-1.6.14/debian/cron.daily 2008-05-19 17:10:16.000000000 +0000 +++ tmpreaper-1.6.14+nmu1/debian/cron.daily 2019-09-06 13:15:04.000000000 +0000 @@ -105,5 +105,6 @@ --protect '/tmp/lost+found' \ --protect '/tmp/journal.dat' \ --protect '/tmp/quota.{user,group}' \ + --protect '/tmp/systemd-private*/*' \ `for i in $TMPREAPER_PROTECT_EXTRA; do echo --protect "$i"; done` \ $TMPREAPER_DIRS diff -Nru tmpreaper-1.6.14/.deps/tmpreaper.Po tmpreaper-1.6.14+nmu1/.deps/tmpreaper.Po --- tmpreaper-1.6.14/.deps/tmpreaper.Po 2019-01-11 12:27:15.000000000 +0000 +++ tmpreaper-1.6.14+nmu1/.deps/tmpreaper.Po 2019-09-06 13:20:49.000000000 +0000 @@ -11,7 +11,7 @@ /usr/include/x86_64-linux-gnu/bits/types/clockid_t.h \ /usr/include/x86_64-linux-gnu/bits/types/time_t.h \ /usr/include/x86_64-linux-gnu/bits/types/timer_t.h \ - /usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h \ + /usr/lib/gcc/x86_64-linux-gnu/9/include/stddef.h \ /usr/include/x86_64-linux-gnu/bits/stdint-intn.h /usr/include/endian.h \ /usr/include/x86_64-linux-gnu/bits/endian.h \ /usr/include/x86_64-linux-gnu/bits/byteswap.h \ @@ -56,14 +56,14 @@ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \ /usr/include/x86_64-linux-gnu/bits/types/error_t.h getopt.h \ /usr/include/glob.h \ - /usr/lib/gcc/x86_64-linux-gnu/7/include-fixed/limits.h \ - /usr/lib/gcc/x86_64-linux-gnu/7/include-fixed/syslimits.h \ + /usr/lib/gcc/x86_64-linux-gnu/9/include-fixed/limits.h \ + /usr/lib/gcc/x86_64-linux-gnu/9/include-fixed/syslimits.h \ /usr/include/limits.h \ /usr/include/x86_64-linux-gnu/bits/libc-header-start.h \ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \ /usr/include/x86_64-linux-gnu/bits/xopen_lim.h \ /usr/include/x86_64-linux-gnu/bits/uio_lim.h \ - /usr/lib/gcc/x86_64-linux-gnu/7/include/stdarg.h /usr/include/stdio.h \ + /usr/lib/gcc/x86_64-linux-gnu/9/include/stdarg.h /usr/include/stdio.h \ /usr/include/x86_64-linux-gnu/bits/types/__fpos_t.h \ /usr/include/x86_64-linux-gnu/bits/types/__mbstate_t.h \ /usr/include/x86_64-linux-gnu/bits/types/__fpos64_t.h \ @@ -104,7 +104,7 @@ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \ /usr/include/ext2fs/ext2_fs.h /usr/include/ext2fs/ext2_types.h \ - /usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h /usr/include/stdint.h \ + /usr/lib/gcc/x86_64-linux-gnu/9/include/stdint.h /usr/include/stdint.h \ /usr/include/x86_64-linux-gnu/bits/wchar.h \ /usr/include/x86_64-linux-gnu/bits/stdint-uintn.h /usr/include/utime.h \ /usr/include/libmount/libmount.h /usr/include/mntent.h \ @@ -140,7 +140,7 @@ /usr/include/x86_64-linux-gnu/bits/types/timer_t.h: -/usr/lib/gcc/x86_64-linux-gnu/7/include/stddef.h: +/usr/lib/gcc/x86_64-linux-gnu/9/include/stddef.h: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h: @@ -244,9 +244,9 @@ /usr/include/glob.h: -/usr/lib/gcc/x86_64-linux-gnu/7/include-fixed/limits.h: +/usr/lib/gcc/x86_64-linux-gnu/9/include-fixed/limits.h: -/usr/lib/gcc/x86_64-linux-gnu/7/include-fixed/syslimits.h: +/usr/lib/gcc/x86_64-linux-gnu/9/include-fixed/syslimits.h: /usr/include/limits.h: @@ -258,7 +258,7 @@ /usr/include/x86_64-linux-gnu/bits/uio_lim.h: -/usr/lib/gcc/x86_64-linux-gnu/7/include/stdarg.h: +/usr/lib/gcc/x86_64-linux-gnu/9/include/stdarg.h: /usr/include/stdio.h: @@ -362,7 +362,7 @@ /usr/include/ext2fs/ext2_types.h: -/usr/lib/gcc/x86_64-linux-gnu/7/include/stdint.h: +/usr/lib/gcc/x86_64-linux-gnu/9/include/stdint.h: /usr/include/stdint.h:
signature.asc
Description: OpenPGP digital signature
