Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package ejabberd 16.09-4 (not uploaded yet). There are 3 small changes: - add missing ImageMagick paths to apparmor profile (needed for captcha and thumbnail generation) - enable roster versioning by default (#851212) (saves bandwidth, especially for mobile clients) - extend README.Debian with information on how to configure the systemd unit file when using pam authentication (#854178) Full diff attached. Best wishes, Philipp unblock ejabberd/16.09-4
diff --git a/debian/README.Debian b/debian/README.Debian index dcf6f26..e823a24 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -138,6 +138,34 @@ and to make epam setuid root you can do: (Note that we set o-x there so that only users in the ejabberd group are able to elevate their privileges by executing this program.) +When ejabberd is started via systemd, you will have to edit the +ejabberd.service file and set the following: + + [Service] + PrivateDevices=false + NoNewPrivileges=false + +Otherwise it will be impossible for the epam helper program to gain the +configured setuid and/or setgid privileges. + +With systemd >= 218 you can simply create an override with +`systemctl edit ejabberd.service` and put + [Service] + PrivateDevices= + PrivateDevices=false + NoNewPrivileges= + NoNewPrivileges=false +in there. + +With systemd < 218 the changes must be made manually. +In order to not loose the changes upon upgrades, +remove the symlink + /etc/systemd/system/multi-user.target.wants/ejabberd.service +and replace it with a copy of + /lib/systemd/system/ejabberd.service +before making the changes. +Remember to do a `systemctl daemon-reload` afterwards. + 4. Using DBMS for data storage =============================== diff --git a/debian/changelog b/debian/changelog index 7acd34b..6728f59 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +ejabberd (16.09-4) unstable; urgency=medium + + * Added missing ImageMagick paths to apparmor profile + * Enabled versioning in mod_roster by default (Closes: #851212) + * Extended README.Debian with information regarding pam + systemd + (Closes: #854178) + + -- Philipp Huebner <[email protected]> Sun, 05 Feb 2017 13:19:29 +0100 + ejabberd (16.09-3) unstable; urgency=medium * Added lsb-base (>= 3.0-6) to Depends diff --git a/debian/patches/ejabberd.yml.example.diff b/debian/patches/ejabberd.yml.example.diff index 65be78c..d8f823d 100644 --- a/debian/patches/ejabberd.yml.example.diff +++ b/debian/patches/ejabberd.yml.example.diff @@ -161,3 +161,13 @@ Index: ejabberd/ejabberd.yml.example ## mod_multicast: {} mod_offline: access_max_user_messages: max_user_offline_messages +@@ -661,7 +660,8 @@ modules: + ## + ## access_from: deny + ## access: register +- mod_roster: {} ++ mod_roster: ++ versioning: true + mod_shared_roster: {} + mod_stats: {} + mod_time: {} diff --git a/debian/usr.sbin.ejabberdctl b/debian/usr.sbin.ejabberdctl index e8eaa01..edf6c99 100644 --- a/debian/usr.sbin.ejabberdctl +++ b/debian/usr.sbin.ejabberdctl @@ -44,8 +44,9 @@ } - /etc/ejabberd** r, /etc/default/ejabberd r, + /etc/ejabberd** r, + /etc/ImageMagick** r, /run/ejabberd** rw, @@ -76,6 +77,8 @@ /usr/sbin/ejabberdctl r, + /usr/share/ImageMagick-*/** rix, + /var/backups/ rw, /var/backups/ejabberd** rwlk, /var/lib/ejabberd** rw,
