Package: release.debian.org Severity: normal Tags: buster User: [email protected] Usertags: pu
Dear Release Team, on behalf of the Debian Edu team, I just uploaded a fix for Debian bug #941001 to buster (2.10.65+deb10u4). >From the changelog: + [ Dominik George ] + * Keep proxy settings on client if wpad is unreachable (Closes: #941001). The nastiness of this bug in a deployed Debian Edu site is described in the bug referred to above. TL;DR; Clients loose internet access if the WPAD server was unreachable during boot (which happens quite often for wireless notebook machines). One consequence of this is APT unattended-upgrades failing most of the time on those machines. Thanks+Greets, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru debian-edu-config-2.10.65+deb10u3/debian/changelog debian-edu-config-2.10.65+deb10u4/debian/changelog --- debian-edu-config-2.10.65+deb10u3/debian/changelog 2019-12-16 16:29:19.000000000 +0100 +++ debian-edu-config-2.10.65+deb10u4/debian/changelog 2020-01-30 17:23:38.000000000 +0100 @@ -1,3 +1,10 @@ +debian-edu-config (2.10.65+deb10u4) buster; urgency=medium + + [ Dominik George ] + * Keep proxy settings on client if wpad is unreachable (Closes: #941001). + + -- Mike Gabriel <[email protected]> Thu, 30 Jan 2020 17:23:38 +0100 + debian-edu-config (2.10.65+deb10u3) buster-security; urgency=high * Security fix for CVE-2019-3467 diff -Nru debian-edu-config-2.10.65+deb10u3/share/debian-edu-config/tools/update-proxy-from-wpad debian-edu-config-2.10.65+deb10u4/share/debian-edu-config/tools/update-proxy-from-wpad --- debian-edu-config-2.10.65+deb10u3/share/debian-edu-config/tools/update-proxy-from-wpad 2019-12-16 16:29:19.000000000 +0100 +++ debian-edu-config-2.10.65+deb10u4/share/debian-edu-config/tools/update-proxy-from-wpad 2020-01-30 17:23:38.000000000 +0100 @@ -83,7 +83,7 @@ # proxy. http_proxy= -eval `/usr/share/debian-edu-config/tools/wpad-extract` +. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null || exit 1 ftp_proxy=$http_proxy https_proxy=$http_proxy diff -Nru debian-edu-config-2.10.65+deb10u3/share/debian-edu-config/tools/wpad-extract debian-edu-config-2.10.65+deb10u4/share/debian-edu-config/tools/wpad-extract --- debian-edu-config-2.10.65+deb10u3/share/debian-edu-config/tools/wpad-extract 2019-12-16 16:29:19.000000000 +0100 +++ debian-edu-config-2.10.65+deb10u4/share/debian-edu-config/tools/wpad-extract 2020-01-30 17:23:38.000000000 +0100 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Detect proxy URL via WPAD # @@ -11,5 +11,10 @@ # DNS if the skolelinux machines are not connected to the Internet. proxy_url=$(curl -s http://wpad/wpad.dat | pactester -p - \ -u http://130.89.148.14 | awk '{print $2}' | cut -d';' -f1) -echo http_proxy=http://$proxy_url +if [ "$proxy_url" ]; then + http_proxy=http://$proxy_url + echo http_proxy=$http_proxy +else + return 1 +fi diff -Nru debian-edu-config-2.10.65+deb10u3/testsuite/webcache debian-edu-config-2.10.65+deb10u4/testsuite/webcache --- debian-edu-config-2.10.65+deb10u3/testsuite/webcache 2019-12-16 16:29:19.000000000 +0100 +++ debian-edu-config-2.10.65+deb10u4/testsuite/webcache 2020-01-30 17:23:38.000000000 +0100 @@ -69,7 +69,7 @@ # Subshell to avoid leaking http_proxy and ftp_proxy variables to # the rest of this script ( - eval `/usr/share/debian-edu-config/tools/wpad-extract` + . /usr/share/debian-edu-config/tools/wpad-extract >/dev/null if [ "$http_proxy" ] ; then echo "success: $0: WPAD file '$url' includes HTTP proxy info." else
