Bug#1068478: dovecot-core: Wildcard !include statements fail if nothing matches

2024-04-05 Thread Einhard Leichtfuß 
Package: dovecot-core
Version: 1:2.3.21+dfsg1-3+b1
Severity: normal

Dear Maintainer,

when the Dovecot configuration contains an `!include` statement with a
wildcard that does not match anything, dovecot prints an error and
terminates.

Expected behaviour: Dovecot processes the configuration as if the
`!include` statement was not present.

The upstream on-line documentation [0] says on `!include`:
> It’s not an error if wildcards don’t result in any matching files.

[0] 


Steps to reproduce:

  mkdir dir
  printf '%s\n' '!include dir/*.conf' > dovecot.conf
  dovecot -Fc dovecot.conf
  doveconf -c dovecot.conf

Output of `dovecot -Fc doveconf.conf`:

  doveconf: Fatal: Error in configuration file dovecot.conf line 1: No matches

Output of `doveconf -c dovecot.conf`:

  # 2.3.21 (47349e2482): dovecot.conf
  # Pigeonhole version 0.5.21 (f6cd4b8e)
  doveconf: Fatal: Error in configuration file dovecot.conf line 1: No matches

Workaround 1:
 * Create an empty dummy configuration file in `dir/`.

Workaround 2:
 * Use `!include_try` instead.
   * Unlike `!include`, this also silently ignores read errors.

Possibly related upstream mailing list thread:
 * 

 * 


-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.7.9-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dovecot-core depends on:
ii  adduser  3.137
ii  init-system-helpers  1.66
ii  libapparmor1 3.0.13-2
ii  libbz2-1.0   1.0.8-5.1
ii  libc62.37-15.1
ii  libcap2  1:2.66-5
ii  libcrypt11:4.4.36-4
ii  libexttextcat-2.0-0  3.4.7-1
ii  libicu72 72.1-4+b1
ii  liblua5.4-0  5.4.6-3+b1
ii  liblz4-1 1.9.4-2
ii  liblzma5 5.6.1+really5.4.5-1
ii  libpam-runtime   1.5.3-6
ii  libpam0g 1.5.3-6
ii  libsodium23  1.0.18-1
ii  libssl3t64   3.2.1-3
ii  libstemmer0d 2.2.0-4+b1
ii  libsystemd0  255.4-1+b1
ii  libtirpc3t64 1.3.4+ds-1.2
ii  libunwind8   1.6.2-3
ii  libwrap0 7.6.q-33
ii  libzstd1 1.5.5+dfsg2-2
ii  openssl  3.2.1-3
ii  ssl-cert 1.1.2
ii  ucf  3.0043+nmu1
ii  zlib1g   1:1.3.dfsg-3.1

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
pn  dovecot-gssapi
pn  dovecot-imapd 
pn  dovecot-ldap  
pn  dovecot-lmtpd 
pn  dovecot-managesieved  
pn  dovecot-mysql 
pn  dovecot-pgsql 
pn  dovecot-pop3d 
pn  dovecot-sieve 
pn  dovecot-solr  
pn  dovecot-sqlite
pn  dovecot-submissiond   
pn  ntp   

Versions of packages dovecot-core is related to:
ii  dovecot-core [dovecot-common]  1:2.3.21+dfsg1-3+b1
pn  dovecot-dev
pn  dovecot-gssapi 
pn  dovecot-imapd  
pn  dovecot-ldap   
pn  dovecot-lmtpd  
pn  dovecot-managesieved   
pn  dovecot-mysql  
pn  dovecot-pgsql  
pn  dovecot-pop3d  
pn  dovecot-sieve  
pn  dovecot-sqlite 

-- no debconf information

Bug#1063690: nftables: Segfault on named set or map definition in second table specification

2024-02-11 Thread Einhard Leichtfuß 
Package: nftables
Version: 0.9.8-3.1+deb11u2
Severity: important

Upon running `nft -f file.nft`, where `file.nft` specifies the same
table at least twice, and a named set or map is defined in the second
(or later) table specification, a segmentation fault is caused.

The specified ruleset appears to be correctly applied regardless.

Example `file.nft`:
---
table inet t0 {
}

table inet t0 {
set s0 {
type inet_service
elements = { 42 }
}
}
---

Note that both a named set and a named map definition cause the
segfault, while a (similarly simple) chain definition does not.

The only error message printed is "Segmentation fault\n".

Note that this causes nftables.service to fail if `/etc/nftables.conf`
contains such configuration (but the ruleset appears to be applied).

I cannot reproduce the bug with the preceding package version,
0.9.8-3.1+deb11u1, nor on Debian 12 Bookworm (nftables 1.0.6-2+deb12u2).


-- System Information:
Debian Release: 11.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'),
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nftables depends on:
ii  dpkg  1.20.13
ii  libc6 2.31-13+deb11u8
ii  libedit2  3.1-20191231-2+b1
ii  libnftables1  0.9.8-3.1+deb11u2

nftables recommends no packages.

Versions of packages nftables suggests:
pn  firewalld  

-- Configuration Files:
/etc/nftables.conf changed [not included]

-- no debconf information

Bug#1035350: postfix: postinst script modifies configuration files despite local changes

2023-05-01 Thread Einhard Leichtfuß 
Package: postfix
Version: 3.5.18-0+deb11u1
Severity: serious

Upon upgrade of postfix (due to `apt dist-upgrade`), the `master.cf`
[and `main.cf`] configuration files were modified by the postinst
script, despite existing local changes.

If I understand correctly, this violates Debian Policy 10.7.3 [0]:
"local changes must be preserved during a package upgrade".  This is why
I chose Severity "serious".

I would instead expect a handling similar to that of changed conffiles
(i.e., one is given an option to or is suggested to apply certain
modifications).


In `master.cf`, the following lines were appended:
> proxymap  unix  -   -   n   -   -   proxymap
> verifyunix  -   -   y   -   1   verify
> relay unix  -   -   n   -   -   smtp -o 
> smtp_fallback_relay=
> #   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5

See the `fix_master()` function in the postinst script.

(sidenote: The first two entries are the same as in
`/usr/share/postfix/master.cf.dist`, the last one is different.)


In `main.cf`, the following lines were appended:
> readme_directory = /usr/share/doc/postfix
> html_directory = /usr/share/doc/postfix/html

If I understand the postinst script correctly, this modification of
`main.cf` should only have happened upon first installation, which this
was not.  I was unable to reproduce this.  So maybe this modification
was indeed done earlier.

However, even upon initial installation (with pre-existing
configuration), this should, in my opinion, not happen.


The changes were accompanied by the following message:
> Setting up postfix (3.5.18-0+deb11u1) ...
> In master.cf:
>   adding missing entry for proxymap service
>   adding missing entry for verify service
>   adding missing entry for relay service
> 
> Postfix (main.cf) configuration was untouched.  If you need to make changes,
> edit /etc/postfix/main.cf (and others) as needed.  To view Postfix
> configuration values, see postconf(1).
> 
> After modifying main.cf, be sure to run 'systemctl reload postfix'.
The message that `main.cf` was untouched is displayed regardless of
whether the above noted modifications of `main.cf` are made.


I noticed that many actions in the postinst script are only run if
`[ "$mailer" != "No configuration" ]`.  I am unsure whether this case
would warrant the above mentioned modifications.  If so, maybe this
condition should be added to these modifications.


[0] https://www.debian.org/doc/debian-policy/ch-files.html#behavior



-- System Information:
Debian Release: 11.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-22-cloud-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages postfix depends on:
ii  adduser3.118
ii  cpio   2.13+dfsg-4
ii  debconf [debconf-2.0]  1.5.77
ii  dpkg   1.20.12
ii  e2fsprogs  1.46.2-2
ii  libc6  2.31-13+deb11u6
ii  libdb5.3   5.3.28+dfsg1-0.8
ii  libicu67   67.1-7
ii  libnsl21.3.0-2
ii  libsasl2-2 2.1.27+dfsg-2.1+deb11u1
ii  libssl1.1  1.1.1n-0+deb11u4
ii  lsb-base   11.1.0
ii  netbase6.3
ii  ssl-cert   1.1.0+nmu1

Versions of packages postfix recommends:
ii  ca-certificates  20210119
ii  python3  3.9.2-3

Versions of packages postfix suggests:
ii  bsd-mailx [mail-reader]8.1.2-0.20180807cvs-2
ii  dovecot-core [dovecot-common]  1:2.3.13+dfsg1-2+deb11u1
pn  postfix-cdb
ii  postfix-doc3.5.18-0+deb11u1
pn  postfix-ldap   
pn  postfix-lmdb   
pn  postfix-mysql  
pn  postfix-pcre   
ii  postfix-pgsql  3.5.18-0+deb11u1
pn  postfix-sqlite 
pn  procmail   
pn  resolvconf 
pn  ufw

-- debconf information:
  postfix/relay_restrictions_warning:
  postfix/bad_recipient_delimiter:
  postfix/destinations: $myhostname, myfancyhostname,
localhost.localdomain, , localhost
  postfix/newaliases: false
  postfix/not_configured:
  postfix/main_cf_conversion_warning: true
  postfix/procmail: false
  postfix/mailname: myfancyhostname
  postfix/sqlite_warning:
  postfix/mailbox_limit: 0
  postfix/protocols: all
  postfix/dynamicmaps_conversion_warning:
  postfix/tlsmgr_upgrade_warning:
  postfix/kernel_version_warning:
  postfix/root_address:
  postfix/mynetworks: 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
  postfix/lmtp_retired_warning: true
  postfix/retry_upgrade_warning:
  postfix/recipient_delim: +
  postfix/chattr: false
* postfix/main_mailer_type: No