Bug#1025420: exim4: ${run}expansion fail Bug stiill open [TT#2568022]

2023-10-26 Thread SerNet Support Kevin Ivory 

oh, well, thanks for analysing that.
Sorry, I didn't notice the change myself.

Am 25.10.23 um 16:24 schrieb Andreas Metzler:

On 2023-10-23 SerNet Support Kevin Ivory  wrote:
[...]

That binary does not fix the problem of quote with space included:



# /usr/sbin/exim4 -be '${run{/usr/bin/echo ${quote:hello world}}}'
Failed: Expansion of "${quote:hello" from command "/usr/bin/echo ${quote:hello 
world}" in ${run} expansion failed: missing } at end of string

[...]

${run expansion changed in 4.96:
"If the option preexpand is not used, the command string is split into
individual arguments by spaces and then each argument is expanded."

i.e.
 /usr/bin/echo ${quote:hello world}
is split into
 /usr/bin/echo
 ${quote:hello
 world}
and the second string yields an expansion error.
Use
/usr/sbin/exim4 -be '${run,preexpand{/usr/bin/echo ${quote:hello world}}}'
to get the old behavior.


Beste Grüße
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de
Datenschutz: https://www.sernet.de/datenschutz

Besuchen Sie den SerNet Stammtisch
Nächster Termin, Infos & Anmeldung
unter https://sernet.de/stammtisch

Bug#1025420: exim4: ${run}expansion fail Bug stiill open [TT#2568022]

2023-10-23 Thread SerNet Support Kevin Ivory 

Hi Andreas,

I installed the package
https://people.debian.org/~ametzler/tmp/exim4-daemon-heavy_4.96-15+deb12u2+almostu3_amd64.deb

The binary /usr/sbin/exim4 inside is from Sept 3rd:
-rwsr-xr-x 1 root root 1575384 2023-09-03 13:34 /usr/sbin/exim4

That binary does not fix the problem of quote with space included:

# /usr/sbin/exim4 -be '${run{/usr/bin/echo ${quote:hello world}}}'
Failed: Expansion of "${quote:hello" from command "/usr/bin/echo ${quote:hello 
world}" in ${run} expansion failed: missing } at end of string

Am 23.10.23 um 18:06 schrieb Andreas Metzler:

I have uploaded pre built binaries to
https://people.debian.org/~ametzler/tmp/


Best regards
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen and Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de
Datenschutz: https://www.sernet.de/datenschutz

Bug#1025420: exim4: ${run}expansion fail Bug stiill open [TT#2568022]

2023-10-23 Thread SerNet Support Kevin Ivory 

Hello Andreas,

thanks for the info.
I am not familiar with the Repository format at
https://salsa.debian.org/exim-team/exim4/-/tree/12_bookworm?ref_type=heads

Is there a binary or a package that I can test or do
I have to patch and compile?

Am 23.10.23 um 14:29 schrieb Andreas Metzler:

On 2023-10-18 SerNet Support Kevin Ivory  wrote:

Hello Andreas,



I just realized Debian Bug #1025420 is closed even though
we are still running into it in exim 4.96-15+deb12u2



Please try:



# /usr/sbin/exim4 -be '${run{/usr/bin/echo ${quote:hello world}}}'
Failed: Expansion of "${quote:hello" from command "/usr/bin/echo ${quote:hello 
world}" in ${run} expansion failed: missing } at end of string



The bug is only fixed for exactly the version in the bug
report, variables with no space included. We need to use
${quote:$h_subject:} where the subject often includes
spaces.


Hello,

Yes, I now that. I had a stable update pending for the latest point
release but I pulled it because there needed to be DSA for CVE-2023-42114,
CVE-2023-42115, CVE-2023-42116 at basically the same time.

I would appreciate if you could check whether
https://salsa.debian.org/exim-team/exim4/-/tree/12_bookworm?ref_type=heads
works for you.

cu Andreas


Best regards
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen and Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de
Datenschutz: https://www.sernet.de/datenschutz

Bug#965012: RFT: squid3 3.5.23-5+deb9u5, please test [TT#2407228]

2020-09-29 Thread SerNet Support Kevin Ivory 

Hi Markus,

thanks for investing even more time. All tests so far look good.
The examples we had work correctly now.
The http://:0 messages in the Avira Icap usage have ended as well.

Am 29.09.20 um 00:11 schrieb Markus Koschany:

[adding Andreas and Kevin to CC who helped with testing past squid3 updates]

Hello,

I have uploaded a new version of squid3 for Stretch to people.debian.org.

https://people.debian.org/~apo/lts/squid3/stretch/

It contains fixes for CVE-2020-15049, CVE-2020-15810, CVE-2020-15811 and
CVE-2020-24606. Let me know if you find any regressions from
the current released version 3.5.23-5+deb9u4.



Best regards
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de

Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327]

2020-09-25 Thread SerNet Support Kevin Ivory 

Hi Markus,

Oliver had submitted a bug report to Avira OEM integration support and
they have finally analyzed the problem. The developer states that it is
a problem of the (Debian or Mint) Squid build that does not occur in a
vanilla build of the standard squid3 package. German message below.

I will try a translation here:

"after analyzing the situation, our development confirms this behavior
with Linux Mint squid version 3.527 as well.
To all appearances, the squid server answers the request with "http://:0";
URL so that ICAP answers the same.

Excerpt of cache.log: (see below)
...

Our developer then compiled a stock Squid version 3.5.27 with similar
compiler flags as the default squid. This version did not reply with
" http://:0"; URL.
We cannot decide if this problem occurs if it is a problem with the
squid build or a random error."

### end of my translation

Here the original statement in German language:

##- Please type your reply above this line -##

Your request (303525) been updated. To add additional comments, reply to this 
email.

Gerhard Boscher (Avira OEM Integration Support)

Sep 25, 2020, 10:44 GMT+2
Hallo Herr Ivory,

nach Untersuchung der Situation stellte unsere Entwicklung bpsw. ebenso mit der 
default Version von Squid unter Linux Mint  - 3.527. ein gleiches Verhalten 
fest.
Allen Anschein nach sendet bereits der Squid Server die "http://:0"; URLs auf 
einen Request, so dass ICAP diese in seiner Antwort ebenfalls wiedergibt.

Auszug aus der cache.log:

2020/09/07 14:14:22.182 kid1| 93,9| ModXact.cc(198) handleCommConnected: will 
write [FD 12r;rw(1)G/R job9]:
REQMOD icap://127.0.0.1:1344/service_scanner-reqmod ICAP/1.0
Host: 127.0.0.1:1344
Date: Mon, 07 Sep 2020 12:14:22 GMT
Encapsulated: req-hdr=0, null-body=233
Allow: 204
HEAD http://:0 HTTP/1.0
User-Agent: w3m/0.5.3+git20170102
Accept: text/html, text/*;q=0.5, image/*, application/*, message/*
Accept-Encoding: gzip, compress, bzip, bzip2, deflate
Accept-Language: en;q=1.0
Host: www.sernet.de


Nachdem unser Entwickler eine Squid  Version 3.5.27 selbst kompilierte , dabei ähnliche 
Flags verwendete wie die beim system default squid, arbeitete diese Version ohne dass die 
"http://:0"; URL auftrat.
Wir können abschließend leider nicht sagen ob dies eine Problematik des Squid 
Servers ist die bei system-default builds auftritt oder evtl. zufällig.

Mit freundlichen Grüßen / Best regards

Gerhard Boscher
Specialist OEM Integration Support Engineer




Am 04.09.20 um 15:09 schrieb Markus Koschany:

Hello Oliver,

Am 04.09.20 um 09:44 schrieb SerNet Support Oliver Seufer:

Hello Markus,

This is Oliver. I just did some more troubleshooting and I found the error
message in the debug logfile:
kid1| 23,3| url.cc(471) urlParse: urlParse: Split URL 'http://:0' into 
proto='http', host='', port='0', path='/'
kid1| 23,3| url.cc(492) urlParse: urlParse: Invalid port '0'


[...]

So my initial thought is that squid works correctly in this case. This
is the header which squid needs to parse.


ICAP/1.0 200 OK
ISTag: "10017;4140202;836248;8189206"
Server: AVIRA ICAP (1.21.1.61)
X-Response-Info: Clean
Encapsulated: req-hdr=0, null-body=215

HEAD http://:0 HTTP/1.0

User-Agent: w3m/0.5.3+git20170102
Accept: text/html, text/*;q=0.5, image/*, application/*, message/*
Accept-Language: en;q=1.0
Host: www.sernet.de
Accept-Encoding: gzip,bzip2,deflate

The

HEAD http://:0 HTTP/1.0

is weird. It starts with the http protocol but there is no domain name
and port 0 obviously does not exist. This probably used to work because
the squid3 parser was less strict before. I would try to change the
output of your AVIRA server. Is there a reason why it has to send this
specific HEAD line in the first place and can you modify it?



Best regards
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de

Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327]

2020-08-28 Thread SerNet Support Kevin Ivory 

Hello Markus,

we are having problems extracting a test case with debug data.
The problem arises sporadically on our customer systems with
HTTP POST or PUT, rarely with GET, sometimes with out HTTP
monitoring, sometimes with Debian updates.
Since I haven't been able to create a test case on our debug
vm system, I have created a debug file on a customer system.
Since the POST data might be critical to the customer,
is there any way to extract only the data you need?

All cases in my debug log (46 GB) seem to be of a POST
that is logged in access.log as
2020-08-27 11:29:24   1243 172.16.100.3 TAG_NONE/500 3640 POST 
http://srv1.first-businesspost.com/viper? - HIER_NONE/- text/html
The debug cache.log does contain SenderID= and Secret=

Am 18.08.20 um 21:38 schrieb Markus Koschany:

On Tue, 18 Aug 2020 13:37:30 +0200 SerNet Support Kevin Ivory
 wrote:

Hi Markus,

On Thu, 13 Aug 2020 21:56:14 +0200 Markus Koschany  wrote:

Version: 3.5.23-5+deb9u3


thanks for the work on the patches. We have two different ICAP dependent
packages. After installing squid 3.5.23-5+deb9u3, ICAP worked for
Avira ICAP, but it did not work for our squid-redirector package for
BPjM index file.

The cache.log shows
2020/08/18 07:24:04 kid1| suspending ICAP service for too many failures
2020/08/18 07:24:04 kid1| essential ICAP service is suspended: 
icap://127.0.0.1:1344/service_scanner-reqmod [down,susp,fail11]

I guess its time for me to set up a test machine for debugging output.


The default debug level shows not enough information to reproduce or
understand the problem. Please set debug_options to ALL,9 and send me
your cache.log and squid.conf file via private email.



Regards
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de

Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327]

2020-08-18 Thread SerNet Support Kevin Ivory 

Hi Markus,

On Thu, 13 Aug 2020 21:56:14 +0200 Markus Koschany  wrote:

Version: 3.5.23-5+deb9u3


thanks for the work on the patches. We have two different ICAP dependent
packages. After installing squid 3.5.23-5+deb9u3, ICAP worked for
Avira ICAP, but it did not work for our squid-redirector package for
BPjM index file.

The cache.log shows
2020/08/18 07:24:04 kid1| suspending ICAP service for too many failures
2020/08/18 07:24:04 kid1| essential ICAP service is suspended: 
icap://127.0.0.1:1344/service_scanner-reqmod [down,susp,fail11]

I guess its time for me to set up a test machine for debugging output.

Best reagrds
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de

Bug#965012: /usr/sbin/squid: ICAP-Error after Upgrade from 3.5.23-5+deb9u1 to 3.5.23-5+deb9u2 [TT#2398327]

2020-08-03 Thread SerNet Support Kevin Ivory 

Just for the sake of completeness: we have this problem as well
and still have many systems with Debian Stretch that need Squid Icap
to communicate with Avira Savapi antivirus. Because this bugs hits
us as well, we are now holding on to version 3.5.23-5+deb9u1.

On Mon, 27 Jul 2020 00:15:18 +0200 Markus Koschany  wrote:

Hello Andreas,

On Tue, 14 Jul 2020 13:57:48 +0200 Andreas Schulz
 wrote:
> Package: squid
> Version: 3.5.23-5+deb9u2.1
> Severity: important
> File: /usr/sbin/squid
> 
> Dear Maintainer,
> 
> We installed the security update deb9u2 and learned that no more

> http-access (with icap) was possible.


I am not the maintainer but I have prepared the security update for
squid3 in Stretch. So far you are the only one who reported this
problem. I had sent a request for testing but never received any
feedback. [1] Please note that Stretch is now supported by the LTS team.
We have a dedicated mailing list where you can report problems dedicated
to packages in Stretch called debian-...@lists.debian.org.

Could you set debug_options to ALL,9 (which should enable full debugging
according to the squid wiki) and reproduce the issue again? Please
attach the complete log either to this bug report or send it to me via
private email directly.

The patch for CVE-2019-12523 contains only one line that appears to
touch icap related code in src/adaptation/icap/ModXact.cc. I have
reverted this change and attached a new CVE-2019-12523.patch. Could you
apply it and report back if it makes any difference? Otherwise only the
debug log could help to narrow down the problem.

Regards,

Markus



[1] https://lists.debian.org/debian-lts/2020/07/msg00018.html


Best regards
Kevin Ivory (SerNet Support)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-37-0, mailto:kont...@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de