Bug#1004682: src:pure-ftpd: fails to migrate to testing for too long: uploader built arch:all binaries
On 31/01/2022 19:39, Paul Gevers wrote: Source: pure-ftpd Version: 1.0.49-4.1 Severity: serious Control: close -1 1.0.50-2 Tags: sid bookworm pending User: release.debian@packages.debian.org Usertags: out-of-sync Dear maintainer(s), The Release Team considers packages that are out-of-sync between testing and unstable for more than 60 days as having a Release Critical bug in testing [1]. Your package src:pure-ftpd has been trying to migrate for 61 days [2]. Hence, I am filing this bug. If a package is out of sync between unstable and testing for a longer period, this usually means that bugs in the package in testing cannot be fixed via unstable. Additionally, blocked packages can have impact on other packages, which makes preparing for the release more difficult. Finally, it often exposes issues with the package and/or its (reverse-)dependencies. We expect maintainers to fix issues that hamper the migration of their package in a timely manner. This bug will trigger auto-removal when appropriate. As with all new bugs, there will be at least 30 days before the package is auto-removed. I have immediately closed this bug with the version in unstable, so if that version or a later version migrates, this bug will no longer affect testing. I have also tagged this bug to only affect sid and bookworm, so it doesn't affect (old-)stable. Your package is only blocked because the arch:all binary package(s) aren't built on a buildd. Unfortunately the Debian infrastructure doesn't allow arch:all packages to be properly binNMU'ed. Hence, I will shortly do a no-changes source-only upload to DELAYED/15, closing this bug. Please let me know if I should delay or cancel that upload. Paul [1] https://lists.debian.org/debian-devel-announce/2020/02/msg5.html [2] https://qa.debian.org/excuses.php?package=pure-ftpd Hello Paul, I will do a source-only upload in the next few days. Thanks for the report. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. OpenPGP_signature Description: OpenPGP digital signature
Bug#965723: mhonarc: diff for NMU version 2.6.19-2.2
Control: tags 965723 + patch Control: tags 965723 + pending Dear maintainer, I've prepared an NMU for mhonarc (versioned as 2.6.19-2.2) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. Regards. diff -u mhonarc-2.6.19/debian/changelog mhonarc-2.6.19/debian/changelog --- mhonarc-2.6.19/debian/changelog +++ mhonarc-2.6.19/debian/changelog @@ -1,3 +1,10 @@ +mhonarc (2.6.19-2.2) unstable; urgency=medium + + * Non-maintainer upload. + * Increased debhelper compat level to 11 (closes: #965723) + + -- Stefan Hornburg (Racke) Sat, 25 Dec 2021 07:39:51 +0100 + mhonarc (2.6.19-2.1) unstable; urgency=medium * Non maintainer upload by the Reproducible Builds team. diff -u mhonarc-2.6.19/debian/compat mhonarc-2.6.19/debian/compat --- mhonarc-2.6.19/debian/compat +++ mhonarc-2.6.19/debian/compat @@ -1 +1 @@ -5 \ No newline at end of file +11 \ No newline at end of file diff -u mhonarc-2.6.19/debian/control mhonarc-2.6.19/debian/control --- mhonarc-2.6.19/debian/control +++ mhonarc-2.6.19/debian/control @@ -3,7 +3,7 @@ Priority: optional Maintainer: Jeff Breidenbach Standards-Version: 3.9.6 -Build-Depends: debhelper (>=5) +Build-Depends: debhelper (>=11) Package: mhonarc Architecture: all
Bug#943874: pure-ftpd: pure-ftp error on upgrade
On 1/18/21 11:55 PM, Andreas Beckmann wrote: > Followup-For: Bug #943874 > Control: tag -1 patch pending > > Hi, > > I'm attaching a patch that tries to clean up the docdir symlink mess. > The package is already uploaded to DELAYED/5. > > > Andreas > Thanks a lot for your fixes! Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#961491: CVE-2020-10936: Security flaws in setuid wrappers
On 12/7/20 10:52 AM, Sylvain Beucler wrote: > Hi, > > On Sat, 10 Oct 2020 09:45:42 +0300 "Stefan Hornburg (Racke)" > wrote: >> On 10/7/20 3:03 PM, Sylvain Beucler wrote: >> > I noticed this local root escalation yesterday and I'm working on a >> > Stretch LTS update. >> > See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 >> > > Are there plans to update buster? >> >> Hello Sylvain, >> >> thanks a lot of for your patch! >> >> I will talk to the security team concerning buster. > > This high-severity issue was marked with: > [buster] - sympa (Will be fixed via point release) > > Consequently I am surprised that it wasn't part of last week's Debian 10.7 > point release. > > What happened? > Can we consider switching to a DSA? > > Sylvain Beucler > Debian LTS Team > > Yes, sorry I missed that point release. If you want a DSA, that's fine for me. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. OpenPGP_signature Description: OpenPGP digital signature
Bug#961491: fixed in sympa 6.2.40~dfsg-5
On 10/7/20 3:03 PM, Sylvain Beucler wrote: > Hi, > > I noticed this local root escalation yesterday and I'm working on a > Stretch LTS update. > See also https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 > > Are there plans to update buster? > > Cheers! > Sylvain > Hello Sylvain, thanks a lot of for your patch! I will talk to the security team concerning buster. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#961491: CVE-2020-10936: Security flaws in setuid wrappers
package: sympa severity: critical tags: upstream security patch Security advisory: https://sympa-community.github.io/security/2020-002.html Excerpt: --snip-- A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers: FastCGI wrappers newaliases wrapper The FastCGI wrappers (wwsympa-wrapper.fcgi and sympa_soap_server-wrapper.fcgi) were used to make the web interface running under privileges of a dedicated user. The newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update the alias database with root privileges. Since these setuid wrappers did not clear environment variables, if environment variables like PERL5LIB were injected, forged code might be loaded and executed under privileges of setuid-ed users. --snap-- Affects all versions of Sympa. Patch is attached. The following change should also be considered to switch off installation as setuid, which is not needed in most cases: https://github.com/sympa-community/sympa/pull/944/commits/bc9579c7abddc77c92ad51897bd16aba12383d5f See also https://github.com/sympa-community/sympa/issues/943#issuecomment-633278517 which claims that the patch is incomplete. CVE is not yet published. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. commit 3f8449c647e5ab32cf6f8837cb600c1756b6189c Author: IKEDA Soji Date: Fri Mar 27 21:28:18 2020 +0900 Sympa SA 2020-002 (candidate): Setuid wrappers should clear environment variables to avoid exploits. diff --git a/src/cgi/sympa_soap_server-wrapper.fcgi.c b/src/cgi/sympa_soap_server-wrapper.fcgi.c index f4c6a66..435d40c 100644 --- a/src/cgi/sympa_soap_server-wrapper.fcgi.c +++ b/src/cgi/sympa_soap_server-wrapper.fcgi.c @@ -6,6 +6,9 @@ Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER + Copyright 2020 The Sympa Community. See the AUTHORS.md + file at the top-level directory of this distribution and at + <https://github.com/sympa-community/sympa.git>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,8 +27,10 @@ #include int main(int argn, char **argv, char **envp) { +char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; + setreuid(geteuid(),geteuid()); setregid(getegid(),getegid()); argv[0] = SYMPASOAP; -return execve(SYMPASOAP,argv,envp); +return execve(SYMPASOAP, argv, myenvp); } diff --git a/src/cgi/wwsympa-wrapper.fcgi.c b/src/cgi/wwsympa-wrapper.fcgi.c index c66c7f8..34198ec 100644 --- a/src/cgi/wwsympa-wrapper.fcgi.c +++ b/src/cgi/wwsympa-wrapper.fcgi.c @@ -6,6 +6,9 @@ Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER + Copyright 2020 The Sympa Community. See the AUTHORS.md + file at the top-level directory of this distribution and at + <https://github.com/sympa-community/sympa.git>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,8 +27,10 @@ #include int main(int argn, char **argv, char **envp) { +char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; + setreuid(geteuid(),geteuid()); // Added to fix the segfault setregid(getegid(),getegid()); // Added to fix the segfault argv[0] = WWSYMPA; -return execve(WWSYMPA,argv,envp); +return execve(WWSYMPA, argv, myenvp); } diff --git a/src/libexec/sympa_newaliases-wrapper.c b/src/libexec/sympa_newaliases-wrapper.c index a399218..a1e5935 100644 --- a/src/libexec/sympa_newaliases-wrapper.c +++ b/src/libexec/sympa_newaliases-wrapper.c @@ -6,6 +6,9 @@ Copyright (c) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Comite Reseau des Universites Copyright (c) 2011, 2012, 2013, 2014, 2015, 2016, 2017 GIP RENATER + Copyright 2020 The Sympa Community. See the AUTHORS.md + file at the top-level directory of this distribution and at + <https://github.com/sympa-community/sympa.git>. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,8 +27,10 @@ #include int main(int argn, char **argv, char **envp) { +char *myenvp[] = { "IFS= \t\n", "PATH=/bin:/usr/bin", NULL }; + setreuid(geteuid(),geteuid()); setregid(getegid(),getegid()); argv[0] = SYMPA_NEWALIASES; -return execve(SY
Bug#952428: Security flaws in CSRF prevention
package: sympa severity: critical version: 6.2.40~dfsg-3 tags: patch A vulnerability has been discovered in Sympa web interface that can cause denial of service (DoS) attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it allows to originate excessive notification messages to listmasters. Full advisory: https://sympa-community.github.io/security/2020-001.html Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. From 9b86fb3f0337d70221d63392db7d1a52b439dc8f Mon Sep 17 00:00:00 2001 From: IKEDA Soji Date: Tue, 11 Feb 2020 17:52:22 +0900 Subject: [PATCH] Sympa SA 2020-001 (candidate). Denial of service caused by malformed CSRF token. --- src/cgi/wwsympa.fcgi.in | 25 +++-- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/src/cgi/wwsympa.fcgi.in b/src/cgi/wwsympa.fcgi.in index 2eb8aec..c7b5195 100644 --- a/src/cgi/wwsympa.fcgi.in +++ b/src/cgi/wwsympa.fcgi.in @@ -992,9 +992,6 @@ our %in_regexp = ( # Role 'role' => 'member|editor|owner', - -## CSRF token is a lower case MD5 hash -'csrftoken' => '^[0-9a-f]{32}$', ); ## Regexp applied on incoming parameters (%in) @@ -1262,8 +1259,6 @@ while ($query = CGI::Fast->new) { # affected to another anonymous session. undef $ENV{'HTTP_COOKIE'}; unless (defined $session) { -Sympa::send_notify_to_listmaster($robot, -'failed_to_create_web_session', {}); wwslog('info', 'Failed to create session'); $session = Sympa::WWW::Session->new($robot, {}); } @@ -2149,32 +2144,18 @@ sub get_parameters { if ($one_p !~ /^$regexp$/s || (defined $negative_regexp && $one_p =~ /$negative_regexp/s) ) { -## Dump parameters in a tmp file for later analysis -my $dump_file = - Conf::get_robot_conf($robot, 'tmpdir') -. '/sympa_dump.' -. time . '.' -. $PID; -unless (open DUMP, ">$dump_file") { -wwslog('err', 'Failed to create %s: %s', -$dump_file, $ERRNO); -} -Sympa::Tools::Data::dump_var(\%in, 0, \*DUMP); -close DUMP; - Sympa::WWW::Report::reject_report_web('user', 'syntax_errors', {p_name => $p}, '', ''); wwslog( 'err', -'Syntax error for parameter %s value "%s" not conform to regexp:%s; dumped vars in %s', +'Syntax error for parameter %s value "%s" not conform to regexp:%s', $pname, $one_p, -$regexp, -$dump_file +$regexp ); $in{$p} = ''; -next; +last; } } } -- 1.8.3.1 signature.asc Description: OpenPGP digital signature
Bug#940505: pure-ftpd: TLS 1.3 support broken
On 9/16/19 3:53 PM, Thomas Deutschmann wrote: > Source: pure-ftpd > Severity: grave > Justification: causes non-serious data loss > > Dear Maintainer, > > please consider disabling TLS 1.3 support. > > While you added TLS 1.3 compatibility through bug 918630, this uncovered > a grave bug in pure-ftpd, see https://github.com/jedisct1/pure-ftpd/issues/102 > or https://bugzilla.redhat.com/show_bug.cgi?id=1654838#c5 > > It's fixed in newer pure-ftpd versions. However, it's not easy to backport > because upstream refactored TLS code while fixing this bug. > > That's why I am requesting to disable TLS 1.3 to avoid data loss. So this affects the package version 1.0.47-3 in stable + testing? And the problem is supposed to fixed in the latest version ... I will take a look. Regards Racke > > > -- System Information: > Debian Release: 9.9 > APT prefers stable > APT policy: (1001, 'stable'), (990, 'oldstable'), (500, 'oldstable-updates') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), > LANGUAGE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. signature.asc Description: OpenPGP digital signature
Bug#671644: Login problem confirmed
Hello Daniel, sorry for the very, very late answer to your bug report. This problem still exists in current Sympa and I actually suspect that you are correct and this a problem with Cookie handling. It actually results in *changing* the current password. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#909383: Patch to skip install for Xemacs21
Hello, attached is a patch to skip install of python-mode for Xemacs21. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible. --- python-mode-6.2.3/debian/emacsen-install 2017-01-17 22:33:55.0 +0100 +++ python-mode-6.2.3-fixed/debian/emacsen-install 2018-12-01 11:21:02.899381546 +0100 @@ -20,6 +20,11 @@ exit 0 fi +if [ ${FLAVOR} = xemacs21 ]; then +echo "$PACKAGE fails on ((string-to-syntax)) - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909383; +exit 0 +fi + echo install/${PACKAGE}: Handling install for emacsen flavor ${FLAVOR} FLAVORTEST=`echo $FLAVOR | cut -c-6` signature.asc Description: OpenPGP digital signature
Bug#909383: xemacs21 stale
I think the main problem is that xemacs21 is quite stale, latest upstream release dating back to 2013. Thus it doesn't support (string-to-syntax) Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#909383: Fails to install
This even happens on a normal system - looks like it enters an infinite loop: Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Loading 20apel... Loading 50flim... Loading 50w3m-el... Regards from BSP in Bern Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.
Bug#877173: Critical Errors in 6.2.20 Release
Package: sympa Version: 6.2.20~dfsg-2 Severity: serious upgrade_send_spool.pl could leave some messages not upgraded [diff] "sympa.pl --change_user_email" was broken GH #65 Next release is planned for 1st of October. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863631: Also affects sympa: trashes configuration on update without asking
On 07/05/2017 10:42 PM, Daniel Gnoutcheff wrote: > Control: found -1 6.1.23~dfsg-2+deb8u1 > > I've experienced this on jessie as well when upgrading from > 6.1.23~dfsg-2 to 6.1.23~dfsg-2+deb8u1 for the 8.7 point release. > > The listmaster directive in /etc/sympa/sympa.conf got clobbered, locking > me out of my own server until I tracked this down. > I can confirm that the listmaster was reset to default on the following upgrade: -sympa 6.1.23~dfsg-2+deb8u1 amd64 +sympa 6.2.16~dfsg-3 amd64 I will try to find a solution for this bad mistake on upgrade. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. signature.asc Description: OpenPGP digital signature
Bug#868720: sympa FTBFS: configure: error: invalid value /usr/sbin/newaliases for newaliases command
On 07/18/2017 01:02 AM, Adrian Bunk wrote: > Source: sympa > Version: 6.2.16~dfsg-4 > Severity: serious > > https://buildd.debian.org/status/package.php?p=sympa=sid > > ... > checking for pod2man... /usr/bin/pod2man > checking for makemap... /usr/bin/makemap > checking user-supplied newaliases command... non-existing > configure: error: invalid value /usr/sbin/newaliases for newaliases command > > Apparently sympa checks for the presence of this binary on the build system. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in
On 06/10/2017 02:02 PM, Andreas Beckmann wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package modifies conffiles. > This is forbidden by the policy, see > https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files > > 10.7.3: "[...] The easy way to achieve this behavior is to make the > configuration file a conffile. [...] This implies that the default > version will be part of the package distribution, and must not be > modified by the maintainer scripts during installation (or at any > other time)." > > Note that once a package ships a modified version of that conffile, > dpkg will prompt the user for an action how to handle the upgrade of > this modified conffile (that was not modified by the user). > > Further in 10.7.3: "[...] must not ask unnecessary questions > (particularly during upgrades) [...]" > > If a configuration file is customized by a maintainer script after > having asked some debconf questions, it may not be marked as a > conffile. Instead a template could be installed in /usr/share and used > by the postinst script to fill in the custom values and create (or > update) the configuration file (preserving any user modifications!). > This file must be removed during postrm purge. > ucf(1) may help with these tasks. > See also https://wiki.debian.org/DpkgConffileHandling > > In https://lists.debian.org/debian-devel/2012/09/msg00412.html and > followups it has been agreed that these bugs are to be filed with > severity serious. > > debsums reports modification of the following files, > from the attached log (scroll to the bottom...): > > 3m56.7s ERROR: FAIL: debsums reports modifications inside the chroot: > debsums: missing file /etc/sympa/sympa.conf-smime.in (from sympa package) > > > If the conffile is actually obsolete, please use > dpkg-maintscript-helper rm_conffile > to remove it properly (also from dpkg's database). > > > cheers, > > Andreas > Patch attached. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. commit eede19d78fe07fcf0b0b888efd0bcf40ade9f2f4 Author: Stefan Hornburg (Racke) <ra...@linuxia.de> Date: Sat Jun 24 19:56:37 2017 +0200 Add call for removing sympa.conf-smime.in by maintainer scripts. diff --git a/debian/sympa.maintscript b/debian/sympa.maintscript index 05f3dc1..62e713d 100644 --- a/debian/sympa.maintscript +++ b/debian/sympa.maintscript @@ -1 +1,2 @@ rm_conffile /etc/sympa/sympa/sympa.conf "6.2.16~dfsg-2~" +rm_conffile /etc/sympa/sympa.conf-smime.in "6.2.16~dfsg-4~" commit 21830c49e4f545bf1b8f6e2118a68859350d834f Author: Stefan Hornburg (Racke) <ra...@linuxia.de> Date: Sun Jun 18 15:53:42 2017 +0200 Remove /etc/sympa/sympa.conf-smime.in from conffiles (#864546). diff --git a/debian/sympa.install b/debian/sympa.install index 22ce80c..3f16eea 100644 --- a/debian/sympa.install +++ b/debian/sympa.install @@ -3,7 +3,6 @@ debian/conf/rsyslog/facilityetc/sympa debian/conf/apache2/sympa.conf etc/apache2/conf-available debian/conf/apache2/sympa-soap.conf etc/apache2/conf-available debian/conf/auth.conf etc/sympa -debian/conf/sympa.conf-smime.in etc/sympa debian/conf/topics.conf etc/sympa #debian/dbconfig-common/*usr/share/dbconfig-common/data/sympa src/bin/sympa_soap_client.plusr/share/doc/sympa/examples/script
Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in
On 06/10/2017 03:06 PM, Stefan Hornburg (Racke) wrote: > On 06/10/2017 02:02 PM, Andreas Beckmann wrote: >> Package: sympa >> Version: 6.2.16~dfsg-3 >> Severity: serious >> User: debian...@lists.debian.org >> Usertags: piuparts >> >> Hi, >> >> during a test with piuparts I noticed your package modifies conffiles. >> This is forbidden by the policy, see >> https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files >> >> 10.7.3: "[...] The easy way to achieve this behavior is to make the >> configuration file a conffile. [...] This implies that the default >> version will be part of the package distribution, and must not be >> modified by the maintainer scripts during installation (or at any >> other time)." >> >> Note that once a package ships a modified version of that conffile, >> dpkg will prompt the user for an action how to handle the upgrade of >> this modified conffile (that was not modified by the user). >> >> Further in 10.7.3: "[...] must not ask unnecessary questions >> (particularly during upgrades) [...]" >> >> If a configuration file is customized by a maintainer script after >> having asked some debconf questions, it may not be marked as a >> conffile. Instead a template could be installed in /usr/share and used >> by the postinst script to fill in the custom values and create (or >> update) the configuration file (preserving any user modifications!). >> This file must be removed during postrm purge. >> ucf(1) may help with these tasks. >> See also https://wiki.debian.org/DpkgConffileHandling >> >> In https://lists.debian.org/debian-devel/2012/09/msg00412.html and >> followups it has been agreed that these bugs are to be filed with >> severity serious. >> >> debsums reports modification of the following files, >> from the attached log (scroll to the bottom...): >> >> 3m56.7s ERROR: FAIL: debsums reports modifications inside the chroot: >> debsums: missing file /etc/sympa/sympa.conf-smime.in (from sympa package) >> >> >> If the conffile is actually obsolete, please use >> dpkg-maintscript-helper rm_conffile >> to remove it properly (also from dpkg's database). >> > > This file looks like an artifact, so we are probably going to remove it. > > Regards >Racke > It is definitely an artifact, as the SMIME configuration was integrated into main configuration file. Thanks for your hint above how to deal with it. Regards Racke >> >> cheers, >> >> Andreas >> > > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#864546: sympa: shipped file missing after upgrade from jessie to stretch: /etc/sympa/sympa.conf-smime.in
On 06/10/2017 02:02 PM, Andreas Beckmann wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package modifies conffiles. > This is forbidden by the policy, see > https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files > > 10.7.3: "[...] The easy way to achieve this behavior is to make the > configuration file a conffile. [...] This implies that the default > version will be part of the package distribution, and must not be > modified by the maintainer scripts during installation (or at any > other time)." > > Note that once a package ships a modified version of that conffile, > dpkg will prompt the user for an action how to handle the upgrade of > this modified conffile (that was not modified by the user). > > Further in 10.7.3: "[...] must not ask unnecessary questions > (particularly during upgrades) [...]" > > If a configuration file is customized by a maintainer script after > having asked some debconf questions, it may not be marked as a > conffile. Instead a template could be installed in /usr/share and used > by the postinst script to fill in the custom values and create (or > update) the configuration file (preserving any user modifications!). > This file must be removed during postrm purge. > ucf(1) may help with these tasks. > See also https://wiki.debian.org/DpkgConffileHandling > > In https://lists.debian.org/debian-devel/2012/09/msg00412.html and > followups it has been agreed that these bugs are to be filed with > severity serious. > > debsums reports modification of the following files, > from the attached log (scroll to the bottom...): > > 3m56.7s ERROR: FAIL: debsums reports modifications inside the chroot: > debsums: missing file /etc/sympa/sympa.conf-smime.in (from sympa package) > > > If the conffile is actually obsolete, please use > dpkg-maintscript-helper rm_conffile > to remove it properly (also from dpkg's database). > This file looks like an artifact, so we are probably going to remove it. Regards Racke > > cheers, > > Andreas > -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863701: sympa: insists that cookie has changed when it hasn't
On 05/30/2017 03:38 PM, Dominik George wrote: > Hi, > >> In this case the head command might not be in the path Sympa is seeing. >> Could you please test if >> `/usr/bin/head ...` works for you? > > Yes, it does. > > -nik > OK, thanks a lot. I'll adjust the default settings for the configuratoin in the packaging code and also poke the Sympa community for configuration file inclusion. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863701: sympa: insists that cookie has changed when it hasn't
On 05/30/2017 10:35 AM, Dominik George wrote: > Hi, > >> The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian >> package, >> so this hasn't changed? > > Confirmed. > >> >> What are the permissions of the cookie file? > > 640 owned by sympa:sympa > > I have placed debugging prints into Conf.pm and found that $current is empty > right at the beginning of cookie_changed. It seems the `head... command is > not evaluated. > > I placed the cookie in the config file directly, which makes it working again. > > -nik > Using a command in the configuration file is really awkward, but we didn't find a better way to do that as Sympa doesn't support inclusion of other files in the configuration step. In this case the head command might not be in the path Sympa is seeing. Could you please test if `/usr/bin/head ...` works for you? Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration.
Bug#863701: sympa: insists that cookie has changed when it hasn't
On 05/30/2017 09:37 AM, Dominik George wrote: > Package: sympa > Version: 6.2.16~dfsg-3 > Severity: grave > Justification: renders package unusable > > SYMPA suddenly refuses to start with: > > May 30 09:35:20 terra sympa_msg.pl[22389]: DIED: sympa.conf/cookie parameter > has changed. You may have severe inconsitencies into password storage. > Restore previous cookie or write some tool to re-encrypt password in database > and check spools contents (look at /etc/sympa/cookies.history file). at > /usr/lib/sympa/bin/sympa_msg.pl line 310. > May 30 09:35:20 terra sympa_msg.pl[22389]: at > /usr/lib/sympa/bin/sympa_msg.pl line 310. > May 30 09:35:20 terra sympa_msg.pl[22389]: main::_load() called at > /usr/lib/sympa/bin/sympa_msg.pl line 87 > > Now, while I see why this protection is in place, unfortunately, the > cookie has not changed. Neither has the parameter in the config file > changed (checked with etckeeper), nor has the contents of the cookie > file changed (checked with etckeeper), nor is anything different in > cookies.history. > > SYMPA just decided to block startup. The configuration file is at /etc/sympa/sympa/sympa.conf for the Debian package, so this hasn't changed? What are the permissions of the cookie file? Regards Racke > > -- System Information: > Debian Release: 9.0 > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 > (x86_64) > > Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages sympa depends on: > ii adduser 3.115 > ii ca-certificates 20161130+nmu1 > ii dbconfig-common 2.0.8 > ii debconf [debconf-2.0] 1.5.60 > ii fonts-font-awesome4.7.0~dfsg-1 > ii init-system-helpers 1.48 > ii libarchive-zip-perl 1.59-1 > ii libc6 2.24-10 > ii libcgi-fast-perl 1:2.12-1 > ii libcgi-pm-perl4.35-1 > ii libclass-singleton-perl 1.5-1 > ii libcrypt-openssl-x509-perl1.8.7-3 > ii libcrypt-smime-perl 0.19-2 > ii libdatetime-format-mail-perl 0.4030-1 > ii libdbd-csv-perl 0.4900-1 > ii libdbd-mysql-perl 4.041-2 > ii libdbd-pg-perl3.5.3-1+b2 > ii libdbd-sqlite3-perl 1.54-1 > ii libdbi-perl 1.636-1+b1 > ii libfcgi-perl 0.78-2 > ii libfile-copy-recursive-perl 0.38-1 > ii libfile-nfslock-perl 1.27-1 > ii libhtml-format-perl 2.12-1 > ii libhtml-stripscripts-parser-perl 1.03-1 > ii libhtml-tree-perl 5.03-2 > ii libintl-perl 1.26-2 > ii libio-stringy-perl2.111-2 > ii libjs-jquery 3.1.1-2 > ii libjs-jquery-migrate-11.4.1-1 > ii libjs-jquery-placeholder 2.3.1-2 > ii libjs-jquery-ui 1.12.1+dfsg-4 > ii libjs-modernizr 2.6.2+ds1-1 > ii libjs-twitter-bootstrap 2.0.2+dfsg-10 > ii libmail-dkim-perl 0.40-1 > ii libmailtools-perl 2.18-1 > ii libmime-charset-perl 1.012-2 > ii libmime-encwords-perl 1.014.3-2 > ii libmime-lite-html-perl1.24-2 > ii libmime-tools-perl5.508-1 > ii libmsgcat-perl1.03-6+b3 > ii libnet-cidr-perl 0.18-1 > ii libnet-dns-perl 1.07-1 > ii libnet-ldap-perl 1:0.6500+dfsg-1 > ii libnet-netmask-perl 1.9022-1 > ii libregexp-common-perl 2016060801-1 > ii libsoap-lite-perl 1.20-1 > ii libtemplate-perl 2.24-1.2+b3 > ii libterm-progressbar-perl 2.18-1 > ii libunicode-linebreak-perl 0.0.20160702-1+b1 > ii libxml-libxml-perl2.0128+dfsg-1+b1 > ii lsb-base 9.20161125 > ii mhonarc 2.6.19-2 > ii perl 5.24.1-2 > pn perl:any > ii postfix [mail-transport-agent]3.1.4-4 > ii rsyslog [system-log-daemon] 8.24.0-1 > ii sqlite3 3.16.2-3 > > Versions of packages sympa recommends: > ii apache2-suexec-pristine [apache2-suexec] 2.4.25-3 > ii doc-base 0.10.7 > ii libapache2-mod-fcgid 1:2.3.9-1+b1 > pn libcrypt-ciph
Bug#848015: ciphersaber: diff for NMU version 1.01-2.1
On 04/04/2017 07:01 AM, Mattia Rizzolo wrote: > Control: tags 848015 + patch > Control: tags 848015 + pending > > Dear maintainer, > > I've prepared an NMU for ciphersaber (versioned as 1.01-2.1) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should delay it longer. > > Regards. > Dear Mattia, the patch looks good to me. Thanks a lot Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. signature.asc Description: OpenPGP digital signature
Bug#829477: courier-mta: fails to install: Invalid command 'gendh'
On 07/03/2016 07:07 PM, Andreas Beckmann wrote: > Package: courier-mta > Version: 0.76.1-3+exp1 > Severity: serious > User: debian...@lists.debian.org > Usertags: piuparts > > Hi, > > during a test with piuparts I noticed your package failed to install. As > per definition of the release team this makes the package too buggy for > a release, thus the severity. > >>From the attached log (scroll to the bottom...): > > Selecting previously unselected package courier-mta. > (Reading database ... > (Reading database ... 10293 files and directories currently installed.) > Preparing to unpack .../courier-mta_0.76.1-3+exp1_amd64.deb ... > Adding 'diversion of /usr/bin/addcr to /usr/bin/addcr.ucspi-tcp by > courier-mta' > Adding 'diversion of /usr/share/man/man1/addcr.1.gz to > /usr/share/man/man1/addcr.ucspi-tcp.1.gz by courier-mta' > Unpacking courier-mta (0.76.1-3+exp1) ... > Setting up courier-mta (0.76.1-3+exp1) ... > update-alternatives: using /usr/bin/lockmail.courier to provide > /usr/bin/lockmail (lockmail) in auto mode > update-alternatives: using /usr/bin/preline.courier to provide > /usr/bin/preline (preline) in auto mode > /run/courier/esmtpd.pid.lock: No such file or directory > Generating a 4096 bit RSA private key > ..++ > > .++ > writing new private key to '/etc/courier/esmtpd.pem' > - > Invalid command 'gendh'; type "help" for a list. > dpkg: error processing package courier-mta (--configure): >subprocess installed post-installation script returned error exit status 1 > Errors were encountered while processing: >courier-mta > > > cheers, > > Andreas > I believe this line in the script /usr/lib/courier/mkesmtpdcert causes the error: /usr/bin/openssl gendh -rand "$PEMFILE".rand 512 >>"$PEMFILE" || cleanup Why openssl doesn't know about it on piuparts eludes me. Regards Racke
Bug#821994: Vacation
Santiago Vila writes: tags 821994 + patch thanks I also recommend switching to dh, but in the meantime, the attached patch should work. Thanks. Hello, I'm on vacation till 31st July. In urgent cases please send a text message to my cellphone. Otherwise, I'm going to check my emails once in a while while on vacation. Regards Racke
Bug#793486: Vacation
Andreas Beckmann writes: Package: interchange-cat-standard Version: 5.7.7-2 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package failed to install. As per definition of the release team this makes the package too buggy for a release, thus the severity. From the attached log (scroll to the bottom...): Selecting previously unselected package interchange-cat-standard. (Reading database ... (Reading database ... 11471 files and directories currently installed.) Preparing to unpack .../interchange-cat-standard_5.7.7-2_all.deb ... Unpacking interchange-cat-standard (5.7.7-2) ... Setting up interchange-cat-standard (5.7.7-2) ... dpkg: error processing package interchange-cat-standard (--configure): subprocess installed post-installation script returned error exit status 10 Errors were encountered while processing: interchange-cat-standard cheers Andreas Hello, We are on vacation till 2nd August. In urgent cases please call our cellphone. Regards Racke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#754538: sqwebmail fails to install due to non-existant /var/www directory
On 07/12/2014 10:12 AM, Willi Mann wrote: Package: sqwebmail Version: 0.73.1-1.2 Severity: serious Justification: fails to install Hi Racke, sqwebmail fails to install if the directory /var/www does not exist (which apparently does not exist if nginx is installed as httpd-cgi): Entpacken von sqwebmail (0.73.1-1.2) ... Trigger für man-db (2.6.7.1-1) werden verarbeitet ... sqwebmail (0.73.1-1.2) wird eingerichtet ... ln: die symbolische Verknüpfung „/var/www/sqwebmail“ konnte nicht angelegt werden: Datei oder Verzeichnis nicht gefunden dpkg: Fehler beim Bearbeiten des Paketes sqwebmail (--configure): Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück Fehler traten auf beim Bearbeiten von: sqwebmail Should be easy to fix - I guess (but am not sure) the most proper way to fix this is to ship /var/www as part of the sqwebmail package. If you create it in the maintainer script, it is problematic to decide whether to delete it on package removal. It is quite likely that nowadays a different directory is used for installing web applications, can you please check policy / file system standard? Regards Racke -- Perl and Dancer Development Visit our Perl::Dancer conference 2014: http://act.perl.dance/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741899: courier-maildrop: maildrop fails to deliver to virtual user reporting Invalid user specified.
On 03/17/2014 03:25 AM, Thomas L Marshall wrote: Package: courier-maildrop Version: 0.73.1-1 Severity: grave Tags: d-i Justification: renders package unusable Dear Maintainer, After upgrading to courier-maildrop_0.73.1-1_amd64.deb, my email server begin bouncing messages with the mail.log error: Mar 16 06:27:25 hostname postfix/pipe[7961]: 81EC34A6047: to= user@domain , relay=maildrop, delay=0.22, delays=0.16/0.01/0/0.05, dsn=5.1.1, status=bounced (user unknown. Command output: Invalid user specified. ) fter testing coutier authtest using the given user@domain and finding that it does still properly report the relevant data: Authentication succeeded. Authenticated: user@domain (uid 5000, gid 5000) Home Directory: /path/mail/virtual/domain/user Maildir: /path/mail/virtual/domain/user/Maildir/ Quota: (none) Encrypted Password: {SHA256}encrypted password Cleartext Password: (none) Options: (none) I then did a quick strace as follows: strace maildrop -V 5 -d user@domain /dev/null and confirmed that the maildrop command exited with Invalid user specified. Furthermore, there was no apparent attempt to access any other means of authentication other than maybe libpam and /etc/passwd. Next, I installed a previous version, courier-maildrop_0.68.2-1_amd64.deb and retested as follows: strace maildrop -V 5 -d user@domain /dev/null and found that maildrop did successfully attempt to use courier-authlib and continued to run to completion, accessing the virtual maildir and user successfully. Finally, I made several successful attempts to send and receive mail to myself and am again successfully receiving email. Thank you, Tom Apparently it isn't linked to courier-authlib as it should. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741620: upgrade broke starttls?
severity 741620 grave thanks On 03/14/2014 04:38 PM, Joey Hess wrote: Package: courier-imap-ssl Version: 4.15-1 Severity: normal Establishing connection to kitenet.net:143 ERROR: While attempting to sync account 'joey' command: CAPABILITY = socket error: class 'ssl.SSLError' - [Errno 1] _ssl.c:1429: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number This seems to have been caused by upgrading courier. Since ssl is involved, I think oflinimap must have tried to STARTTLS, which its docs say it will do automatically when (accidentially) configured to not use imaps. The good thing about this bug is I probably only configured that while on some horrible imaps blocking network, so I fixed my offlinimap config to use imaps and that works. I'm increasing the severity until I have time to look at this bug - I don't want to break STARTTLS in Debian testing. Thanks for reporting Regards Racke -- Perl and Dancer Development Visit our Open Source conference on E-commerce: http://www.ecommerce-innovation.com/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#730086: courier-pop-ssl not able to upgrade: error
On 11/21/2013 08:01 AM, Andreas Rittershofer wrote: Package: courier-pop-ssl Version: 0.68.2-1 Severity: grave Justification: renders package unusable Dear Maintainer, * What led up to the situation? apt-get upgrade * What was the outcome of this action? apt-get is not able to upgrade courier-pop-ssl Holen: 1 http://debian.tu-bs.de/debian/ testing/main courier-pop-ssl amd64 0.68.2-1+b1 [31,0 kB] Es wurden 31,0 kB in 0 s geholt (216 kB/s). Lese Changelogs... Fertig (Lese Datenbank ... 86950 Dateien und Verzeichnisse sind derzeit installiert.) Vorbereitung zum Ersetzen von courier-pop-ssl 0.68.2-1 (durch .../courier-pop-ssl_0.68.2-1+b1_amd64.deb) ... Stopping Courier POP3-SSL server:/var/run/courier/pop3d-ssl.pid.lock: No such file or directory invoke-rc.d: initscript courier-pop-ssl, action stop failed. dpkg: Warnung: Unterprozess altes pre-removal-Skript gab den Fehlerwert 1 zurück dpkg: stattdessen wird Skript aus dem neuen Paket probiert ... Stopping Courier POP3-SSL server:/var/run/courier/pop3d-ssl.pid.lock: No such file or directory invoke-rc.d: initscript courier-pop-ssl, action stop failed. dpkg: Fehler beim Bearbeiten von /var/cache/apt/archives/courier-pop-ssl_0.68.2-1+b1_amd64.deb (--unpack): Unterprozess neues pre-removal-Skript gab den Fehlerwert 1 zurück insserv: warning: current start runlevel(s) (empty) of script `courier-pop-ssl' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `courier-pop-ssl' overrides LSB defaults (0 1 6). Fehler traten auf beim Bearbeiten von: /var/cache/apt/archives/courier-pop-ssl_0.68.2-1+b1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) It also fails on a fresh install on my system: Setting up courier-pop-ssl (0.73.1-0.1) ... cp: not writing through dangling symlink ‘/usr/lib/courier/pop3d.pem’ dpkg: error processing package courier-pop-ssl (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: courier-pop-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) Regards Racke -- Perl and Dancer Development Visit our Open Source conference on E-commerce: http://www.ecommerce-innovation.com/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#741162: Install fails due to dangling symlink
Package: courier-pop-ssl Version: 0.73.1-0.1 Severity: grave Justification: renders package unusable It fails on a fresh install on my system: Setting up courier-pop-ssl (0.73.1-0.1) ... cp: not writing through dangling symlink ‘/usr/lib/courier/pop3d.pem’ dpkg: error processing package courier-pop-ssl (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: courier-pop-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) Regards Racke -- Perl and Dancer Development Visit our Open Source conference on E-commerce: http://www.ecommerce-innovation.com/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#730086: courier-pop-ssl not able to upgrade: error
tags 730086 unreproducible severity 730086 important thanks On 11/21/2013 08:01 AM, Andreas Rittershofer wrote: Package: courier-pop-ssl Version: 0.68.2-1 Severity: grave Justification: renders package unusable Dear Maintainer, * What led up to the situation? apt-get upgrade * What was the outcome of this action? apt-get is not able to upgrade courier-pop-ssl Holen: 1 http://debian.tu-bs.de/debian/ testing/main courier-pop-ssl amd64 0.68.2-1+b1 [31,0 kB] Es wurden 31,0 kB in 0 s geholt (216 kB/s). Lese Changelogs... Fertig (Lese Datenbank ... 86950 Dateien und Verzeichnisse sind derzeit installiert.) Vorbereitung zum Ersetzen von courier-pop-ssl 0.68.2-1 (durch .../courier-pop-ssl_0.68.2-1+b1_amd64.deb) ... Stopping Courier POP3-SSL server:/var/run/courier/pop3d-ssl.pid.lock: No such file or directory invoke-rc.d: initscript courier-pop-ssl, action stop failed. dpkg: Warnung: Unterprozess altes pre-removal-Skript gab den Fehlerwert 1 zurück dpkg: stattdessen wird Skript aus dem neuen Paket probiert ... Stopping Courier POP3-SSL server:/var/run/courier/pop3d-ssl.pid.lock: No such file or directory invoke-rc.d: initscript courier-pop-ssl, action stop failed. dpkg: Fehler beim Bearbeiten von /var/cache/apt/archives/courier-pop-ssl_0.68.2-1+b1_amd64.deb (--unpack): Unterprozess neues pre-removal-Skript gab den Fehlerwert 1 zurück insserv: warning: current start runlevel(s) (empty) of script `courier-pop-ssl' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `courier-pop-ssl' overrides LSB defaults (0 1 6). Fehler traten auf beim Bearbeiten von: /var/cache/apt/archives/courier-pop-ssl_0.68.2-1+b1_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) Sorry, I can't reproduce this bug. Regards Racke -- Perl and Dancer Development Visit our Open Source conference on E-commerce: http://www.ecommerce-innovation.com/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#730346: dh-make-drupal barfs on undefined method 'search'
package: dh-make-drupal version: 1.6-1 severity: grave racke@argus:~/build$ dh-make-drupal google_analytics /usr/bin/dh-make-drupal:695:in `fetch_data': undefined method `search' for nil:NilClass (NoMethodError) from /usr/bin/dh-make-drupal:747:in `for' from /usr/bin/dh-make-drupal:147:in `fetch_info' from /usr/bin/dh-make-drupal:99:in `initialize' from /usr/bin/dh-make-drupal:1130:in `new' from /usr/bin/dh-make-drupal:1130:in `run' from /usr/bin/dh-make-drupal:1144:in `main' -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#701433: Vacation
Sebastian Ramacher writes: Control: tags -1 + patch pending Dear maintainer, I've prepared an NMU for jfsutils (versioned as 1.1.15-2.1) and uploaded it to DELAYED/1. Please feel free to tell me if I should delay it longer. Regards. -- Sebastian Ramacher Hello, We are on vacation from 27th June - 15th July. In urgent cases please call our cellphone or contact our business partner http://www.informastudio.com/. Regards Racke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#691486: Security vulnerabilities in RT
package: request-tracker4 severity: critical tags: security From the RT mailing lists: We have determined a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and 4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed by 3.8.15, 4.0.8, and the below patches include the following: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or phishing. We have been assigned CVE-2012-4730 for this vulnerability; we would like to thank Scott MacVicar for bringing this matter to our attention. RT 4.0.0 and above and RTFM 2.0.0 and above contain a vulnerability due to lack of proper rights checking, allowing any privileged user to create Articles in any class. We have been assigned CVE-2012-4731 for this vulnerability. All versions of RT with cross-site-request forgery (CSRF) protection (RT 3.8.12 and above, RT 4.0.6 and above, and any instances running the security patches released 2012-05-22) contain a vulnerability which incorrectly allows though CSRF requests which toggle ticket bookmarks. We have been assigned CVE-2012-4732 for this vulnerability; we would like to thank Matthew Astley for bringing this to our attention. Additionally, all versions of RT are vulnerable to a confused deputy attack on the user. While not strictly a CSRF attack, users who are not logged in who are tricked into following a malicious link may, after supplying their credentials, be subject to an attack which leverages their credentials to modify arbitrary state. While users who were logged in would have observed the CSRF protection page, users who were not logged in receive no such warning due to the intervening login process. RT has been extended to notify users of pending actions during the login process. We have been assigned CVE-2012-4734 for this vulnerability; we would like to thank Matthew Astley for bringing this to our attention. RT 3.8.0 and above are susceptible to a number of vulnerabilities concerning improper signing or encryption of messages using GnuPG; if GnuPG is not enabled, none of the following affect you. We have been assigned CVE-2012-4735 for the following related vulnerabilities: * When using GnuPG, RT now clarifies the concepts of signing for _integrity_ and signing for _authentication_, which are separate (and exclusive) concepts. Previously, enabling the Sign by default queue configuration began signing automatically-generated messages with the queue's key, in addition to defaulting emails sent from the web UI to being signed. This provides integrity, but causes emails signed with that key to no longer possess authenticity; no individual email is guaranteed to have come from an actor designated to act for that key, in the case of automatically-generated emails. RT has now changed the Sign by default checkbox to merely provide a default in the web UI when composing messages; it no longer affects automatically-generated outgoing messages. Thus the Sign by default option helps to provide _authenticity_. A separate queue configuration option, Sign all auto-generated mail (defaulting to off) now controls the signing of automatically- generated emails, which (when used in combination with the previous option) helps provide _integrity_ of all outgoing messages. Users who had previously checked Sign by default and who wish to maintain the previous effect of integrity but not authenticity will need to enable the new option as well. We would like to thank Matthijs Melissen (University of Luxembourg) for bringing this matter to our attention. * RT 3.8.0 and above contain a vulnerability which allows incoming emails to force all triggered outgoing mail to be signed and/or encrypted. * RT 3.8.0 and above contain a vulnerability which allows incoming emails to incorrectly appear in the UI to have been encrypted when they had not been. This vulnerability only applies to encryption, not signing. * RT 3.8.0 and above contain a vulnerability which allows any user who is capable of sending signed email in the UI to do so using any secret key stored in RT's keyring. Additionally, RT 3.8.0 and above contain a vulnerability which allows a user to pass arbitrary arguments to the command-line GnuPG client, which could be leveraged to create arbitrary files on disk with the permissions of the webserver. This vulnerability only applies if GnuPG is enabled, and does _not_ allow for execution of programs other than the command-line GnuPG client. We have been assigned CVE-2012-4884 for this
Bug#691485: Security vulnerabilities in RT
package: request-tracker3.8 severity: critical tags: security From the RT mailing lists: We have determined a number of security vulnerabilities which affect both RT 3.8.x and RT 4.0.x. We are releasing RT versions 3.8.15 and 4.0.8, and RTFM version 2.4.5, to resolve these vulnerabilities, as well as patches which apply atop all released versions of 3.8 and 4.0. The vulnerabilities addressed by 3.8.15, 4.0.8, and the below patches include the following: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or phishing. We have been assigned CVE-2012-4730 for this vulnerability; we would like to thank Scott MacVicar for bringing this matter to our attention. RT 4.0.0 and above and RTFM 2.0.0 and above contain a vulnerability due to lack of proper rights checking, allowing any privileged user to create Articles in any class. We have been assigned CVE-2012-4731 for this vulnerability. All versions of RT with cross-site-request forgery (CSRF) protection (RT 3.8.12 and above, RT 4.0.6 and above, and any instances running the security patches released 2012-05-22) contain a vulnerability which incorrectly allows though CSRF requests which toggle ticket bookmarks. We have been assigned CVE-2012-4732 for this vulnerability; we would like to thank Matthew Astley for bringing this to our attention. Additionally, all versions of RT are vulnerable to a confused deputy attack on the user. While not strictly a CSRF attack, users who are not logged in who are tricked into following a malicious link may, after supplying their credentials, be subject to an attack which leverages their credentials to modify arbitrary state. While users who were logged in would have observed the CSRF protection page, users who were not logged in receive no such warning due to the intervening login process. RT has been extended to notify users of pending actions during the login process. We have been assigned CVE-2012-4734 for this vulnerability; we would like to thank Matthew Astley for bringing this to our attention. RT 3.8.0 and above are susceptible to a number of vulnerabilities concerning improper signing or encryption of messages using GnuPG; if GnuPG is not enabled, none of the following affect you. We have been assigned CVE-2012-4735 for the following related vulnerabilities: * When using GnuPG, RT now clarifies the concepts of signing for _integrity_ and signing for _authentication_, which are separate (and exclusive) concepts. Previously, enabling the Sign by default queue configuration began signing automatically-generated messages with the queue's key, in addition to defaulting emails sent from the web UI to being signed. This provides integrity, but causes emails signed with that key to no longer possess authenticity; no individual email is guaranteed to have come from an actor designated to act for that key, in the case of automatically-generated emails. RT has now changed the Sign by default checkbox to merely provide a default in the web UI when composing messages; it no longer affects automatically-generated outgoing messages. Thus the Sign by default option helps to provide _authenticity_. A separate queue configuration option, Sign all auto-generated mail (defaulting to off) now controls the signing of automatically- generated emails, which (when used in combination with the previous option) helps provide _integrity_ of all outgoing messages. Users who had previously checked Sign by default and who wish to maintain the previous effect of integrity but not authenticity will need to enable the new option as well. We would like to thank Matthijs Melissen (University of Luxembourg) for bringing this matter to our attention. * RT 3.8.0 and above contain a vulnerability which allows incoming emails to force all triggered outgoing mail to be signed and/or encrypted. * RT 3.8.0 and above contain a vulnerability which allows incoming emails to incorrectly appear in the UI to have been encrypted when they had not been. This vulnerability only applies to encryption, not signing. * RT 3.8.0 and above contain a vulnerability which allows any user who is capable of sending signed email in the UI to do so using any secret key stored in RT's keyring. Additionally, RT 3.8.0 and above contain a vulnerability which allows a user to pass arbitrary arguments to the command-line GnuPG client, which could be leveraged to create arbitrary files on disk with the permissions of the webserver. This vulnerability only applies if GnuPG is enabled, and does _not_ allow for execution of programs other than the command-line GnuPG client. We have been assigned CVE-2012-4884 for this
Bug#642165: Observations
Hello, on my local machine it fails too in my sid /chroot. Building the package from my installed wheezy works fine. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore
On 04/18/2012 11:40 AM, Alberto Serrano wrote: Hi Racke, We have been experiencing the same issue since upgrade to 0.67.0 (yesterday at 19:00 GMT+2 approx.). Imap server connections don't work properly anymore. In /var/log/syslog, the imap log entries stop after initial connection: Apr 18 06:45:02 server imapd: Connection, ip=[:::X.X.X.X] Before, log entries showed information regarding the login user: Â… imapd: LOGIN, user=Â… When testing imapd via telnet: $ telnet server 143 * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information. 01 LOGIN user password After introducing the LOGIN command, there is no further output and seconds later the connection is lost. So it seems the issue is related to the login process. When using other commands via telnet, the imapd server complains as expected: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution information. foo foo NO Error in IMAP command received by server. Curiously, after downgrading all courier packages to 0.66.3-4, and imap, imap-ssl to 4.9.3-4 the problem persists. The upstream author offers two possible explanations for the stalled login: http://sourceforge.net/mailarchive/forum.php?thread_name=cone.1335910949.185798.18151.1000%40monster.email-scan.comforum_name=courier-imap Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore
On 04/17/2012 08:50 PM, Jean-Yves Barbier wrote: Package: courier-imap Version: 4.10.0-1 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, * What led up to the situation? An update. * What exactly did you do (or not do) that was effective (or ineffective)? I just updated. * What was the outcome of this action? Even after restarting courier-imap courier-authdaemon I can't connect anymore to courier-imap. * What outcome did you expect instead? Being able to conect and send/receive emails after update, as it always worked out of the box. Please test your IMAP server through telnet, e.g. as described here: http://documents.made-it.com/imapcmd.html Maybe you have the following problem: * OK [ALERT] Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library) c OK LOGIN Ok. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore
On 04/18/2012 01:25 PM, Jesse Molina wrote: Here an FYI of a problem I had recently. I doubt this is the same issue, but I'll write it up anyway for posterity. I had a similar issue about a week ago when I updated some courier related packages. The issue turned out to be some kind of problem with gamin. I switched from using gamin to fam and the problem went away. Gamin and fam are used in relation to the Enhanced IDLE functionality in Courier IMAP. Ironically, I was using gamin because I had issues with fam a couple of years ago, switched, and had been happy since then. Maybe in a few years I'll switch back to gamin the next time fam gives me trouble. The only indication of a problem was that occasionally, in my mail.err file, I would see something like; Apr 8 09:03:41 myhostname imapd-ssl: FAMPending: timeout Otherwise, there was almost no indication of a problem. If you have gamin installed, look for a process running as your user, try killing it, and see if things magically start to work again. If so, that could be your problem. Yes, that could be an explanation for the problem. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore
On 04/18/2012 02:15 PM, Alberto Serrano wrote: Confirmed. After installing fam, the problem is solved: # apt-get install fam libfam0 So it was probably related to the recent upgrade of libgamin0 0.1.10-4. Thanks again, Alberto. PS: To those applying this workaround. Do not install only libfam0, otherwise you will experience the problem Racke mentioned before: * OK [ALERT] Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library) libfam0 requires fam daemon to do the real file monitoring work. Unfortunately, I cannot reproduce the problem with libgamin0 (0.1.10-4). I'm running wheezy/testing on my machine. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669146: courier-imap: Since last update (20' ago) I can't connect anymore
On 04/17/2012 08:50 PM, Jean-Yves Barbier wrote: Package: courier-imap Version: 4.10.0-1 Severity: grave Tags: upstream Justification: renders package unusable Dear Maintainer, * What led up to the situation? An update. * What exactly did you do (or not do) that was effective (or ineffective)? I just updated. * What was the outcome of this action? Even after restarting courier-imap courier-authdaemon I can't connect anymore to courier-imap. * What outcome did you expect instead? Being able to conect and send/receive emails after update, as it always worked out of the box. Please check your logfiles for messages (mail.log, messages). Are the daemons running (ps aux | grep courier)? Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#620396: dot-forward and courier-mta: error when trying to install together
in the BTS that the other package is affected by the bug. -Ralf. PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. I would suggest to use a diversion of the manual page. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617334: Squeeze is still vulnerable
On 09/01/2011 11:05 PM, Igor Sverkos wrote: Hi, please correct me, but the current Debian stable (squeeze) looks still vulnerable: root@squeeze /root # apt-show-versions pure-ftpd pure-ftpd/squeeze uptodate 1.0.28-3 Did you forget to create an update for the stable branch? That's true, I'm working on this update now. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#624848: Glob vulnerability in Pure-FTPd
package: pure-ftpd, pure-ftpd-mysql, pure-ftpd-postgresql severity: serious tag: security From the author on the Pure-FTPd mailinglist: --snip-- A new 0-day multiple vendors vulnerability in the glob(3) function has been published. A command like STAT {..,..,..}/*/{..,..,..}/*/{..,..,..}/*/ causes the function to eat plenty of CPU because of the recursion. Pure-FTPd built-in glob() function is based on OpenBSD glob(), and it is affected as well. Pure-FTPd automatically kills a client process if glob() is too long to return a result. But still, script kiddies could use this flaw in order to make the server crawl under load. --snap-- This is fixed in the just released version 1.0.32. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#622014: courier: FTBFS: libcouriertls.c:555: undefined reference to `SSLv2_method'
On 04/09/2011 02:13 PM, Lucas Nussbaum wrote: Source: courier Version: 0.65.3-2 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20110408 qa-ftbfs Justification: FTBFS on amd64 Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part: gcc -DHAVE_CONFIG_H -I. -I./.. -I.. -Wall -g -O2 -MT starttls.o -MD -MP -MF .deps/starttls.Tpo -c -o starttls.o starttls.c mv -f .deps/starttls.Tpo .deps/starttls.Po /usr/bin/libtool --tag=CC --mode=link gcc -I./.. -I.. -Wall -g -O2 -static -o couriertls starttls.o argparse.o libcouriertls.la libspipe.la ../rfc1035/librfc1035.a ../md5/libmd5.la ../random128/librandom128.la ../numlib/libnumlib.la ../liblock/liblock.la ../soxwrap/libsoxwrap.a libtool: link: gcc -I./.. -I.. -Wall -g -O2 -o couriertls starttls.o argparse.o ./.libs/libcouriertls.a -lssl -lcrypto ./.libs/libspipe.a ../rfc1035/librfc1035.a ../md5/.libs/libmd5.a ../random128/.libs/librandom128.a ../numlib/.libs/libnumlib.a ../liblock/.libs/liblock.a ../soxwrap/libsoxwrap.a ./.libs/libcouriertls.a(libcouriertls.o): In function `tls_create': /build/user-courier_0.65.3-2-amd64-uCCVEh/courier-0.65.3/tcpd/libcouriertls.c:555: undefined reference to `SSLv2_method' collect2: ld returned 1 exit status The full build log is available from: http://people.debian.org/~lucas/logs/2011/04/08/courier_0.65.3-2_lsid64.buildlog A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on about 50 AMD64 nodes of the Grid'5000 platform, using a clean chroot. Internet was not accessible from the build systems. This is fixed in Courier 0.66.1, which will be uploaded the next few days. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#622014: courier: FTBFS: libcouriertls.c:555: undefined reference to `SSLv2_method'
On 04/09/2011 02:13 PM, Lucas Nussbaum wrote: Source: courier Version: 0.65.3-2 Severity: serious Tags: wheezy sid User: debian...@lists.debian.org Usertags: qa-ftbfs-20110408 qa-ftbfs Justification: FTBFS on amd64 Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part: gcc -DHAVE_CONFIG_H -I. -I./.. -I.. -Wall -g -O2 -MT starttls.o -MD -MP -MF .deps/starttls.Tpo -c -o starttls.o starttls.c mv -f .deps/starttls.Tpo .deps/starttls.Po /usr/bin/libtool --tag=CC --mode=link gcc -I./.. -I.. -Wall -g -O2 -static -o couriertls starttls.o argparse.o libcouriertls.la libspipe.la ../rfc1035/librfc1035.a ../md5/libmd5.la ../random128/librandom128.la ../numlib/libnumlib.la ../liblock/liblock.la ../soxwrap/libsoxwrap.a libtool: link: gcc -I./.. -I.. -Wall -g -O2 -o couriertls starttls.o argparse.o ./.libs/libcouriertls.a -lssl -lcrypto ./.libs/libspipe.a ../rfc1035/librfc1035.a ../md5/.libs/libmd5.a ../random128/.libs/librandom128.a ../numlib/.libs/libnumlib.a ../liblock/.libs/liblock.a ../soxwrap/libsoxwrap.a ./.libs/libcouriertls.a(libcouriertls.o): In function `tls_create': /build/user-courier_0.65.3-2-amd64-uCCVEh/courier-0.65.3/tcpd/libcouriertls.c:555: undefined reference to `SSLv2_method' collect2: ld returned 1 exit status The full build log is available from: http://people.debian.org/~lucas/logs/2011/04/08/courier_0.65.3-2_lsid64.buildlog A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! About the archive rebuild: The rebuild was done on about 50 AMD64 nodes of the Grid'5000 platform, using a clean chroot. Internet was not accessible from the build systems. Upstream will remove the SSLv2 call. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617334: TLS security flaw
package: pure-ftpd tags: security severity: grave The new release 1.0.30 fixes a flaw similar to Postfix's CVE-2011-0411 by clearing the command-line buffer after switching to TLS. Reference: http://tech.groups.yahoo.com/group/postfix-users/message/275069 Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617334: Update on security problem
Hello, I asked on the mailing list for a single patch which fixes the TLS security flaw so we can use it for stable and maybe oldstable security upgrade. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#617334: Patch for TLS security flaw
Hello, The patch can be found on GitHub: https://github.com/jedisct1/pure-ftpd/commit/65c4d4ad331e94661de763e9b5304d28698999c4 Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606704: If someone fixes this bug, please fix #605355 as well
On 01/07/2011 07:23 PM, Mehdi Dogguy wrote: On 0, Stefan Hornburg (Racke)ra...@linuxia.de wrote: On 12/29/2010 06:20 PM, Christian PERRIER wrote: I got a verbal ACK from at least one release team member that fixing the Portuguese debconf translation update for squeeze (with a t-p-u upload) would be OK. I was indeed about to build such upload when I got pointed by Julien to this RC bug. So, really, if someone fixes #606704 (I'm not sure I can, myself), please fix #605355 as well. OK, I applied the translation update to the main and debian/squeeze branch in our Git repository. So let's see if I can fix the RC bug as well this year. ping? The following patch solves the problem #2: @@ -754,7 +815,14 @@ push(@supported_langs, $l); } } -$param-{default} = join(',', @supported_langs); + + if (@supported_langs) { + $param-{default} = join(',', @supported_langs); + } + else { +# Sympa needs at least one language in the configuration file + $param-{default} = 'en_US'; + } } } } Anybody out there with quilt experience? If so, please apply this patch to src/sympa_wizard.pl.in. I tried to figure it out with quilt push, but it didn't work. Thanks Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606704: If someone fixes this bug, please fix #605355 as well
On 12/29/2010 06:20 PM, Christian PERRIER wrote: I got a verbal ACK from at least one release team member that fixing the Portuguese debconf translation update for squeeze (with a t-p-u upload) would be OK. I was indeed about to build such upload when I got pointed by Julien to this RC bug. So, really, if someone fixes #606704 (I'm not sure I can, myself), please fix #605355 as well. OK, I applied the translation update to the main and debian/squeeze branch in our Git repository. So let's see if I can fix the RC bug as well this year. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#606704: sympa: installation fails
On 12/11/2010 01:41 AM, Lucas Nussbaum wrote: Package: sympa Version: 6.0.1+dfsg-3 Severity: serious User: debian...@lists.debian.org Usertags: instest-20101207 instest Hi, While testing the installation of all packages in squeeze, I ran into the following problem: [..] + echo Not configuring Web server. Not configuring Web server. + db_get wwsympa/webserver_restart + _db_cmd GET wwsympa/webserver_restart + IFS= printf %s\n GET wwsympa/webserver_restart + IFS= read -r _db_internal_line + RET=true + return 0 + restart=true + [ true = true ] + [ -x /etc/init.d/none ] + su -s /bin/sh -c /usr/lib/sympa/bin/sympa.pl -f /etc/sympa/sympa.conf --prepare_db -l sympa Error at line 180: /etc/sympa/sympa.conf Language::SetLang() Failed to setlocale(en_US) ; you either have a problem with the catalogue .mo files or you should extend available locales in your /etc/locale.gen (or /etc/sysconfig/i18n) file Language::SetLang() Failed to setlocale(en_US) ; you either have a problem with the catalogue .mo files or you should extend available locales in your /etc/locale.gen (or /etc/sysconfig/i18n) file mail::smtpto() Missing Return-Path in mail::smtpto() Configuration file /etc/sympa/sympa.conf has errors. dpkg: error processing sympa (--configure): subprocess installed post-installation script returned error exit status 1 configured to not write apport reports Errors were encountered while processing: sympa E: Sub-process /usr/bin/dpkg returned an error code (1) -- Stopping postgresql anyway: OK Stopping PostgreSQL 8.4 database server: main. -- Stopping mysql anyway: OK Stopping MySQL database server: mysqld. The full build log is available from: http://people.debian.org/~lucas/logs/2010/12/07/sympa.log It is reproducible by installing your package in a clean chroot, using the debconf Noninteractive frontend, and priority: critical. This test was carried out using about 50 AMD64 nodes of the Grid'5000 platform. Internet was not accessible from the nodes. It looks like we have multiple problems here: 1. unattended installation should pick sqlite backend. 2. missing locales 3. error mail::smtpto() Missing Return-Path in mail::smtpto() I could easily reproduce the first problem. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594119: Upgrade path from Lenny to Squeeze is broken
On 11/13/2010 09:59 PM, Julien Cristau wrote: On Tue, Nov 2, 2010 at 12:27:59 +0100, Stefan Hornburg (Racke) wrote: On 11/02/2010 12:25 PM, Julien Cristau wrote: On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote: On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote: On Tue, Aug 31, 2010 at 15:00:32 +0200, Stefan Hornburg (Racke) wrote: Fix applied to Git: http://git.debian.org/?p=collab-maint/sympa.git;a=commitdiff;h=edd77f243ec95fddd4eac534b0f1f76dcf5895ba;hp=c175d2ae1a605e4e651df76408d1a8035f8a2aa1 Any chance we can get this bug fix uploaded? I'll do it tomorrow! Err. That was uploaded as part of a new upstream release, which as far as I can tell doesn't really match the criteria from http://lists.debian.org/debian-devel-announce/2010/10/msg2.html What's the plan for getting this fixed in squeeze? Through an upload via testing-proposed-updates. When is that supposed to happen? I committed the necessary patches to debian-squeeze branch in our Git repository. I'll write to the release mailinglist tomorrow. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594119: Upgrade path from Lenny to Squeeze is broken
On 11/02/2010 09:20 PM, Adam D. Barratt wrote: On Tue, 2010-11-02 at 12:27 +0100, Stefan Hornburg (Racke) wrote: On 11/02/2010 12:25 PM, Julien Cristau wrote: On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote: On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote: Err. That was uploaded as part of a new upstream release, which as far as I can tell doesn't really match the criteria from http://lists.debian.org/debian-devel-announce/2010/10/msg2.html What's the plan for getting this fixed in squeeze? Through an upload via testing-proposed-updates. t-p-u is supposed to be for situations where the package in unstable can't migrate for some reason, not so you can upload a version you know /won't be allowed/ to migrate. :-( It's certainly not intended as a means of circumventing the request we made in the last d-d-a mail (and earlier ones) to upload squeeze-targeted changes to unstable. The packages in unstable will never be allowed into testing, as they are based on a new upstream release. The upload of this package to unstable happened about the same time when the freeze was announced, it wasn't intentional. For one thing, (next to) no-one tests packages in t-p-u before they hit testing. I don't think this is a real problem in our case. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594119: Upgrade path from Lenny to Squeeze is broken
On 11/02/2010 12:25 PM, Julien Cristau wrote: On Sun, Oct 10, 2010 at 03:15:22 +0200, Jonas Smedegaard wrote: On Sat, Oct 09, 2010 at 05:36:08PM +0200, Julien Cristau wrote: On Tue, Aug 31, 2010 at 15:00:32 +0200, Stefan Hornburg (Racke) wrote: Fix applied to Git: http://git.debian.org/?p=collab-maint/sympa.git;a=commitdiff;h=edd77f243ec95fddd4eac534b0f1f76dcf5895ba;hp=c175d2ae1a605e4e651df76408d1a8035f8a2aa1 Any chance we can get this bug fix uploaded? I'll do it tomorrow! Err. That was uploaded as part of a new upstream release, which as far as I can tell doesn't really match the criteria from http://lists.debian.org/debian-devel-announce/2010/10/msg2.html What's the plan for getting this fixed in squeeze? Through an upload via testing-proposed-updates. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594119: Info received (Bug#594119: Upgrade path from Lenny to Squeeze is broken)
Hello, I'm out of the office till 8th November. In urgent cases please call my cellphone or contact http://www.informastudios.com/. Regards Racke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#601507: Postinst script breaks on chmod aliaswrapper
package: sympa version: 6.1.1~dfsg-1 severity: grave Aliaswrapper has moved to /usr/lib/sympa/sbin/aliaswrapper which causes failure of postinst script: Setting up sympa (6.1.1~dfsg-1) ... dbconfig-common: writing config to /etc/dbconfig-common/sympa.conf dbconfig-common: flushing administrative password chmod: cannot access `/usr/lib/sympa/bin/aliaswrapper': No such file or directory dpkg: error processing sympa (--install): subprocess installed post-installation script returned error exit status 1 Processing triggers for man-db ... Errors were encountered while processing: sympa Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#601507: Postinst script breaks on chmod aliaswrapper
On 10/26/2010 10:18 PM, Stefan Hornburg (Racke) wrote: package: sympa version: 6.1.1~dfsg-1 severity: grave Aliaswrapper has moved to /usr/lib/sympa/sbin/aliaswrapper which causes failure of postinst script: Setting up sympa (6.1.1~dfsg-1) ... dbconfig-common: writing config to /etc/dbconfig-common/sympa.conf dbconfig-common: flushing administrative password chmod: cannot access `/usr/lib/sympa/bin/aliaswrapper': No such file or directory dpkg: error processing sympa (--install): subprocess installed post-installation script returned error exit status 1 Processing triggers for man-db ... Errors were encountered while processing: sympa Regards Racke The attached patch seems to fix the issue. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team diff --git a/debian/rules b/debian/rules index 4c31a02..74eb7b1 100755 --- a/debian/rules +++ b/debian/rules @@ -46,6 +46,7 @@ DEB_CONFIGURE_PREFIX = /usr/lib/sympa DEB_CONFIGURE_EXTRA_FLAGS = \ --enable-fhs \ --sysconfdir=/etc/sympa \ + --with-sbindir=/usr/lib/sympa/bin \ --with-cgidir=/usr/lib/cgi-bin/sympa \ --datadir=/usr/share \ --localedir=/usr/lib/sympa/locale \
Bug#597434: Fixe for courier IMAP_ULIMITD
On 09/23/2010 06:54 AM, Thomas Goirand wrote: Hi, Here's a patch to fix the issue. Do you agree that is the way to fix it, and would you accept that I NMU this fix, so that it has a chance to get into Squeeze soon? Thomas Goirand (zigo) I'm going to upload fixed packages myself. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597434: Fixe for courier IMAP_ULIMITD
On 09/23/2010 06:54 AM, Thomas Goirand wrote: Hi, Here's a patch to fix the issue. Do you agree that is the way to fix it, and would you accept that I NMU this fix, so that it has a chance to get into Squeeze soon? Thomas Goirand (zigo) I'm going to upload a fixed version myself. Thanks for your assistance. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#597434: The /etc/courier/imapd IMAP_ULIMITD is too small
On 09/19/2010 07:52 PM, Thomas Goirand wrote: Package: courier-imap Version: 4.8.0-1 Severity: grave In the file /etc/courier/imapd, there is the following: IMAP_ULIMITD=65536 While it doesn't seem so problematic under i386, under amd64 arch, each time I want to setup a server with courier-imap, it refuses to start because the limit is reached. Simply setting this limit to 132072 fixes it 100% of the times. This issue has been annoying me for all the duration of Lenny. PLEASE, have it fixed in Squeeze, this is really an annoyance. Thanks a lot, OK, I agree that this should be fixed. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594119: Upgrade path from Lenny to Squeeze is broken
On 08/25/2010 01:59 PM, Stefan Hornburg (Racke) wrote: On 08/23/2010 09:52 PM, Emmanuel Bouthenot wrote: Package: sympa Version: 6.0.1+dfsg-2 Severity: critical {,family,bounce}queue binaries are now installed in /usr/lib/sympa/lib/sympa/ instead of /usr/lib/sympa/bin before. It will breaks mail aliases used by SYMPA during the upgrade from Lenny to Squeeze. It also means that the snippet installed in /etc/aliases can't work for now. Let's check if we can configure sympa to use the old paths. Otherwise symlinks should do the trick. Fix applied to Git: http://git.debian.org/?p=collab-maint/sympa.git;a=commitdiff;h=edd77f243ec95fddd4eac534b0f1f76dcf5895ba;hp=c175d2ae1a605e4e651df76408d1a8035f8a2aa1 Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594113: task_manager.pl daemon failed to start
On 08/26/2010 09:49 AM, Jonas Smedegaard wrote: On Thu, Aug 26, 2010 at 08:24:46AM +0200, Emmanuel Bouthenot wrote: Well, you not experiencing problems avoiding Recommends do not really change the Debian definition of the Recommends: stanza: `Recommends' This declares a strong, but not absolute, dependency. Nothing defines “absolute”, for me it is (absolute) because: - SYMPA provides a symlink to this third party package - a daemon fail to start without this dependency The text continued, describing how most uses would need recommended packages. Why did you cut out that elaboration? My question is if it is *possible* to hand-tune. Probably if you are enough skilled to understand the bug and fix it on your own. It requires the skill of either a) disabling S/MIME or b) changing the cacert option to point to some folder containing CA certificates. And yes, suppressing recommended packages is indeed an indication that you are a skilled person. You do not agree that the needed file is possible to create by other means and with other content than installing that package? This file should a be a bundle of root CA certificates, According to Sympa web page it can instead be a directory containing CA certificates. And it can be undefined, meaning S/MIME is disabled. AFAIR S/MIME is disabled by the default package installation. If not, that is a bug :-). Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594113: task_manager.pl daemon failed to start
On 08/24/2010 11:44 AM, Jonas Smedegaard wrote: Hi Emmanuel, On Mon, Aug 23, 2010 at 09:20:38PM +0200, Emmanuel Bouthenot wrote: Package: sympa Version: 6.0.1+dfsg-2 Severity: grave To start correctly, task_manager.pl daemon expects /usr/share/sympa/default/ca-bundle.crt to be a valid symlink to /etc/ssl/certs/ca-certificates.crt. ca-certificates (which provides /etc/ssl/certs/ca-certificates.crt) should be a real dependency instead of a recommend. Is that path hardcoded or configurable? If configurable, only recommending is the proper relation to use. The path is configurable, but you cannot omit it. An empty value for cafile in sympa.conf is rejected. Otherwise a default setting kicks in: unless ( (defined $o{'cafile'}) || (defined $o{'capath'} )) { $o{'cafile'}[0] = Sympa::Constants::DEFAULTDIR . '/ca-bundle.crt'; } So we need in fact a real dependency. I also think this is upstream bug resp. inconsistency in the documentation. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594113: task_manager.pl daemon failed to start
On 08/25/2010 09:11 AM, Emmanuel Bouthenot wrote: When not respecting recommends, you cannot expect package to work out of the box but will need some hand-tuning to get working. I never install Recommends on my Debian machines (servers, desktop, laptop). It's the first time I encounter such problems. Do you dare say that it is not possible - with hand-tuning - to get some parts of sympa working when ca-certificates is not around? If I install SYMPA I expect that *all* parts works (not only 3 daemons among 4). I strongly suspect that even without changing a single line in sympa configuration files, but only using some openssl command to generate a certificate and a crl file for it, sympa can run fine. Do you not agree with that? No, AFAIK this CA file (which expects to be a bundle of root CA certificates) is also used by SYMPA to redistribute S/MIME encrypted messages sent by subscribers[1]. I still don't understand why I should install a Recommend which is needed to get a basic setup working. The funny thing is that SYMPA depends on perl-suid and libfcgi-perl which should probably be ‘Recommends’. As a SYMPA maintainer, it's a bit sad that I can't fix something I consider to be a bug. Jonas, I don't want to fight with you about this. It seems that I can't convince you. I prefer to focus on the other bugs to fix. IMHO Sympa daemons should work without packages in Recommends. And ca-certificates isn't really a problem to be depend on. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594113: task_manager.pl daemon failed to start
On 08/25/2010 10:34 AM, Jonas Smedegaard wrote: On Wed, Aug 25, 2010 at 09:18:36AM +0200, Stefan Hornburg (Racke) wrote: IMHO Sympa daemons should work without packages in Recommends. And ca-certificates isn't really a problem to be depend on. Is S/MIME a mandatory or optional feature of sympa? - Jonas Optional. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#594119: Upgrade path from Lenny to Squeeze is broken
On 08/23/2010 09:52 PM, Emmanuel Bouthenot wrote: Package: sympa Version: 6.0.1+dfsg-2 Severity: critical {,family,bounce}queue binaries are now installed in /usr/lib/sympa/lib/sympa/ instead of /usr/lib/sympa/bin before. It will breaks mail aliases used by SYMPA during the upgrade from Lenny to Squeeze. It also means that the snippet installed in /etc/aliases can't work for now. Let's check if we can configure sympa to use the old paths. Otherwise symlinks should do the trick. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584001: courier-faxmail: Security bugs in ghostscript
On 06/01/2010 03:05 AM, Paul Szabo wrote: Package: courier-faxmail Severity: grave Tags: security Justification: user security hole Please note remote execute-any-code security bugs in ghostscript: http://bugs.debian.org/583183 This package depends on ghostscript, and may be affected. Please evaluate the security of this package, and fix if needed. OK, done. What is the plan for the package in Debian stable? Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584001: courier-faxmail: Security bugs in ghostscript
On 06/01/2010 03:05 AM, Paul Szabo wrote: Package: courier-faxmail Severity: grave Tags: security Justification: user security hole Please note remote execute-any-code security bugs in ghostscript: http://bugs.debian.org/583183 This package depends on ghostscript, and may be affected. Please evaluate the security of this package, and fix if needed. The following Ghostscript commands are used by courier-faxmail: erebus:/usr/lib/courier/faxmail# grep -i gs * application-pdf.filter:$GS -sDEVICE=faxg3 $FAXRES -dBATCH -sOutputFile=$OUTDIR/f%04d -dNOPAUSE -q -dSAFER - $OUTDIR/.ps application-postscript.filter:$GS -sDEVICE=faxg3 $FAXRES -dBATCH -sOutputFile=$OUTDIR/f%04d -dNOPAUSE -q -dSAFER - coverpage:$GS -sDEVICE=faxg3 $FAXRES -dBATCH -sOutputFile=$OUTDIR/f%04d -dNOPAUSE -q -dSAFER - $OUTDIR/.dpost init:GS=/usr/bin/gs text-plain.filter:$GS -sDEVICE=faxg3 $FAXRES -dBATCH -sOutputFile=$OUTDIR/f%04d -dNOPAUSE -q -dSAFER - $OUTDIR/.ps What kind of fixes do you have in mind? Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#583989: Courier IMAP: Clients think logins have failed after upgrade
On 06/01/2010 01:18 AM, Adam Warner wrote: Package: courier Version: 0.64.2-1 Severity: grave Upstream has the patch: http://sourceforge.net/mailarchive/forum.php?thread_name=4BA4F266.3080603%40linuxia.deforum_name=courier-users Thunderbird chokes on that and requests a login again, claiming a login failure. (ditto Evolution. Client thinks a transaction failed on the server but it actually succeeded. The client and server get out of sync. Appear to be missing messages/discover duplicate message after closing and reopening client/etc). --- courier-0.64.2-orig/imap/imapd.c2010-03-16 23:12:40.0 +0100 +++ courier-0.64.2/imap/imapd.c 2010-03-20 15:34:35.0 +0100 @@ -6503,7 +6503,7 @@ if ((w=maildirwatch_alloc(.)) == NULL) { - writes(*OK [ALERT] Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library)\r\n); + writes(* OK [ALERT] Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library)\r\n); } else { I'll upload packages for Courier 0.65.0 soon. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584001: courier-faxmail: Security bugs in ghostscript
On 06/01/2010 01:24 PM, paul.sz...@sydney.edu.au wrote: Dear Racke, What kind of fixes do you have in mind? Please add the -P- option to all $GS invocations. OK, I'll do so today. I just wonder why this option isn't mentioned in the gs manpage. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#584001: courier-faxmail: Security bugs in ghostscript
On 06/01/2010 01:24 PM, paul.sz...@sydney.edu.au wrote: Dear Racke, What kind of fixes do you have in mind? Please add the -P- option to all $GS invocations. Thanks, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of SydneyAustralia The attached patch should take care of that. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team --- courier-0.65.0.orig/courier/module.fax/init.in 2002-03-09 01:48:14.0 +0100 +++ courier-0.65.0/courier/module.fax/init.in 2010-06-01 14:28:30.0 +0200 @@ -9,7 +9,7 @@ tro...@troff@ dpo...@dpost@ t...@tbl@ -...@gs@ +GS=@GS@ -P- pref...@prefix@ exec_pref...@exec_prefix@
Bug#579790: courier-authdaemon: uninstallation fails: exec: /usr/sbin/courierlogger: cannot execute: No such file or directory
On 05/06/2010 10:35 PM, Sascha Silbe wrote: I've worked around this by killing the remaining courier processes manually (pkill -f courier) and hacking /var/lib/dpkg/info/courier-authdaemon.prerm to do exit 0 immediately. Courier is now gone from my system. CU Sascha OK, thanks for the information. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#436266: (no subject)
severity 436266 important thanks On 05/03/2010 11:04 PM, Olaf van der Spek wrote: severity 436266 serious thanks This one leads to data loss... I don't consider this a serious data loss. Volatile and discarded data has to be purged at some point. Of course, the default setting can still be debated. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#579550: sympa: missing dependencies
On 04/28/2010 04:23 PM, Malte S. Stretz wrote: Package: sympa Version: 6.0.1-1 Severity: grave Justification: renders package unusable Startup will fail because the following Perl libraries aren't automatically pulled in: libfile-copy-recursive libnet-netmask-perl libterm-progressbar-perl Can't locate File/Copy/Recursive.pm in @INC (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at /usr/share/sympa/lib/tools.pm line 30. Can't locate Net/Netmask.pm in @INC (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at /usr/share/sympa/lib/Scenario.pm line 26. Can't locate Term/ProgressBar.pm in @INC (@INC contains: /usr/share/sympa/lib /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at /usr/share/sympa/lib/Bulk.pm line 37. Thanks for the report. A package fixing this problem will be uploaded this weekend. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#575366: HTTP response splitting vulnerability
package: interchange severity: critical tags: security, fixed-upstream Interchange 5.7.6 closes a potential HTTP response splitting vulnerability. For details see http://www.icdevgroup.org/i/dev/news?mv_arg=00042. The patch to fix the vulnerability is here: http://git.icdevgroup.org/?p=interchange.git;a=patch;h=c2d7cc435b71ffaaa1e6e1050566a087f8b5e510 I'll upload Interchange 5.7.6 packages today. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#574106: Build failure on sid (AMD64)
Stefan Hornburg (Racke) wrote: package: courier severity: serious Courier packages fail to build on sid (AMD64 architecture). The error message is: /usr/bin/libtool --tag=CXX --mode=link g++ -Wall -I./.. -I.. -I./../afx -I./../rfc822 -I./libs -g -O2 -lcrypt -o aliaslookup aliaslookup.o ldapaliasdrc.o libs/libcommon.la libs/libcourier.la ../afx/libafx.a ../gdbmobj/libgdbmobj.la libtool: link: g++ -Wall -I./.. -I.. -I./../afx -I./../rfc822 -I./libs -g -O2 -o aliaslookup aliaslookup.o ldapaliasdrc.o libs/.libs/libcommon.a libs/.libs/libcourier.a ../afx/libafx.a ../gdbmobj/.libs/libgdbmobj.a -lcrypt /usr/lib/libgdbm.so gcc -DHAVE_CONFIG_H -I. -Wall -I./.. -I.. -I./../afx -I./../rfc822 -I./libs -g -O2 -MT ldapaliasd.o -MD -MP -MF .deps/ldapaliasd.Tpo -c -o ldapaliasd.o ldapaliasd.c ldapaliasd.c: In function 'search_maildrop': ldapaliasd.c:271: warning: implicit declaration of function 'courier_auth_ldap_escape' ldapaliasd.c:271: warning: initialization makes pointer from integer without a cast mv -f .deps/ldapaliasd.Tpo .deps/ldapaliasd.Po /usr/bin/libtool --tag=CC --mode=link gcc -Wall -I./.. -I.. -I./../afx -I./../rfc822 -I./libs -g -O2 `/usr/bin/courierauthconfig --ldflags` -lcrypt -o courierldapaliasd ldapaliasd.o ldapaliasdrc.o ../liblock/liblock.la ../numlib/libnumlib.la -lcourierauthcommon -lldap -llber libtool: link: gcc -Wall -I./.. -I.. -I./../afx -I./../rfc822 -I./libs -g -O2 -o courierldapaliasd ldapaliasd.o ldapaliasdrc.o -L/usr/lib/courier-authlib ../liblock/.libs/liblock.a ../numlib/.libs/libnumlib.a -lcrypt /usr/lib/courier-authlib/libcourierauthcommon.so -lldap -llber -Wl,-rpath -Wl,/usr/lib/courier-authlib -Wl,-rpath -Wl,/usr/lib/courier-authlib ldapaliasd.o: In function `search_maildrop': /tmp/courier-0.64.1/courier/ldapaliasd.c:271: undefined reference to `courier_auth_ldap_escape' Full log file attached. It looks like that courier-authlib 0.63 fixes that build problem. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#572439: SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities
package: drupal6 severity: critical tags: security * Advisory ID: DRUPAL-SA-CORE-2010-001 * Project: Drupal core * Version: 5.x, 6.x * Date: 2010-March-03 * Security risk: Critical * Exploitable from: Remote * Vulnerability: Multiple vulnerabilities DESCRIPTION - Multiple vulnerabilities and weaknesses were discovered in Drupal. Installation cross site scripting A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. This issue affects Drupal 6.x only. Open redirection The API function drupal_goto() is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL. This issue affects Drupal 5.x and 6.x. Locale module cross site scripting Locale module and dependent contributed modules do not sanitize the display of language codes, native and English language names properly. While these usually come from a preselected list, arbitrary administrator input is allowed. This vulnerability is mitigated by the fact that the attacker must have a role with the 'administer languages' permission. This issue affects Drupal 5.x and 6.x. Blocked user session regeneration Under certain circumstances, a user with an open session that is blocked can maintain his/her session on the Drupal site, despite being blocked. This issue affects Drupal 5.x and 6.x. VERSIONS AFFECTED --- * Drupal 6.x before version 6.16. * Drupal 5.x before version 5.22. SOLUTION Install the latest version: * If you are running Drupal 6.x then upgrade to Drupal 6.16 [1]. * If you are running Drupal 5.x then upgrade to Drupal 5.22 [2]. Drupal 5 will no longer be maintained when Drupal 7 is released [3]. Upgrading to Drupal 6 [4] is recommended. If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. These patches fix the security vulnerabilities, but do not contain other fixes which were released in Drupal 6.16 or Drupal 5.22. * To patch Drupal 6.15 use SA-CORE-2010-001-6.15.patch [5]. * To patch Drupal 5.21 use SA-CORE-2010-001-5.21.patch [6]. REPORTED BY - The installation cross site scripting issue was reported by David Rothstein [7] (*). The open redirection was reported by Martin Barbella [8]. The locale module cross site scripting was reported by Justin Klein Keane [9]. The blocked user session regeneration issue was reported by Craig A. Hancock [10]. (*) Member of the Drupal security team. FIXED BY The installation cross site scripting issue was fixed by Heine Deelstra [11]. The open redirection was fixed by Gerhard Killesreiter [12] and Heine Deelstra [13]. The locale module cross site scripting was fixed by Stéphane Corlosquet [14], Peter Wolanin [15], Heine Deelstra [16] and Neil Drumm [17]. The blocked user session regeneration issue was fixed by Gerhard Killesreiter [18]. All the fixes were done by members of the Drupal security team. CONTACT - The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact. [1] http://ftp.drupal.org/files/projects/drupal-6.16.tar.gz [2] http://ftp.drupal.org/files/projects/drupal-5.22.tar.gz [3] http://drupal.org/node/725382 [4] http://drupal.org/upgrade [5] http://drupal.org/files/sa-core-2010-001/SA-CORE-2010-001-6.15.patch [6] http://drupal.org/files/sa-core-2010-001/SA-CORE-2010-001-5.21.patch [7] http://drupal.org/user/124982 [8] http://drupal.org/user/633600 [9] http://drupal.org/user/302225 [10] http://drupal.org/user/62850 [11] http://drupal.org/user/17943 [12] http://drupal.org/user/227 [13] http://drupal.org/user/17943 [14] http://drupal.org/user/52142 [15] http://drupal.org/user/49851 [16] http://drupal.org/user/17943 [17] http://drupal.org/user/3064 [18] http://drupal.org/user/227 ___ Security-news mailing list security-n...@drupal.org http://lists.drupal.org/mailman/listinfo/security-news -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559020: closed by Dominic Hargreaves d...@earth.li (Fixed)
Hello, I'm out of the office till 2nd February afternoon and don't read my email. In urgent cases please call my cellphone or use one of the companies listed here for support: http://www.icdevgroup.org/i/dev/support/index My preference would be Tenalt. Regards Racke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#560614: fixed
Jan Dittberner wrote: I patched debian/rules to use the system libtool to fix this FTBFS and NMUed it at BSP Mönchengladbach. That's great. Please send me the patch. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#563407: sympa: FTBFS because libmime-base64-perl was removed
Ansgar Burchardt wrote: Source: sympa Version: 5.4.7-1 Severity: serious Justification: FTBFS Hi, sympa failed to build [1] on hppa, hurd-i386, ia64, mips, mipsel, sparc because libmime-base64-perl is no longer a real package and sympa has a versioned build-dep on it. Replacing the build-dep libmime-base64-perl (= 1.0) | perl (= 5.8) with just perl should fix the issue. So why does it fail if perl is present? That seems odd to me. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#563407: sympa: FTBFS because libmime-base64-perl was removed
Ansgar Burchardt wrote: Hi, Stefan Hornburg (Racke) ra...@linuxia.de writes: So why does it fail if perl is present? That seems odd to me. Some buildds will not consider alternative dependencies, others may do so. Many buildds run different versions of sbuild (see also for example #541342). That doesn't make it less odd for me. At any rate, the bogus build dependency should be fixed in Sympa :-). Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559802: CVE-2009-3736 local privilege escalation
Michael Gilbert wrote: Package: courier-authlib Severity: grave Tags: security Hi, The following CVE (Common Vulnerabilities Exposures) id was published for libtool. I have determined that this package embeds a vulnerable copy of the libtool source code. However, since this is a mass bug filing (due to so many packages embedding libtool), I have not had time to determine whether the vulnerable code is actually present in any of the binary packages. Please determine whether this is the case. If the package is not affected, please feel free to close the bug with a message containing the details of what you did to check. CVE-2009-3736[0]: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, | attempts to open a .la file in the current working directory, which | allows local users to gain privileges via a Trojan horse file. Note that this problem also affects etch and lenny, so if your package is affected, please coordinate with the security team to release the DSA for the affected packages. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Is there a patch available for the vulnerability? I don't know which modifications were applied upstream to the libtool copy. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#559020: Session Fixation Vulnerability
Package: request-tracker3.6 Tag: security Severity: critical http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html RT 3.8.6 is not affected. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#555087: [courier-mta] courier-mta does not install on clean squeeze system
tags 555087 + confirmed patch thanks Heiner Markert wrote: Package: courier-mta Version: 0.59.0-3 Severity: serious --- Please enter the report below this line. --- When performing apt-get install courier-mta on an otherwise clean squeeze system, dpkg fails with an post-install script error in package courier-mta. Installing the lenny package and dist-upgrading to squeeze is however working. The error occurs with either bash or dash as /bin/sh. My system is using legacy init scripts. Please note that the squeeze system is running inside a vserver-environment on a lenny i386 machine. The attached patch should fix the issue. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team diff -u -r1.15 courier-mta.init --- debian/courier-mta.init 1 Feb 2008 11:21:52 - 1.15 +++ debian/courier-mta.init 9 Nov 2009 11:02:42 - @@ -39,6 +39,10 @@ case $1 in start) cd / + + # ensure proper permissions on /var/run/courier + chgrp daemon /var/run/courier + chmod g+rwx /var/run/courier echo -n Starting Courier mail server: ${sbindir}/courier start
Bug#555087: [courier-mta] courier-mta does not install on clean squeeze system
Heiner Markert wrote: Package: courier-mta Version: 0.59.0-3 Severity: serious --- Please enter the report below this line. --- When performing apt-get install courier-mta on an otherwise clean squeeze system, dpkg fails with an post-install script error in package courier-mta. Installing the lenny package and dist-upgrading to squeeze is however working. The error occurs with either bash or dash as /bin/sh. My system is using legacy init scripts. Please note that the squeeze system is running inside a vserver-environment on a lenny i386 machine. How does the error message looks like. Intstalling courier-mta in my sid chroot results in the following error: Starting Courier mail server: done. Starting Courier mail filter:invoke-rc.d: initscript courier-mta, action start failed. dpkg: error processing courier-mta (--configure): subprocess installed post-installation script returned error exit status 255 Do you see the same error message? Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#554182: courier: missing-build-dependency po-debconf
tag 554182 + pending confirmed thanks Manoj Srivastava wrote: Package: courier Version: 0.63.0-1 Severity: serious User: lintian-ma...@debian.org Usertags: missing-build-dependency The package doesn't specify a build dependency on a package that is used in debian/rules. Also, it depends on obsolete packagesm gs, gs-aladdin. Even if the package build-depends on some package that in turn depends on the needed package, an explicit build dependency should be added. Otherwise, a latent bug is created that will appear without warning if the other package is ever updated to change its dependencies. Even if this seems unlikely, please always add explicit build dependencies on every non-essential, non-build-essential package that is used directly during the build. Refer to Debian Policy Manual section 4.2 (Package relationships) for details. This is a bug filed due to a lintian warning (see above). However, this has also been manually tested, and this is no false positive. Filed as serious since a package with these files will currently get this package rejected. See http://lists.debian.org/debian-devel-announce/2009/10/msg4.html for details. This means the package has been deemed too buggy to be in Debian. All these are trivial fixes, there is no reason not to get them fixed before release. Fixed in my CVS repository. Thanks Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#553539: interchange-ui: dir-or-file-in-var-www /var/www/interchange-5/da_DK/az.gif and 150+ others
tag 553539 + confirmed fixed-upstream thanks Manoj Srivastava wrote: Package: interchange-ui Version: 5.7.2-1 Severity: serious User: lintian-ma...@debian.org Usertags: dir-or-file-in-var-www Debian packages should not install files under /var/www. This is not one of the /var directories in the File Hierarchy Standard and is under the control of the local administrator. Packages should not assume that it is the document root for a web server; it is very common for users to change the default document root and packages should not assume that users will keep any particular setting. This bug has been already fixed upstream and will be uploaded just after the next upstream release scheduled for next week. http://git.icdevgroup.org/?p=interchange.git;a=commit;h=c60158438ca54e78b9e675fe7951e5ea2da5 Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#368905: interchange-doc: Useless without interchange in testing
Barry deFreese wrote: Hi, What's the status of this. It is from 2006 but interchange has been in testing for a while now. Hello, Barry! Interchange has moved its documentation system, so it'll take a while to adjust the package accordingly. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#547511: python-scientific and sympa: error when trying to install together
Olivier Berger wrote: On Sun, Sep 20, 2009 at 02:52:53PM +0200, Ralf Treinen wrote: Unpacking sympa (from .../sympa_5.4.7-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/sympa_5.4.7-1_amd64.deb (--unpack): trying to overwrite '/usr/bin/task_manager', which is also in package python-scientific 0:2.8-1 Here is a list of files that are known to be shared by both packages (according to the Contents file for sid/amd64, which may be slightly out of sync): usr/bin/task_manager IMHO, in Sympa, task_manager is normally not used by a regular user, and is a kind of daemon, so I think it may be placed in another dir, maybe somewhere in a sympa-dedicated directory. Hope this helps, For all Sympa binaries /usr/sbin would be more appropriate, these programs aren't called by regular users. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#521037: courier-base: postinst failure caused by incorrect alternative if maildrop is installed
Laurent Bonnaud wrote: Package: courier-base Version: 0.61.2-1 Justification: postinst script must not fail Severity: serious Hi, here is the problem: Setting up courier-base (0.61.2-1) ... update-alternatives: error: alternative link /usr/share/man/man5/maildir.5.gz is already managed by maildir.5.gz. dpkg: error processing courier-base (--configure): Here is what this system has in /var/lib/dpkg/alternatives/maildir.5.gz: auto /usr/share/man/man5/maildir.5.gz /usr/share/man/man5/maildir.maildrop.5.gz 5 The same thing happens if you install maildrop on top of courier: Setting up maildrop (2.0.4-3) ... update-alternatives: renaming deliverquota link from /usr/bin/deliverquota to /usr/sbin/deliverquota. update-alternatives: using /usr/bin/lockmail.maildrop to provide /usr/bin/lockmail (lockmail) in auto mode. update-alternatives: error: alternative link /usr/share/man/man5/maildir.5.gz is already managed by maildir.5. dpkg: error processing maildrop (--configure): subprocess installed post-installation script returned error exit status 2 Errors were encountered while processing: maildrop E: Sub-process /usr/bin/dpkg returned an error code (1) Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#517960: courier-imap-ssl: upgrade to lenny broke ssl connection
Erwan David wrote: On Tue, Mar 03, 2009 at 11:01:20AM CET, Stefan Hornburg ra...@linuxia.de said: Erwan David wrote: Package: courier-imap-ssl Version: 4.4.0-2 Severity: grave Justification: renders package unusable Since upgrade to lenny, I cannot get a ssl connection with courier-imap. Here is the log: Mar 3 09:55:09 maio imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number I get same error when I use fetchmail, mutt or openssl s_client to connect. courier-pop-ssl works. How does your /etc/courier/imapd-ssl configuration file look like? Regards Racke Find it at the end of the message. Please note that courier-pop-ssl works with the same settings. If I set TLS_PROTOCOL to SSL23, I get a no shared ciphers error, even if I set TLS_CIPHER_LIST to ALL What happens if you don't set TLS_PROTOCOL at all? Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#505732: SA32658: Interchange Cross-Site Scripting Vulnerabilities
Raphael Geissert wrote: Source: interchange Severity: grave Version: 5.6.0-1 Tags: security Hi, The following SA (Secunia Advisory) id was published for interchange. SA32658[1]: Some vulnerabilities have been reported in Interchange, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Unspecified input passed to the country-select widget is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the mv_order_item CGI variable is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 5.4.3 and 5.6.1. If you fix the vulnerability please also make sure to include the SA id (or the CVE id when one is assigned) in the changelog entry. [1]http://secunia.com/Advisories/32658/ I already uploaded interchange 5.6.1-1 today before I was aware of this SA. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499078: jfsutils: Bus Error when running fsck.jfs on sparc
Luk Claes wrote: Hi Any news from upstream? Can we expect an upload shortly? No word from upstream. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#499078: jfsutils: Bus Error when running fsck.jfs on sparc
Luk Claes wrote: Stefan Hornburg (Racke) wrote: Luk Claes wrote: Hi Any news from upstream? Can we expect an upload shortly? No word from upstream. Will you upload a version that at least takes care of being able to recover from a power failure like the patch submitter proposes? We have to ensure that a patched version will not fail on the other architectures. I couldn't promise to upload a new version, but I can certainly look into it. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#501605: sympa: broken post-inst script
Niko Tyni wrote: severity 501605 serious tag 501605 - unreproducible thanks On Thu, Oct 09, 2008 at 01:42:39PM +0200, Patrick Schoenfeld wrote: Severity 501605 important thanks I have tested the installation of sympa as well and I can't reproduce the problem. Additional I auditted the post-inst script and I can't see any condition under which one of the sed commands could fail. All seem reasonable and don't fail when I test them manually in a dash or a in a zsh with values as specified by the user. + db_get sympa/key_password + _db_cmd 'GET sympa/key_password' + IFS=' ' + printf '%s\n' 'GET sympa/key_password' + IFS=' ' + read -r _db_internal_line + RET=a/b/c + case ${_db_internal_line%%[ ]*} in + return 0 + key_password=a/b/c + sed -e s/@KEY_PASSWORD@/a/b/c/ /etc/sympa/sympa.conf-smime.in sed: -e expression #1, char 20: unknown option to `s' Line 212 in the postinst breaks if sympa/key_password contains sed metacharacters, for instance 'a/b/c' as above. This looks RC to me, so upgrading back. OK, that should certainly be fixed. Thanks for the assistance. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#496520: remove sympa from lenny?
Thomas Viehmann wrote: Hi, sympa has two RC bugs open for about one month, #496520 about insecure usage of tmp (which looks at least partially fixed upstream, but has no maintainer response) and #498144 about problems on upgrade (with an initial maintainer response will investigate, also happened to people at the last security upgrades, but no visible activity since). Applying the patch from http://sourcesup.cru.fr/cgi/viewvc.cgi/branches/sympa-5.4-branch/src/tools.pl?r1=4943r2=5124 should solve issue #496520, is that right? Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#498144: remove sympa from lenny?
Thomas Viehmann wrote: Hi, sympa has two RC bugs open for about one month, #496520 about insecure usage of tmp (which looks at least partially fixed upstream, but has no maintainer response) and #498144 about problems on upgrade (with an initial maintainer response will investigate, also happened to people at the last security upgrades, but no visible activity since). This one is more difficult, as I wasn't yet able to reproduce it. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#498144: remove sympa from lenny?
Lucas Nussbaum wrote: On 03/10/08 at 15:21 +0200, Olivier Berger wrote: Le vendredi 03 octobre 2008 à 12:43 +0200, Thomas Viehmann a écrit : It does not seem to have reverse dependencies. There are a few users (double digit popcon), but not exceedingly many. As it is on the servers, I assume a single mailing-list manager may have thousands of users... so popularity contest may not be relevant here AFAICT. Right. I find it annoying that after the sympa-drama before the etch release, we are now likely to run into another sympa-drama. Sympa is not an unmaintained software package: upstream is active, responsive and AFAIK willing to help. There's absolutely no reason why sympa should be in a crappy state in Debian. At the time I took over Sympa maintenance the scripts were written in a convoluted and complicated manner. To be honest, this hasn't changed much. If I would've been any wiser (and enough time to spent), I would started Sympa packaging from scratch. As a side note, file inclusion in Sympa configuration is a missing feature as packaging is concerned. In #354355 (the etch sympa-drama bug), Stefan Hornburg refused several times to consider co-maintainance for sympa. I'm not sure if Jean Charles Delepine is still interested in co-maintaining it, but maybe we should try to convince Stefan to accept co-maintainance now. Maybe we could even avoid a sympa problem before the squeeze release. Jean seems to be vanished from the radar. Jonas Smeedegard put an effort for better Sympa packaging on git.debian.org. It's quite likely that I team up with him after Lenny release. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#490881: give back (on alpha only) and unblock jfsutils
Steve Langasek wrote: On Wed, Jul 30, 2008 at 09:18:55PM +0300, Teodor wrote: I didn't received any response from the alpha buildd admins, maybe the message was lost. Is there anyone who can tell where the problem is and fix it? Can you unblock it also? It is 26 days old and it could migrate to lenny when the build on alpha is fixed. Thanks On Tue, Jul 15, 2008 at 1:48 AM, Teodor [EMAIL PROTECTED] wrote: The build for jfsutils_1.1.12-1 has failed only on alpha [1]. Can you tell if this an issue with the build environment on alpha [2] or a bug in the jfsutils package? This is a toolchain issue on alpha; Please link using -Wl,--no-relax. [EMAIL PROTECTED] is a better place to ask for help than the buildd contact address. jfsutils didn't build on alpha. Can you please advise how do I need to change debian/rules to use this linking parameters? I'm not on the list, so please Cc: me/the bug. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]