Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
sendmail/buster is not compatible with the more strict checking in
start-stop-daemon/buster - matching on unpivileged pidfile alone is
insecure.
So match on the binary as well ... and while I debugged this, I also
noticed that sendmail was not stopped upon removal - the alternatives
were removed first, and thereafter the initscript turned into a noop
since the daemon was missing.
The package (a rebuild from sid) is already uploaded.
Andreas
diff -Nru sendmail-8.15.2/debian/changelog sendmail-8.15.2/debian/changelog
--- sendmail-8.15.2/debian/changelog 2018-09-16 00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/changelog 2019-08-25 15:04:16.000000000 +0200
@@ -1,3 +1,27 @@
+sendmail (8.15.2-14~deb10u1) buster; urgency=medium
+
+ * QA upload.
+ * Rebuild for buster.
+
+ -- Andreas Beckmann <a...@debian.org> Sun, 25 Aug 2019 15:04:16 +0200
+
+sendmail (8.15.2-14) unstable; urgency=medium
+
+ * QA upload.
+ * sendmail-bin.prerm: Stop sendmail before removing the alternatives.
+ * sendmail-bin.postinst: Let start-stop-daemon match on pidfile and
+ executable. (Closes: #932598)
+
+ -- Andreas Beckmann <a...@debian.org> Sun, 25 Aug 2019 14:56:41 +0200
+
+sendmail (8.15.2-13) unstable; urgency=medium
+
+ * QA upload.
+ * initscript: Let start-stop-daemon match on pidfile and executable.
+ (Closes: #932598, LP: #1822866)
+
+ -- Andreas Beckmann <a...@debian.org> Tue, 30 Jul 2019 19:22:43 +0200
+
sendmail (8.15.2-12) unstable; urgency=medium
* QA upload.
diff -Nru sendmail-8.15.2/debian/local/sendmail.in
sendmail-8.15.2/debian/local/sendmail.in
--- sendmail-8.15.2/debian/local/sendmail.in 2018-09-16 00:11:47.000000000
+0200
+++ sendmail-8.15.2/debian/local/sendmail.in 2019-08-25 15:04:16.000000000
+0200
@@ -103,43 +103,46 @@
STAMP_DIR="${SENDMAIL_ROOT}/stampdir";
START_MTAL_CMD="start-stop-daemon \
--pidfile $MTAL_PIDFILE \
- --exec $MTA_DAEMON \
--startas $MTA_COMMAND \
--start";
STOP_MTAL_CMD="start-stop-daemon \
--pidfile $MTAL_PIDFILE \
+ --exec $MTA_COMMAND \
--name sendmail-mta \
--stop";
SIGNAL_MTAL_CMD="start-stop-daemon \
--pidfile $MTAL_PIDFILE \
+ --exec $MTA_COMMAND \
--name sendmail-mta \
--stop";
START_MTAQ_CMD="start-stop-daemon \
--pidfile $MTAQ_PIDFILE \
--make-pidfile \
- --exec $MTA_DAEMON \
--startas $MTA_COMMAND \
--start";
STOP_MTAQ_CMD="start-stop-daemon \
--pidfile $MTAQ_PIDFILE \
+ --exec $MTA_COMMAND \
--name sendmail-mta \
--stop";
SIGNAL_MTAQ_CMD="start-stop-daemon \
--pidfile $MTAQ_PIDFILE \
+ --exec $MTA_COMMAND \
--name sendmail-mta \
--stop";
START_MSP_CMD="start-stop-daemon \
--pidfile $MSP_PIDFILE \
- --exec $MSP_DAEMON \
--startas $MSP_COMMAND \
--chuid smmsp \
--start";
STOP_MSP_CMD="start-stop-daemon \
--pidfile $MSP_PIDFILE \
+ --exec $MSP_COMMAND \
--name sendmail-msp \
--stop";
SIGNAL_MSP_CMD="start-stop-daemon \
--pidfile $MSP_PIDFILE \
+ --exec $MSP_COMMAND \
--name sendmail-msp \
--stop";
NAME='sendmail';
diff -Nru sendmail-8.15.2/debian/sendmail-bin.postinst.in
sendmail-8.15.2/debian/sendmail-bin.postinst.in
--- sendmail-8.15.2/debian/sendmail-bin.postinst.in 2018-09-16
00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/sendmail-bin.postinst.in 2019-08-25
15:04:16.000000000 +0200
@@ -6,29 +6,34 @@
#-----------------------------------------------------------
#stop(): stop sendmail
stop_mta () {
+ if [ -x @sysconfdir@/init.d/sendmail ]; then
+ invoke-rc.d --quiet --force sendmail stop
+ fi
# Account for varying PIDfile locations of older sendmail packages
if [ -f /var/run/sendmail/mta/sendmail.pid ]; then
start-stop-daemon --stop --oknodo --quiet \
+ --exec /usr/lib/sm.bin/sendmail \
--pidfile /var/run/sendmail/msp/sendmail.pid >
/dev/null;
start-stop-daemon --stop --oknodo --quiet \
- -pidfile /var/run/sendmail/mta/sendmail.pid > /dev/null;
+ --exec /usr/lib/sm.bin/sendmail \
+ --pidfile /var/run/sendmail/mta/sendmail.pid >
/dev/null;
elif [ -f /var/run/sendmail/sendmail.pid ]; then
start-stop-daemon --stop --oknodo --quiet \
+ --exec /usr/lib/sm.bin/sendmail \
--pidfile /var/run/sendmail/sendmail.pid > /dev/null;
elif [ -f /var/run/sendmail.pid ]; then
start-stop-daemon --stop --oknodo --quiet \
+ --exec /usr/lib/sm.bin/sendmail \
--pidfile /var/run/sendmail.pid > /dev/null;
fi;
# Since we changed the executable, do one more try - using the old name
if [ -f /var/run/sendmail/mta/sendmail.pid ]; then
start-stop-daemon --stop --oknodo --quiet \
+ --exec /usr/lib/sm.bin/sendmail \
--pidfile /var/run/sendmail/mta/sendmail.pid >
/dev/null;
fi;
start-stop-daemon --stop --oknodo --quiet \
--name sendmail > /dev/null;
- if [ -x @sysconfdir@/init.d/sendmail ]; then
- invoke-rc.d --quiet --force sendmail stop
- fi;
};
#-----------------------------------------------------------
diff -Nru sendmail-8.15.2/debian/sendmail-bin.prerm.in
sendmail-8.15.2/debian/sendmail-bin.prerm.in
--- sendmail-8.15.2/debian/sendmail-bin.prerm.in 2018-09-16
00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/sendmail-bin.prerm.in 2019-08-25
15:04:16.000000000 +0200
@@ -1,32 +1,26 @@
#!/bin/sh
-set -e;
-
-PACKAGE=sendmail-bin;
+set -e
if [ "$1" = "remove" ]; then
- # Remove alternatives for MTA, MSP
- update-alternatives --remove sendmail-mta @libexecdir@/sendmail;
- update-alternatives --remove sendmail-msp @libexecdir@/sendmail;
- if [ -x @sysconfdir@/init.d/sendmail ] && \
- [ -x @datadir@/sendmail/sendmail ]; then
- invoke-rc.d --quiet --force sendmail stop
- fi;
- # Prevent cronjob from running during upgrade...
- if [ -f /etc/cron.d/sendmail ]; then
- rm -f @sysconfdir@/cron.d/sendmail;
- fi;
+ # Prevent cronjob from running during removal...
+ if [ -f @sysconfdir@/cron.d/sendmail ]; then
+ rm -f @sysconfdir@/cron.d/sendmail
+ fi
fi
if [ "$1" = "upgrade" ]; then
- # Prevent cronjob from running during upgrade...
- if [ -f /etc/cron.d/sendmail ]; then
- echo "#prerm" > @sysconfdir@/cron.d/sendmail;
- fi;
-
- # NOTE NOTE NOTE NOTE NOTE
- # If we fall through to DEBHELPER, sendmail will be stopped
- # much earlier than necessary !!!
- exit 0;
+ # Prevent cronjob from running during upgrade...
+ if [ -f @sysconfdir@/cron.d/sendmail ]; then
+ echo "#prerm" > @sysconfdir@/cron.d/sendmail
+ # The cronjob is regenerated by the postinst
+ fi
fi
#DEBHELPER#
+
+if [ "$1" = "remove" ]; then
+ # Remove alternatives for MTA, MSP
+ # Note: removes paths needed by the initscript
+ update-alternatives --remove sendmail-mta @libexecdir@/sendmail
+ update-alternatives --remove sendmail-msp @libexecdir@/sendmail
+fi
