Your message dated Mon, 24 Feb 2020 06:21:01 +0000 with message-id <e1j676z-000fxz...@fasolo.debian.org> and subject line Bug#951194: fixed in roundcube 1.4.3+dfsg.1-1 has caused the Debian Bug report #951194, regarding roundcube-core: postinst runs `chown root:www-data /etc/roundcube/config.inc.php` on upgrade to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 951194: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: roundcube Version: 1.3.10+dfsg.1-1~deb10u1 Severity: normal Dear Maintainer, After an `apt upgrade` which upgrade roundcube-core, the group of /etc/roundcube/config.inc.php has changed, set to www-data, which in my case broke roundcube (the php user handling roundcube is not in this group) I guess a post-upgrade script should not change any permission, especially on a config file. -- System Information: Debian Release: 10.3 APT prefers stable-updates APT policy: (520, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages roundcube-core depends on: ii dbconfig-common 2.0.11+deb10u1 ii debconf [debconf-2.0] 1.5.71 ii dpkg 1.19.7 ii libapache2-mod-php7.3 [libapache2-mod-php] 7.3.11-1~deb10u1 ii libmagic1 1:5.35-4+deb10u1 ii php 2:7.3+69 ii php-auth-sasl 1.0.6-3 ii php-cli 2:7.3+69 ii php-common 2:69 ii php-intl 2:7.3+69 ii php-json 2:7.3+69 ii php-mail-mime 1.10.2-0.1 ii php-net-sieve 1.4.1-1 ii php-net-smtp 1.8.0-1 ii php-net-socket 1.0.14-2 ii php-pear 1:1.10.6+submodules+notgz-1.1 ii php7.3 [php] 7.3.11-1~deb10u1 ii php7.3-cli [php-cli] 7.3.11-1~deb10u1 ii php7.3-intl [php-intl] 7.3.11-1~deb10u1 ii php7.3-json [php-json] 7.3.11-1~deb10u1 ii roundcube-mysql 1.3.10+dfsg.1-1~deb10u1 ii ucf 3.0038+nmu1 Versions of packages roundcube-core recommends: ii nginx-full [httpd-cgi] 1.14.2-2+deb10u1 ii php-fpm 2:7.3+69 ii php-gd 2:7.3+69 ii php-pspell 2:7.3+69 ii php7.3-fpm [php-fpm] 7.3.11-1~deb10u1 ii php7.3-gd [php-gd] 7.3.11-1~deb10u1 ii php7.3-pspell [php-pspell] 7.3.11-1~deb10u1 ii spawn-fcgi 1.6.4-2 Versions of packages roundcube-core suggests: pn php-crypt-gpg <none> pn php-net-ldap2 <none> pn php-net-ldap3 <none> ii roundcube-plugins 1.3.10+dfsg.1-1~deb10u1 Versions of packages roundcube depends on: ii dpkg 1.19.7 -- Configuration Files: /etc/logrotate.d/roundcube-core changed [not included] /etc/roundcube/debian-db-roundcube.php [Errno 13] Permission denied: '/etc/roundcube/debian-db-roundcube.php' /etc/roundcube/defaults.inc.php changed [not included] -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: roundcube Source-Version: 1.4.3+dfsg.1-1 Done: Guilhem Moulin <guil...@debian.org> We believe that the bug you reported is fixed in the latest version of roundcube, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 951...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guilhem Moulin <guil...@debian.org> (supplier of updated roundcube package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Feb 2020 06:39:10 +0100 Source: roundcube Architecture: source Version: 1.4.3+dfsg.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintain...@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guil...@debian.org> Closes: 951194 Changes: roundcube (1.4.3+dfsg.1-1) unstable; urgency=medium . * New upstream release. * d/roundcube-core.post*: + Replace tabs with spaces. + Pass flag '-f' to rm(1). * d/roundcube-core.postinst: + Create temporary config file with restricted permissions. Previously the file was created with mode 0644 (minus umask), possibly leaking secrets to a local attacker during a short time window. (The file was, and still is, removed later during the postinst stage.) + If the config file /etc/roundcube/config.inc.php already exists, don't override its ownership or mode. Otherwise (atomically) create it with owner root:www-data and mode 0640, like before. (Closes: #951194) + Honor dpkg-statoverride(1) rules on /var/lib/roundcube/temp and /var/log/roundcube: don't chown/chmod these directories if the local admin has defined overrides. * d/roundcube-core.postrm: + Also remove '.ucf-{new,old,dist}'-suffixed configuration files on purge, as suggested by ucf(1). + Only recursively remove /var/lib/roundcube/temp on purge, not its parent /var/lib/roundcube. Roundcube needs only write access to the temp dir. * d/patches/update_script.patch: Restore patch removed in 1.4.1+dfsg.1-1 to fix the ucf logic. * d/patches/dbconfig-common_support.patch: Use C++ style comment for consistency. Checksums-Sha1: 0e60d443e5ae5990318444201447542a4def4068 2466 roundcube_1.4.3+dfsg.1-1.dsc 25858554290c0138c9fd5b21fdcdf2df6c07412f 2969932 roundcube_1.4.3+dfsg.1.orig.tar.xz 25358772144d0df2ebfc69596419629c45ec4cc1 1226976 roundcube_1.4.3+dfsg.1-1.debian.tar.xz 68600b826c9b26e4ec7582ecf4bbcf57b79ac9e1 9512 roundcube_1.4.3+dfsg.1-1_amd64.buildinfo Checksums-Sha256: 325bfd9dfe56f34043c6651ce5728ea9b960b58ad145d994c50d5db7f674ea58 2466 roundcube_1.4.3+dfsg.1-1.dsc 143a4c7a076f7efdfe3b03f02b6888f134fb75b9b280477a4bfffa2114e309b7 2969932 roundcube_1.4.3+dfsg.1.orig.tar.xz 09100c04cd86f2b227114889ba47690d5194500edccd03a3f6a07f6e88eabb40 1226976 roundcube_1.4.3+dfsg.1-1.debian.tar.xz 22aaacbf9fe17bf83c7044a069546e069d95ac07708ee93370379e46d276c6a0 9512 roundcube_1.4.3+dfsg.1-1_amd64.buildinfo Files: 7f670231fb669ee8c78f77bfe2fb60d4 2466 web optional roundcube_1.4.3+dfsg.1-1.dsc 5c84a4f58e4cd0dbc92ba76e424eaac2 2969932 web optional roundcube_1.4.3+dfsg.1.orig.tar.xz 58213f34a64b9749a5b9297c00c0b8b7 1226976 web optional roundcube_1.4.3+dfsg.1-1.debian.tar.xz 99b975778388125c855d32cf669389bd 9512 web optional roundcube_1.4.3+dfsg.1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAl5TYfwACgkQ05pJnDwh pVLESQ/8CR7VdGJsnty8dqsqgrGIz+9xEegjzfPkonF7HaVGGSeN5RuyV4ZX6Tak EnFdmAYxjy2JWqHjS9c4W11g+aUi0s4hPFGbSkGz0gWDdP2OAIwV+m/TGa2aicT1 O1LgFgIr+m/e9p35c9yqzR7oGt6aBWr0URAXYgIZ7souLB3GxvIuZhPYUEcfl0AT rGDgt+c/sqSCWmwDlJ/XHI4QTmC26jg4svx6rDPAkzdYKmc3gs4UTaX31ngGJDfX VfCiiMAAeoDrURBIVuoiDR+Gf5XqW1rXbILnx4yNXrmk/saygsWxFPSREUi58Vmo yx540pfAgLIr27DbcYmUdRq1EsZS+S4KinqWJiyFTnHHyv9EJktL0mRMFNyupcNN DL/XyNyapUINnCpJib1ZBON1dp8uUbxAq7OSGo8qCpE2MJE3lNYalqXvqTExgcrb HhrHmFxY3D7HvXaAIQSZaWJbxnPd5MDscUGPMxYrRMGxiYBYjf92P7PL+h3f40IS rnDAgiIduQgiHFJ+oQkpqiFCKI81qUJfMpsG88q38EZkbwubxnC0mEaw3YAiYees 90pvGXu2QQl5f/nUZm33sJ3KCOnssSMFaIXxidQmQ6EXErMeVfJ7rHDtpws7TpX0 lFszfpPmqLB6hIxcXECqTsulX8wRwTSav+u32Hww1J3gUknrc3s= =XE5a -----END PGP SIGNATURE-----
--- End Message ---
