Package: mason Version: 1.0.0-2.2 Severity: important
Subject: mason: security-update should not remove existing initscript symlink Package: mason Version: 1.0.0-2.2 Severity: important Hello, this mason security update removes my initscript symlink which breakes my openvpn system after reboot. I propose that mason never touches an existing initscript symlink. Here some details: -------------------- First: mason starts after openvpn This is important, because mason.baserules contains iptables accept rules for tun* devices. These rules are ignored if these tun* devices does not exist. But they only exist if openvpn is running. andrew:~# uname -a Linux andrew 2.6.8-2-k7 #1 Thu May 19 18:03:29 JST 2005 i686 GNU/Linux andrew:/etc/rcS.d# iptables -nvL OUTPUT | grep tun ACCEPT tcp -- * tun46 0.0.0.0/0 192.168.13.0/24 tcp spts:1024:65535 dpt:22 ACCEPT tcp -- * tun18 0.0.0.0/0 192.168.12.0/24 tcp spts:1024:65535 dpt:22 [...] andrew:/etc/rc2.d# ls -l insgesamt 0 [...] lrwxrwxrwx 1 root root 19 2005-04-21 07:59 S14isdnutils -> ../init.d/isdnutils lrwxrwxrwx 1 root root 13 2005-04-21 07:59 S14ppp -> ../init.d/ppp lrwxrwxrwx 1 root root 17 2005-09-01 10:32 S16openvpn -> ../init.d/openvpn lrwxrwxrwx 1 root root 15 2005-09-01 10:45 S17mason -> ../init.d/mason [...] andrew:/etc/rc2.d# aptitude install mason [...] Hole:1 http://security.debian.org sarge/updates/main mason 1.0.0-2.2 [423kB] [...] Vorbereiten zum Ersetzen von mason 1.0.0-2.1 (durch .../mason_1.0.0-2.2_all.deb) ... Entpacke Ersatz für mason ... Richte mason ein (1.0.0-2.2) ... update-rc.d: /etc/init.d/mason exists during rc.d purge (continuing) Now mason starts before openvpn. reboot andrew:/etc/rcS.d# ls -l insgesamt 1 lrwxrwxrwx 1 root root 15 2005-10-11 14:28 S41mason -> ../init.d/mason andrew:/etc/rc2.d# ls -l insgesamt 0 [...] lrwxrwxrwx 1 root root 19 2005-04-21 07:59 S14isdnutils -> ../init.d/isdnutils lrwxrwxrwx 1 root root 13 2005-04-21 07:59 S14ppp -> ../init.d/ppp lrwxrwxrwx 1 root root 17 2005-09-01 10:32 S16openvpn -> ../init.d/openvpn [...] andrew:~# iptables -nvL OUTPUT | grep tun andrew:~# No Output My OpenVPN Tunnels are not working at this Point (Please not, that I am also not able to start KDE via GDM on this test machine) andrew:~# /etc/init.d/mason start Check vars...Editor default of /usr/bin/mcedit taken. Starting Mason firewall: Flushing...Done! Blockedhost blocks...Spoof blocks...No NoLeakRFC1918 blocks...Incoming blocks...Outgoing blocks...Fixed rules... Done! andrew:~# iptables -nvL OUTPUT | grep tun ACCEPT tcp -- * tun46 0.0.0.0/0 192.168.13.0/24 tcp spts:1024:65535 dpt:22 ACCEPT tcp -- * tun18 0.0.0.0/0 192.168.12.0/24 tcp spts:1024:65535 dpt:22 [...] OpenVPN (and KDE via GDM) are working again. The correkt starting position of mason is very important and may be different on different systems. Do not automatic change an existing existing starting position, please. Shurely I can correct this afterwards, but I have to do this on 15 hosts that are only rechable by openvpn. And I do not want to do this after every update. Thanks, Martin -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages mason depends on: ii bash 2.05b-26 The GNU Bourne Again SHell ii debconf 1.4.30.13 Debian configuration management sy -- debconf information excluded -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages mason depends on: ii bash 2.05b-26 The GNU Bourne Again SHell ii debconf 1.4.30.13 Debian configuration management sy -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
