Package: debian-security-support
Version: 2014.05.16+deb6u1
Severity: important
Hi,
debian-security-support.postinst contains the following code:
su - "$USERNAME" --command "
check-support-status \
--type $MODE \
--no-heading \
--list /usr/share/debian-security-support/security-support-$MODE \
--semaphore \"$LIB_DIR/security-support.semaphore\" \
" >"$OUTPUT"
"man su" says:
-, -l, --login
Provide an environment similar to what the user would expect
had the user logged in directly.
This means that the shell may output things meant for login shell usage
like site-notices and other stuff. If installed on such a system,
debian-security-support's message contains additional output which is
not meant to be in that message.
See e.g. http://tanguy.ortolo.eu/blog/article25/shrc for details about
what is sourced in which case.
Example from a machine which outputs messages meant for login shells in
/etc/profile:
┌────────────────────────────┤ Configuring debian-security-support
├─────────────────────────────┐
│
│
│ Security support has ended for one or more packages
│
│ Unfortunately, security support for some packages needed to be stopped
before the end of the
│ regular security maintenance life cycle.
│
│ The following packages found on your system are affected by this.
│
│ Your workstation has no default printer.
│ Printjobs are mailed to debian-security-support@............
│ ************************************************************************
│ ]0;debian-security-support@......
│ * Source:libplrpc-perl, ended on 2014-05-31 at version 0.2020-2
│ Details: ot supported in squeeze LTS
│ Affected binary package:
│ - libplrpc-perl (installed version: 0.2020-2)
│
│ <Ok>
│
│
└────────────────────────────────────────────────────────────────────────────────────────────────┘
Just dropping the solitary dash from the command suffices to fix this
issue. (Verified on the machine where the above message comes from. It's
not the machine on which this bug report has been written, but the other
machine has at least the same debian-security-support version
installed.)
-- System Information:
Debian Release: 6.0.9
APT prefers oldstable
APT policy: (990, 'oldstable'), (500, 'squeeze-lts'), (500,
'oldstable-updates'), (101, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages debian-security-support depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii gettext-base 0.18.1.1-3 GNU Internationalization utilities
debian-security-support recommends no packages.
debian-security-support suggests no packages.
-- debconf information:
debian-security-support/ended:
debian-security-support/limited:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
