Your message dated Mon, 18 Mar 2019 04:04:21 +0000 with message-id <e1h5jvd-0001iv...@fasolo.debian.org> and subject line Bug#924665: fixed in xymon 4.3.28-5 has caused the Debian Bug report #924665, regarding xymon: Upgrade fails if /etc/xymon/critical.cfg.bak is deleted by local admin to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 924665: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924665 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: xymon Version: 4.3.28-3 Severity: serious Control: found -1 4.3.28-2 4.3.28-4 4.3.0~beta2.dfsg-9.1 Justification: upgrades fail under some valid and realistic circumstances Originally reported in Ubuntu at https://bugs.launchpad.net/ubuntu/+source/xymon/+bug/1819378 under a slightly obscure setup. Context: The package xymon ships /etc/xymon/critical.cfg.bak on purpose because it is needed initially so that the user www-data can write backup copies of /etc/xymon/critical.cfg into it without needing the directory /etc/xymon/ being writable for www-data. This is upstream design and present in the (upstream) xymon RPMs as well. It is more or less documented in the critical.cfg(5) man page shipped with xymon. Issue: To achieve the proper permissions in the Debian package, /etc/xymon/critical.cfg.bak is shipped as conffile and xymon's postinst executes "cd /etc/xymon; chgrp www-data critical.cfg critical.cfg.bak; chmod g+w critical.cfg critical.cfg.bak" unconditionally. So if a local admin sees the .bak file and removes it because it doesn't look relevant, the next package upgrade or security update will fail unless a file named critical.cfg.bak has been created again. Thanks to sukhvirz on Launchpad for the initial bug report in Ubuntu and Thomas K Jones on Launchpad for giving me the right hint to understand the cause of this issue. While the upstream design is debatable with no doubt, the proper and unintrusive fix is to make the chown and chgrp in postinst conditional by checking the existence of the two files first. And despite this issue seems to have not been noticed by us (the package maintainers) or reported for quite a while(*), it's neverless a rather _common_ thing to clean up .bak files from /etc/, especially if /etc/ is tracked in a VCS, e.g. via etckeeper. Hence the RC severity. Will come up with a fixed package latest the upcoming weekend. Footnotes: (*) I see the relevant code even in the xymon package in Wheezy, just with different file names as this was the last release before the big conffile renaming. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
--- End Message ---
--- Begin Message ---Source: xymon Source-Version: 4.3.28-5 We believe that the bug you reported is fixed in the latest version of xymon, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 924...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Axel Beckert <a...@debian.org> (supplier of updated xymon package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Mar 2019 01:28:51 +0100 Source: xymon Binary: xymon xymon-client xymon-client-dbgsym xymon-dbgsym Architecture: source amd64 Version: 4.3.28-5 Distribution: unstable Urgency: medium Maintainer: Christoph Berg <m...@debian.org> Changed-By: Axel Beckert <a...@debian.org> Description: xymon - monitoring system for systems, networks and applications xymon-client - client for the Xymon network monitor Closes: 924665 Changes: xymon (4.3.28-5) unstable; urgency=medium . * xymon.postinst: Check for file existence before calling chgrp/chmod on critical.cfg and critical.cfg.bak. (Closes: #924665, LP: #1819378) Checksums-Sha1: c91b7c13700407319598c5a5d01c1210a23a02c3 2062 xymon_4.3.28-5.dsc ff6853f324b2a2aff8afcd8a348647b193241519 45252 xymon_4.3.28-5.debian.tar.xz a6fc0dd590b978c7a7160f00f964585263e607bd 1078204 xymon-client-dbgsym_4.3.28-5_amd64.deb 5d3a886f51f2d195fd78c270df02896da9674b34 293892 xymon-client_4.3.28-5_amd64.deb 701c1b002e59b46cf3051dd074fa432c8ef5127c 10306144 xymon-dbgsym_4.3.28-5_amd64.deb 968ebf69a00a12e1e077b60c9417c277a2556a35 8459 xymon_4.3.28-5_amd64.buildinfo 1e3f8cf82e1ecb352a815c9bc81e9d306933b452 2448800 xymon_4.3.28-5_amd64.deb Checksums-Sha256: 9cac813335991906e4087567f806665c5c48b5ee63dd28bd9297e83c034b5df1 2062 xymon_4.3.28-5.dsc 22272889337b027eccd064ad950d4f14c4a33e2139964b4d5e11bea5b6223a34 45252 xymon_4.3.28-5.debian.tar.xz 56adeac9baf76dd40753139e5455c60299b87b6a2d29779cdab89a9d23b948b7 1078204 xymon-client-dbgsym_4.3.28-5_amd64.deb fb873494888db65083dff44f9f65652da04c858f18927d9b182c053f499fe723 293892 xymon-client_4.3.28-5_amd64.deb bbead912a04f1db77f7d5e5016d2cbbdeb12393002de07eb0afacfa150bbb359 10306144 xymon-dbgsym_4.3.28-5_amd64.deb 422ec35be9b006e06aee6b894906b71d48e5b33a2be6eaa6d832738636ef47c5 8459 xymon_4.3.28-5_amd64.buildinfo b74b157ce01c2c95adca308f9e6c61c1b91ddb5145e6e522fd503f0425913216 2448800 xymon_4.3.28-5_amd64.deb Files: 8ac78a3061abed001dd4285a6620627a 2062 net optional xymon_4.3.28-5.dsc 6031df012ac148a83650a58d5e76339c 45252 net optional xymon_4.3.28-5.debian.tar.xz 34151a01f6fe4e35dab7a72ba9660b2a 1078204 debug optional xymon-client-dbgsym_4.3.28-5_amd64.deb 6e6d845dc8685f17d36abea5faf43d59 293892 net optional xymon-client_4.3.28-5_amd64.deb 6a1a345bb8ab4c8e2631656701b919dd 10306144 debug optional xymon-dbgsym_4.3.28-5_amd64.deb aedae3acb80288cb83b86df56f991ab4 8459 net optional xymon_4.3.28-5_amd64.buildinfo cd6c8646c0d6217bdc39b1ce8ea40bed 2448800 net optional xymon_4.3.28-5_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlyPEkMACgkQa+Zjx1o1 yXWyLRAAj8hS8zygeGAhgseJII40ULRE9PSkbL9dxoKUip2qXeEN+QSoIGbCkKlQ QJ82eb0xwYv5lzzENmS3x9Go4bTblJP5mDHYdZLVxNIKCMB29ChKvvfLGpEfpIQv uGrMx7tkgpchAOn+hBQlK5JmAiJIJ+tgtrBNfTqXna5zn/no1w0ti2gbWzUz31+D OPG61fFBBAm1r7dK0PhCtPPVo4s4xVpAAccoz8xK/Eb0Vo6Mk/t0zTas77UFJjdN qM2FdIM32bOGCC7N9ltKt0TlYpyXLk0BCvqzjoUFzM72iCOvKrCyGsvSJ12rfugT 9xXnxwa8aTPqDRE3bVallq7kA2mVjHal3+GnHNpU1vuzAmkSjtN6DP8kUrIZqGgJ dzdPletwuE8h8wyERSBHGZV6XVcZMxSyQEKq64qStBlRYDyN/OS8wrURD5E1RzL3 2FGesdA0Rd54+pQ7wUn55JVjQoPsrgKggON6/FccFZlFA86R/h8B47W7Zd8nFLdy y7OSsXYTtGv+28eFz6qqpCmyImEDL/MSowbN5NilXqYd2hb6Yop6C/1gjwtBffPV x+rBfMNKhw8UJKfCWGFQOGEKnShoJCZZ3dEUDCeVDQv26tixTLXp68YvEN5pW74c 4Q29mbyG8fyYk96Y6woVq7Y3RY9mZrtsEb2BuOQAYz2qhMki6fQ= =2V8U -----END PGP SIGNATURE-----
--- End Message ---
