Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2

To: Guido Günther <agx@sigxcpu.org>, Emilio Pozuelo Monfort <pochu@debian.org>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2
From: Philipp Huebner <debalance@debian.org>
Date: Sat, 1 Apr 2017 11:52:28 +0200
Message-id: <[🔎] f4021604-4ec7-65cf-c9ce-bceba5662fda@debian.org>
In-reply-to: <20170331123207.i3nxzz2glhutmaod@bogon.m.sigxcpu.org>
References: <149077516080.26596.10779403267637927143.reportbug@dex.debalance.de> <3b3950d3-0123-e0f6-2938-94ad7752b2c6@debian.org> <20170329171517.5tfccqsx6eljldbb@bogon.m.sigxcpu.org> <52e4f62c-3450-ad34-87dc-b5a8a048c60d@debian.org> <20170331123207.i3nxzz2glhutmaod@bogon.m.sigxcpu.org>

Hi,

Am 31.03.2017 um 14:32 schrieb Guido Günther:

> I've tested the package (ejabberdctl, connecting different clients) and
> it looks good. During the upgrade I get this list of errors though:
> 
>     dpkg -i ejabberd_2.1.10-4+deb7u2_amd64.deb 
>     (Reading database ... 29454 files and directories currently installed.)
>     Preparing to replace ejabberd 2.1.10-4+deb7u1 (using ejabberd_2.1.10-4+deb7u2_amd64.deb) ...
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: .. Function: read_file_info. Process: code_server."}
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: ./standard_error.beam. Function: get_file. Process: code_server."}
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: ./supervisor_bridge.beam. Function: get_file. Process: code_server."}
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: ./user_sup.beam. Function: get_file. Process: code_server."}
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: ./user.beam. Function: get_file. Process: code_server."}
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: ./kernel_config.beam. Function: get_file. Process: code_server."}
>     {error_logger,{{2017,3,31},{14,9,43}},std_error,"File operation error: eacces. Target: ./queue.beam. Function: get_file. Process: code_server."}
> 
>     =ERROR REPORT==== 31-Mar-2017::16:09:43 ===
>     File operation error: eacces. Target: .. Function: read_file_info. Process: code_server.
> 
>     =ERROR REPORT==== 31-Mar-2017::16:09:43 ===
>     File operation error: eacces. Target: ./standard_error.beam. Function: get_file. Process: code_server.
> 
>     …[lots more eaccess]…
> 
>     =ERROR REPORT==== 31-Mar-2017::14:09:43 ===
>     File operation error: eacces. Target: ./string.beam. Function: get_file. Process: code_server.
> 
>     =ERROR REPORT==== 31-Mar-2017::14:09:43 ===
>     File operation error: eacces. Target: ./dist_util.beam. Function: get_file. Process: code_server.
> 
>     The ejabberd database has been backed up to /var/backups/ejabberd-2017-03-31T14:09:43.WvoEep/ejabberd-database.
> 
>     Stopping jabber server: ejabberd.
>     Unpacking replacement ejabberd ...
>     Setting up ejabberd (2.1.10-4+deb7u2) ...
>     Starting jabber server: ejabberd.
>     Waiting for ejabberd to register admin user.
>     Admin user "admin@sigxcpu.org" is already registered. Password IS NOT changed.
>     Processing triggers for man-db ...
> 
> which is probably harmless but a bit confusing.

I assume that you have set up apparmor or similar, because on a default
wheezy installation this doesn't happen.


> Note that this:
> 
>    ejabberd (2.1.10-4+deb7u2) oldstable; urgency=high
> 
> should be changed to:
> 
>    ejabberd (2.1.10-4+deb7u2) wheezy-security; urgency=high

That was already changed in the package you tested ;)


> Feel free to upload after your tests, I'll issue the DLA then, the
> package is accepted automatically.

I have successfully tested the package now.
Since xmpp.net is down
(https://mail.jabber.org/pipermail/operators/2017-March/002956.html)
I verified with nmap and openssl that SSLv3 is not allowed anymore. Only
TLS 1.2 and a handful of ciphers are left:

|   TLSv1.2:
|     ciphers:
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048)
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048)

If people want to be able to configure this themselves, they'll have to
upgrade to a newer ejabberd (which I would strongly recommend anyway).
Two weeks ago I uploaded 14.07 to wheezy-backports and 16.09 to
wheezy-backports-sloppy.

Upstream has documented the update procedure here:
https://docs.ejabberd.im/admin/upgrade/


I will now upload ejabberd 2.1.10-4+deb7u2 to wheezy-security.


Regards,
-- 
 .''`.   Philipp Huebner <debalance@debian.org>
: :'  :  pgp fp: 6719 25C5 B8CD E74A 5225  3DF9 E5CA 8C49 25E4 205F
`. `'`
  `-

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Review and help test Wheezy LTS update of Samba
Next by Date: LTS Report for March 2017
Previous by thread: Re: Review and help test Wheezy LTS update of Samba
Next by thread: Re: Bug#858973: wheezy-pu: package ejabberd/2.1.10-4+deb7u2
Index(es):
- Date
- Thread