Bug#854248: unblock: ejabberd/16.09-4
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package ejabberd 16.09-4 (not uploaded yet).
There are 3 small changes:
- add missing ImageMagick paths to apparmor profile
(needed for captcha and thumbnail generation)
- enable roster versioning by default (#851212)
(saves bandwidth, especially for mobile clients)
- extend README.Debian with information on how to configure the systemd
unit file when using pam authentication (#854178)
Full diff attached.
Best wishes,
Philipp
unblock ejabberd/16.09-4
diff --git a/debian/README.Debian b/debian/README.Debian
index dcf6f26..e823a24 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -138,6 +138,34 @@ and to make epam setuid root you can do:
(Note that we set o-x there so that only users in the ejabberd group
are able to elevate their privileges by executing this program.)
+When ejabberd is started via systemd, you will have to edit the
+ejabberd.service file and set the following:
+
+ [Service]
+ PrivateDevices=false
+ NoNewPrivileges=false
+
+Otherwise it will be impossible for the epam helper program to gain the
+configured setuid and/or setgid privileges.
+
+With systemd >= 218 you can simply create an override with
+`systemctl edit ejabberd.service` and put
+ [Service]
+ PrivateDevices=
+ PrivateDevices=false
+ NoNewPrivileges=
+ NoNewPrivileges=false
+in there.
+
+With systemd < 218 the changes must be made manually.
+In order to not loose the changes upon upgrades,
+remove the symlink
+ /etc/systemd/system/multi-user.target.wants/ejabberd.service
+and replace it with a copy of
+ /lib/systemd/system/ejabberd.service
+before making the changes.
+Remember to do a `systemctl daemon-reload` afterwards.
+
4. Using DBMS for data storage
===============================
diff --git a/debian/changelog b/debian/changelog
index 7acd34b..6728f59 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+ejabberd (16.09-4) unstable; urgency=medium
+
+ * Added missing ImageMagick paths to apparmor profile
+ * Enabled versioning in mod_roster by default (Closes: #851212)
+ * Extended README.Debian with information regarding pam + systemd
+ (Closes: #854178)
+
+ -- Philipp Huebner <debalance@debian.org> Sun, 05 Feb 2017 13:19:29 +0100
+
ejabberd (16.09-3) unstable; urgency=medium
* Added lsb-base (>= 3.0-6) to Depends
diff --git a/debian/patches/ejabberd.yml.example.diff b/debian/patches/ejabberd.yml.example.diff
index 65be78c..d8f823d 100644
--- a/debian/patches/ejabberd.yml.example.diff
+++ b/debian/patches/ejabberd.yml.example.diff
@@ -161,3 +161,13 @@ Index: ejabberd/ejabberd.yml.example
## mod_multicast: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
+@@ -661,7 +660,8 @@ modules:
+ ##
+ ## access_from: deny
+ ## access: register
+- mod_roster: {}
++ mod_roster:
++ versioning: true
+ mod_shared_roster: {}
+ mod_stats: {}
+ mod_time: {}
diff --git a/debian/usr.sbin.ejabberdctl b/debian/usr.sbin.ejabberdctl
index e8eaa01..edf6c99 100644
--- a/debian/usr.sbin.ejabberdctl
+++ b/debian/usr.sbin.ejabberdctl
@@ -44,8 +44,9 @@
}
- /etc/ejabberd** r,
/etc/default/ejabberd r,
+ /etc/ejabberd** r,
+ /etc/ImageMagick** r,
/run/ejabberd** rw,
@@ -76,6 +77,8 @@
/usr/sbin/ejabberdctl r,
+ /usr/share/ImageMagick-*/** rix,
+
/var/backups/ rw,
/var/backups/ejabberd** rwlk,
/var/lib/ejabberd** rw,
Reply to: