Bug#935704: buster-pu: package sendmail/8.15.2-14~deb10u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#935704: buster-pu: package sendmail/8.15.2-14~deb10u1
From: Andreas Beckmann <anbe@debian.org>
Date: Sun, 25 Aug 2019 15:18:38 +0200
Message-id: <[🔎] 156673911894.5428.16251629789606028175.reportbug@zam581.zam.kfa-juelich.de>
Reply-to: Andreas Beckmann <anbe@debian.org>, 935704@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

sendmail/buster is not compatible with the more strict checking in
start-stop-daemon/buster - matching on unpivileged pidfile alone is
insecure.
So match on the binary as well ... and while I debugged this, I also
noticed that sendmail was not stopped upon removal - the alternatives
were removed first, and thereafter the initscript turned into a noop
since the daemon was missing.

The package (a rebuild from sid) is already uploaded.


Andreas

diff -Nru sendmail-8.15.2/debian/changelog sendmail-8.15.2/debian/changelog
--- sendmail-8.15.2/debian/changelog	2018-09-16 00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/changelog	2019-08-25 15:04:16.000000000 +0200
@@ -1,3 +1,27 @@
+sendmail (8.15.2-14~deb10u1) buster; urgency=medium
+
+  * QA upload.
+  * Rebuild for buster.
+
+ -- Andreas Beckmann <anbe@debian.org>  Sun, 25 Aug 2019 15:04:16 +0200
+
+sendmail (8.15.2-14) unstable; urgency=medium
+
+  * QA upload.
+  * sendmail-bin.prerm: Stop sendmail before removing the alternatives.
+  * sendmail-bin.postinst: Let start-stop-daemon match on pidfile and
+    executable.  (Closes: #932598)
+
+ -- Andreas Beckmann <anbe@debian.org>  Sun, 25 Aug 2019 14:56:41 +0200
+
+sendmail (8.15.2-13) unstable; urgency=medium
+
+  * QA upload.
+  * initscript: Let start-stop-daemon match on pidfile and executable.
+    (Closes: #932598, LP: #1822866)
+
+ -- Andreas Beckmann <anbe@debian.org>  Tue, 30 Jul 2019 19:22:43 +0200
+
 sendmail (8.15.2-12) unstable; urgency=medium
 
   * QA upload.
diff -Nru sendmail-8.15.2/debian/local/sendmail.in sendmail-8.15.2/debian/local/sendmail.in
--- sendmail-8.15.2/debian/local/sendmail.in	2018-09-16 00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/local/sendmail.in	2019-08-25 15:04:16.000000000 +0200
@@ -103,43 +103,46 @@
 	STAMP_DIR="${SENDMAIL_ROOT}/stampdir";
 	START_MTAL_CMD="start-stop-daemon \
 		--pidfile $MTAL_PIDFILE \
-		--exec $MTA_DAEMON \
 		--startas $MTA_COMMAND \
 		--start";
 	STOP_MTAL_CMD="start-stop-daemon \
 		--pidfile $MTAL_PIDFILE \
+		--exec $MTA_COMMAND \
 		--name sendmail-mta \
 		--stop";
 	SIGNAL_MTAL_CMD="start-stop-daemon \
 		--pidfile $MTAL_PIDFILE \
+		--exec $MTA_COMMAND \
 		--name sendmail-mta \
 		--stop";
 	START_MTAQ_CMD="start-stop-daemon \
 		--pidfile $MTAQ_PIDFILE \
 		--make-pidfile \
-		--exec $MTA_DAEMON \
 		--startas $MTA_COMMAND \
 		--start";
 	STOP_MTAQ_CMD="start-stop-daemon \
 		--pidfile $MTAQ_PIDFILE \
+		--exec $MTA_COMMAND \
 		--name sendmail-mta \
 		--stop";
 	SIGNAL_MTAQ_CMD="start-stop-daemon \
 		--pidfile $MTAQ_PIDFILE \
+		--exec $MTA_COMMAND \
 		--name sendmail-mta \
 		--stop";
 	START_MSP_CMD="start-stop-daemon \
 		--pidfile $MSP_PIDFILE \
-		--exec $MSP_DAEMON \
 		--startas $MSP_COMMAND \
 		--chuid smmsp \
 		--start";
 	STOP_MSP_CMD="start-stop-daemon \
 		--pidfile $MSP_PIDFILE \
+		--exec $MSP_COMMAND \
 		--name sendmail-msp \
 		--stop";
 	SIGNAL_MSP_CMD="start-stop-daemon \
 		--pidfile $MSP_PIDFILE \
+		--exec $MSP_COMMAND \
 		--name sendmail-msp \
 		--stop";
 	NAME='sendmail';
diff -Nru sendmail-8.15.2/debian/sendmail-bin.postinst.in sendmail-8.15.2/debian/sendmail-bin.postinst.in
--- sendmail-8.15.2/debian/sendmail-bin.postinst.in	2018-09-16 00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/sendmail-bin.postinst.in	2019-08-25 15:04:16.000000000 +0200
@@ -6,29 +6,34 @@
 #-----------------------------------------------------------
 #stop(): stop sendmail
 stop_mta () {
+	if [ -x @sysconfdir@/init.d/sendmail ]; then
+		invoke-rc.d --quiet --force sendmail stop
+	fi
 	# Account for varying PIDfile locations of older sendmail packages
 	if [ -f /var/run/sendmail/mta/sendmail.pid ]; then
 		start-stop-daemon --stop --oknodo --quiet \
+			--exec /usr/lib/sm.bin/sendmail \
 			--pidfile /var/run/sendmail/msp/sendmail.pid > /dev/null;
 		start-stop-daemon --stop --oknodo --quiet \
-			-pidfile /var/run/sendmail/mta/sendmail.pid > /dev/null;
+			--exec /usr/lib/sm.bin/sendmail \
+			--pidfile /var/run/sendmail/mta/sendmail.pid > /dev/null;
 	elif [ -f /var/run/sendmail/sendmail.pid ]; then
 		start-stop-daemon --stop --oknodo --quiet \
+			--exec /usr/lib/sm.bin/sendmail \
 			--pidfile /var/run/sendmail/sendmail.pid > /dev/null;
 	elif [ -f /var/run/sendmail.pid ]; then
 		start-stop-daemon --stop --oknodo --quiet \
+			--exec /usr/lib/sm.bin/sendmail \
 			--pidfile /var/run/sendmail.pid > /dev/null;
 		fi;
 	# Since we changed the executable, do one more try - using the old name
 	if [ -f /var/run/sendmail/mta/sendmail.pid ]; then
 		start-stop-daemon --stop --oknodo --quiet \
+			--exec /usr/lib/sm.bin/sendmail \
 			--pidfile /var/run/sendmail/mta/sendmail.pid > /dev/null;
 		fi;
 	start-stop-daemon --stop --oknodo --quiet \
 		--name sendmail > /dev/null;
-	if [ -x @sysconfdir@/init.d/sendmail ]; then
-		invoke-rc.d --quiet --force sendmail stop
-		fi;
 	};
 
 #-----------------------------------------------------------
diff -Nru sendmail-8.15.2/debian/sendmail-bin.prerm.in sendmail-8.15.2/debian/sendmail-bin.prerm.in
--- sendmail-8.15.2/debian/sendmail-bin.prerm.in	2018-09-16 00:11:47.000000000 +0200
+++ sendmail-8.15.2/debian/sendmail-bin.prerm.in	2019-08-25 15:04:16.000000000 +0200
@@ -1,32 +1,26 @@
 #!/bin/sh
-set -e;
-
-PACKAGE=sendmail-bin;
+set -e
 
 if [ "$1" = "remove" ]; then
-		# Remove alternatives for MTA, MSP
-		update-alternatives --remove sendmail-mta @libexecdir@/sendmail;
-		update-alternatives --remove sendmail-msp @libexecdir@/sendmail;
-		if [ -x @sysconfdir@/init.d/sendmail ] && \
-			[ -x @datadir@/sendmail/sendmail ]; then
-			invoke-rc.d --quiet --force sendmail stop
-			fi;
-		# Prevent cronjob from running during upgrade...
-		if [ -f /etc/cron.d/sendmail ]; then
-			rm -f @sysconfdir@/cron.d/sendmail;
-			fi;
+	# Prevent cronjob from running during removal...
+	if [ -f @sysconfdir@/cron.d/sendmail ]; then
+		rm -f @sysconfdir@/cron.d/sendmail
+	fi
 fi
 
 if [ "$1" = "upgrade" ]; then
-		# Prevent cronjob from running during upgrade...
-		if [ -f /etc/cron.d/sendmail ]; then
-			echo "#prerm" > @sysconfdir@/cron.d/sendmail;
-			fi;
-
-		# NOTE  NOTE  NOTE  NOTE  NOTE
-		# If we fall through to DEBHELPER, sendmail will be stopped
-		# much earlier than necessary !!!
-		exit 0;
+	# Prevent cronjob from running during upgrade...
+	if [ -f @sysconfdir@/cron.d/sendmail ]; then
+		echo "#prerm" > @sysconfdir@/cron.d/sendmail
+		# The cronjob is regenerated by the postinst
+	fi
 fi
 
 #DEBHELPER#
+
+if [ "$1" = "remove" ]; then
+	# Remove alternatives for MTA, MSP
+	# Note: removes paths needed by the initscript
+	update-alternatives --remove sendmail-mta @libexecdir@/sendmail
+	update-alternatives --remove sendmail-msp @libexecdir@/sendmail
+fi

Reply to:

Follow-Ups:
- Bug#935704: sendmail 8.15.2-14~deb10u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Bug#917972: transition: openexr
Next by Date: Bug#931949: transition: proj
Previous by thread: Bug#917972: transition: openexr
Next by thread: Bug#935704: sendmail 8.15.2-14~deb10u1 flagged for acceptance
Index(es):
- Date
- Thread