[Pkg-mailman-hackers] Bug#361212: mailman: security upgrade errors out with confusing and ineffective instructions

Ivan Kohler ivan-debian at 420.am
Fri Apr 7 08:18:21 UTC 2006 

Package: mailman
Version: 2.1.5-8sarge2
Severity: grave
Justification: renders package unusable or causes data loss
Tags: sarge

Attempting to install the recent security update (v2.1.5-8sarge2)
errors out with the following message:

  Old queue files present

  The directory /var/lib/mailman/qfiles contains files.  It needs to be
  empty for the upgrade work properly.  Please either flush the queue
  (by way of mailmanctl start, then stopping it and redoing the upgrade
  when it is finished) or remove those files.  Note that removing the 
  files will lose some emails sent to lists.

Losing emails isn't really an option for me (or many other folks running
sarge boxes, I'd expect) - this is a production server with a number of 
live mailing lists, so I attempt to follow the instructions to flush the 
queue, "by way of mailmanctl start, then stopping it and redoing the 
ugprade when itis finished".

However:

1 - mailmanctl isn't in root's $PATH - it is in /usr/lib/mailman/bin/mailmanctl

   It either needs to be in the $PATH or the upgrade instructions need 
   to contain the full path.  If that were the worst problem here, this 
   bug would be minor, but:

2 - # /usr/lib/mailman/bin/mailmanctl start
The master qrunner lock could not be acquired because it appears as if another
master qrunner is already running.

   Well.  That didn't do jack.  Maybe mailmanctl needs to be run during the
   upgrade.  So I attempt to run the same command in another window when the
   original warning comes up, and receive:

3 - # /usr/lib/mailman/bin/mailmanctl start
Starting Mailman's master qrunner.

   Okay.  I guess it started.  Then I'm supposed to stop "it" and redo the
   upgrade when "it" is finished.  A literal reading of the instructions
   would seem to say I'm supposed to stop mailmanctl (just after starting it?),
   with "/usr/lib/mailman/bin/mailmanctl stop" I guess, wait for the stopping
   to finish, then redo the upgrade.  That doesn't make any sense, but for
   completeness, when I try to do that...

4 - # /usr/lib/mailman/bin/mailmanctl stop
Shutting down Mailman's master qrunner

   Is it stopped?  It seems to say it is.  ps still show mailman processes,
   but no matter how long I wait (well, withing reason), they don't go away.
   Running "/usr/lib/mailman/bin/mailmanctl stop" again later produces:

5 - # /usr/lib/mailman/bin/mailmanctl stop
Shutting down Mailman's master qrunner
No child with pid: 12094
[Errno 3] No such process
Stale pid file removed.

   Still there are mailman processes...  Running
   "/usr/lib/mailman/bin/mailmanctl stop" a third (or subsequent) time
   produces:

6 - # /usr/lib/mailman/bin/mailmanctl stop
Shutting down Mailman's master qrunner
PID unreadable in: /var/run/mailman/mailman.pid
[Errno 2] No such file or directory: '/var/run/mailman/mailman.pid'
Is qrunner even running?

   Well, accoring to "ps" it still is.  Huh, dead end.

7 - When is "mailmanctl start" finished?

    Assuming the literal reading of the upgrade instructions was not correct
    and backing up to step 3...  trying to make more sense of the instructions,
    maybe I'm supposed to run "/usr/lib/mailman/bin/mailmanctl start", then
    stop and redo the upgrade when "/usr/lib/mailman/bin/mailmanctl start"
    is finished?  How do I know when it is finished?  Waiting reasonable
    amounts of time and then retrying the upgrade still gives me the same
    original error message.


As far as I can tell, mailman 2.1.5-8sarge2 is either uninstallable/unusable,
or causes data loss ("removing the files will lose some emails sent to 
lists").

I think this security upgrade needs to be fixed such that it can be
installed, without loss of mail, ideally automatically taking care of
/var/lib/mailman/qfiles, but at *least* containing reasonably clear, 
working instructions for doing so.


-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.8-12-amd64-k8
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages mailman depends on:
ii  apache [httpd]            1.3.33-6sarge1 versatile, high-performance HTTP s
ii  apache2-mpm-prefork [http 2.0.54-5       traditional model for Apache2
ii  cron                      3.0pl1-86      management of regular background p
ii  debconf                   1.4.30.13      Debian configuration management sy
ii  libc6                     2.3.2.ds1-22   GNU C Library: Shared libraries an
ii  logrotate                 3.7-5          Log rotation utility
ii  postfix [mail-transport-a 2.1.5-9        A high-performance mail transport 
ii  pwgen                     2.03-1         Automatic Password generation
ii  python                    2.3.5-2        An interactive high-level object-o
ii  ucf                       1.17           Update Configuration File: preserv

-- debconf information:
* mailman/queue_files_present:
  mailman/default_server_language: en
* mailman/gate_news: false
* mailman/site_languages: en
  mailman/used_languages: en
* mailman/create_site_list:


-- 
_ivan

More information about the Pkg-mailman-hackers mailing list