[Pkg-mailman-hackers] Bug#1053502: solved for me

Boud Roukema bouddebbug at cosmo.torun.pl
Tue Oct 10 21:01:22 BST 2023 

Package: mailman3-web
Version: 0+20200530-2.1
Followup-For: Bug #1053502

Dear Maintainer,

SUMMARY:
----------------------------------------------------------------------
For me, this bug is confirmed, but solved. There appear to be three separate issues:

* the need to add DEFAULT_AUTO_FIELD in /etc/mailman3/mailman-web.py
as recommended in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041496

* the need to have Q_CLUSTER retry > Q_CLUSTER timeout
e.g. by setting override values in /etc/mailman3/mailman-web.py, again
as recommended in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041496

* There is a sed script (I don't know in which file) that should
   ignore comment lines in /etc/mailman3/mailman-web.py but does not
   ignore them.  The result is that a parameter value (the value of
   EMAILNAME) is interpreted as a command. This is correctly trapped
   as an error, and could potentially lead to bad consequences if
   an EMAILNAME (domain) is a dangerous command.

Details below.
----------------------------------------------------------------------


    * What led up to the situation?

I did a system upgrade from bullseye (with an existing install of mailman3) to bookworm.

    * What exactly did you do (or not do) that was effective (or
      ineffective)?

(1) Following (and extending) from PEB's request on Fri, 06 Oct 2023
15:07:50 +0200, I did (1a) and (1b).  Inspired by discussion of bug
#1041496, I did (1c).

(1a) insert 'set -x' near the beginning of /var/lib/dpkg/info/mailman3-web.postinst

(1b) insert 'set -x' near the beginning of /usr/share/debconf/confmodule

(1c) insert the following lines at the end of /etc/mailman3/mailman-web.py:

# per https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041496 
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
# Does this override the value in /usr/share/mailman3-web/settings.py? 
Q_CLUSTER = {
     'timeout': 300,
     'retry': 600,
     'save_limit': 100,
     'orm': 'default',
     'poll': 5,
}


(2) dpkg --configure mailman3-web |& tee log.dpkg.config.mailman3web.5

    * What was the outcome of this action?

This gave a configure error, with the redacted log at https://paste.debian.net/hidden/51a5c38c

    * What outcome did you expect instead?

I expected to succesfully finish the configuring of mailman3-web.

    * What I did next (after reading the log):

The file /etc/mailman3/mailman-web.py originally contained the two successive lines:

# EMAILNAME = localhost
EMAILNAME = 'subdomain.example.com'

(This is because somehow my initial install/upgrade was left with 'localhost' instead
of 'subdomain.example.com'.)

(3) I removed the line '# EMAILNAME = localhost' from /etc/mailman3/mailman-web.py .

(4) dpkg --configure mailman3-web |& tee log.dpkg.config.mailman3web.6

This configured correctly, with the redacted log at https://paste.debian.net/hidden/6990cef5 .

After 'systemctl restart mailman3; systemctl restart mailman3-web' (and a few unrelated minor
fixes) my mailman3 install appears to be fully functional; and 'aptitude safe-upgrade'
says that no packages are broken and nothing remains to be installed.

So this is solved for me.

(5) I reverted (1a) and (1b).


ANALYSIS:
The bug appears to be the regexp

    + sed -n -e s/\s*EMAILNAME\s*=\s*'\(.*\)'\s*$/\1/p /etc/mailman3/mailman-web.py

in line 2934 of https://paste.debian.net/hidden/51a5c38c, with the result in line 2966

    + RET=20 Unsupported command "subdomain.example.com" (full line was "subdomain.example.com") received from confmodule.

The commented line is not excluded by the regexp rule, and subdomain.example.com
becomes a command instead of the value of EMAILNAME.


COMMENT: I'm not sure where the script with the 'sed' is. For
robustness, the script needs to also work if the user has
*uncommented* multiple lines setting a value to a variable.
Either the final value should override earlier ones (common convention),
or the first should override later ones, or an error should occur,
depending on whatever conventions are defined and documented and
what the user is likely to expect.


-- System Information:
Debian Release: 12.2
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-26-amd64 (SMP w/2 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mailman3-web depends on:
pn  dbconfig-sqlite3 | dbconfig-pgsql | dbconfig-mysql   <none>
     | dbconfig-no-thanks
ii  debconf [debconf-2.0]                                1.5.82
ii  init-system-helpers                                  1.65.2
ii  lsb-base                                             11.6
ii  python3                                              3.11.2-1+b1
ii  python3-django-hyperkitty                            1.3.7-1
ii  python3-django-postorius                             1.3.8-3
ii  python3-psycopg2                                     2.9.5-1+b1
ii  python3-whoosh                                       2.7.4+git6-g9134ad92-7
ii  sysvinit-utils [lsb-base]                            3.06-4
ii  ucf                                                  3.0043+nmu1
ii  uwsgi-core                                           2.0.21-5.1
ii  uwsgi-plugin-python3                                 2.0.21-5.1

Versions of packages mailman3-web recommends:
ii  libapache2-mod-proxy-uwsgi  2.4.57-2

Versions of packages mailman3-web suggests:
ii  postgresql  15+248

-- Configuration Files:
/etc/mailman3/apache.conf changed:
Alias /mailman3/favicon.ico /var/lib/mailman3/web/static/postorius/img/favicon.ico
Alias /mailman3/static      /var/lib/mailman3/web/static
<Directory "/var/lib/mailman3/web/static">
         Require all granted
</Directory>
<IfModule mod_proxy_uwsgi.c>
         ProxyPass /mailman3/favicon.ico !
         ProxyPass /mailman3/static !
         ProxyPass /mailman3 unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
</IfModule>


-- debconf information:
* mailman3-web/db/app-user: mailman3web at localhost
   mailman3-web/db/basepath:
   mailman3-web/upgrade-backup: true
* mailman3-web/db/dbname: mailman3web
   mailman3-web/mysql/admin-user:
* mailman3-web/pgsql/admin-user: postgres
   mailman3-web/nginx-choice:
   mailman3-web/passwords-do-not-match:
* mailman3-web/emailname: #localhost
* mailman3-web/remote/port:
   mailman3-web/pgsql/changeconf: false
   mailman3-web/purge: false
* mailman3-web/dbconfig-reinstall: true
   mailman3-web/internal/reconfiguring: false
   mailman3-web/remove-error: abort
* mailman3-web/remote/host: localhost
* mailman3-web/superuser-name: admin
* mailman3-web/configure-webserver: apache2
   mailman3-web/upgrade-error: abort
   mailman3-web/pgsql/no-empty-passwords:
   mailman3-web/remote/newhost: localhost
* mailman3-web/restart-webserver: true
* mailman3-web/pgsql/method: TCP/IP
* mailman3-web/superuser-mail: root at localhost
* mailman3-web/pgsql/authmethod-admin: ident
   mailman3-web/mysql/authplugin: default
   mailman3-web/dbconfig-upgrade: true
   mailman3-web/mysql/method: Unix socket
* mailman3-web/dbconfig-install: true
   mailman3-web/internal/skip-preseed: true
   mailman3-web/install-error: abort
   mailman3-web/missing-db-package-error: abort
   mailman3-web/pgsql/manualconf:
* mailman3-web/database-type: pgsql
* mailman3-web/pgsql/authmethod-user: password
* mailman3-web/dbconfig-remove: true

Cheers
Boud

More information about the Pkg-mailman-hackers mailing list