Package: jailkit Version: 2.21-3 Severity: important Dear Maintainer,
The jailkit package needs updated to from upstream. In particular there is a bugfix for some python2 code within jk_update which causes it to fail, which has security implications (jails can no longer be updated with package/security updates to the base system). If for some reason the package cannot be updated to the current version, I have tested the changes at https://cvs.savannah.nongnu.org/viewvc/jailkit/jailkit/py/jk_update.in?r1=1.16&r2=1.17 and they are adequate to allow jk_update to run. Thanks! -- System Information: Debian Release: 10.10 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-16-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_SOFTLOCKUP Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages jailkit depends on: ii libc6 2.28-10 ii python3 3.7.3-1 jailkit recommends no packages. jailkit suggests no packages. -- Configuration Files: /etc/jailkit/jk_chrootsh.ini changed: [DEFAULT] skip_injail_passwd_check=1 injail_shell=/bin/bash env = TERM, PATH, LANG /etc/jailkit/jk_init.ini changed: [uidbasics] comment = common files for all jails that need user/group information paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.1, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/aarch64-linux-gnu/libnsl.so.1, /lib/aarch64-linux-gnu/libnss*.so.2, /etc/nsswitch.conf, /etc/ld.so.conf [netbasics] comment = common files for all jails that need any internet connectivity paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /lib/i386-linux-gnu/libnss_dns.so.2, /lib/x86_64-linux-gnu/libnss_dns.so.2, /lib/arm-linux-gnueabihf/libnss_dns.so.2, /lib/aarch64-linux-gnu/libnss_dns.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services, /etc/ssl/certs/, /usr/lib/ssl/certs [logbasics] comment = timezone information and log sockets paths = /etc/localtime need_logsocket = 1 [jk_lsh] comment = Jailkit limited shell paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini users = root groups = root includesections = uidbasics, logbasics [limitedshell] comment = alias for jk_lsh includesections = jk_lsh [cvs] comment = Concurrent Versions System paths = cvs devices = /dev/null [git] comment = Fast Version Control System paths = /usr/bin/git*, /usr/lib/git-core, /usr/share/git-core, /usr/bin/pager includesections = editors, perl, netbasics, basicshell, coreutils [scp] comment = ssh secure copy paths = scp includesections = netbasics, uidbasics devices = /dev/urandom [sftp] comment = ssh secure ftp paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server includesections = netbasics, uidbasics devices = /dev/urandom, /dev/null [ssh] comment = ssh secure shell paths = ssh includesections = netbasics, uidbasics devices = /dev/urandom, /dev/tty, /dev/null [rsync] paths = rsync includesections = netbasics, uidbasics [procmail] comment = procmail mail delivery paths = procmail, /bin/sh devices = /dev/null [basicshell] comment = bash based shell with several basic utilities paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8, uname, expr, xargs users = root groups = root includesections = uidbasics [midnightcommander] comment = Midnight Commander paths = mc, mcedit, mcview, /usr/share/mc includesections = basicshell, terminfo [extendedshell] comment = bash shell including things like awk, bzip, tail, less paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami includesections = basicshell, midnightcommander, editors [terminfo] comment = terminfo databases, required for example for ncurses or vim paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo [editors] comment = vim, joe and nano includesections = terminfo paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim [netutils] comment = several internet utilities like wget, ftp, rsync, scp, ssh paths = wget, lynx, ftp, host, rsync, smbclient includesections = netbasics, ssh, sftp, scp [apacheutils] comment = htpasswd utility paths = htpasswd [extshellplusnet] comment = alias for extendedshell + netutils + apacheutils includesections = extendedshell, netutils, apacheutils [openvpn] comment = jail for the openvpn daemon paths = /usr/sbin/openvpn users = root,nobody groups = root,nogroup devices = /dev/urandom, /dev/random, /dev/net/tun includesections = netbasics, uidbasics need_logsocket = 1 [apache] comment = the apache webserver, very basic setup, probably too limited for you paths = /usr/sbin/apache users = root, www-data groups = root, www-data includesections = netbasics, uidbasics [perl] comment = the perl interpreter and libraries paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5 [xauth] comment = getting X authentication to work paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf [xclients] comment = minimal files for X clients paths = /usr/X11R6/lib/X11/rgb.txt includesections = xauth [vncserver] comment = the VNC server program paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/ includesections = xclients [ping] comment = Ping program paths_w_setuid = /bin/ping [coreutils] comment = non-sbin progs from coreutils paths = cat, chgrp, chmod, chown, cp, date, dd, df, dir, echo, false, ln, ls, mkdir, mknod, mktemp, mv, pwd, readlink, rm, rmdir, sleep, stty, sync, touch, true, uname, vdir, [, arch, b2sum, base32, base64, basename, chcon, cksum, comm, csplit, cut, dircolors, dirname, du, env, expand, expr, factor, fmt, fold, groups, head, hostid, id, install, join, link, logname, md5sum, mkfifo, nice, nl, nohup, nproc, numfmt, od, paste, pathchk, pinky, pr, printenv, printf, ptx, realpath, runcon, seq, sha1sum, sha224sum, sha256sum, sha384sum, sha512sum, shred, shuf, sort, split, stat, stdbuf, sum, tac, tail, tee, test, timeout, tr, truncate, tsort, tty, unexpand, uniq, unlink, users, wc, who, whoami, yes, md5sum.textutils [wp] comment = WordPress Command Line paths = wp, /usr/local/bin/php includesections = php, mysql-client [mysql-client] comment = mysql client paths = mysql, mysqldump, mysqlshow, /usr/lib/libmysqlclient.so, /usr/lib/i386-linux-gnu/libmariadb.so.3, /usr/lib/i386-linux-gnu/mariadb19, /usr/lib/x86_64-linux-gnu/libmariadb.so.3, /usr/lib/x86_64-linux-gnu/mariadb19, /usr/lib/arm-linux-gnueabihf/libmariadb.so.3, /usr/lib/arm-linux-gnueabihf/mariadb19, /usr/lib/aarch64-linux-gnu/libmariadb.so.3, /usr/lib/aarch64-linux-gnu/mariadb19 includesections = netbasics [composer] comment = composer paths = composer, /usr/local/bin/composer, /usr/share/doc/composer includesections = php, uidbasics, netbasics [node] comment = NodeJS paths = npm, node, nodejs, /usr/lib/nodejs, /usr/share/npm, /usr/share/node-mime, /usr/lib/node_modules, /usr/local/lib/nodejs, /usr/local/lib/node_modules, elmi-to-json, /usr/local/bin/elmi-to-json [env] comment = /usr/bin/env for environment variables paths = env [php] comment = default php version and libraries paths = /usr/bin/php includesections = php_common, php7_3 [php_common] comment = common php directories and libraries paths = /usr/bin/php, /usr/lib/php/, /usr/share/php/, /usr/share/zoneinfo/ includesections = env, logbasics, netbasics [php5_6] comment = php version 5.6 paths = /usr/bin/php5.6, /usr/lib/php/5.6/, /usr/lib/php/20131226/, /usr/share/php/5.6/, /etc/php/5.6/cli/, /etc/php/5.6/mods-available/ includesections = php_common [php7_0] comment = php version 7.0 paths = /usr/bin/php7.0, /usr/lib/php/7.0/, /usr/lib/php/20151012/, /usr/share/php/7.0/, /etc/php/7.0/cli/, /etc/php/7.0/mods-available/ includesections = php_common [php7_1] comment = php version 7.1 paths = /usr/bin/php7.1, /usr/lib/php/7.1/, /usr/lib/php/20160303/, /usr/share/php/7.1/, /etc/php/7.1/cli/, /etc/php/7.1/mods-available/ includesections = php_common [php7_2] comment = php version 7.2 paths = /usr/bin/php7.2, /usr/lib/php/7.2/, /usr/lib/php/20170718/, /usr/share/php/7.2/, /etc/php/7.2/cli/, /etc/php/7.2/mods-available/ includesections = php_common [php7_3] comment = php version 7.3 paths = /usr/bin/php7.3, /usr/lib/php/7.3/, /usr/lib/php/20180731/, /usr/share/php/7.3/, /etc/php/7.3/cli/, /etc/php/7.3/mods-available/ includesections = php_common [php7_4] comment = php version 7.4 paths = /usr/bin/php7.4, /usr/lib/php/7.4/, /usr/lib/php/20190902/, /usr/share/php/7.4/, /etc/php/7.4/cli/, /etc/php/7.4/mods-available/ includesections = php_common [imagemagick] comment = ImageMagick needed for php-imagemagick extension paths = /usr/share/ImageMagick-*, /etc/ImageMagick-*, /usr/lib/i386-linux-gnu/ImageMagick-*, /usr/lib/x86_64-linux-gnu/ImageMagick-*, /usr/lib/arm-linux-gnueabihf/ImageMagick-*, /usr/lib/aarch64-linux-gnu/ImageMagick-* [php8_0] comment = php version 8.0 paths = /usr/bin/php8.0, /usr/lib/php/8.0/, /usr/lib/php/20200930/, /usr/share/php/8.0/, /etc/php/8.0/cli/, /etc/php/8.0/mods-available/ includesections = php_common /etc/jailkit/jk_socketd.ini changed: [/var/www/clients/client3/web2/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client1/web10/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client8/web17/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client17/web26/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client11/web40/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client23/web42/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client24/web43/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client1/web7/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client5/web27/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client10/web48/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client25/web49/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client5/web50/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client5/web32/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client27/web51/dev/log] base=512 peak=2048 interval=10 [/var/www/clients/client1/web53/dev/log] base=512 peak=2048 interval=10 -- no debconf information -- debsums errors found: debsums: changed file /usr/sbin/jk_update (from jailkit package)
