Bug#989131: unblock: gosa/2.7.4+reloaded3-16

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Wed May 26 12:03:15 BST 2021 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: debian-edu-pkg-team at lists.alioth.debian.org

Please unblock package gosa

   * debian/gosa.postinst:
     + Don't choke on failing httpd service restarts. This allows gosa to be
       installed into chroots. (Closes: #989099).

-> very helpful for testing things with GOsa² on a local (developer) host

   * debian/patches:
     + Add 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch and
       1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch. Provide
       'alias' attribute type via 'gosaMailAccount' objectClass. This fixes
       'alias' field setting via gosa-plugin-mailaddress without the need to
       add 'kolabInetOrgPerson' objectClass to every mail account. (Closes:
       #989096).

-> important issue to be resolved for Debian Edu 11.

     + Add 1053_check-countable-before-using-count-on-variable.patch. Don't use
       count() function on data that might not be countable. Silences hundreds
       of PHP warning log messages per user session. (Closes: #939043).

-> Fix for additional issue, caused by PHP 7.3 and newer (count(array_var) throws an
error if the array_var is NULL since PHP 7.3 (iirc)).

[ Reason ]
This new version resolved a long standing problem in gosa
and gosa-plugin-mailaddress. Plus two other fixes for annoying
issues.

[ Impact ]
The gosa-plugin-mailaddress 'Mail aliases' field stays unusable
for users of Debian's GOsa² LDAP frontend and for sysadmins
of Debian Edu sites.

[ Tests ]
Manual tests on a Debian Edu buster and a freshly installed Debian Edu
bullseye main server (aka TJENER).

[ Risks ]
Biggest impact probably on the Debian Edu server installation profile
(slapd will refuse to restart, if I did something wrong regarding the
schema changes).

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
None

unblock gosa/2.7.4+reloaded3-16
-------------- next part --------------
diff -Nru gosa-2.7.4+reloaded3/debian/changelog gosa-2.7.4+reloaded3/debian/changelog
--- gosa-2.7.4+reloaded3/debian/changelog	2020-11-23 17:44:53.000000000 +0100
+++ gosa-2.7.4+reloaded3/debian/changelog	2021-05-26 09:31:07.000000000 +0200
@@ -1,3 +1,32 @@
+gosa (2.7.4+reloaded3-16) unstable; urgency=medium
+
+  * Re-upload as is.
+
+  * debian/changelog:
+    + Fix faulty bug closure in previous changelog stanza. Re-closing the
+      correct bug here now. (Closes: #989099, allow gosa to be installed
+      in chroots).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Wed, 26 May 2021 09:31:07 +0200
+
+gosa (2.7.4+reloaded3-15) unstable; urgency=medium
+
+  * debian/gosa.postinst:
+    + Don't choke on failing httpd service restarts. This allows gosa to be
+      installed into chroots. (Closes: #989099).
+  * debian/patches:
+    + Add 1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch and
+      1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch. Provide
+      'alias' attribute type via 'gosaMailAccount' objectClass. This fixes
+      'alias' field setting via gosa-plugin-mailaddress without the need to
+      add 'kolabInetOrgPerson' objectClass to every mail account. (Closes:
+      #989096).
+    + Add 1053_check-countable-before-using-count-on-variable.patch. Don't use
+      count() function on data that might not be countable. Silences hundreds
+      of PHP warning log messages per user session. (Closes: #939043).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Tue, 25 May 2021 21:18:20 +0200
+
 gosa (2.7.4+reloaded3-14) unstable; urgency=medium
 
   * debian/patches:
diff -Nru gosa-2.7.4+reloaded3/debian/gosa.postinst gosa-2.7.4+reloaded3/debian/gosa.postinst
--- gosa-2.7.4+reloaded3/debian/gosa.postinst	2020-04-27 12:59:23.000000000 +0200
+++ gosa-2.7.4+reloaded3/debian/gosa.postinst	2020-12-19 13:57:56.000000000 +0100
@@ -78,9 +78,9 @@
 	# Finally restart servers
 	if [ -x "$(which apache2ctl)" ]; then
 		if [ -x "$(which invoke-rc.d)" ]; then
-			invoke-rc.d apache2 reload
+			invoke-rc.d apache2 reload || true
 		else
-			/etc/init.d/apache2 reload
+			/etc/init.d/apache2 reload || true
 		fi
 	fi
 fi
@@ -110,9 +110,9 @@
 	# Finally restart servers
 	if [ -x "$(which lighttpd)" ]; then
 		if [ -x "$(which invoke-rc.d)" ]; then
-			invoke-rc.d lighttpd reload
+			invoke-rc.d lighttpd reload || true
 		else
-			/etc/init.d/lighttpd reload
+			/etc/init.d/lighttpd reload || true
 		fi
 	fi
 fi
diff -Nru gosa-2.7.4+reloaded3/debian/patches/1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch gosa-2.7.4+reloaded3/debian/patches/1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch
--- gosa-2.7.4+reloaded3/debian/patches/1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch	1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded3/debian/patches/1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch	2021-05-25 21:07:48.000000000 +0200
@@ -0,0 +1,90 @@
+From 1556976d87547a81642593dd74e14287db638aea Mon Sep 17 00:00:00 2001
+From: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Date: Tue, 25 May 2021 16:55:34 +0200
+Subject: [PATCH] openldap/gosa-samba3.*: Provide 'alias' attribute description
+ by objectClass 'gosaMailAccount'.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ A very common use case in LDAP stored mail accounts is the definition
+ of a primary mail address and mail address aliases. The add-on module
+ gosa-plugin-mailaddress provides a field for adding e-mail aliases to
+ user mail accounts.
+
+ Up to now, the 'alias' attribute has only been provided to user accounts
+ that were set up as kolabInetOrgPerson based accounts.
+
+ With this change, the 'alias' attribute description gets provided
+ for usual gosaMailAccount based accounts.
+
+ This change comes together with a schema change in GOsa²'s kolab2.schema
+ (where we comment out the 'alias' attribute description). Normally,
+ Kolab Users maintained via GOsa² have the 'gosaMailAccount' objectClass
+ already set, so 'alias' gets provided via gosa-samba3.schema all fine.
+---
+ contrib/openldap/gosa-samba3.ldif   | 12 +++++++++++-
+ contrib/openldap/gosa-samba3.schema | 10 +++++++++-
+ 2 files changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/gosa-core/contrib/openldap/gosa-samba3.ldif b/gosa-core/contrib/openldap/gosa-samba3.ldif
+index 96ba1b721..95c052321 100644
+--- a/gosa-core/contrib/openldap/gosa-samba3.ldif
++++ b/gosa-core/contrib/openldap/gosa-samba3.ldif
+@@ -571,6 +571,16 @@ olcAttributeTypes: (
+   )
+ #
+ ################################################################################
++olcAttributeTypes: (
++  1.3.6.1.4.1.19414.2.1.3
++  NAME 'alias'
++  DESC 'RFC1274: RFC822 Mailbox'
++  EQUALITY caseIgnoreIA5Match
++  SUBSTR caseIgnoreIA5SubstringsMatch
++  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
++)
++#
++################################################################################
+ #
+ olcObjectClasses: (
+   1.3.6.1.4.1.10098.1.2.1.19.1
+@@ -625,7 +635,7 @@ olcObjectClasses: (
+   SUP top
+   AUXILIARY
+   MUST ( mail $ gosaMailServer $ gosaMailDeliveryMode )
+-  MAY ( gosaMailQuota $ gosaMailAlternateAddress $ gosaMailForwardingAddress $ gosaMailMaxSize $ gosaSpamSortLevel $ gosaSpamMailbox $ gosaVacationMessage $ gosaVacationStart $ gosaVacationStop $ gosaSharedFolderTarget $ acl )
++  MAY ( alias $ gosaMailQuota $ gosaMailAlternateAddress $ gosaMailForwardingAddress $ gosaMailMaxSize $ gosaSpamSortLevel $ gosaSpamMailbox $ gosaVacationMessage $ gosaVacationStart $ gosaVacationStop $ gosaSharedFolderTarget $ acl )
+   )
+ #
+ ################################################################################
+diff --git a/contrib/openldap/gosa-samba3.schema b/contrib/openldap/gosa-samba3.schema
+index a36060354..dbdf6aeda 100644
+--- a/gosa-core/contrib/openldap/gosa-samba3.schema
++++ b/gosa-core/contrib/openldap/gosa-samba3.schema
+@@ -302,6 +302,14 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.651
+ 		SUBSTR caseIgnoreIA5SubstringsMatch
+ 	    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+ 
++# alias used to provide alternative rfc822 email addresses for kolab users
++attributetype ( 1.3.6.1.4.1.19414.2.1.3
++        NAME 'alias'
++        DESC 'RFC1274: RFC822 Mailbox'
++        EQUALITY caseIgnoreIA5Match
++        SUBSTR caseIgnoreIA5SubstringsMatch
++        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
++
+ # Classes
+ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP top AUXILIARY
+         DESC 'Class for GOsa settings (v2.7)'
+@@ -324,7 +332,7 @@ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIA
+ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.5 NAME 'gosaMailAccount' SUP top AUXILIARY
+         DESC 'Class to mark MailAccounts for GOsa (v2.7)'
+ 	MUST ( mail $ gosaMailServer $ gosaMailDeliveryMode)
+-	MAY  ( gosaMailQuota $ gosaMailAlternateAddress $ gosaMailForwardingAddress $
++	MAY  ( alias $ gosaMailQuota $ gosaMailAlternateAddress $ gosaMailForwardingAddress $
+ 	       gosaMailMaxSize $ gosaSpamSortLevel $ gosaSpamMailbox $
+ 	       gosaVacationMessage $ gosaVacationStart $ gosaVacationStop $ gosaSharedFolderTarget $ acl))
+ 
+-- 
+2.30.2
+
diff -Nru gosa-2.7.4+reloaded3/debian/patches/1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch gosa-2.7.4+reloaded3/debian/patches/1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch
--- gosa-2.7.4+reloaded3/debian/patches/1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch	1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded3/debian/patches/1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch	2021-05-25 21:08:46.000000000 +0200
@@ -0,0 +1,54 @@
+From d83cdfacbec29c47a107d01f80c6914a196f5671 Mon Sep 17 00:00:00 2001
+From: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Date: Tue, 25 May 2021 17:02:44 +0200
+Subject: [PATCH] contrib/kolab2.*: Comment out 'alias' attribute type.
+
+ There has been filed a proposal to move the 'alias' attribute type over
+ to gosa-samba3.schema (in gosa-core) to support the 'alias' attribute type
+ for simple gosaMailAccount based user accounts.
+
+ For more information, see https://github.com/gosa-project/gosa-core/pull/36.
+---
+ kolab/contrib/kolab2.ldif   |  2 +-
+ kolab/contrib/kolab2.schema | 12 ++++++------
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/contrib/kolab2.ldif b/contrib/kolab2.ldif
+index 720f88b2..b7f687a8 100644
+--- a/kolab/contrib/kolab2.ldif
++++ b/kolab/contrib/kolab2.ldif
+@@ -3,7 +3,7 @@ objectClass: olcSchemaConfig
+ cn: kolab2
+ olcAttributeTypes: ( 1.3.6.1.4.1.19414.2.1.1 NAME ( 'k' 'kolab' ) DESC 'Kolab attribute' SUP name )
+ olcAttributeTypes: ( 1.3.6.1.4.1.19414.2.1.2 NAME 'kolabDeleteflag' DESC 'Per host deletion status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+-olcAttributeTypes: ( 1.3.6.1.4.1.19414.2.1.3 NAME 'alias' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
++#olcAttributeTypes: ( 1.3.6.1.4.1.19414.2.1.3 NAME 'alias' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+ olcAttributeTypes: ( 1.3.6.1.4.1.19419.2.1.4 NAME 'kolabEncryptedPassword' DESC 'base64 encoded public key encrypted Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+ olcAttributeTypes: ( 1.3.6.1.4.1.19414.2.1.5 NAME ( 'fqhostname' 'fqdnhostname' ) DESC 'Fully qualified Hostname including full domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+ olcAttributeTypes: ( 1.3.6.1.4.1.19414.2.1.6 NAME 'kolabHost' DESC 'Multivalued -- list of hostnames in a Kolab setup' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+diff --git a/contrib/kolab2.schema b/contrib/kolab2.schema
+index be36f919..192bd7af 100644
+--- a/kolab/contrib/kolab2.schema
++++ b/kolab/contrib/kolab2.schema
+@@ -61,12 +61,12 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.2
+   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+ 
+ # alias used to provide alternative rfc822 email addresses for kolab users
+-attributetype ( 1.3.6.1.4.1.19414.2.1.3
+-  NAME 'alias'
+-  DESC 'RFC1274: RFC822 Mailbox'
+-  EQUALITY caseIgnoreIA5Match
+-  SUBSTR caseIgnoreIA5SubstringsMatch
+-  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
++#attributetype ( 1.3.6.1.4.1.19414.2.1.3
++#  NAME 'alias'
++#  DESC 'RFC1274: RFC822 Mailbox'
++#  EQUALITY caseIgnoreIA5Match
++#  SUBSTR caseIgnoreIA5SubstringsMatch
++#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+ 
+ # kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
+ # cleartext password. This is required in order to pass the password from
+-- 
+2.30.2
+
diff -Nru gosa-2.7.4+reloaded3/debian/patches/1053_check-countable-before-using-count-on-variable.patch gosa-2.7.4+reloaded3/debian/patches/1053_check-countable-before-using-count-on-variable.patch
--- gosa-2.7.4+reloaded3/debian/patches/1053_check-countable-before-using-count-on-variable.patch	1970-01-01 01:00:00.000000000 +0100
+++ gosa-2.7.4+reloaded3/debian/patches/1053_check-countable-before-using-count-on-variable.patch	2021-05-25 22:03:35.000000000 +0200
@@ -0,0 +1,18 @@
+Description: Only count what's countable.
+Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+Forwarded: https://github.com/gosa-project/gosa-core/pull/37
+
+--- a/gosa-core/include/class_config.inc
++++ b/gosa-core/include/class_config.inc
+@@ -873,7 +873,10 @@
+ 
+             /* If this department is the last in the current tree position 
+              * remove it, to avoid generating output for it */
+-            if(count($entries['SUB'])==0){
++            if(is_array($entries) &&
++               array_key_exists('SUB', $entries) &&
++               is_array($entries['SUB']) &&
++               count($entries['SUB'])==0){
+                 unset($entries['SUB']);
+             }
+ 
diff -Nru gosa-2.7.4+reloaded3/debian/patches/series gosa-2.7.4+reloaded3/debian/patches/series
--- gosa-2.7.4+reloaded3/debian/patches/series	2020-11-23 17:38:22.000000000 +0100
+++ gosa-2.7.4+reloaded3/debian/patches/series	2021-05-25 21:27:03.000000000 +0200
@@ -69,3 +69,6 @@
 1048_gosa-cred-encrypt-decrypt-php-7.4.patch
 1049_gosa-fix-filterlocklabelimage.patch
 1050_implode-syntax-php74.patch
+1051_openldap-gosa-samba3.-Provide-alias-attribute-descri.patch
+1052_contrib-kolab2.-Comment-out-alias-attribute-type.patch
+1053_check-countable-before-using-count-on-variable.patch

More information about the Debian-edu-pkg-team mailing list