Debian-LTS has issued an advisory on July 12: https://www.debian.org/lts/security/2021/dla-2707 The issue is fixed upstream in 5.1.1. Mageia 8 is also affected. Also note the information to sysadmins in their advisory, which we should include in ours.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 5.1.1
Debian has issued an advisory for this on December 22: https://www.debian.org/security/2021/dsa-5029
Updated package uploaded for Mageia 8 by papoteur (Cauldron previously updated by Nicolas). libNGCards4_9-5.1.1-1.mga8 sogo-tool-5.1.1-1.mga8 libGDLContentStore4_9-5.1.1-1.mga8 sogo-devel-5.1.1-1.mga8 sogo-slapd-sockd-5.1.1-1.mga8 sogo-5.1.1-1.mga8 from sogo-5.1.1-1.mga8.src.rpm
Version: Cauldron => 8Assignee: mageia => qa-bugsWhiteboard: MGA8TOO => (none)CC: (none) => mageia, yves.brungard_mageiaStatus comment: Fixed upstream in 5.1.1 => (none)
mga8, x64 From `urpmq -i sogo`: SOGo is a groupware server built around OpenGroupware.org (OGo) and the sope application server. It focuses on scalability. Reading the help from the /sbin/sogo-tool does not advance one's understanding of how to use sogo without any prior knowledge. Installed the core packages - e.g. $ rpm -q libGDLContentStore4_9 libGDLContentStore4_9-5.0.1-1.mga8 $ rpm -q libNGCards4_9 libNGCards4_9-5.0.1-1.mga8 Sorry, the following package cannot be selected: - sogo-devel-5.1.1-1.mga8.x86_64 (due to unsatisfied libGDLAccess4_9[== 5.1.1]) The following 5 packages are going to be installed: - libGDLContentStore4_9-5.1.1-1.mga8.x86_64 - libNGCards4_9-5.1.1-1.mga8.x86_64 - sogo-5.1.1-1.mga8.x86_64 - sogo-slapd-sockd-5.1.1-1.mga8.x86_64 - sogo-tool-5.1.1-1.mga8.x86_64 That is successful, so libGDLAccess4_9-5 should be a dependency? $ rpm -q libGDLAccess4_9 libGDLAccess4_9-5.0.1-1.mga8 This was installed as a dependency when the core packages were installed. Installation transcript attached.
CC: (none) => tarazed25
Created attachment 13250 [details] urpmi messages during installation of sogo core packages.
If I understand it correctly, sope must be updated too, due to version specific requires in it. https://svnweb.mageia.org/packages/updates/8/sogo/current/SPECS/sogo.spec?revision=1858354&view=markup has Requires: libGDLContentStore%{sope_soname} = %{version} Since it's '=' instead of '=>', the two packages must both be kept in sync.
CC: (none) => davidwhodginsKeywords: (none) => feedback
This is what I had tested (dnf history): Ligne de commande : install ./sogo-5.1.1-1.pap8.x86_64.rpm ./libGDLContentStore4_9-5.1.1-1.pap8.x86_64.rpm ./libNGCards4_9-5.1.1-1.pap8.x86_64.rpm Commentaire : Paquets modifiés : Installer gnustep-base-1.27.0-2.mga8.x86_64 @mageia-x86_64 Installer lib64memcached11-1.0.18-8.mga8.x86_64 @mageia-x86_64 Installer memcached-1.6.9-2.mga8.x86_64 @mageia-x86_64 Installer cyrus-sasl-2.1.27-3.1.mga8.x86_64 @updates-x86_64 Installer lib64sasl2-plug-anonymous-2.1.27-3.1.mga8.x86_64 @updates-x86_64 Installer libGDLAccess4_9-5.4.0-2.mga8.x86_64 @updates_testing-x86_64 Installer libNGLdap4_9-5.4.0-2.mga8.x86_64 @updates_testing-x86_64 Installer libNGMime4_9-5.4.0-2.mga8.x86_64 @updates_testing-x86_64 Installer libSBJson2-5.0.1-2.mga8.x86_64 @updates_testing-x86_64 Installer sope-appserver-5.4.0-2.mga8.x86_64 @updates_testing-x86_64 Installer sope-core-5.4.0-2.mga8.x86_64 @updates_testing-x86_64 Installer sope-xml-5.4.0-2.mga8.x86_64 @updates_testing-x86_64 Installer sogo-5.1.1-1.pap8.x86_64 @@commandline Installer libGDLContentStore4_9-5.1.1-1.pap8.x86_64 @@commandline Installer libNGCards4_9-5.1.1-1.pap8.x86_64 @@commandline Thus we can see that sope is already in testing at 5.4.0 version. Thus I will update to 5.4.0 too.
No new package list yet but with the fuzzy option qarepo finds version 5.6.0-1. $ rpm -qa | grep sogo sogo-slapd-sockd-5.6.0-1.mga8 sogo-tool-5.6.0-1.mga8 sogo-5.6.0-1.mga8 lcl@canopus:data $ rpm -qa | grep GDLContentStore4_9 libGDLContentStore4_9-5.6.0-1.mga8 lcl@canopus:data $ rpm -qa | grep libNGCards4_9 libNGCards4_9-5.6.0-1.mga8 But lcl@canopus:data $ rpm -q libGDLAccess4_9 libGDLAccess4_9-5.0.1-1.mga8 $ rpm -q sope-core sope-core-5.0.1-1.mga8 I guess this means it is not ready for testing yet.
With the new package, the deamon doesn't start anymore, what I have not solved.
Now, sogo and sope are rebuild in 5.6.0 version. sope-gdl1-postgresql-5.6.0-1.mga8 sope-gdl1-mysql-5.6.0-1.mga8 libNGLdap4_9-5.6.0-1.mga8 libGDLAccess4_9-5.6.0-1.mga8 sope-xml-5.6.0-1.mga8 libNGMime4_9-5.6.0-1.mga8 sope-devel-5.6.0-1.mga8 sope-core-5.6.0-1.mga8 sope-appserver-5.6.0-1.mga8 sogo-slapd-sockd-5.6.0-1.mga8 libGDLContentStore4_9-5.6.0-1.mga8 sogo-tool-5.6.0-1.mga8 sogo-devel-5.6.0-1.mga8 libNGCards4_9-5.6.0-1.mga8 sogo-5.6.0-1.mga8 Sources: sope-5.6.0-1.mga8 sogo-5.6.0-1.mga8 However, when I launch sogod service, it doesn't start. I don't know how to investigate and I'm stick with that.
Missing a requires for gnustep-make (for gnustep-config command). Missing the file /etc/rc.status which is not in any Mageia packages. The other missing commands rc_reset, rcpostgresql, etc., likely come from whatever provides rc.status in the distribution the script is from.
Tried updating the sope list and saw this in qarepo: 1 installation transactions failed There was a problem during the installation: file /usr/lib64/libSBJson.so.2.3.1 from install of sope-core-5.6.0-1.mga8.x86_64 conflicts with file from package libSBJson2-5.0.1-1.mga8.x86_64
Sounds like a bundled library needs to be disabled.
libSBJson2-5.0.1-1.mga8 comes from sope-5.0.1-1.mga8.src.rpm in Core/Release and sope-core-5.6.0-1.mga8 comes from sope-5.6.0-1.mga8.src.rpm in Core/Updates. According to SVN history [1] libSBJson2 was dropped with sope 5.6.0, but without a proper obsoletes added to sope-core. Obsoletes was added to main pkg, but there isn't such pkg in repo. The following returns nothing ATM: $ urpmf --obsoletes libSBJson2 [1] https://svnweb.mageia.org/packages?view=revision&revision=1859974
CC: (none) => jani.valimaa
Please test again with sope-5.6.0-1.1.mga8 in mga8 core/updates_testing. Make sure you have libSBJson2 installed from core/release before updating. SRPMS: sogo-5.6.0-1.mga8 sope-5.6.0-1.1.mga8 RPMS: libGDLAccess4_9-5.6.0-1.1.mga8 libGDLContentStore4_9-5.6.0-1.mga8 libNGCards4_9-5.6.0-1.mga8 libNGLdap4_9-5.6.0-1.1.mga8 libNGMime4_9-5.6.0-1.1.mga8 sogo-5.6.0-1.mga8 sogo-devel-5.6.0-1.mga8 sogo-slapd-sockd-5.6.0-1.mga8 sogo-tool-5.6.0-1.mga8 sope-appserver-5.6.0-1.1.mga8 sope-core-5.6.0-1.1.mga8 sope-devel-5.6.0-1.1.mga8 sope-gdl1-mysql-5.6.0-1.1.mga8 sope-gdl1-postgresql-5.6.0-1.1.mga8 sope-xml-5.6.0-1.1.mga8
Yes, that worked. Sample: $ rpm -qa | egrep "sope|sogo|GDL|NG" libGDLContentStore4_9-5.6.0-1.mga8 sope-xml-5.6.0-1.1.mga8 sope-core-5.6.0-1.1.mga8 libNGCards4_9-5.6.0-1.mga8 libNGMime4_9-5.6.0-1.1.mga8 libNGLdap4_9-5.6.0-1.1.mga8 sogo-slapd-sockd-5.6.0-1.mga8 libGDLAccess4_9-5.6.0-1.1.mga8 sogo-tool-5.6.0-1.mga8 sogo-5.6.0-1.mga8 sope-appserver-5.6.0-1.1.mga8
Removing feedback marker.
Keywords: feedback => (none)
Quote from https://www.velocenetwork.com/tech/what-is-a-groupware-server/ "A Groupware server is a shared file system that allows team members to collaborate on projects. Typically, this server connects to a team’s computers through secure connections, which are protected with passwords and firewalls. Its main purpose is to allow the team leader to upload and access software, allowing each member to test and bug-fix the software without requiring physical access. It’s a great tool for teams that work remotely." # /sbin/sogo-tool --help gives the impression that it is useful for administration of the groupware setup. # systemctl start sope-appserver Failed to start sope-appserver.service: Unit sope-appserver.service not found. Nothing in the wiki pages. Since this is sysadmin stuff we shall have to pass this on the basis of a clean install.
Whiteboard: (none) => MGA8-64-OK
Downgraded to the release version of the sope packages and intalled libSBJson2 too. Included in the output from updating the packages is ... removing package libSBJson2-5.0.1-1.mga8.x86_64 Validating the update based on clean installation.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Just following up comment 18: $ sudo urpmi libSBJson2-5.0.1-1.mga8.x86_64 installing libSBJson2-5.0.1-1.mga8.x86_64.rpm from /var/cache/urpmi/rpms Installation failed: libSBJson2 < 5.0.1-2 is obsoleted by (installed) sope-core-5.6.0-1.1.mga8.x86_64 OK
Keywords: (none) => advisory
Hello, I don't think the package is in a good shape. Neither sogod nor sope-appserver services can be started.
Did they used to work?
Removing the validate_update keyword until this is cleared up.
Keywords: validated_update => (none)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0481.html
Status: NEW => RESOLVEDResolution: (none) => FIXED