Debian Bug report logs - #665950
gosa: unescaped arguments used on a command line

version graph

Package: gosa; Maintainer for gosa is Debian Edu Packaging Team <debian-edu-pkg-team@lists.alioth.debian.org>; Source for gosa is src:gosa.

Reported by: Samuel.Krempp@gmail.com

Date: Sun, 25 Mar 2012 08:09:07 UTC

Severity: important

Tags: fixed-upstream, security, squeeze

Found in versions gosa/2.6.11-3+squeeze1, gosa/2.6.11-3

Fixed in versions gosa/2.7.3-1, gosa/2.6.11-3+squeeze2

Done: Cajus Pollmeier <cajus@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Sun, 25 Mar 2012 08:09:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Samuel.Krempp@gmail.com:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>.

Your message had a Version: pseudo-header with an invalid package version:

squeeze/r0

please either use found or fixed to the control server with a correct version, or reply to this report indicating the correct version so the maintainer (or someone else) can correct it for you.

(Sun, 25 Mar 2012 08:09:12 GMT) Full text and rfc822 format available.


Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Samuel Krempp <samuel.krempp@gmail.com>
To: submit@bugs.debian.org
Subject: gosa-sync breaks on passwords containing spaces
Date: Sun, 25 Mar 2012 10:07:06 +0200
[Message part 1 (text/plain, inline)]
package: debian-edu-config
severity: important
version: squeeze/r0

spaces need adequate quoting of the password variable in both gosa-sync 
and gosa.conf.

It is also very likely a security hazard in letting the user-supplied 
password string unquoted in those two files, whence severity=important.

following patch just adds the quoting, and was verified to fix the issue.


-- 
Samuel Krempp
[spacePasswords.patch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Sun, 25 Mar 2012 08:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Sun, 25 Mar 2012 08:48:03 GMT) Full text and rfc822 format available.

Message #10 received at 665696@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: Samuel.Krempp@gmail.com, 665696@bugs.debian.org
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Sun, 25 Mar 2012 10:45:07 +0200
tags 665696 + pending
thanks

[Samuel Krempp]
> following patch just adds the quoting, and was verified to fix the
> issue.

Thank you.  I have commited the fix to svn.
-- 
Happy hacking
Petter Reinholdtsen




Added tag(s) pending. Request was from Petter Reinholdtsen <pere@hungry.com> to control@bugs.debian.org. (Sun, 25 Mar 2012 08:48:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Sun, 25 Mar 2012 09:43:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Samuel Krempp <Krempp@crans.ens-cachan.fr>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Sun, 25 Mar 2012 09:43:14 GMT) Full text and rfc822 format available.

Message #17 received at 665696@bugs.debian.org (full text, mbox):

From: Samuel Krempp <Krempp@crans.ens-cachan.fr>
To: Petter Reinholdtsen <pere@hungry.com>, 665696@bugs.debian.org
Cc: Samuel.Krempp@gmail.com
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Sun, 25 Mar 2012 11:41:59 +0200
Petter Reinholdtsen a écrit, le 25/03/2012 10:45:
> tags 665696 + pending
> thanks
>
> [Samuel Krempp]
>> following patch just adds the quoting, and was verified to fix the
>> issue.
>
> Thank you.  I have commited the fix to svn.

the issue remains for other special characters, at least quotes. But the 
only way to really solve the issue is in GOsa  functions.inc :
         $command= preg_replace("/%userPassword/", $password, $command);
$password should be properly escaped here otherwise there is no way to 
write a safe command-line using %userPassword.

The proper solution seems to be 
http://php.net/manual/en/function.escapeshellarg.php
once the script parameters are properly escaped in php, there should be 
no need for quoting in gosa.conf, and this patch might have to be reversed.

I see GOsa devs noticed the security issue 19 months ago : 
https://oss.gonicus.de/labs/gosa/ticket/1026
"Additionally the script parameter are not escaped right now, somebody 
could do nasty thing with it. I will have a look at this too. "

How serious is knowingly leaving such a vulnerability, with easy fix, 
open for 19 months ?




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Sun, 25 Mar 2012 10:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Samuel Krempp <Krempp@crans.ens-cachan.fr>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Sun, 25 Mar 2012 10:30:14 GMT) Full text and rfc822 format available.

Message #22 received at 665696@bugs.debian.org (full text, mbox):

From: Samuel Krempp <Krempp@crans.ens-cachan.fr>
To: Samuel Krempp <Krempp@crans.ens-cachan.fr>, 665696@bugs.debian.org
Cc: Petter Reinholdtsen <pere@hungry.com>, Samuel.Krempp@gmail.com
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Sun, 25 Mar 2012 12:26:34 +0200
Samuel Krempp a écrit, le 25/03/2012 11:41:
> I see GOsa devs noticed the security issue 19 months ago :
> https://oss.gonicus.de/labs/gosa/ticket/1026
> "Additionally the script parameter are not escaped right now, somebody
> could do nasty thing with it. I will have a look at this too. "
>
> How serious is knowingly leaving such a vulnerability, with easy fix,
> open for 19 months ?
>

Sorry, did not check before posting, the issue was indeed fixed 19 
months ago in GOsa trunk, I shouldn't send emails with one hand while 
playing with my kids with the other :
https://oss.gonicus.de/labs/gosa/changeset/19467
It's been present in releases since GOsa's 2.6.12, so SkoleLinux should 
upgrade. It's rather important to prevent malicious students to execute 
arbitrary commands as www-data, and hopefully there isn't any change 
that breaks skolelinux : 
https://oss.gonicus.de/labs/gosa/changeset?old_path=%2Ftags%2F2.6.12&old=20607&new_path=%2Ftags%2F2.6.11&new=20520

Once GOsa version is updated and %userPassword is properly escaped, my 
patch will likely have to reversed.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Mon, 26 Mar 2012 09:09:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Mon, 26 Mar 2012 09:09:08 GMT) Full text and rfc822 format available.

Message #27 received at 665696@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 665696@bugs.debian.org
Cc: Samuel.Krempp@gmail.com
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Mon, 26 Mar 2012 11:05:41 +0200
The fix for gosa.conf is not upgradable, so we need to come up with a
better idea.

When upgrading squeeze-test to the new version of debian-edu-config
with the new gosa.conf file, a conffile question is asked and both
options (keeping the old or upgrading to the new file) are wrong.

The old file have the password quoting issue and the correct LDAP
password, the new file have a fix for the password quoting issue but
lack the correct LDAP password.

If I pick the old one the security issue is still present.  If I pick
the new one, gosa stop working completely.

Anyone got an idea how to fix this for upgrades?
-- 
Happy hacking
Petter Reinholdtsen




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Mon, 26 Mar 2012 13:42:16 GMT) Full text and rfc822 format available.

Acknowledgement sent to Samuel.Krempp@gmail.com:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Mon, 26 Mar 2012 13:42:17 GMT) Full text and rfc822 format available.

Message #32 received at 665696@bugs.debian.org (full text, mbox):

From: Samuel Krempp <samuel.krempp@gmail.com>
To: Petter Reinholdtsen <pere@hungry.com>, 665696@bugs.debian.org
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Mon, 26 Mar 2012 15:39:05 +0200
Petter Reinholdtsen a écrit, le 26/03/2012 11:05:
> The fix for gosa.conf is not upgradable, so we need to come up with a
> better idea.
>
> When upgrading squeeze-test to the new version of debian-edu-config
> with the new gosa.conf file, a conffile question is asked and both
> options (keeping the old or upgrading to the new file) are wrong.
>
> The old file have the password quoting issue and the correct LDAP
> password, the new file have a fix for the password quoting issue but
> lack the correct LDAP password.
Personnally here I didn't take the time to upgrade GOsa, fearing other 
issues. But I did fix /usr/share/gosa/include/functions.inc with 
escapeshellarg($password), and then modified gosa-sync that needs 
specific escaping for kadmin :
--- /usr/share/debian-edu-config/tools/gosa-sync.orig   2012-03-25 
09:28:32.000000000 +0200
+++ /usr/share/debian-edu-config/tools/gosa-sync        2012-03-26 
15:34:13.000000000 +0200
@@ -28,9 +28,10 @@
 $USERPASSWORD
 EOF
 IAM=`ldapwhoami -x -Z -y $TMPFILE -D $USERDN 2>/dev/null || true`
+EUSERPASSWORD=`cat $TMPFILE | sed -e 's/"/""/g'` # escapes " because 
kadmin need to use  double quotes
 if [ "$IAM" = "dn:$USERDN" ] ; then
     cat > $TMPFILE <<EOF
-change_password -pw $USERPASSWORD $USERID
+change_password -pw "$EUSERPASSWORD" $USERID
 EOF
     cat $TMPFILE  | kadmin.local 2>&1 | logger -t gosa-sync -p notice
     logger -t gosa-sync -p notice Kerberos password for \'$USERID\' 
changed.

And I verified it to handle spaces, double and single quotes, and 
backslashes.
It only breaks on double backslashes, but that's at the PHP level 
replacing \\ with \, and does not lead to vulnerability AFAICT - it just 
means that password wont work.

Is that good with you ?

-- 
Samuel Krempp





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Mon, 26 Mar 2012 23:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Mon, 26 Mar 2012 23:57:03 GMT) Full text and rfc822 format available.

Message #37 received at 665696@bugs.debian.org (full text, mbox):

From: Steven Chamberlain <steven@pyro.eu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 665696@bugs.debian.org
Cc: Samuel.Krempp@gmail.com
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Tue, 27 Mar 2012 00:54:06 +0100
Hi,

On 26/03/12 10:05, Petter Reinholdtsen wrote:
> The fix for gosa.conf is not upgradable, so we need to come up with a
> better idea.

The fix won't work.  Using quotes in gosa.conf is no good if the
%userPassword substitution could contain double quotes.

As Samuel said, the correct fix is for GOsa to use escapeshellarg(), and
while there I see no reason not to do the same for all the others, like
%uid or %homeDirectory in case GOsa ever forgets to sanitise them
(coding defensively in case of a bug elsewhere).

After doing escapeshellarg(), the quotes in gosa.conf actually have to
be removed, or else you are double-quoting and would get extra quotes
(single) included within the password.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Tue, 27 Mar 2012 09:00:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Samuel Krempp <Krempp@crans.ens-cachan.fr>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Tue, 27 Mar 2012 09:00:07 GMT) Full text and rfc822 format available.

Message #42 received at 665696@bugs.debian.org (full text, mbox):

From: Samuel Krempp <Krempp@crans.ens-cachan.fr>
To: 665696@bugs.debian.org
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Tue, 27 Mar 2012 10:57:54 +0200
[Message part 1 (text/plain, inline)]
Steven Chamberlain a écrit, le 27/03/2012 01:54:
> Hi,
>
> On 26/03/12 10:05, Petter Reinholdtsen wrote:
>> The fix for gosa.conf is not upgradable, so we need to come up with a
>> better idea.
>
> The fix won't work.  Using quotes in gosa.conf is no good if the
> %userPassword substitution could contain double quotes.

yes the patch to gosa.conf I had first sent has to be reversed if GOsa 
is upgraded to escape userPassword (in functions.inc).
With such an escaped %userPassword the variable can be sent to the 
gosa-sync script untampered, then the only thing to do is make sure 
gosa-sync handles it correctly : re-quote it to be used in kadmin, 
because kadmin only uses double quotes.
Without that, it is possible, and fairly easy, for a user to exploit 
%userPassword to send any command to kadmin, run as root, which is a 
pretty big vulnerability at the moment.
That's why I had send that patch to gosa-sync, which is the only thing 
to patch once GOsa's functions.inc is upgraded.
[gosa-sync-quoting.patch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Tue, 27 Mar 2012 09:30:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Tue, 27 Mar 2012 09:30:07 GMT) Full text and rfc822 format available.

Message #47 received at 665696@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: Samuel Krempp <Krempp@crans.ens-cachan.fr>, 665696@bugs.debian.org
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Tue, 27 Mar 2012 11:27:29 +0200
[Samuel Krempp]
> yes the patch to gosa.conf I had first sent has to be reversed if
> GOsa is upgraded to escape userPassword (in functions.inc).

OK.  Then I believe we should patch gosa instead to fix it properly
and completely, and get a fix into squeeze.  For r1 we should probably
provide our own patched package, until a update make it into squeeze
proper.

I undid the gosa.conf change and uploaded to squeeze-test, along with
other fixes.  This also get rid of the conffile question for those
upgrading in the future.

> That's why I had send that patch to gosa-sync, which is the only thing  
> to patch once GOsa's functions.inc is upgraded.

Thank you.  Applied.
-- 
Happy hacking
Petter Reinholdtsen




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#665696; Package debian-edu-config. (Tue, 27 Mar 2012 10:33:43 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Tue, 27 Mar 2012 10:33:49 GMT) Full text and rfc822 format available.

Message #52 received at 665696@bugs.debian.org (full text, mbox):

From: Steven Chamberlain <steven@pyro.eu.org>
To: Petter Reinholdtsen <pere@hungry.com>, 665696@bugs.debian.org
Cc: Samuel Krempp <Krempp@crans.ens-cachan.fr>
Subject: Re: Bug#665696: gosa-sync breaks on passwords containing spaces
Date: Tue, 27 Mar 2012 11:29:17 +0100
tags 665696 + security
clone 665696 -1
reassign -1 gosa
retitle -1 gosa: unescaped arguments used on a command line
found -1 gosa/2.6.11-3
found -1 gosa/2.6.11-3+squeeze1
fixed -1 gosa/2.7.3-1
tags -1 + squeeze fixed-upstream
blocks 665696 by -1
thanks

Hi!

So, the problem here was that %userPassword, or similar string
substitutions into command lines specified in gosa.conf, are not
escaped;  and adding quotes to the gosa.conf file cannot properly escape
them either.

On 27/03/12 10:27, Petter Reinholdtsen wrote:
> [Samuel Krempp]
>> [...] to escape userPassword (in functions.inc).
> 
> OK.  Then I believe we should patch gosa instead to fix it properly
> and completely, and get a fix into squeeze.  For r1 we should probably
> provide our own patched package, until a update make it into squeeze
> proper.

I was going to suggest we chase this upstream, but then I noticed:

> * gosa 2.6.12
>   - Escaped command line arguments in some locations
>   - Updated password handling and hooks, allows sepcial chars in passwords
>   - Added lock/unlock events for users

> $ grep -nR %userP gosa-core-2.6.13/
> gosa-core-2.6.13/include/functions.inc:3075:        $command= preg_replace("/%userPassword/", escapeshellarg($password), $command);

> $ ls -al gosa-core-2.6.13/include/functions.inc
> -rw-r--r-- 1 steven steven 104887 Dec 14  2010 gosa-core-2.6.13/include/functions.inc

They already fixed this in the 2.6 series (back in December), and
apparently made similar fixes in other places too?

In my opinion the fixes of 2.6.12 want to go into Debian s-p-u.  Maybe
even to security if it could be an issue outside of Debian Edu;
fortunately I think the 'sudo' command line in gosa.conf was something
specific to Debian Edu and that other GOsa users are not at such a risk
by default.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org




Added tag(s) security. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:33:55 GMT) Full text and rfc822 format available.

Bug 665696 cloned as bug 665950 Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:00 GMT) Full text and rfc822 format available.

Bug reassigned from package 'debian-edu-config' to 'gosa'. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:01 GMT) Full text and rfc822 format available.

Changed Bug title to 'gosa: unescaped arguments used on a command line' from 'gosa-sync breaks on passwords containing spaces' Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:02 GMT) Full text and rfc822 format available.

Marked as found in versions gosa/2.6.11-3. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:02 GMT) Full text and rfc822 format available.

Marked as found in versions gosa/2.6.11-3+squeeze1. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:03 GMT) Full text and rfc822 format available.

Marked as fixed in versions gosa/2.7.3-1. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:04 GMT) Full text and rfc822 format available.

Added tag(s) squeeze and fixed-upstream. Request was from Steven Chamberlain <steven@pyro.eu.org> to control@bugs.debian.org. (Tue, 27 Mar 2012 10:34:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Thu, 26 Apr 2012 00:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Thu, 26 Apr 2012 00:00:05 GMT) Full text and rfc822 format available.

Message #73 received at 665950@bugs.debian.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: 665950@bugs.debian.org
Cc: debian-edu@lists.debian.org
Subject: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Thu, 26 Apr 2012 01:56:16 +0200
[Message part 1 (text/plain, inline)]
Hi Caius,

hopefully you can shed some light on this...

I did a search for escapeshellarg on the oss.conicus.de code browser:
https://oss.gonicus.de/labs/gosa/search?q=escapeshellarg

The list shown gives a good overview on where to address the  
escapeshellarg issue.

However, all the commits shown on that page (around r19478) date back  
to a time before 2.6.11 (version in Debian squeeze) was released. So  
next thing I wonder about is: the shellarg escaping has been  
completely removed from the hook handling again.

I cannot confirm what has been reported in one of the above reports:  
2.6.12 does not have fixes for the issue reported here.

For 2.6.12 I find this page:
https://oss.gonicus.de/labs/gosa/browser/trunk/gosa-core/html/password.php?rev=20607

saying at its top: We do not need to escape check hook commands.

So, I am actually a little helpless here... Caius, do you think you  
can take a look? The guy who did the commits upstream was User  
,,hickert''. Maybe he can be asked, too?

For Debian Edu we have to get this issue fixed somehow. Any help is  
well appreciated!!!

Thanks,
mike

-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Thu, 26 Apr 2012 13:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Thu, 26 Apr 2012 13:27:03 GMT) Full text and rfc822 format available.

Message #78 received at 665950@bugs.debian.org (full text, mbox):

From: Steven Chamberlain <steven@pyro.eu.org>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: debian edu <debian-edu@lists.debian.org>, 665950@bugs.debian.org
Subject: Re: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Thu, 26 Apr 2012 14:25:54 +0100
On 26/04/12 00:56, Mike Gabriel wrote:
> ... the shellarg escaping has been completely
> removed from the hook handling again.

> For 2.6.12 I find this page:
> https://oss.gonicus.de/labs/gosa/browser/trunk/gosa-core/html/password.php?rev=20607

I don't know what is the purpose of that code, or why it is okay not to
escape passwords there...


But the (very similar) code relevant to the Debian Edu issue is in a
different file:

https://oss.gonicus.de/labs/gosa/changeset/19466/trunk/gosa-core/include/functions.inc

The latest version in SVN still escapes the password there, as I think
it should do.  The change was introduced in the 2.6.12 release.  I think
maybe Squeeze should cherry-pick that commit for s-p-u but I haven't
been able to set up a test installation to try this yet.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org




Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Fri, 27 Apr 2012 08:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Fri, 27 Apr 2012 08:39:03 GMT) Full text and rfc822 format available.

Message #83 received at 665950@bugs.debian.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Fabian Hickert <hickert@gonicus.de>
Cc: 665950@bugs.debian.org
Subject: Re: Bug#665950: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Fri, 27 Apr 2012 10:34:51 +0200
[Message part 1 (text/plain, inline)]
Hi Fabian,

re-including the BTS issue #665950 ...

On Do 26 Apr 2012 10:41:53 CEST Fabian Hickert wrote:

> The problem is that passwords with special chars break the hook
> execution? Is this correct?

Yes, and more. All substituted variables within hook scripts bear the  
risk of executing arbitrary code if spaces in %someHookVariable do not  
get escaped.

> I guess, I can test this tomorrow evening..

Please do! Thanks a lot for your immediate response.

Greets,
Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Fri, 27 Apr 2012 16:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Fabian Hickert <hickert@gonicus.de>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Fri, 27 Apr 2012 16:39:03 GMT) Full text and rfc822 format available.

Message #88 received at 665950@bugs.debian.org (full text, mbox):

From: Fabian Hickert <hickert@gonicus.de>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: 665950@bugs.debian.org
Subject: Re: Bug#665950: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Fri, 27 Apr 2012 18:26:25 +0200
[Message part 1 (text/plain, inline)]
Hi Mike, 

I didn't found time to address this bug today. But I'm back in my office
on wednesday, sorry.


What version of GOsa do you use, 2.6.12?

There is still escaping for the password hook parameters in
html/password.php or do you mean another place where a hook is executed?

Can you explain where exactly the problem occurs, this would help a lot?

Fabian




Am Freitag, den 27.04.2012, 10:34 +0200 schrieb Mike Gabriel:
> Hi Fabian,
> 
> re-including the BTS issue #665950 ...
> 
> On Do 26 Apr 2012 10:41:53 CEST Fabian Hickert wrote:
> 
> > The problem is that passwords with special chars break the hook
> > execution? Is this correct?
> 
> Yes, and more. All substituted variables within hook scripts bear the  
> risk of executing arbitrary code if spaces in %someHookVariable do not  
> get escaped.
> 
> > I guess, I can test this tomorrow evening..
> 
> Please do! Thanks a lot for your immediate response.
> 
> Greets,
> Mike
> 
> 

-- 
Besuchen Sie uns auf dem LinuxTag in Berlin vom 23.-26.05.2012.
Halle 7.2a, Stand 133

Fabian Hickert <fabian.hickert@GONICUS.de> (System Engineer)
* GONICUS GmbH * Moehnestrasse 11-17 * D-59755 Arnsberg
* Tel.: +49 (0) 29 32 / 9 16 - 0 * Fax: +49 (0) 29 32 / 9 16 - 242
* http://www.GONICUS.de * http://twitter.com/gonicus

*Sitz der Gesellschaft: Moehnestrasse 11-17 * D-59755 Arnsberg
*Geschaeftsfuehrer: Rainer Luelsdorf, Alfred Schroeder
*Vorsitzender des Beirats: Juergen Michels
*Amtsgericht Arnsberg * HRB 1968
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Fri, 27 Apr 2012 18:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Fri, 27 Apr 2012 18:36:03 GMT) Full text and rfc822 format available.

Message #93 received at 665950@bugs.debian.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Fabian Hickert <hickert@gonicus.de>
Cc: 665950@bugs.debian.org
Subject: Re: Bug#665950: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Fri, 27 Apr 2012 20:32:32 +0200
[Message part 1 (text/plain, inline)]
Hi Fabian,

On Fr 27 Apr 2012 18:26:25 CEST Fabian Hickert wrote:

> I didn't found time to address this bug today. But I'm back in my office
> on wednesday, sorry.

Ok, thanks for this info!

> What version of GOsa do you use, 2.6.12?

2.6.11-3+squeeze1 as in Debian squeeze-proposed-updates.

> There is still escaping for the password hook parameters in
> html/password.php or do you mean another place where a hook is executed?

Easiest would be to install a Debian Edu main server. It will setup  
GOsa out-of-the-box with the setup we refer to.
http://ftp.skolelinux.org/skolelinux-cd/debian-edu-6.0.4+r0-DVD.iso

The configuration gosa.conf in that Debian Edu version is this:
http://anonscm.debian.org/viewvc/debian-edu/trunk/src/debian-edu-config/etc/gosa/gosa.conf?r1=77207&view=log

... and the hooks scripts are here:
http://anonscm.debian.org/viewvc/debian-edu/trunk/src/debian-edu-config/share/debian-edu-config/tools/

The version Debian package gosa 2.6.11-3+squeeze1 comes with several patches:
https://oss.gonicus.de/repositories/gosa/branches/squeeze/patches/

> Can you explain where exactly the problem occurs, this would help a lot?

My information is (I currently have no D-E main server around to test  
this...):

  * install a D-E main server (main server + workstation)
  * during D-I setup user name and password for initial user
  * login after reboot with initial user
  * start iceweasel, visit GOsa (http://www.intern/gosa
  * set a password containing a space via GOsa in Debian Edu for initial (or
    any other user)
  * using the password fails...

Any more info can be provided if needed. You can also contact me via  
Jabber, contact me privately for the Jabber ID.

Greets,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Wed, 02 May 2012 06:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Fabian Hickert <hickert@gonicus.de>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Wed, 02 May 2012 06:24:02 GMT) Full text and rfc822 format available.

Message #98 received at 665950@bugs.debian.org (full text, mbox):

From: Fabian Hickert <hickert@gonicus.de>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: 665950@bugs.debian.org
Subject: Re: Bug#665950: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Wed, 02 May 2012 08:21:36 +0200
[Message part 1 (text/plain, inline)]
Hi Mike, 

I've checked the hook execution on a normal 2.6.11,  while your edu
server is still downloading ;)

You've already guessed it, escaping of the dn and the password is
definitely required here (functions.inc: ~3066). 
And I think it is required in your edu server too.

A patch for 2.6.11 is attached, but I'm not sure if it applies to your
edu version. 
But I would appreciate it, if you give it a try and let me know, so I
can skip installing your whole server. 

HTH 
Fabian




Am Freitag, den 27.04.2012, 20:32 +0200 schrieb Mike Gabriel:
> Hi Fabian,
> 
> On Fr 27 Apr 2012 18:26:25 CEST Fabian Hickert wrote:
> 
> > I didn't found time to address this bug today. But I'm back in my office
> > on wednesday, sorry.
> 
> Ok, thanks for this info!
> 
> > What version of GOsa do you use, 2.6.12?
> 
> 2.6.11-3+squeeze1 as in Debian squeeze-proposed-updates.
> 
> > There is still escaping for the password hook parameters in
> > html/password.php or do you mean another place where a hook is executed?
> 
> Easiest would be to install a Debian Edu main server. It will setup  
> GOsa out-of-the-box with the setup we refer to.
> http://ftp.skolelinux.org/skolelinux-cd/debian-edu-6.0.4+r0-DVD.iso
> 
> The configuration gosa.conf in that Debian Edu version is this:
> http://anonscm.debian.org/viewvc/debian-edu/trunk/src/debian-edu-config/etc/gosa/gosa.conf?r1=77207&view=log
> 
> ... and the hooks scripts are here:
> http://anonscm.debian.org/viewvc/debian-edu/trunk/src/debian-edu-config/share/debian-edu-config/tools/
> 
> The version Debian package gosa 2.6.11-3+squeeze1 comes with several patches:
> https://oss.gonicus.de/repositories/gosa/branches/squeeze/patches/
> 
> > Can you explain where exactly the problem occurs, this would help a lot?
> 
> My information is (I currently have no D-E main server around to test  
> this...):
> 
>    * install a D-E main server (main server + workstation)
>    * during D-I setup user name and password for initial user
>    * login after reboot with initial user
>    * start iceweasel, visit GOsa (http://www.intern/gosa
>    * set a password containing a space via GOsa in Debian Edu for initial (or
>      any other user)
>    * using the password fails...
> 
> Any more info can be provided if needed. You can also contact me via  
> Jabber, contact me privately for the Jabber ID.
> 
> Greets,
> Mike
> 

-- 
Besuchen Sie uns auf dem LinuxTag in Berlin vom 23.-26.05.2012.
Halle 7.2a, Stand 133

Fabian Hickert <fabian.hickert@GONICUS.de> (System Engineer)
* GONICUS GmbH * Moehnestrasse 11-17 * D-59755 Arnsberg
* Tel.: +49 (0) 29 32 / 9 16 - 0 * Fax: +49 (0) 29 32 / 9 16 - 242
* http://www.GONICUS.de * http://twitter.com/gonicus

*Sitz der Gesellschaft: Moehnestrasse 11-17 * D-59755 Arnsberg
*Geschaeftsfuehrer: Rainer Luelsdorf, Alfred Schroeder
*Vorsitzender des Beirats: Juergen Michels
*Amtsgericht Arnsberg * HRB 1968
[escape.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>:
Bug#665950; Package gosa. (Wed, 02 May 2012 06:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Cajus Pollmeier <pollmeier@gonicus.de>:
Extra info received and forwarded to list. Copy sent to GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>. (Wed, 02 May 2012 06:39:05 GMT) Full text and rfc822 format available.

Message #103 received at 665950@bugs.debian.org (full text, mbox):

From: Cajus Pollmeier <pollmeier@gonicus.de>
To: 665950@bugs.debian.org
Subject: Bug#665950: Research/Questions on GOsa² issue: ,,unescaped arguments used on a command line''
Date: Wed, 2 May 2012 08:25:03 +0200
[Message part 1 (text/plain, inline)]
Hi Mike,

can you check if the patch does what you want. If so, I'll prepare a new 
upload.

Cheers,
Cajus
[signature.asc (application/pgp-signature, inline)]

Reply sent to Cajus Pollmeier <cajus@debian.org>:
You have taken responsibility. (Sun, 15 Jul 2012 18:18:31 GMT) Full text and rfc822 format available.

Notification sent to Samuel.Krempp@gmail.com:
Bug acknowledged by developer. (Sun, 15 Jul 2012 18:18:31 GMT) Full text and rfc822 format available.

Message #108 received at 665950-close@bugs.debian.org (full text, mbox):

From: Cajus Pollmeier <cajus@debian.org>
To: 665950-close@bugs.debian.org
Subject: Bug#665950: fixed in gosa 2.6.11-3+squeeze2
Date: Sun, 15 Jul 2012 18:17:26 +0000
Source: gosa
Source-Version: 2.6.11-3+squeeze2

We believe that the bug you reported is fixed in the latest version of
gosa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 665950@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cajus Pollmeier <cajus@debian.org> (supplier of updated gosa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Jul 2012 20:44:30 +0200
Source: gosa
Binary: gosa gosa-dev gosa-desktop gosa-schema gosa-help-en gosa-help-de gosa-help-fr gosa-help-nl smarty-acl-render gosa-plugin-addressbook gosa-plugin-connectivity gosa-plugin-dhcp gosa-plugin-dhcp-schema gosa-plugin-dns gosa-plugin-dns-schema gosa-plugin-fai gosa-plugin-fai-schema gosa-plugin-gofax gosa-plugin-gofon gosa-plugin-goto gosa-plugin-kolab gosa-plugin-kolab-schema gosa-plugin-ldapmanager gosa-plugin-log gosa-plugin-log-schema gosa-plugin-mail gosa-plugin-mit-krb5 gosa-plugin-mit-krb5-schema gosa-plugin-nagios gosa-plugin-nagios-schema gosa-plugin-netatalk gosa-plugin-opengroupware gosa-plugin-openxchange gosa-plugin-openxchange-schema gosa-plugin-opsi gosa-plugin-phpgw gosa-plugin-phpgw-schema gosa-plugin-phpscheduleit gosa-plugin-phpscheduleit-schema gosa-plugin-pptp gosa-plugin-pptp-schema gosa-plugin-pureftpd gosa-plugin-pureftpd-schema gosa-plugin-rolemanagement gosa-plugin-rsyslog gosa-plugin-samba gosa-plugin-scalix gosa-plugin-squid gosa-plugin-ssh
 gosa-plugin-ssh-schema gosa-plugin-sudo gosa-plugin-sudo-schema gosa-plugin-systems gosa-plugin-uw-imap
 gosa-plugin-webdav
Architecture: source all
Version: 2.6.11-3+squeeze2
Distribution: stable
Urgency: low
Maintainer: GOsa packages maintainers group <gosa-pkg@oss.gonicus.de>
Changed-By: Cajus Pollmeier <cajus@debian.org>
Description: 
 gosa       - Web Based LDAP Administration Program
 gosa-desktop - Desktop integration for GOsa²
 gosa-dev   - GOsa² development utilities
 gosa-help-de - German online help for GOsa²
 gosa-help-en - English online help for GOsa
 gosa-help-fr - French online help for GOsa²
 gosa-help-nl - Dutch online help for GOsa
 gosa-plugin-addressbook - addressbook plugin for GOsa²
 gosa-plugin-connectivity - connectivity plugin for GOsa²
 gosa-plugin-dhcp - dhcp plugin for GOsa²
 gosa-plugin-dhcp-schema - LDAP schema for GOsa² dhcp plugin
 gosa-plugin-dns - dns plugin for GOsa²
 gosa-plugin-dns-schema - LDAP schema for GOsa² dns plugin
 gosa-plugin-fai - fai plugin for GOsa²
 gosa-plugin-fai-schema - LDAP schema for GOsa² fai plugin
 gosa-plugin-gofax - gofax plugin for GOsa²
 gosa-plugin-gofon - gofon plugin for GOsa²
 gosa-plugin-goto - goto plugin for GOsa²
 gosa-plugin-kolab - kolab plugin for GOsa²
 gosa-plugin-kolab-schema - LDAP schema for GOsa² kolab plugin
 gosa-plugin-ldapmanager - ldapmanager plugin for GOsa²
 gosa-plugin-log - log plugin for GOsa²
 gosa-plugin-log-schema - LDAP schema for GOsa² log plugin
 gosa-plugin-mail - base mail plugin for GOsa²
 gosa-plugin-mit-krb5 - mit-krb5 plugin for GOsa²
 gosa-plugin-mit-krb5-schema - LDAP schema for GOsa² mit-krb5 plugin
 gosa-plugin-nagios - nagios plugin for GOsa²
 gosa-plugin-nagios-schema - LDAP schema for GOsa² nagios plugin
 gosa-plugin-netatalk - netatalk plugin for GOsa²
 gosa-plugin-opengroupware - opengroupware plugin for GOsa²
 gosa-plugin-openxchange - openxchange plugin for GOsa²
 gosa-plugin-openxchange-schema - LDAP schema for GOsa² openxchange plugin
 gosa-plugin-opsi - opsi plugin for GOsa²
 gosa-plugin-phpgw - phpgw plugin for GOsa²
 gosa-plugin-phpgw-schema - LDAP schema for GOsa² phpgw plugin
 gosa-plugin-phpscheduleit - phpscheduleit plugin for GOsa²
 gosa-plugin-phpscheduleit-schema - LDAP schema for GOsa² phpscheduleit plugin
 gosa-plugin-pptp - pptp plugin for GOsa²
 gosa-plugin-pptp-schema - LDAP schema for GOsa² pptp plugin
 gosa-plugin-pureftpd - pureftpd plugin for GOsa²
 gosa-plugin-pureftpd-schema - LDAP schema for GOsa² pureftpd plugin
 gosa-plugin-rolemanagement - rolemanagement plugin for GOsa²
 gosa-plugin-rsyslog - rsyslog plugin for GOsa²
 gosa-plugin-samba - samba3 plugin for GOsa²
 gosa-plugin-scalix - scalix plugin for GOsa²
 gosa-plugin-squid - squid plugin for GOsa²
 gosa-plugin-ssh - ssh plugin for GOsa²
 gosa-plugin-ssh-schema - LDAP schema for GOsa² ssh plugin
 gosa-plugin-sudo - sudo plugin for GOsa²
 gosa-plugin-sudo-schema - LDAP schema for GOsa² sudo plugin
 gosa-plugin-systems - systems plugin for GOsa²
 gosa-plugin-uw-imap - uw-imap plugin for GOsa²
 gosa-plugin-webdav - webdav plugin for GOsa²
 gosa-schema - LDAP schema for GOsa
 smarty-acl-render - Provide ACL based rendering for Smarty
Closes: 665950
Changes: 
 gosa (2.6.11-3+squeeze2) stable; urgency=low
 .
   * Backport shellvar escaping code. Closes: #665950.
Checksums-Sha1: 
 c44de4b2e5eddde26242f6c794d9424617c6a18f 12735 gosa_2.6.11-3+squeeze2.dsc
 fc3730eeaa029eaf1347881be32b69bf987cfeed 28972 gosa_2.6.11-3+squeeze2.debian.tar.gz
 bc8714a7812d6c9af7aae7e1b051c43d944f7526 1404238 gosa_2.6.11-3+squeeze2_all.deb
 556cda312d9369d62f7ad95f502fbe0989f450e8 20414 gosa-dev_2.6.11-3+squeeze2_all.deb
 ef01671cc758e5a3ce6a9df048e3a5486d451f87 15272 gosa-desktop_2.6.11-3+squeeze2_all.deb
 bd730dbbab387bfa7dde934697cf331fc99d7f26 20604 gosa-schema_2.6.11-3+squeeze2_all.deb
 3f9677543f64c671d2a2519105971785b1682dd7 73242 gosa-help-en_2.6.11-3+squeeze2_all.deb
 c5f6176b1dc07d5c2533c6b453652610e4b81832 120046 gosa-help-de_2.6.11-3+squeeze2_all.deb
 df8091c145d94110a9f891a19df76a5bc84199e3 77866 gosa-help-fr_2.6.11-3+squeeze2_all.deb
 59406318dda5f93ab8e543fee0f3091d3d66b8a3 63322 gosa-help-nl_2.6.11-3+squeeze2_all.deb
 94e302633c74796c01ed2095bbfe41247bdb6a8c 6424 smarty-acl-render_2.6.11-3+squeeze2_all.deb
 5a0f924827ad8eb75e21c7491a4475e30ddf5b2a 90810 gosa-plugin-addressbook_2.6.11-3+squeeze2_all.deb
 53a99072a29a3238dee9bb2a5faca28ec9c1c744 18134 gosa-plugin-connectivity_2.6.11-3+squeeze2_all.deb
 ba913598b78a38c2196b8ee3bc2ad48517c012ff 57140 gosa-plugin-dhcp_2.6.11-3+squeeze2_all.deb
 fcbd494e83f5cfa4c9bf6690feb27773217f9be9 9012 gosa-plugin-dhcp-schema_2.6.11-3+squeeze2_all.deb
 6d485f102bd0f093800aa20cf9ec06a3874c7e4c 46188 gosa-plugin-dns_2.6.11-3+squeeze2_all.deb
 b0c6b3a2b6765a0f40757382037a634e6963fe44 5672 gosa-plugin-dns-schema_2.6.11-3+squeeze2_all.deb
 dda0c3c21e65279854564cc38c98be758ed396ad 274472 gosa-plugin-fai_2.6.11-3+squeeze2_all.deb
 82c6e834a8565ace77359a749a81fb56cfae82bf 9298 gosa-plugin-fai-schema_2.6.11-3+squeeze2_all.deb
 b64b606cfbf0c6a12d5823fe09574d358efcc9a8 74126 gosa-plugin-gofax_2.6.11-3+squeeze2_all.deb
 cdde3977673b0f49c61b34db3f4f9c928bc96176 182066 gosa-plugin-gofon_2.6.11-3+squeeze2_all.deb
 e9d01bae40ac02dea45b7a7d81f2bbf1f55dc4e0 507874 gosa-plugin-goto_2.6.11-3+squeeze2_all.deb
 5c5b6c43bc1a7e8cb824af436731377d11dbd9cf 46574 gosa-plugin-kolab_2.6.11-3+squeeze2_all.deb
 f60793020e8742a3da1d4a6f4ff6f2f849526e30 12084 gosa-plugin-kolab-schema_2.6.11-3+squeeze2_all.deb
 d3dc606632f39b6eaf77e615d5f6ff1286138817 38562 gosa-plugin-ldapmanager_2.6.11-3+squeeze2_all.deb
 d73742ce156d41c8ca32a71ecb3867adc0122a90 20888 gosa-plugin-log_2.6.11-3+squeeze2_all.deb
 6a66245063e143036cb7d00460cfdf34d04ae254 5150 gosa-plugin-log-schema_2.6.11-3+squeeze2_all.deb
 3dfe3e43217e64b8ab16c96f984e5cb0b985b2fb 257856 gosa-plugin-mail_2.6.11-3+squeeze2_all.deb
 e92c43814f8ad204f4125c2b6139f79916554f10 34274 gosa-plugin-mit-krb5_2.6.11-3+squeeze2_all.deb
 19d0cc53bdde49d6cf50b3c38b13423133611cb7 5914 gosa-plugin-mit-krb5-schema_2.6.11-3+squeeze2_all.deb
 2a2606719e263bae86490bcdbdd872a393109ffd 29696 gosa-plugin-nagios_2.6.11-3+squeeze2_all.deb
 0ccbecc3a59fa4195daece06b5af2412819823d6 5834 gosa-plugin-nagios-schema_2.6.11-3+squeeze2_all.deb
 d24daaf9cdd83a0d8629e96ca5ecffc5d8055ea7 20740 gosa-plugin-netatalk_2.6.11-3+squeeze2_all.deb
 c0687150754a3780b8a8278fb39ba67e46ec77e7 16362 gosa-plugin-opengroupware_2.6.11-3+squeeze2_all.deb
 665b1e0b35802c7bd37ba0758b22e9eb7606fe9c 23282 gosa-plugin-openxchange_2.6.11-3+squeeze2_all.deb
 9a91dbea47c0923598117ff783caf5e4dcb94797 8066 gosa-plugin-openxchange-schema_2.6.11-3+squeeze2_all.deb
 81438cd0d3ddd93ac7580e02896c05622440bc3b 51102 gosa-plugin-opsi_2.6.11-3+squeeze2_all.deb
 1f554946c4a3826b72adacf3adfc5da802e29042 11624 gosa-plugin-phpgw_2.6.11-3+squeeze2_all.deb
 a4258b25df6efae8b4c37af92be56bf0bb4def4b 5862 gosa-plugin-phpgw-schema_2.6.11-3+squeeze2_all.deb
 a69dc7b1696309ae0de2d96060f1cc9da805725c 10406 gosa-plugin-phpscheduleit_2.6.11-3+squeeze2_all.deb
 0730f92c790c38f2228ca25c4f30f9a0cb6dca8e 5060 gosa-plugin-phpscheduleit-schema_2.6.11-3+squeeze2_all.deb
 5a1127b028de3e2cb84c189e71a1ddb97e8fea0c 10560 gosa-plugin-pptp_2.6.11-3+squeeze2_all.deb
 62b230e18297d7e393ceb3f1e9296c56e06fe3a6 5136 gosa-plugin-pptp-schema_2.6.11-3+squeeze2_all.deb
 9b1fd0e9f5b334c120da6e3abeca9ab4fa8da6c2 15554 gosa-plugin-pureftpd_2.6.11-3+squeeze2_all.deb
 e4473893f29deff29e3a357bf2e9d6177e0405d8 5414 gosa-plugin-pureftpd-schema_2.6.11-3+squeeze2_all.deb
 339471f84386bc44552936c2fb17a8b63f54a001 29176 gosa-plugin-rolemanagement_2.6.11-3+squeeze2_all.deb
 afb510ebc8a16a6c98d36dfc152577ccabbb49cd 19852 gosa-plugin-rsyslog_2.6.11-3+squeeze2_all.deb
 8b9621258be40f67b8c424393bc52536f3cc1eb4 64266 gosa-plugin-samba_2.6.11-3+squeeze2_all.deb
 e37181b774530b2b9b39b5914deb4a2d8c3179f9 26760 gosa-plugin-scalix_2.6.11-3+squeeze2_all.deb
 322ce39018637525df0ef4362aedb2d42c1ae12c 21888 gosa-plugin-squid_2.6.11-3+squeeze2_all.deb
 8664c32a1f4dbe73094c3ac946c32aecb5883a98 9584 gosa-plugin-ssh_2.6.11-3+squeeze2_all.deb
 52cff5900bcd72caa100204ebabb9d61a7a0fb91 4994 gosa-plugin-ssh-schema_2.6.11-3+squeeze2_all.deb
 879c0d32323ceae33b1f53365ffed9fd811c947f 37734 gosa-plugin-sudo_2.6.11-3+squeeze2_all.deb
 fee551145836a80d482d184c0649a400312248b3 5072 gosa-plugin-sudo-schema_2.6.11-3+squeeze2_all.deb
 65c0e5dba83479be201389981a859c0ed472ca1a 260562 gosa-plugin-systems_2.6.11-3+squeeze2_all.deb
 8c537bd92a1617b5d19917789f1b56bc06bbc886 9790 gosa-plugin-uw-imap_2.6.11-3+squeeze2_all.deb
 bd27f0c6d4656113344e480a7d550cc31a60b12e 10018 gosa-plugin-webdav_2.6.11-3+squeeze2_all.deb
Checksums-Sha256: 
 e69ed34f75fae25c740c01dc1185321599fc7f15684dd17333c4a79448539619 12735 gosa_2.6.11-3+squeeze2.dsc
 dd48a2aa668021a4cb8fecf787c698a9121f27c66be4df97981f930b599bc03e 28972 gosa_2.6.11-3+squeeze2.debian.tar.gz
 9c46784697ef74c03632c51eb25be96359e4d1f0164939fef3aa434d7111f6be 1404238 gosa_2.6.11-3+squeeze2_all.deb
 3e703fd8f4bf068e1007aa799503d98dc5f93c7d3d38e61050f972396bc2432e 20414 gosa-dev_2.6.11-3+squeeze2_all.deb
 b874adec1bb7d36f925b88e921ab2e831a06e34701db45ac2f2ce7adcfadac0e 15272 gosa-desktop_2.6.11-3+squeeze2_all.deb
 221f12c10b65cf5d15fbe7a9df69e5382f2aafae0e590adba2364bd4471820cb 20604 gosa-schema_2.6.11-3+squeeze2_all.deb
 2cebe8d59d68525846248a7529af644806393d8df65bfd5e6a39b4e7fa3cbef3 73242 gosa-help-en_2.6.11-3+squeeze2_all.deb
 8c6b91cde78048ba4c05ff6ef9e24ca442a7faaf3205c5d870b6eaef56ad6c90 120046 gosa-help-de_2.6.11-3+squeeze2_all.deb
 1c7bc1b1790f7f91e6fda38939a63fdf614dbd44c3517e2e899292a7a367fa8c 77866 gosa-help-fr_2.6.11-3+squeeze2_all.deb
 44d5e0ade92ebbc5fa78b50d281f17be7220c7b993324b87f2dc8bc6535b1bdb 63322 gosa-help-nl_2.6.11-3+squeeze2_all.deb
 d483d3393bd83d272a75bda7718ccff88c64888deab8be2548e38d281bf43f5a 6424 smarty-acl-render_2.6.11-3+squeeze2_all.deb
 1ab14a1b069273e0526504bef7771acdc93ca228fde8d516a11044da1840df1e 90810 gosa-plugin-addressbook_2.6.11-3+squeeze2_all.deb
 37508c42c5b71c9b49f9e06d7d0bcc11a8bd6ff414884d2dec398b771208b518 18134 gosa-plugin-connectivity_2.6.11-3+squeeze2_all.deb
 6499e1c492abd551710b46c215c6237cecfbaf412ac2d70d15cf4d9eaaccb51b 57140 gosa-plugin-dhcp_2.6.11-3+squeeze2_all.deb
 780d5e5bd06f5eb48128e6fe9bdb4acb4b2ad1553c5cf1ef8c80c04e25b4fe95 9012 gosa-plugin-dhcp-schema_2.6.11-3+squeeze2_all.deb
 f1b3be513f575217cd8d728a6bde28d9be41ee02915431a77ebc86818996a920 46188 gosa-plugin-dns_2.6.11-3+squeeze2_all.deb
 9b760bf2cf2a9bbfe58a4f5838517508fd4b698dc29556c8e7997d6daeae11be 5672 gosa-plugin-dns-schema_2.6.11-3+squeeze2_all.deb
 f637d87e015a8b1f2404bf4b6e2fc408f065c4d465232faf9b49e6939ed21d7b 274472 gosa-plugin-fai_2.6.11-3+squeeze2_all.deb
 d95ba7bc28b245086c614ac813f823da75c9d22a1d7bb7898bb68044bdd8d462 9298 gosa-plugin-fai-schema_2.6.11-3+squeeze2_all.deb
 09545b8b9be4260fe69beb0245a1c7ae2a44c85398a2b7e3558ca389cc973ca7 74126 gosa-plugin-gofax_2.6.11-3+squeeze2_all.deb
 61ea501f69dbb2b17b4058d70bc3ff00ce542202b88c00d7c814f2e95f1e9a99 182066 gosa-plugin-gofon_2.6.11-3+squeeze2_all.deb
 903bf43e31e9288a8fe9b1bff9ef5732138d9aedf418b0b1ff43df81d29b49ed 507874 gosa-plugin-goto_2.6.11-3+squeeze2_all.deb
 b59b0b12b34d364a4faea4121ec322ad397daf223e6528b3ebd2f90b6061b637 46574 gosa-plugin-kolab_2.6.11-3+squeeze2_all.deb
 10c9f0178821d8147be37624cb7b309f1646262dd126164c344d76e88f8a794b 12084 gosa-plugin-kolab-schema_2.6.11-3+squeeze2_all.deb
 1dc2eb83827011bfd6ce241c4a94ee697b3e88cae6496d74939e82dd2320ce71 38562 gosa-plugin-ldapmanager_2.6.11-3+squeeze2_all.deb
 ff4d009ff7a4c7b6b8af959b65608a74a4ed78bf9a7e89c99647223640e64e0b 20888 gosa-plugin-log_2.6.11-3+squeeze2_all.deb
 5e365e6573e401592b8c3808c72831c0ef6adb0dbb3b43f559d3b804ee0afe5d 5150 gosa-plugin-log-schema_2.6.11-3+squeeze2_all.deb
 a800045f31b815ae7fb2698eeeb4e3ad269e20eafce9182a77673af6bbae98e1 257856 gosa-plugin-mail_2.6.11-3+squeeze2_all.deb
 5776bcc3be45f8afe918f9b9f60ff3084450588f9272537d108e74f01e95faef 34274 gosa-plugin-mit-krb5_2.6.11-3+squeeze2_all.deb
 b32d5422c294440e368b7de97f97f495f09b11f67803320490fb4a2bc95006ed 5914 gosa-plugin-mit-krb5-schema_2.6.11-3+squeeze2_all.deb
 4fb25463451a6f008c880791b8c1b72c4aa838a41e5b7a153c9ebf39f237e104 29696 gosa-plugin-nagios_2.6.11-3+squeeze2_all.deb
 8aac10632ff905979346b3ea39b1aa6d81547fbd9739f39c96637737a57bbc38 5834 gosa-plugin-nagios-schema_2.6.11-3+squeeze2_all.deb
 56c72e37e98abce7bf32711cc2d9f1d7a8aed27a30fb5e7ea78068d6c18bf607 20740 gosa-plugin-netatalk_2.6.11-3+squeeze2_all.deb
 5e5fea1ccdc7ff0a72f0279292d2ef0ba2ac511e7fe142b1dc241e2fbc895dc0 16362 gosa-plugin-opengroupware_2.6.11-3+squeeze2_all.deb
 4bca6a73a488e9d9db7c9c6928677e84d61684b9da83fede09645dbf11cde15a 23282 gosa-plugin-openxchange_2.6.11-3+squeeze2_all.deb
 1b11de9a0579c9f9ee8a3c27080bea73a4562c5c8e66bfbed4b91412c1ba313e 8066 gosa-plugin-openxchange-schema_2.6.11-3+squeeze2_all.deb
 0b357fc05e3ca7d14503dd404d0286d503c7c99a24923d77c0f8c2a55f4b6d3d 51102 gosa-plugin-opsi_2.6.11-3+squeeze2_all.deb
 8266e94b4f3f2aa7db076df4f32e5da11ffd261f7b24f5e6b5856803d27ad5f1 11624 gosa-plugin-phpgw_2.6.11-3+squeeze2_all.deb
 8cfe9c4a2fd1b0ce060694880c89f04902f75f63a071052af47ce7b9138aab06 5862 gosa-plugin-phpgw-schema_2.6.11-3+squeeze2_all.deb
 774109678b17ba7b0a635f986609e1b0a847ae51f9006989c5d01333b8e55532 10406 gosa-plugin-phpscheduleit_2.6.11-3+squeeze2_all.deb
 afdaab5ad8d7f1d6f617dab483b2fcefeb35587779712f0defe322a1969d8b27 5060 gosa-plugin-phpscheduleit-schema_2.6.11-3+squeeze2_all.deb
 a104f92d2028d5cf8ed5fc36b66e1ad1d7cd9017bbb10f49ea8bbc8ec5b183a1 10560 gosa-plugin-pptp_2.6.11-3+squeeze2_all.deb
 91543c0bc55e2f96baf3e043a58f25335b4d968b58087d83230115528d23325a 5136 gosa-plugin-pptp-schema_2.6.11-3+squeeze2_all.deb
 af7a1dc25d927f84b41449cfe1463bc57272f33a6d6de260303e8dcc45c0c59e 15554 gosa-plugin-pureftpd_2.6.11-3+squeeze2_all.deb
 33bf3f3e43e08f7754cb6d0a4402b2361c4cb64757d9220765ed87bda042875a 5414 gosa-plugin-pureftpd-schema_2.6.11-3+squeeze2_all.deb
 96e5a92c5e003de12ec2b14eaef0b143298b9ff8788ea3306426726dc9d67364 29176 gosa-plugin-rolemanagement_2.6.11-3+squeeze2_all.deb
 bc0de1df5352ecbe89ff25611aebd72e7de852a437c96641eb5dbc3ae0dcea5b 19852 gosa-plugin-rsyslog_2.6.11-3+squeeze2_all.deb
 7105349a0ebd625f7717fa32fa55b2b3623b21d3f30eba78a1c085c0f45e347c 64266 gosa-plugin-samba_2.6.11-3+squeeze2_all.deb
 a7201c6da4bbe0bb97cfd60fe5bdceca2817cd285a8622b49c276e1771870677 26760 gosa-plugin-scalix_2.6.11-3+squeeze2_all.deb
 5ff759f5c6d11d00a5b65085160aa2de7736303043c3a616a7bfec4131dcbbd7 21888 gosa-plugin-squid_2.6.11-3+squeeze2_all.deb
 987f9515367f657b47d1e00520bf979637aee167562f80cf6529a6659d1b3cf1 9584 gosa-plugin-ssh_2.6.11-3+squeeze2_all.deb
 a2d093716674602d70bf77fbfce45169611ef64cd4ba3039e9be2cf16912dfdc 4994 gosa-plugin-ssh-schema_2.6.11-3+squeeze2_all.deb
 5e843e0f98851bb58be2a20a3867cf09e56fc07b17acda893cf1d143d2678475 37734 gosa-plugin-sudo_2.6.11-3+squeeze2_all.deb
 26d7625e869f7fbbd6c96e7a75e54bc86ff6c7dd8137cc8df44b0ad828f20bd7 5072 gosa-plugin-sudo-schema_2.6.11-3+squeeze2_all.deb
 14e2c8f2718eaa175ecb1f9ee45df796fe503529d72a742406581b66727a9ceb 260562 gosa-plugin-systems_2.6.11-3+squeeze2_all.deb
 b48659c5ed350f897801056b6e8a3767cf548e3bc2d4636a46d89723ec1d154b 9790 gosa-plugin-uw-imap_2.6.11-3+squeeze2_all.deb
 4161ce789c9dd6cf28bdb09b1a6aa711d9ef150243f26a4f51d9e39607f0a536 10018 gosa-plugin-webdav_2.6.11-3+squeeze2_all.deb
Files: 
 7acb3db0c835d8c5128e7c54a7eda0eb 12735 web optional gosa_2.6.11-3+squeeze2.dsc
 ec24bbf86848a833fcd087158b019796 28972 web optional gosa_2.6.11-3+squeeze2.debian.tar.gz
 adadd5a18557ccd614ce1f8e2c36d2d6 1404238 web optional gosa_2.6.11-3+squeeze2_all.deb
 9c6e10ecc5cb39f0585bcdf388bff030 20414 web optional gosa-dev_2.6.11-3+squeeze2_all.deb
 6a30e79639b26ee014d36f8714864986 15272 web optional gosa-desktop_2.6.11-3+squeeze2_all.deb
 dac496b79847880fa536795590a9932b 20604 web optional gosa-schema_2.6.11-3+squeeze2_all.deb
 b8eab7ea04da5df8f00ce1ecac1cebd6 73242 web optional gosa-help-en_2.6.11-3+squeeze2_all.deb
 c32aeee944ec1d6d2680895682ce5695 120046 web optional gosa-help-de_2.6.11-3+squeeze2_all.deb
 8ad6af5e3486cbef5d191ecf4a024b93 77866 web optional gosa-help-fr_2.6.11-3+squeeze2_all.deb
 7cc0248c81ff77f18c2e18630d167015 63322 web optional gosa-help-nl_2.6.11-3+squeeze2_all.deb
 b47f7b2df3193636126e1bcf4fbab230 6424 web optional smarty-acl-render_2.6.11-3+squeeze2_all.deb
 62d2f6580771153152f0d714ae3e01f1 90810 web optional gosa-plugin-addressbook_2.6.11-3+squeeze2_all.deb
 f112a58c92f62fa106f2ff50e876821a 18134 web optional gosa-plugin-connectivity_2.6.11-3+squeeze2_all.deb
 babe98ce552a7a56640ebe563f2c9c33 57140 web optional gosa-plugin-dhcp_2.6.11-3+squeeze2_all.deb
 b1db023559cb3445f9afb767d0dd23a2 9012 web optional gosa-plugin-dhcp-schema_2.6.11-3+squeeze2_all.deb
 1a4298b0bdaee543d070aab98dd72877 46188 web optional gosa-plugin-dns_2.6.11-3+squeeze2_all.deb
 30a2077e5e5d81694e462837bed6d38c 5672 web optional gosa-plugin-dns-schema_2.6.11-3+squeeze2_all.deb
 5a88a9abfbdbd51579c97e8c41633ea9 274472 web optional gosa-plugin-fai_2.6.11-3+squeeze2_all.deb
 5e2d46623bf9f50ca5553e2ab0674acc 9298 web optional gosa-plugin-fai-schema_2.6.11-3+squeeze2_all.deb
 6f8cc4f5f7ea04865a5839497872c2a8 74126 web optional gosa-plugin-gofax_2.6.11-3+squeeze2_all.deb
 1bfae2a4981b59303be97d30a3071723 182066 web optional gosa-plugin-gofon_2.6.11-3+squeeze2_all.deb
 dc8170a53c0cbb4cf41cb50d062b4290 507874 web optional gosa-plugin-goto_2.6.11-3+squeeze2_all.deb
 39f23f7b5c209a6672cbb10168352c18 46574 web optional gosa-plugin-kolab_2.6.11-3+squeeze2_all.deb
 8fba2025c67aec448400cabfd6bdce45 12084 web optional gosa-plugin-kolab-schema_2.6.11-3+squeeze2_all.deb
 d597178330f826f58a200a4b93d1edce 38562 web optional gosa-plugin-ldapmanager_2.6.11-3+squeeze2_all.deb
 b3083e8c55688fa127c3ba1b43101bd4 20888 web optional gosa-plugin-log_2.6.11-3+squeeze2_all.deb
 9a736ef3be17d86d51c281d59991c130 5150 web optional gosa-plugin-log-schema_2.6.11-3+squeeze2_all.deb
 8002ba893695509c88abbb01b9fb3a2d 257856 web optional gosa-plugin-mail_2.6.11-3+squeeze2_all.deb
 a133d66afe40487158baff458ecf7bb7 34274 web optional gosa-plugin-mit-krb5_2.6.11-3+squeeze2_all.deb
 1b056cca49e69aa0d2c6022f46b5afc3 5914 web optional gosa-plugin-mit-krb5-schema_2.6.11-3+squeeze2_all.deb
 f8ecad6cfa30ea1560095a0352d07650 29696 web optional gosa-plugin-nagios_2.6.11-3+squeeze2_all.deb
 85330968dda15cce72e4b7e33c5c75bc 5834 web optional gosa-plugin-nagios-schema_2.6.11-3+squeeze2_all.deb
 866306eb8ff286794e663c3432dfdbca 20740 web optional gosa-plugin-netatalk_2.6.11-3+squeeze2_all.deb
 24874b2014719977bffda9ce5042f7d2 16362 web optional gosa-plugin-opengroupware_2.6.11-3+squeeze2_all.deb
 d429774b201a8aa63848117580017516 23282 web optional gosa-plugin-openxchange_2.6.11-3+squeeze2_all.deb
 cd6ca86c2c35d84d6fd53c590547463a 8066 web optional gosa-plugin-openxchange-schema_2.6.11-3+squeeze2_all.deb
 04579edce71827fee07061b85a4a9341 51102 web optional gosa-plugin-opsi_2.6.11-3+squeeze2_all.deb
 9422d653629250c113b04acb3a7e1ce3 11624 web optional gosa-plugin-phpgw_2.6.11-3+squeeze2_all.deb
 a5b79131dd2856feb1a05905829d3dea 5862 web optional gosa-plugin-phpgw-schema_2.6.11-3+squeeze2_all.deb
 bd689a568f21e980e9c09580f38bf785 10406 web optional gosa-plugin-phpscheduleit_2.6.11-3+squeeze2_all.deb
 6b70017450f5e4a475b49cce40565293 5060 web optional gosa-plugin-phpscheduleit-schema_2.6.11-3+squeeze2_all.deb
 8f024f135d0a733cb4b6728be0e0e4a2 10560 web optional gosa-plugin-pptp_2.6.11-3+squeeze2_all.deb
 3d2afbe8c1d4ebbb23fc763b2c76ef94 5136 web optional gosa-plugin-pptp-schema_2.6.11-3+squeeze2_all.deb
 c99952eab885a8e683f6390f470c08a8 15554 web optional gosa-plugin-pureftpd_2.6.11-3+squeeze2_all.deb
 ad7909affa8d9412f7d347cb6db2537f 5414 web optional gosa-plugin-pureftpd-schema_2.6.11-3+squeeze2_all.deb
 370a782edcdc8edd4879c2e75865019d 29176 web optional gosa-plugin-rolemanagement_2.6.11-3+squeeze2_all.deb
 5bbecc7bbca884542cf63ad9ed26c4b9 19852 web optional gosa-plugin-rsyslog_2.6.11-3+squeeze2_all.deb
 ad319c42c0bc8390011aa554cda6fd83 64266 web optional gosa-plugin-samba_2.6.11-3+squeeze2_all.deb
 92b4de9038bf0aa37ff040e99f3de65d 26760 web optional gosa-plugin-scalix_2.6.11-3+squeeze2_all.deb
 cff32f0257fd9a1cee4c70c8cd4d73bb 21888 web optional gosa-plugin-squid_2.6.11-3+squeeze2_all.deb
 c557c94b053f58a5eb6d632f772ab246 9584 web optional gosa-plugin-ssh_2.6.11-3+squeeze2_all.deb
 21c6d7056bf800bc75303024bbf40f37 4994 web optional gosa-plugin-ssh-schema_2.6.11-3+squeeze2_all.deb
 2aa817551d8593faf45b8460253ef52d 37734 web optional gosa-plugin-sudo_2.6.11-3+squeeze2_all.deb
 f86956e6b19cf6d1ae27b298fa8fdb6f 5072 web optional gosa-plugin-sudo-schema_2.6.11-3+squeeze2_all.deb
 bce60128aa1c72f1ee8cc340e462bae6 260562 web optional gosa-plugin-systems_2.6.11-3+squeeze2_all.deb
 8b226cb12518264214c3d6a29c8c008d 9790 web optional gosa-plugin-uw-imap_2.6.11-3+squeeze2_all.deb
 43cf810e1a62b379c0064cadf79dae3b 10018 web optional gosa-plugin-webdav_2.6.11-3+squeeze2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFP+ybytyibJ/7Y+CYRAjR5AJ9/M0llGElQRU1LI2/sxGTSrEtAyQCghLwQ
Cr0v2sZLwPwsJvRvnu8vHOs=
=4A7P
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Oct 2012 07:30:00 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:15:28 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.