[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991940: marked as done (unblock: munge/0.5.14-6)

Your message dated Fri, 6 Aug 2021 14:00:01 +0200
with message-id <641aec73-1481-974e-205c-d78acc25fec1@debian.org>
and subject line Re: Bug#991940: unblock: munge/0.5.14-6
has caused the Debian Bug report #991940,
regarding unblock: munge/0.5.14-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991940
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package munge

[ Reason ]
* Cherry-pick upstream patch to allow to upgrade from buster to bullseye

[ Impact ]
Remove some minor tests to fix kfreebsd builds and a useless check for
the daemon when starting

[ Tests ]
All tests passed

[ Risks ]
It's low risk because:
the change only avoid a useless check that the libgcrypt shared object
linked at runtime is the same the daemon was compiled against [1] and
some minor tests (removed upstream) to fix kfreebsd builds.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

diffstat for munge-0.5.14 munge-0.5.14

 changelog                                                             |   14 +
 patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch        |   93 +++++++++
 patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch |  102 ++++++++++
 patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch      |   36 +++
 patches/series                                                        |    3 
 5 files changed, 248 insertions(+)

debdiff attached

unblock munge/0.5.14-6

[1] https://github.com/dun/munge/commit/0c37cc03b649d8861c2d9e8d172bff736bfd9ea4
-- 
Gennaro Oliva

diff -Nru munge-0.5.14/debian/changelog munge-0.5.14/debian/changelog
--- munge-0.5.14/debian/changelog	2021-02-25 17:08:19.000000000 +0100
+++ munge-0.5.14/debian/changelog	2021-08-06 09:40:42.000000000 +0200
@@ -1,3 +1,17 @@
+munge (0.5.14-6) unstable; urgency=medium
+
+  [Chris Dunlap]
+  * Remove GCRYPT_VERSION from gcry_check_version (Closes: #991875)
+
+ -- Gennaro Oliva <oliva.g@na.icar.cnr.it>  Fri, 06 Aug 2021 09:40:42 +0200
+
+munge (0.5.14-5) unstable; urgency=medium
+
+  [Chris Dunlap]
+  * Fix kfreebsd builds
+
+ -- Gennaro Oliva <oliva.g@na.icar.cnr.it>  Mon, 22 Mar 2021 02:00:52 +0100
+
 munge (0.5.14-4) unstable; urgency=medium
 
   [Chris Dunlap]
diff -Nru munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch
--- munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch	1970-01-01 01:00:00.000000000 +0100
+++ munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch	2021-08-05 23:56:30.000000000 +0200
@@ -0,0 +1,93 @@
+Description: Sharness: Remove tests to/from invalid files
+ On FreeBSD (12.1, 11.4, 11.3) and NetBSD (9.0, 8.1, 7.2), the following
+ test fails when run with "root=/tmp/munge-test-$$":
+ 0012-munge-cmdline.t 24 - munge --input from invalid file
+ This test attempts to read data for a credential payload from the file
+ "." -- i.e., a directory, and not a regular file.  It is expected
+ to fail, and on most platforms it does.  However, it unexpectedly
+ succeeds if the input file is on a FreeBSD ufs or NetBSD ffs filesystem
+ (where it uses the directory file contents as the payload data),
+ but fails if the input file is on an nfs or tmpfs filesystem on
+ those platforms.  Note that this test fails as expected on OpenBSD
+ ffs and nfs filesystems.
+ This passed testing for 0.5.14 because the test suite ran in an
+ nfs directory.  But recent testing with "root=/tmp/munge-test-$$"
+ uncovered the failure since the "root" variable moved the input file
+ to a different filesystem.
+ Since the munge and unmunge client executables do not explicitly
+ check whether the input or output files are regular files, remove the
+ sharness checks that test for an expected failure when specifying an
+ invalid input, metadata, or output file.
+Author: Chris Dunlap <cdunlap@llnl.gov>
+Origin: upstream, https://github.com/dun/munge/commit/cfbb14558ceda9dd42b23a2e4c166a07b73a3223
+Last-Update: 2020-10-14
+Forwarded: not-needed
+
+--- a/t/0012-munge-cmdline.t
++++ b/t/0012-munge-cmdline.t
+@@ -109,10 +109,6 @@ test_expect_success 'munge --input from /dev/null' '
+     test ! -s out.$$
+ '
+ 
+-test_expect_success 'munge --input from invalid file' '
+-    test_must_fail "${MUNGE}" --socket="${MUNGE_SOCKET}" --input=.
+-'
+-
+ test_expect_success 'munge --input from missing file' '
+     test_must_fail "${MUNGE}" --socket="${MUNGE_SOCKET}" \
+             --input=missing.file.$$
+@@ -141,10 +137,6 @@ test_expect_success 'munge --output to /dev/null' '
+     test ! -s out.$$
+ '
+ 
+-test_expect_success 'munge --output to invalid file' '
+-    test_must_fail "${MUNGE}" --socket="${MUNGE_SOCKET}" --no-input --output=.
+-'
+-
+ for OPT_LIST_CIPHERS in '-C' '--list-ciphers'; do
+     test_expect_success "munge ${OPT_LIST_CIPHERS}" '
+         "${MUNGE}" "${OPT_LIST_CIPHERS}" |
+diff --git a/t/0013-unmunge-cmdline.t b/t/0013-unmunge-cmdline.t
+index c034109..07ce8eb 100755
+--- a/t/0013-unmunge-cmdline.t
++++ b/t/0013-unmunge-cmdline.t
+@@ -80,10 +80,6 @@ test_expect_success 'unmunge --input from /dev/null' '
+     test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --input=/dev/null
+ '
+ 
+-test_expect_success 'unmunge --input from invalid file' '
+-    test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --input=.
+-'
+-
+ test_expect_success 'unmunge --input from missing file' '
+     test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" \
+             --input=missing.file.$$
+@@ -126,12 +122,6 @@ test_expect_success 'unmunge --metadata to /dev/null with payload on stdout' '
+     test "$(cat out.$$)" = "${PAYLOAD}"
+ '
+ 
+-test_expect_success 'unmunge --metadata to invalid file' '
+-    local PAYLOAD=xyzzy-$$ &&
+-    "${MUNGE}" --socket="${MUNGE_SOCKET}" --string="${PAYLOAD}" |
+-    test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --metadata=.
+-'
+-
+ for OPT_OUTPUT in '-o' '--output'; do
+     test_expect_success "unmunge ${OPT_OUTPUT}" '
+         local PAYLOAD=xyzzy-$$ &&
+@@ -160,12 +150,6 @@ test_expect_success 'unmunge --output to /dev/null with metadata on stdout' '
+     grep -q -v "${PAYLOAD}" meta.$$
+ '
+ 
+-test_expect_success 'unmunge --output to invalid file' '
+-    local PAYLOAD=xyzzy-$$ &&
+-    "${MUNGE}" --socket="${MUNGE_SOCKET}" --string="${PAYLOAD}" |
+-    test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --output=.
+-'
+-
+ for OPT_LIST_KEYS in '-K' '--list-keys'; do
+     test_expect_success "unmunge ${OPT_LIST_KEYS}" '
+         "${UNMUNGE}" "${OPT_LIST_KEYS}" |
+-- 
+2.31.0
+
diff -Nru munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch
--- munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch	1970-01-01 01:00:00.000000000 +0100
+++ munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch	2021-08-06 00:01:31.000000000 +0200
@@ -0,0 +1,102 @@
+Description: Sharness: Set IFNAME prereq if network ifname found 
+ Remove the "test -s ifname0.$$" statements from the sharness
+ checks.  They make it difficult to diagnose why a check fails.
+ If the file is empty, munged will fail with the error 'Failed to
+ lookup origin ""' which provides useful information for debugging.
+ Create the new check 'munged --origin interface name lookup' which
+ greps the log from the preceding check for the loopback interface
+ name, checks that it is not the empty string, saves the name to
+ the file "ifname0.$$", and sets the sharness IFNAME prerequisite.
+  Change the checks for 'munged --origin interface name' and
+ 'munged --origin interface name metadata' to depend on this new
+ IFNAME prerequisite.  Thus, if munged is unable to match 127.0.0.1 to
+ an interface name, these checks will be skipped instead of failing.
+ Change _net_get_hostaddr_via_ifaddrs() to check that ifa_name
+ is not the empty string before assigning the string for the network
+ interface.
+Author: Chris Dunlap <cdunlap@llnl.gov>
+Origin: upstream, https://github.com/dun/munge/commit/77ff6823c423d19823d9259f8e0cae1fc98d9a7b
+Last-Update: 2021-03-19
+Forwarded: not-needed
+
+--- a/src/munged/net.c
++++ b/src/munged/net.c
+@@ -193,7 +193,9 @@ _net_get_hostaddr_via_ifaddrs (const char *name, struct in_addr *inaddrp,
+      */
+     if (ifa != NULL) {
+         *inaddrp = ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
+-        *ifnamep = (ifa->ifa_name != NULL) ? strdup (ifa->ifa_name) : NULL;
++        *ifnamep = ((ifa->ifa_name != NULL) && (ifa->ifa_name[0] != '\0'))
++                ? strdup (ifa->ifa_name)
++                : NULL;
+         rv = 0;
+     }
+     /*  If a match is not found, but host lookup succeeded...
+diff --git a/t/0110-munged-origin-addr.t b/t/0110-munged-origin-addr.t
+index 1e3f642..53bc5af 100755
+--- a/t/0110-munged-origin-addr.t
++++ b/t/0110-munged-origin-addr.t
+@@ -63,15 +63,12 @@ test_expect_success 'munged --origin null address warning' '
+ '
+ 
+ # Check if the origin address can be set by specifying an IP address.
+-# Save the interface name to ifname0.$$ for later checks.
+ ##
+ test_expect_success 'munged --origin local IP address' '
+     rm -f ifname0.$$ &&
+     munged_start_daemon --origin=127.0.0.1 &&
+     munged_stop_daemon &&
+-    egrep "Set origin address to 127\.0\.0\.1\>" "${MUNGE_LOGFILE}" &&
+-    sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" \
+-            "${MUNGE_LOGFILE}" >ifname0.$$
++    egrep "Set origin address to 127\.0\.0\.1\>" "${MUNGE_LOGFILE}"
+ '
+ 
+ # Check if the origin address is set to the appropriate IP address in the
+@@ -87,23 +84,35 @@ test_expect_success 'munged --origin local IP address metadata' '
+     egrep "^ENCODE_HOST:.* 127\.0\.0\.1\>" meta.$$
+ '
+ 
+-# Check if the origin address can be set by specifying an interface name.
++# Check the log from the previous test for the network interface name
++#   corresponding to the loopback address.
++# Set the IFNAME prereq if "ifname0.$$" contains a non-empty string.
++##
++test_expect_success GETIFADDRS 'munged --origin interface name lookup' '
++    local ifname &&
++    sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" "${MUNGE_LOGFILE}" \
++            >ifname0.$$ &&
++    ifname=$(cat ifname0.$$) &&
++    test_debug "echo \"Loopback network interface name is [${ifname}]\"" &&
++    if test "x${ifname}" != x; then test_set_prereq IFNAME; fi
++'
++
++# Check if the origin address can be set by specifying the loopback network
++#   interface name.
+ ##
+-test_expect_success GETIFADDRS 'munged --origin interface name' '
+-    test -s ifname0.$$ &&
++test_expect_success IFNAME 'munged --origin interface name' '
+     munged_start_daemon --origin="$(cat ifname0.$$)" &&
+     munged_stop_daemon &&
+     egrep "Set origin address to 127\.0\.0\.1\>" "${MUNGE_LOGFILE}" &&
+-    sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" \
+-            "${MUNGE_LOGFILE}" >ifname1.$$ &&
++    sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" "${MUNGE_LOGFILE}" \
++            >ifname1.$$ &&
+     test_cmp ifname0.$$ ifname1.$$
+ '
+ 
+ # Check if the origin address is set to the appropriate IP address in the
+-#   credential metadata when specifying an interface name.
++#   credential metadata when specifying the loopback network interface name.
+ ##
+-test_expect_success GETIFADDRS 'munged --origin interface name metadata' '
+-    test -s ifname0.$$ &&
++test_expect_success IFNAME 'munged --origin interface name metadata' '
+     munged_start_daemon --origin="$(cat ifname0.$$)" &&
+     "${MUNGE}" --socket="${MUNGE_SOCKET}" --no-input --output=cred.$$ &&
+     "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --input=cred.$$ \
+-- 
+2.31.0
+
diff -Nru munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch
--- munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch	1970-01-01 01:00:00.000000000 +0100
+++ munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch	2021-08-05 19:47:09.000000000 +0200
@@ -0,0 +1,36 @@
+Description: Replace GCRYPT_VERSION with NULL in gcry_check_version()
+ According to the Libgcrypt documentation, gcry_check_version()
+ should be called with the minimum required version of the library
+ (or NULL if that check is not needed).  The <gcrypt.h> header file
+ further notes GCRYPT_VERSION should not be used by the program since
+ gcry_check_version() should return the same version string.
+ Replace GCRYPT_VERSION with NULL in gcry_check_version() to disable the
+ version check.  Debian further notes their automated system determined
+ v0.5.14 requires a minimum Libgcrypt version of 1.8.0.  However, it
+ seems preferable to disable the check and let distributions perform
+ their dependency checks instead of maintaining this value by hand.
+ Note that gcry_check_version() must still be called because it also
+ initializes the library.
+Author: Chris Dunlap <cdunlap@llnl.gov>
+Origin: upstream, https://github.com/dun/munge/commit/0c37cc03b649d8861c2d9e8d172bff736bfd9ea4
+Last-Update: 2021-08-05
+Forwarded: not-needed
+
+diff --git a/src/common/crypto.c b/src/common/crypto.c
+index 29266a16..6e46ec5b 100644
+--- a/src/common/crypto.c
++++ b/src/common/crypto.c
+@@ -72,11 +72,10 @@ crypto_init (void)
+     /*  gcry_check_version() must be called before any other Libgcrypt function
+      *    (except the GCRYCTL_SET_THREAD_CBS command prior to Libgcrypt 1.6).
+      */
+-    v = gcry_check_version (GCRYPT_VERSION);
++    v = gcry_check_version (NULL);
+     if (v == NULL) {
+         log_err (EMUNGE_SNAFU, LOG_ERR,
+-            "Failed to initialize Libgcrypt: version mismatch: expected %s",
+-            GCRYPT_VERSION);
++            "Failed to initialize Libgcrypt %s", GCRYPT_VERSION);
+     }
+     e = gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+     if (e) {
diff -Nru munge-0.5.14/debian/patches/series munge-0.5.14/debian/patches/series
--- munge-0.5.14/debian/patches/series	2021-02-24 00:25:10.000000000 +0100
+++ munge-0.5.14/debian/patches/series	2021-08-05 10:35:43.000000000 +0200
@@ -2,3 +2,6 @@
 0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch
 0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch
 0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch
+0005-Sharness-Remove-tests-to-from-invalid-files.patch
+0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch
+0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch

--- End Message ---
--- Begin Message --- 
retitle 991875 munge: undeclared tight versioned depends on libgcrypt
thanks

On 06-08-2021 12:03, Gennaro Oliva wrote:
> Please unblock package munge

You're three days too late, the deadline was Tuesday 12:00 UTC [1].

> [ Reason ]
> * Cherry-pick upstream patch to allow to upgrade from buster to bullseye

This seems to be an issue when upgrading *only* munge. Unless I'm
mistaken, I don't think this is an issue in a proper buster to bullseye
upgrade.

Paul

[1] https://lists.debian.org/debian-devel-announce/2021/07/msg00003.html

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: