Your message dated Fri, 6 Aug 2021 14:00:01 +0200 with message-id <641aec73-1481-974e-205c-d78acc25fec1@debian.org> and subject line Re: Bug#991940: unblock: munge/0.5.14-6 has caused the Debian Bug report #991940, regarding unblock: munge/0.5.14-6 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 991940: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991940 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: munge/0.5.14-6
- From: Gennaro Oliva <oliva.g@na.icar.cnr.it>
- Date: Fri, 6 Aug 2021 12:03:33 +0200
- Message-id: <[🔎] YQ0I9eO7aRsN7292@ischia>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package munge [ Reason ] * Cherry-pick upstream patch to allow to upgrade from buster to bullseye [ Impact ] Remove some minor tests to fix kfreebsd builds and a useless check for the daemon when starting [ Tests ] All tests passed [ Risks ] It's low risk because: the change only avoid a useless check that the libgcrypt shared object linked at runtime is the same the daemon was compiled against [1] and some minor tests (removed upstream) to fix kfreebsd builds. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing diffstat for munge-0.5.14 munge-0.5.14 changelog | 14 + patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch | 93 +++++++++ patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch | 102 ++++++++++ patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch | 36 +++ patches/series | 3 5 files changed, 248 insertions(+) debdiff attached unblock munge/0.5.14-6 [1] https://github.com/dun/munge/commit/0c37cc03b649d8861c2d9e8d172bff736bfd9ea4 -- Gennaro Olivadiff -Nru munge-0.5.14/debian/changelog munge-0.5.14/debian/changelog --- munge-0.5.14/debian/changelog 2021-02-25 17:08:19.000000000 +0100 +++ munge-0.5.14/debian/changelog 2021-08-06 09:40:42.000000000 +0200 @@ -1,3 +1,17 @@ +munge (0.5.14-6) unstable; urgency=medium + + [Chris Dunlap] + * Remove GCRYPT_VERSION from gcry_check_version (Closes: #991875) + + -- Gennaro Oliva <oliva.g@na.icar.cnr.it> Fri, 06 Aug 2021 09:40:42 +0200 + +munge (0.5.14-5) unstable; urgency=medium + + [Chris Dunlap] + * Fix kfreebsd builds + + -- Gennaro Oliva <oliva.g@na.icar.cnr.it> Mon, 22 Mar 2021 02:00:52 +0100 + munge (0.5.14-4) unstable; urgency=medium [Chris Dunlap] diff -Nru munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch --- munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch 1970-01-01 01:00:00.000000000 +0100 +++ munge-0.5.14/debian/patches/0005-Sharness-Remove-tests-to-from-invalid-files.patch 2021-08-05 23:56:30.000000000 +0200 @@ -0,0 +1,93 @@ +Description: Sharness: Remove tests to/from invalid files + On FreeBSD (12.1, 11.4, 11.3) and NetBSD (9.0, 8.1, 7.2), the following + test fails when run with "root=/tmp/munge-test-$$": + 0012-munge-cmdline.t 24 - munge --input from invalid file + This test attempts to read data for a credential payload from the file + "." -- i.e., a directory, and not a regular file. It is expected + to fail, and on most platforms it does. However, it unexpectedly + succeeds if the input file is on a FreeBSD ufs or NetBSD ffs filesystem + (where it uses the directory file contents as the payload data), + but fails if the input file is on an nfs or tmpfs filesystem on + those platforms. Note that this test fails as expected on OpenBSD + ffs and nfs filesystems. + This passed testing for 0.5.14 because the test suite ran in an + nfs directory. But recent testing with "root=/tmp/munge-test-$$" + uncovered the failure since the "root" variable moved the input file + to a different filesystem. + Since the munge and unmunge client executables do not explicitly + check whether the input or output files are regular files, remove the + sharness checks that test for an expected failure when specifying an + invalid input, metadata, or output file. +Author: Chris Dunlap <cdunlap@llnl.gov> +Origin: upstream, https://github.com/dun/munge/commit/cfbb14558ceda9dd42b23a2e4c166a07b73a3223 +Last-Update: 2020-10-14 +Forwarded: not-needed + +--- a/t/0012-munge-cmdline.t ++++ b/t/0012-munge-cmdline.t +@@ -109,10 +109,6 @@ test_expect_success 'munge --input from /dev/null' ' + test ! -s out.$$ + ' + +-test_expect_success 'munge --input from invalid file' ' +- test_must_fail "${MUNGE}" --socket="${MUNGE_SOCKET}" --input=. +-' +- + test_expect_success 'munge --input from missing file' ' + test_must_fail "${MUNGE}" --socket="${MUNGE_SOCKET}" \ + --input=missing.file.$$ +@@ -141,10 +137,6 @@ test_expect_success 'munge --output to /dev/null' ' + test ! -s out.$$ + ' + +-test_expect_success 'munge --output to invalid file' ' +- test_must_fail "${MUNGE}" --socket="${MUNGE_SOCKET}" --no-input --output=. +-' +- + for OPT_LIST_CIPHERS in '-C' '--list-ciphers'; do + test_expect_success "munge ${OPT_LIST_CIPHERS}" ' + "${MUNGE}" "${OPT_LIST_CIPHERS}" | +diff --git a/t/0013-unmunge-cmdline.t b/t/0013-unmunge-cmdline.t +index c034109..07ce8eb 100755 +--- a/t/0013-unmunge-cmdline.t ++++ b/t/0013-unmunge-cmdline.t +@@ -80,10 +80,6 @@ test_expect_success 'unmunge --input from /dev/null' ' + test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --input=/dev/null + ' + +-test_expect_success 'unmunge --input from invalid file' ' +- test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --input=. +-' +- + test_expect_success 'unmunge --input from missing file' ' + test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" \ + --input=missing.file.$$ +@@ -126,12 +122,6 @@ test_expect_success 'unmunge --metadata to /dev/null with payload on stdout' ' + test "$(cat out.$$)" = "${PAYLOAD}" + ' + +-test_expect_success 'unmunge --metadata to invalid file' ' +- local PAYLOAD=xyzzy-$$ && +- "${MUNGE}" --socket="${MUNGE_SOCKET}" --string="${PAYLOAD}" | +- test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --metadata=. +-' +- + for OPT_OUTPUT in '-o' '--output'; do + test_expect_success "unmunge ${OPT_OUTPUT}" ' + local PAYLOAD=xyzzy-$$ && +@@ -160,12 +150,6 @@ test_expect_success 'unmunge --output to /dev/null with metadata on stdout' ' + grep -q -v "${PAYLOAD}" meta.$$ + ' + +-test_expect_success 'unmunge --output to invalid file' ' +- local PAYLOAD=xyzzy-$$ && +- "${MUNGE}" --socket="${MUNGE_SOCKET}" --string="${PAYLOAD}" | +- test_must_fail "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --output=. +-' +- + for OPT_LIST_KEYS in '-K' '--list-keys'; do + test_expect_success "unmunge ${OPT_LIST_KEYS}" ' + "${UNMUNGE}" "${OPT_LIST_KEYS}" | +-- +2.31.0 + diff -Nru munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch --- munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch 1970-01-01 01:00:00.000000000 +0100 +++ munge-0.5.14/debian/patches/0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch 2021-08-06 00:01:31.000000000 +0200 @@ -0,0 +1,102 @@ +Description: Sharness: Set IFNAME prereq if network ifname found + Remove the "test -s ifname0.$$" statements from the sharness + checks. They make it difficult to diagnose why a check fails. + If the file is empty, munged will fail with the error 'Failed to + lookup origin ""' which provides useful information for debugging. + Create the new check 'munged --origin interface name lookup' which + greps the log from the preceding check for the loopback interface + name, checks that it is not the empty string, saves the name to + the file "ifname0.$$", and sets the sharness IFNAME prerequisite. + Change the checks for 'munged --origin interface name' and + 'munged --origin interface name metadata' to depend on this new + IFNAME prerequisite. Thus, if munged is unable to match 127.0.0.1 to + an interface name, these checks will be skipped instead of failing. + Change _net_get_hostaddr_via_ifaddrs() to check that ifa_name + is not the empty string before assigning the string for the network + interface. +Author: Chris Dunlap <cdunlap@llnl.gov> +Origin: upstream, https://github.com/dun/munge/commit/77ff6823c423d19823d9259f8e0cae1fc98d9a7b +Last-Update: 2021-03-19 +Forwarded: not-needed + +--- a/src/munged/net.c ++++ b/src/munged/net.c +@@ -193,7 +193,9 @@ _net_get_hostaddr_via_ifaddrs (const char *name, struct in_addr *inaddrp, + */ + if (ifa != NULL) { + *inaddrp = ((struct sockaddr_in *) ifa->ifa_addr)->sin_addr; +- *ifnamep = (ifa->ifa_name != NULL) ? strdup (ifa->ifa_name) : NULL; ++ *ifnamep = ((ifa->ifa_name != NULL) && (ifa->ifa_name[0] != '\0')) ++ ? strdup (ifa->ifa_name) ++ : NULL; + rv = 0; + } + /* If a match is not found, but host lookup succeeded... +diff --git a/t/0110-munged-origin-addr.t b/t/0110-munged-origin-addr.t +index 1e3f642..53bc5af 100755 +--- a/t/0110-munged-origin-addr.t ++++ b/t/0110-munged-origin-addr.t +@@ -63,15 +63,12 @@ test_expect_success 'munged --origin null address warning' ' + ' + + # Check if the origin address can be set by specifying an IP address. +-# Save the interface name to ifname0.$$ for later checks. + ## + test_expect_success 'munged --origin local IP address' ' + rm -f ifname0.$$ && + munged_start_daemon --origin=127.0.0.1 && + munged_stop_daemon && +- egrep "Set origin address to 127\.0\.0\.1\>" "${MUNGE_LOGFILE}" && +- sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" \ +- "${MUNGE_LOGFILE}" >ifname0.$$ ++ egrep "Set origin address to 127\.0\.0\.1\>" "${MUNGE_LOGFILE}" + ' + + # Check if the origin address is set to the appropriate IP address in the +@@ -87,23 +84,35 @@ test_expect_success 'munged --origin local IP address metadata' ' + egrep "^ENCODE_HOST:.* 127\.0\.0\.1\>" meta.$$ + ' + +-# Check if the origin address can be set by specifying an interface name. ++# Check the log from the previous test for the network interface name ++# corresponding to the loopback address. ++# Set the IFNAME prereq if "ifname0.$$" contains a non-empty string. ++## ++test_expect_success GETIFADDRS 'munged --origin interface name lookup' ' ++ local ifname && ++ sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" "${MUNGE_LOGFILE}" \ ++ >ifname0.$$ && ++ ifname=$(cat ifname0.$$) && ++ test_debug "echo \"Loopback network interface name is [${ifname}]\"" && ++ if test "x${ifname}" != x; then test_set_prereq IFNAME; fi ++' ++ ++# Check if the origin address can be set by specifying the loopback network ++# interface name. + ## +-test_expect_success GETIFADDRS 'munged --origin interface name' ' +- test -s ifname0.$$ && ++test_expect_success IFNAME 'munged --origin interface name' ' + munged_start_daemon --origin="$(cat ifname0.$$)" && + munged_stop_daemon && + egrep "Set origin address to 127\.0\.0\.1\>" "${MUNGE_LOGFILE}" && +- sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" \ +- "${MUNGE_LOGFILE}" >ifname1.$$ && ++ sed -n -e "s/.*Set origin address.*(\([^)]*\)).*/\1/p" "${MUNGE_LOGFILE}" \ ++ >ifname1.$$ && + test_cmp ifname0.$$ ifname1.$$ + ' + + # Check if the origin address is set to the appropriate IP address in the +-# credential metadata when specifying an interface name. ++# credential metadata when specifying the loopback network interface name. + ## +-test_expect_success GETIFADDRS 'munged --origin interface name metadata' ' +- test -s ifname0.$$ && ++test_expect_success IFNAME 'munged --origin interface name metadata' ' + munged_start_daemon --origin="$(cat ifname0.$$)" && + "${MUNGE}" --socket="${MUNGE_SOCKET}" --no-input --output=cred.$$ && + "${UNMUNGE}" --socket="${MUNGE_SOCKET}" --input=cred.$$ \ +-- +2.31.0 + diff -Nru munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch --- munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch 1970-01-01 01:00:00.000000000 +0100 +++ munge-0.5.14/debian/patches/0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch 2021-08-05 19:47:09.000000000 +0200 @@ -0,0 +1,36 @@ +Description: Replace GCRYPT_VERSION with NULL in gcry_check_version() + According to the Libgcrypt documentation, gcry_check_version() + should be called with the minimum required version of the library + (or NULL if that check is not needed). The <gcrypt.h> header file + further notes GCRYPT_VERSION should not be used by the program since + gcry_check_version() should return the same version string. + Replace GCRYPT_VERSION with NULL in gcry_check_version() to disable the + version check. Debian further notes their automated system determined + v0.5.14 requires a minimum Libgcrypt version of 1.8.0. However, it + seems preferable to disable the check and let distributions perform + their dependency checks instead of maintaining this value by hand. + Note that gcry_check_version() must still be called because it also + initializes the library. +Author: Chris Dunlap <cdunlap@llnl.gov> +Origin: upstream, https://github.com/dun/munge/commit/0c37cc03b649d8861c2d9e8d172bff736bfd9ea4 +Last-Update: 2021-08-05 +Forwarded: not-needed + +diff --git a/src/common/crypto.c b/src/common/crypto.c +index 29266a16..6e46ec5b 100644 +--- a/src/common/crypto.c ++++ b/src/common/crypto.c +@@ -72,11 +72,10 @@ crypto_init (void) + /* gcry_check_version() must be called before any other Libgcrypt function + * (except the GCRYCTL_SET_THREAD_CBS command prior to Libgcrypt 1.6). + */ +- v = gcry_check_version (GCRYPT_VERSION); ++ v = gcry_check_version (NULL); + if (v == NULL) { + log_err (EMUNGE_SNAFU, LOG_ERR, +- "Failed to initialize Libgcrypt: version mismatch: expected %s", +- GCRYPT_VERSION); ++ "Failed to initialize Libgcrypt %s", GCRYPT_VERSION); + } + e = gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (e) { diff -Nru munge-0.5.14/debian/patches/series munge-0.5.14/debian/patches/series --- munge-0.5.14/debian/patches/series 2021-02-24 00:25:10.000000000 +0100 +++ munge-0.5.14/debian/patches/series 2021-08-05 10:35:43.000000000 +0200 @@ -2,3 +2,6 @@ 0002-Sharness-Fix-dup-of-failing-check-when-run-by-root.patch 0003-Sharness-Fix-EACCES-failure-succeeding-for-root.patch 0004-HKDF-Fix-big-endian-bug-caused-by-size_t-ptr-cast.patch +0005-Sharness-Remove-tests-to-from-invalid-files.patch +0006-Sharness-Set-IFNAME-prereq-if-network-ifname-found.patch +0007-Remove-GCRYPT_VERSION-from-gcry_check_version.patch
--- End Message ---
--- Begin Message ---
- To: Gennaro Oliva <oliva.g@na.icar.cnr.it>, 991940-done@bugs.debian.org, Debian bugs control server <control@bugs.debian.org>
- Subject: Re: Bug#991940: unblock: munge/0.5.14-6
- From: Paul Gevers <elbrus@debian.org>
- Date: Fri, 6 Aug 2021 14:00:01 +0200
- Message-id: <641aec73-1481-974e-205c-d78acc25fec1@debian.org>
- In-reply-to: <[🔎] YQ0I9eO7aRsN7292@ischia>
- References: <[🔎] YQ0I9eO7aRsN7292@ischia>
retitle 991875 munge: undeclared tight versioned depends on libgcrypt thanks On 06-08-2021 12:03, Gennaro Oliva wrote: > Please unblock package munge You're three days too late, the deadline was Tuesday 12:00 UTC [1]. > [ Reason ] > * Cherry-pick upstream patch to allow to upgrade from buster to bullseye This seems to be an issue when upgrading *only* munge. Unless I'm mistaken, I don't think this is an issue in a proper buster to bullseye upgrade. Paul [1] https://lists.debian.org/debian-devel-announce/2021/07/msg00003.htmlAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---