--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: s-nail/14.9.11-3
- From: Paride Legovini <pl@ninthfloor.org>
- Date: Sun, 30 Jun 2019 14:55:21 +0200
- Message-id: <156189932112.25650.6451943803410797060.reportbug@mandragola>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package s-nail. Version 14.9.11-3 contains a targeted fix for
#930691 I've got from upstream. The debdiff between -2 and -3 is attached.
Thank you,
Paride Legovini
unblock s-nail/14.9.11-3
-- System Information:
Debian Release: 10.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru s-nail-14.9.11/debian/changelog s-nail-14.9.11/debian/changelog
--- s-nail-14.9.11/debian/changelog 2018-12-07 19:16:26.000000000 +0100
+++ s-nail-14.9.11/debian/changelog 2019-06-30 13:53:46.000000000 +0200
@@ -1,3 +1,10 @@
+s-nail (14.9.11-3) unstable; urgency=medium
+
+ * New patch: 0002-fix-gssapi-authentication-930691.patch.
+ Thanks to Ivan Vučica and Steffen Nurpmeso (Closes: #930691)
+
+ -- Paride Legovini <pl@ninthfloor.org> Sun, 30 Jun 2019 11:53:46 +0000
+
s-nail (14.9.11-2) unstable; urgency=medium
* Bump Standards-Version to 4.2.1 (no changes needed)
diff -Nru s-nail-14.9.11/debian/gbp.conf s-nail-14.9.11/debian/gbp.conf
--- s-nail-14.9.11/debian/gbp.conf 2018-12-07 19:07:04.000000000 +0100
+++ s-nail-14.9.11/debian/gbp.conf 2019-06-30 12:40:18.000000000 +0200
@@ -1,3 +1,5 @@
-[buildpackage]
+[DEFAULT]
+debian-branch = debian/buster
+upstream-branch =
pristine-tar = True
pristine-tar-commit = True
diff -Nru s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch
--- s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch 1970-01-01 01:00:00.000000000 +0100
+++ s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch 2019-06-30 12:25:29.000000000 +0200
@@ -0,0 +1,52 @@
+diff --git a/obs-imap-gssapi.h b/obs-imap-gssapi.h
+index 5d314917..70eeca7f 100644
+--- a/obs-imap-gssapi.h
++++ b/obs-imap-gssapi.h
+@@ -162,10 +162,7 @@ _imap_gssapi(struct mailbox *mp, struct ccred *ccred)
+ ok = STOP;
+ f = a_F_NONE;
+
+- { size_t i = strlen(mp->mb_imap_account) +1;
+- server = n_autorec_alloc(i);
+- memcpy(server, mp->mb_imap_account, i);
+- }
++ server = savestr(mp->mb_imap_account);
+ if (!strncmp(server, "imap://", 7))
+ server += 7;
+ else if (!strncmp(server, "imaps://", 8))
+@@ -174,9 +171,11 @@ _imap_gssapi(struct mailbox *mp, struct ccred *ccred)
+ server = &cp[1];
+ for (cp = server; *cp; cp++)
+ *cp = lowerconv(*cp);
++
+ send_tok.value = n_autorec_alloc(
+- (send_tok.length = strlen(server) -1 + 5) +1);
+- snprintf(send_tok.value, send_tok.length, "imap@%s", server);
++ (send_tok.length = strlen(server) + 5) +1);
++ memcpy(send_tok.value, "imap@", 5);
++ memcpy(&((char*)send_tok.value)[5], server, send_tok.length - 4);
+ maj_stat = gss_import_name(&min_stat, &send_tok, GSS_C_NT_HOSTBASED_SERVICE,
+ &target_name);
+ f |= a_F_TARGET_NAME;
+@@ -300,14 +299,13 @@ jebase64:
+ /* First octet: bit-mask with protection mechanisms (1 = no protection
+ * mechanism).
+ * Second to fourth octet: maximum message size in network byte order.
+- * Fifth and following octets: user name string.
+- */
+- o[0] = 1;
+- o[1] = 0;
+- o[2] = o[3] = (char)0377;
+- snprintf(&o[4], sizeof o - 4, "%s", ccred->cc_user.s);
+- send_tok.value = o;
+- send_tok.length = strlen(&o[4]) -1 + 4;
++ * Fifth and following octets: user name string */
++ in.s = n_autorec_alloc((send_tok.length = 4 + ccred->cc_user.l) +1);
++ memcpy(&in.s[4], ccred->cc_user.s, ccred->cc_user.l +1);
++ in.s[0] = 1;
++ in.s[1] = 0;
++ in.s[2] = in.s[3] = (char)0xFF;
++ send_tok.value = in.s;
+ maj_stat = gss_wrap(&min_stat, gss_context, 0, GSS_C_QOP_DEFAULT, &send_tok,
+ &conf_state, &recv_tok);
+ f |= a_F_RECV_TOK;
diff -Nru s-nail-14.9.11/debian/patches/series s-nail-14.9.11/debian/patches/series
--- s-nail-14.9.11/debian/patches/series 2018-09-09 16:43:16.000000000 +0200
+++ s-nail-14.9.11/debian/patches/series 2019-06-30 12:27:09.000000000 +0200
@@ -1 +1,2 @@
0001-Fix-spelling-errors.patch
+0002-fix-gssapi-authentication-930691.patch
--- End Message ---
--- Begin Message ---
- To: 931282-done@bugs.debian.org, Paride Legovini <pl@ninthfloor.org>
- Cc: Paul Gevers <elbrus@debian.org>
- Subject: Re: Bug#931282: unblock: s-nail/14.9.11-3
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 10 Sep 2022 19:21:36 +0100
- Message-id: <efeb61e9cab769c38d00043d93049ba439ef54cb.camel@adam-barratt.org.uk>
- In-reply-to: <c412e8919602f0fdaa2fc9d378e00c2bf5086ad1.camel@adam-barratt.org.uk>
- References: <156189932112.25650.6451943803410797060.reportbug@mandragola> <54110156-59da-9cac-aff1-11d171471da3@debian.org> <156189932112.25650.6451943803410797060.reportbug@mandragola> <1bd9ca0e-f76e-f485-9731-cb6bf61e501a@ninthfloor.org> <156189932112.25650.6451943803410797060.reportbug@mandragola> <c412e8919602f0fdaa2fc9d378e00c2bf5086ad1.camel@adam-barratt.org.uk>
On Tue, 2019-08-20 at 22:11 +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Mon, 2019-07-01 at 10:49 +0200, Paride Legovini wrote:
> > Paul Gevers wrote on 30/06/2019:
> >
> > > Hi Paride,
> > >
> > > On 30-06-2019 14:55, Paride Legovini wrote:
> > > > Please unblock package s-nail. Version 14.9.11-3 contains a
> > > > targeted fix for
> > > > #930691 I've got from upstream. The debdiff between -2 and -3
> > > > is
> > > > attached.
> > >
> > > The time for unblocks for buster has come and gone. The deadline
> > > was
> > > last Tuesday, we are now in deep freeze. If you consider the bug
> > > severe
> > > enough (please fix the bug metadata if you do) you can consider a
> > > stable
> > > release update targeting buster (I have updated this bugs
> > > metadata),
> > > such that this can be fixed in the first point release.
> >
> > Thanks Paul,
> >
> > I'll call this a off-by-one-week error. I am sorry. At least I know
> > that
> > when I've got the patch for #930691 it was already too late for an
> > unblock.
> >
> > I reviewed the policy for stable release updates; while definitely
> > a
> > deal breaker for some users I'm not sure #930691 qualifies as "a
> > truly
> > critical functionality problem". Affected users are those using the
> > GSSAPI + Kerberos authentication.
> >
> > What's the take of the stable release team here?
>
> Sorry for the delay in getting back to you.
>
> This looks like it would be OK for stable, but we would need a
> debdiff
> of a package built and tested on stable (and appropriately
> versioned),
> please.
>
Apparently that never happened, and the final point release for buster
was earlier today, so I'm going to close this bug now.
Regards,
Adam
--- End Message ---