Bug#781455: RFS: util-linux/2.25.2-5.1 (fixing `unshare -r` regression) [NMU]
Hello Andreas,
On Mon, Mar 30, 2015 at 12:48:51AM +0200, Andreas Henriksson wrote:
> Hello Kirill Smelkov!
>
> On Sun, Mar 29, 2015 at 05:49:11PM +0300, Kirill Smelkov wrote:
> > Package: sponsorship-requests
> > Severity: important
> > Tags: upstream patch
> >
> > Hello up there,
> >
> > Recently I've discovered that `unshare -r`, though it used to work in
> > 2014, stopped working for Jessie:
> >
> > https://bugs.debian.org/780841
> >
> > The fix was pre-ack'ed by util-linux maintainer (Andreas Henriksson)
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780841#10
> >
> > and pre-approved by RT member Niels Thykier on debian-release@l.d.o:
> >
> > https://lists.debian.org/debian-release/2015/03/msg00661.html
> >
> > and then a proper unblock request filed:
> >
> > https://bugs.debian.org/781163
> >
> >
> > Since I have no upload rights, in unblock request I've only presented a diff
> > for source package, and this way Niels suggested I should upload package with
> > the fix to mentors.debian.net and seek for a sponsor:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781163#22
> >
> > which I do here.
>
> Thanks for your nice bug summary, solution and also for doing
> the administrative trivia to pave the way.
>
> >
> > Please, someone could you please sponsor this upload with important (imho) fix
> > to make `unshare -r` work again for Jessie?
>
> I've uploaded an eqvivalent package to your proposed NMU.
> (Only equivalent because I care about the VCS history. Please
> do check out the Vcs-Git field and the git repository for pkg-util-linux
> if you're interested in doing further work. Your help with bug-triaging
> util-linux bugs would be very welcome!)
Thanks for uploading it and I understand and agree with rationale to
first push the patch to the git repo.
But I do wonder (just in case) why you have not just applied my original
patch which was prepared exactly this way for pkg-util-linux.git
repository with detailed changelog:
https://bugs.debian.org/780841
(starting from
---- 8< ----
From: Kirill Smelkov <kirr@nexedi.com>
Date: Fri, 20 Mar 2015 14:32:11 +0300
Subject: [PATCH] Cherry-pick `unshare -r` fix from upstream
Since linux 3.16.7-ckt4-1 Debian kernel started to include patches to
"disallow setgroups until a gid mapping has been established" and other
patches to "Prevent evasion of group negative permissions through a
userns" (CVE-2014-8989):
...
( comparing to https://anonscm.debian.org/cgit/collab-maint/pkg-util-linux.git/commit/?id=769505696c58bce97a6858488989ec430abff0e9 )
?
> > The fix was pre-approved by Andreas, but somehow it turned out it is me who
> > should care about actual upload being done.
>
> As always, the one who wants to get something done needs to take the lead.
> Please remember we're all volunteers here (atleast I definitely am).
Yes, in a sense we all are and I agree, and thanks to this I discovered
mentors.debian.net and practiced a bit with package preparation, so all
for the good.
Thanks again,
Kirill
Reply to: