Bug#689154: unblock: gnunet/0.9.3-4
Dear release team,
I uploaded again a new revision of gnunet, with this new fix:
* Do not set-UID gnunet-helper-fs-publish (Closes: #691154).
The full debdiff against the current version in testing is attached.
Do you think it would get a freeze exception ?
Cheers,
Bertrand
diff -Nru gnunet-0.9.3/debian/changelog gnunet-0.9.3/debian/changelog
--- gnunet-0.9.3/debian/changelog 2012-08-26 16:18:16.000000000 +0200
+++ gnunet-0.9.3/debian/changelog 2012-10-22 22:55:16.000000000 +0200
@@ -1,3 +1,23 @@
+gnunet (0.9.3-4) unstable; urgency=low
+
+ * Drop dependency on gettext for gnunet-client and gnunet-server as it is not
+ necessary, thanks to Ivan Shmakov (Closes: #690860).
+ * Revert the use dh_installdocs --link-doc (Closes: #687875, #687881,
+ #687883).
+ * Fix build on kfreebsd, thanks to Christoph Egger (Closes: #688486).
+ * Allways install libnss to /lib and fix FTBFS on ia64 (Closes: #688590).
+ * Install libnss to /lib, really fix #688590, thanks to Christian Grothoff.
+ * Change default option UNIX_MATCH_UID for services datastore and namestore,
+ so users in the gnunet group may use these services (Closes: #686238,
+ #684317).
+ * Update libgcrypt version check to a less strict check, patch picked from
+ upstream, following Werner Koch's advice (Closes: #684997).
+ * gnunet-server.postinst: check the existence of a binary before changing its
+ permissions (Closes: #688484).
+ * Do not set-UID gnunet-helper-fs-publish (Closes: #691154).
+
+ -- Bertrand Marc <beberking@gmail.com> Mon, 22 Oct 2012 22:52:43 +0200
+
gnunet (0.9.3-3) unstable; urgency=low
* debian/control: update Vcs-* to the new repository in collab-maint.
diff -Nru gnunet-0.9.3/debian/control gnunet-0.9.3/debian/control
--- gnunet-0.9.3/debian/control 2012-08-05 20:12:01.000000000 +0200
+++ gnunet-0.9.3/debian/control 2012-10-18 21:13:37.000000000 +0200
@@ -30,8 +30,7 @@
Architecture: any
Pre-Depends: ${misc:Pre-Depends}
Depends:
- ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}),
- gettext
+ ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version})
Suggests: gnunet-server, libextractor-plugins
Description: secure, trust-based peer-to-peer framework (client)
GNUnet is a peer-to-peer framework which focuses on providing security. All
@@ -75,7 +74,7 @@
Pre-Depends: ${misc:Pre-Depends}
Depends:
${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}),
- adduser, gettext, netbase
+ adduser, netbase
Suggests: miniupnpc
Breaks: gnunet-fuse (<<0.9), gnunet-client (<<0.9)
Replaces: gnunet-fuse (<<0.9), gnunet-client (<<0.9)
diff -Nru gnunet-0.9.3/debian/gnunet-client.docs gnunet-0.9.3/debian/gnunet-client.docs
--- gnunet-0.9.3/debian/gnunet-client.docs 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet-client.docs 2012-09-27 22:30:34.000000000 +0200
@@ -0,0 +1,2 @@
+AUTHORS
+README
diff -Nru gnunet-0.9.3/debian/gnunet-dev.docs gnunet-0.9.3/debian/gnunet-dev.docs
--- gnunet-0.9.3/debian/gnunet-dev.docs 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet-dev.docs 2012-09-27 22:30:34.000000000 +0200
@@ -0,0 +1,2 @@
+AUTHORS
+README
diff -Nru gnunet-0.9.3/debian/gnunet.docs gnunet-0.9.3/debian/gnunet.docs
--- gnunet-0.9.3/debian/gnunet.docs 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet.docs 2012-09-27 22:30:34.000000000 +0200
@@ -0,0 +1,2 @@
+AUTHORS
+README
diff -Nru gnunet-0.9.3/debian/gnunet-server.docs gnunet-0.9.3/debian/gnunet-server.docs
--- gnunet-0.9.3/debian/gnunet-server.docs 2012-05-05 14:37:00.000000000 +0200
+++ gnunet-0.9.3/debian/gnunet-server.docs 2012-09-27 22:30:34.000000000 +0200
@@ -1,2 +1,4 @@
+AUTHORS
+README
doc/README.mysql
doc/README.postgres
diff -Nru gnunet-0.9.3/debian/gnunet-server.install gnunet-0.9.3/debian/gnunet-server.install
--- gnunet-0.9.3/debian/gnunet-server.install 2012-06-17 12:04:20.000000000 +0200
+++ gnunet-0.9.3/debian/gnunet-server.install 2012-10-15 12:01:20.000000000 +0200
@@ -41,9 +41,9 @@
usr/lib/libgnunettransporttesting.so.*
usr/lib/libgnunettun.so.*
usr/lib/libgnunetvpn.so.*
-usr/lib/libnss_gns.so.2
-usr/lib/libnss_gns4.so.2
-usr/lib/libnss_gns6.so.2
+lib/libnss_gns.so.2
+lib/libnss_gns4.so.2
+lib/libnss_gns6.so.2
usr/lib/gnunet/*.so
usr/share/gnunet/config.d
usr/share/gnunet/hellos/*
diff -Nru gnunet-0.9.3/debian/gnunet-server.install.kfreebsd gnunet-0.9.3/debian/gnunet-server.install.kfreebsd
--- gnunet-0.9.3/debian/gnunet-server.install.kfreebsd 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet-server.install.kfreebsd 2012-09-29 08:13:17.000000000 +0200
@@ -0,0 +1,52 @@
+etc/gnunet.conf
+usr/bin/gnunet-arm
+usr/bin/gnunet-core
+usr/bin/gnunet-daemon-*
+usr/bin/gnunet-dht-*
+usr/bin/gnunet-fs
+usr/bin/gnunet-gns*
+usr/bin/gnunet-helper-*
+usr/bin/gnunet-namestore
+usr/bin/gnunet-nat-server
+usr/bin/gnunet-peerinfo
+usr/bin/gnunet-resolver
+usr/bin/gnunet-rsa
+usr/bin/gnunet-service-*
+usr/bin/gnunet-testing
+usr/bin/gnunet-transport
+usr/bin/gnunet-transport-certificate-creation
+usr/bin/mockup-service
+usr/lib/libgnunetarm.so.*
+usr/lib/libgnunetats.so.*
+usr/lib/libgnunetblock.so.*
+usr/lib/libgnunetcore.so.*
+usr/lib/libgnunetdatacache.so.*
+usr/lib/libgnunetdht.so.*
+usr/lib/libgnunetfragmentation.so.*
+usr/lib/libgnunethello.so.*
+usr/lib/libgnunetlockmanager.so.0*
+usr/lib/libgnunetmesh.so.*
+usr/lib/libgnunetnamestore.so.*
+usr/lib/libgnunetnat.so.*
+usr/lib/libgnunetnse.so.*
+usr/lib/libgnunetpeerinfo.so.*
+usr/lib/libgnunettesting.so.*
+usr/lib/libgnunettesting_new.so.0*
+usr/lib/libgnunettestbed.so.0*
+usr/lib/libgnunettransport.so.*
+usr/lib/libgnunettransporttesting.so.*
+usr/lib/libgnunettun.so.*
+usr/lib/gnunet/*.so
+usr/share/gnunet/config.d
+usr/share/gnunet/hellos/*
+usr/share/man/man1/gnunet-arm.1
+usr/share/man/man1/gnunet-core.1
+usr/share/man/man1/gnunet-fs.1
+usr/share/man/man1/gnunet-gns.1
+usr/share/man/man1/gnunet-namestore.1
+usr/share/man/man1/gnunet-nat-server.1
+usr/share/man/man1/gnunet-peerinfo.1
+usr/share/man/man1/gnunet-rsa.1
+usr/share/man/man1/gnunet-transport.1
+usr/share/man/man1/gnunet-vpn.1
+debian/man/* usr/share/man/man1/
diff -Nru gnunet-0.9.3/debian/gnunet-server.postinst gnunet-0.9.3/debian/gnunet-server.postinst
--- gnunet-0.9.3/debian/gnunet-server.postinst 2012-07-07 15:50:27.000000000 +0200
+++ gnunet-0.9.3/debian/gnunet-server.postinst 2012-10-22 22:51:14.000000000 +0200
@@ -79,25 +79,26 @@
chmod 0700 "${SERVICEHOME}" || true
# Restrict access on setuid binaries
for file in /usr/bin/gnunet-helper-exit \
- /usr/bin/gnunet-helper-fs-publish \
/usr/bin/gnunet-helper-nat-client \
/usr/bin/gnunet-helper-nat-server \
/usr/bin/gnunet-helper-transport-wlan \
/usr/bin/gnunet-helper-vpn
do
# only do something when no setting exists
- if ! dpkg-statoverride --list $file >/dev/null 2>&1
+ if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
then
chown root:${_GROUPNAME} $file
chmod 4754 $file
fi
done
- if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1
+ if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
+ && [ -e /usr/bin/gnunet-helper-dns ]
then
chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
chmod 4754 /usr/bin/gnunet-helper-dns
fi
- if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1
+ if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
+ && [ -e /usr/bin/gnunet-service-dns ]
then
chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
chmod 2754 /usr/bin/gnunet-service-dns
diff -Nru gnunet-0.9.3/debian/patches/configure_libnss.diff gnunet-0.9.3/debian/patches/configure_libnss.diff
--- gnunet-0.9.3/debian/patches/configure_libnss.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/configure_libnss.diff 2012-10-15 11:14:19.000000000 +0200
@@ -0,0 +1,71 @@
+--- a/src/gns/nss/Makefile.am
++++ b/src/gns/nss/Makefile.am
+@@ -21,20 +21,18 @@
+
+ AM_LDFLAGS=-avoid-version -module -export-dynamic
+
+-if HAVE_SUDO
+-nssdir = /lib/
+-else
+-nssdir = $(libdir)
+-endif
++nssdir = $(NSS_DIR)
+
+ LIBTOOL = $(SUDO_BINARY) $(SHELL) $(top_builddir)/libtool
+
+ if !MINGW
++if INSTALL_NSS
+ nss_LTLIBRARIES = \
+ libnss_gns.la \
+ libnss_gns4.la \
+ libnss_gns6.la
+ endif
++endif
+
+ sources = nss_gns_query.h nss_gns_query.c
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -780,6 +780,42 @@
+ AC_SUBST(SUDO_BINARY)
+ AM_CONDITIONAL([HAVE_SUDO], [test "x$SUDO_BINARY" != "x" -o -w /])
+
++
++# test for nssdir
++AC_MSG_CHECKING(with nssdir)
++AC_ARG_WITH(nssdir,
++ [ --with-nssdir=PATH where to install NSS plugins],
++ [AC_MSG_RESULT("$with_nssdir")
++ case $with_nssdir in
++ no)
++ NSS_DIR=
++ install_nss=0
++ ;;
++ yes)
++ NSS_DIR="/lib"
++ install_nss=1
++ ;;
++ *)
++ NSS_DIR=$with_nssdir
++ install_nss=1
++ ;;
++ esac
++ ],
++ [
++ if test "x$SUDO_BINARY" != "x" -o -w /
++ then
++ NSS_DIR="/lib"
++ install_nss=1
++ AC_MSG_RESULT([yes, to /lib])
++ else
++ NSS_DIR=
++ install_nss=0
++ AC_MSG_RESULT([no])
++ fi
++ ])
++AC_SUBST(NSS_DIR)
++AM_CONDITIONAL([INSTALL_NSS], [test "x$install_nss" != "x0"])
++
+ # test for gnunetdns group name
+ GNUNETDNS_GROUP=gnunetdns
+ AC_MSG_CHECKING(for gnunetdns group name)
diff -Nru gnunet-0.9.3/debian/patches/default_config_datastore.diff gnunet-0.9.3/debian/patches/default_config_datastore.diff
--- gnunet-0.9.3/debian/patches/default_config_datastore.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/default_config_datastore.diff 2012-09-29 14:59:19.000000000 +0200
@@ -0,0 +1,13 @@
+Index: src/datastore/datastore.conf.in
+===================================================================
+--- a/src/datastore/datastore.conf.in
++++ b/src/datastore/datastore.conf.in
+@@ -1,7 +1,7 @@
+ [datastore]
+ AUTOSTART = YES
+ UNIXPATH = /tmp/gnunet-service-datastore.sock
+-UNIX_MATCH_UID = YES
++UNIX_MATCH_UID = NO
+ UNIX_MATCH_GID = YES
+ @UNIXONLY@ PORT = 2093
+ HOSTNAME = localhost
diff -Nru gnunet-0.9.3/debian/patches/default_config_namestore.diff gnunet-0.9.3/debian/patches/default_config_namestore.diff
--- gnunet-0.9.3/debian/patches/default_config_namestore.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/default_config_namestore.diff 2012-10-18 21:14:27.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/namestore/namestore.conf.in
++++ b/src/namestore/namestore.conf.in
+@@ -1,7 +1,7 @@
+ [namestore]
+ AUTOSTART = YES
+ UNIXPATH = /tmp/gnunet-service-namestore.sock
+-UNIX_MATCH_UID = YES
++UNIX_MATCH_UID = NO
+ UNIX_MATCH_GID = YES
+ @UNIXONLY@ PORT = 2099
+ HOSTNAME = localhost
diff -Nru gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff
--- gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff 2012-09-29 11:34:25.000000000 +0200
@@ -0,0 +1,29 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -91,7 +91,7 @@
+ UNIXONLY="#"
+ AC_PATH_XTRA
+ ;;
+-freebsd*)
++*freebsd*)
+ AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system])
+ AC_DEFINE_UNQUOTED(FREEBSD,1,[This is a FreeBSD system])
+ CFLAGS="-D_THREAD_SAFE $CFLAGS"
+@@ -100,7 +100,7 @@
+ DLLDIR=lib
+ UNIXONLY="#"
+ ;;
+-openbsd*)
++*openbsd*)
+ AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system])
+ AC_DEFINE_UNQUOTED(OPENBSD,1,[This is an OpenBSD system])
+ LIBS=`echo $LIBS | sed -e "s/-ldl//"`
+@@ -109,7 +109,7 @@
+ DLLDIR=lib
+ UNIXONLY="#"
+ ;;
+-netbsd*)
++*netbsd*)
+ AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system])
+ AC_DEFINE_UNQUOTED(NETBSD,1,[This is a NetBSD system])
+ LIBPREFIX=
diff -Nru gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff
--- gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff 1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff 2012-09-29 15:15:55.000000000 +0200
@@ -0,0 +1,47 @@
+--- a/src/util/crypto_random.c
++++ b/src/util/crypto_random.c
+@@ -302,12 +302,12 @@
+ void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
+ {
+ gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+- if (!gcry_check_version (GCRYPT_VERSION))
++ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
+ {
+ FPRINTF (stderr,
+ _
+ ("libgcrypt has not the expected version (version %s is required).\n"),
+- GCRYPT_VERSION);
++ NEED_LIBGCRYPT_VERSION);
+ GNUNET_abort ();
+ }
+ #ifdef GCRYCTL_INITIALIZATION_FINISHED
+--- a/configure.ac
++++ b/configure.ac
+@@ -211,13 +211,25 @@
+
+ # libgcrypt
+ gcrypt=0
+-AM_PATH_LIBGCRYPT(1.2.0, gcrypt=1)
++NEED_LIBGCRYPT_API=1
++NEED_LIBGCRYPT_VERSION=1.4.2
++
++
++AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION", gcrypt=1)
+ AC_CHECK_DECLS([gcry_mpi_lshift], [], [], [[#include <gcrypt.h>]])
+
+ if test $gcrypt = 0
+ then
+- AC_MSG_ERROR([GNUnet needs libgcrypt])
++ AC_MSG_ERROR([[
++***
++*** You need libgcrypt to build this program.
++** This library is for example available at
++*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
++*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API)
++*** is required.)
++***]])
+ fi
++AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], "$NEED_LIBGCRYPT_VERSION", [required libgcrypt version])
+
+ # Adam shostack suggests the following for Windows:
+ # -D_FORTIFY_SOURCE=2 -fstack-protector-all
diff -Nru gnunet-0.9.3/debian/patches/series gnunet-0.9.3/debian/patches/series
--- gnunet-0.9.3/debian/patches/series 2012-08-01 21:46:33.000000000 +0200
+++ gnunet-0.9.3/debian/patches/series 2012-10-18 21:14:51.000000000 +0200
@@ -1,2 +1,7 @@
+default_config_namestore.diff
+configure_libnss.diff
+libgcrypt_version_check.diff
+default_config_datastore.diff
+fix_kfreebsd_build.diff
support_GNU_hurd.patch
sparc_alignment.patch
diff -Nru gnunet-0.9.3/debian/rules gnunet-0.9.3/debian/rules
--- gnunet-0.9.3/debian/rules 2012-06-19 20:07:36.000000000 +0200
+++ gnunet-0.9.3/debian/rules 2012-10-15 18:19:45.000000000 +0200
@@ -6,7 +6,7 @@
dh ${@} --with autoreconf
override_dh_auto_configure:
- dh_auto_configure -- --disable-rpath --enable-guile --enable-ipv6 --with-microhttpd=yes $(shell dpkg-buildflags --export=configure)
+ dh_auto_configure -- --disable-rpath --enable-guile --enable-ipv6 --with-microhttpd=yes --with-nssdir=yes $(shell dpkg-buildflags --export=configure)
override_dh_auto_test:
# Disabling test suite, incomplete
@@ -27,6 +27,7 @@
# Removing useless files
rm -f debian/tmp/usr/lib/*.la debian/tmp/usr/lib/gnunet/*.la \
+ debian/tmp/lib/*.la \
debian/tmp/usr/share/doc/gnunet/COPYING \
debian/tmp/usr/bin/gnunet-service-template \
debian/tmp/usr/bin/gnunet-template \
@@ -35,9 +36,6 @@
override_dh_install:
dh_install -a --fail-missing
-override_dh_installdocs:
- dh_installdocs --link-doc=gnunet-common
-
override_dh_strip:
dh_strip --dbg-package=gnunet-dbg
Reply to: