Bug#689154: unblock: gnunet/0.9.3-4

To: 689154@bugs.debian.org
Subject: Bug#689154: unblock: gnunet/0.9.3-4
From: Bertrand Marc <beberking@gmail.com>
Date: Tue, 23 Oct 2012 22:54:58 +0200
Message-id: <[🔎] 50870422.1070902@gmail.com>
Reply-to: Bertrand Marc <beberking@gmail.com>, 689154@bugs.debian.org
In-reply-to: <[🔎] 97bfef6f97d1bcd0de6f0fbbabf76466@mail.adsl.funky-badger.org>
References: <50671083.3030300@gmail.com> <[🔎] 201210011330.54202.holger@layer-acht.org> <[🔎] 97bfef6f97d1bcd0de6f0fbbabf76466@mail.adsl.funky-badger.org>

Dear release team,

I uploaded again a new revision of gnunet, with this new fix:
* Do not set-UID gnunet-helper-fs-publish (Closes: #691154).

The full debdiff against the current version in testing is attached.

Do you think it would get a freeze exception ?

Cheers,
Bertrand

diff -Nru gnunet-0.9.3/debian/changelog gnunet-0.9.3/debian/changelog
--- gnunet-0.9.3/debian/changelog	2012-08-26 16:18:16.000000000 +0200
+++ gnunet-0.9.3/debian/changelog	2012-10-22 22:55:16.000000000 +0200
@@ -1,3 +1,23 @@
+gnunet (0.9.3-4) unstable; urgency=low
+
+  * Drop dependency on gettext for gnunet-client and gnunet-server as it is not
+    necessary, thanks to Ivan Shmakov (Closes: #690860).
+  * Revert the use dh_installdocs --link-doc (Closes: #687875, #687881,
+    #687883).
+  * Fix build on kfreebsd, thanks to Christoph Egger (Closes: #688486).
+  * Allways install libnss to /lib and fix FTBFS on ia64 (Closes: #688590).
+  * Install libnss to /lib, really fix #688590, thanks to Christian Grothoff.
+  * Change default option UNIX_MATCH_UID for services datastore and namestore,
+    so users in the gnunet group may use these services (Closes: #686238,
+    #684317).
+  * Update libgcrypt version check to a less strict check, patch picked from
+    upstream, following Werner Koch's advice (Closes: #684997).
+  * gnunet-server.postinst: check the existence of a binary before changing its
+    permissions (Closes: #688484).
+  * Do not set-UID gnunet-helper-fs-publish (Closes: #691154).
+
+ -- Bertrand Marc <beberking@gmail.com>  Mon, 22 Oct 2012 22:52:43 +0200
+
 gnunet (0.9.3-3) unstable; urgency=low
 
   * debian/control: update Vcs-* to the new repository in collab-maint.
diff -Nru gnunet-0.9.3/debian/control gnunet-0.9.3/debian/control
--- gnunet-0.9.3/debian/control	2012-08-05 20:12:01.000000000 +0200
+++ gnunet-0.9.3/debian/control	2012-10-18 21:13:37.000000000 +0200
@@ -30,8 +30,7 @@
 Architecture: any
 Pre-Depends: ${misc:Pre-Depends}
 Depends:
- ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}),
- gettext
+ ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version})
 Suggests: gnunet-server, libextractor-plugins
 Description: secure, trust-based peer-to-peer framework (client)
  GNUnet is a peer-to-peer framework which focuses on providing security. All
@@ -75,7 +74,7 @@
 Pre-Depends: ${misc:Pre-Depends}
 Depends:
  ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}),
- adduser, gettext, netbase
+ adduser, netbase
 Suggests: miniupnpc
 Breaks: gnunet-fuse (<<0.9), gnunet-client (<<0.9)
 Replaces: gnunet-fuse (<<0.9), gnunet-client (<<0.9)
diff -Nru gnunet-0.9.3/debian/gnunet-client.docs gnunet-0.9.3/debian/gnunet-client.docs
--- gnunet-0.9.3/debian/gnunet-client.docs	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet-client.docs	2012-09-27 22:30:34.000000000 +0200
@@ -0,0 +1,2 @@
+AUTHORS
+README
diff -Nru gnunet-0.9.3/debian/gnunet-dev.docs gnunet-0.9.3/debian/gnunet-dev.docs
--- gnunet-0.9.3/debian/gnunet-dev.docs	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet-dev.docs	2012-09-27 22:30:34.000000000 +0200
@@ -0,0 +1,2 @@
+AUTHORS
+README
diff -Nru gnunet-0.9.3/debian/gnunet.docs gnunet-0.9.3/debian/gnunet.docs
--- gnunet-0.9.3/debian/gnunet.docs	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet.docs	2012-09-27 22:30:34.000000000 +0200
@@ -0,0 +1,2 @@
+AUTHORS
+README
diff -Nru gnunet-0.9.3/debian/gnunet-server.docs gnunet-0.9.3/debian/gnunet-server.docs
--- gnunet-0.9.3/debian/gnunet-server.docs	2012-05-05 14:37:00.000000000 +0200
+++ gnunet-0.9.3/debian/gnunet-server.docs	2012-09-27 22:30:34.000000000 +0200
@@ -1,2 +1,4 @@
+AUTHORS
+README
 doc/README.mysql
 doc/README.postgres
diff -Nru gnunet-0.9.3/debian/gnunet-server.install gnunet-0.9.3/debian/gnunet-server.install
--- gnunet-0.9.3/debian/gnunet-server.install	2012-06-17 12:04:20.000000000 +0200
+++ gnunet-0.9.3/debian/gnunet-server.install	2012-10-15 12:01:20.000000000 +0200
@@ -41,9 +41,9 @@
 usr/lib/libgnunettransporttesting.so.*
 usr/lib/libgnunettun.so.*
 usr/lib/libgnunetvpn.so.*
-usr/lib/libnss_gns.so.2
-usr/lib/libnss_gns4.so.2
-usr/lib/libnss_gns6.so.2
+lib/libnss_gns.so.2
+lib/libnss_gns4.so.2
+lib/libnss_gns6.so.2
 usr/lib/gnunet/*.so
 usr/share/gnunet/config.d
 usr/share/gnunet/hellos/*
diff -Nru gnunet-0.9.3/debian/gnunet-server.install.kfreebsd gnunet-0.9.3/debian/gnunet-server.install.kfreebsd
--- gnunet-0.9.3/debian/gnunet-server.install.kfreebsd	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/gnunet-server.install.kfreebsd	2012-09-29 08:13:17.000000000 +0200
@@ -0,0 +1,52 @@
+etc/gnunet.conf
+usr/bin/gnunet-arm
+usr/bin/gnunet-core
+usr/bin/gnunet-daemon-*
+usr/bin/gnunet-dht-*
+usr/bin/gnunet-fs
+usr/bin/gnunet-gns*
+usr/bin/gnunet-helper-*
+usr/bin/gnunet-namestore
+usr/bin/gnunet-nat-server
+usr/bin/gnunet-peerinfo
+usr/bin/gnunet-resolver
+usr/bin/gnunet-rsa
+usr/bin/gnunet-service-*
+usr/bin/gnunet-testing
+usr/bin/gnunet-transport
+usr/bin/gnunet-transport-certificate-creation
+usr/bin/mockup-service
+usr/lib/libgnunetarm.so.*
+usr/lib/libgnunetats.so.*
+usr/lib/libgnunetblock.so.*
+usr/lib/libgnunetcore.so.*
+usr/lib/libgnunetdatacache.so.*
+usr/lib/libgnunetdht.so.*
+usr/lib/libgnunetfragmentation.so.*
+usr/lib/libgnunethello.so.*
+usr/lib/libgnunetlockmanager.so.0*
+usr/lib/libgnunetmesh.so.*
+usr/lib/libgnunetnamestore.so.*
+usr/lib/libgnunetnat.so.*
+usr/lib/libgnunetnse.so.*
+usr/lib/libgnunetpeerinfo.so.*
+usr/lib/libgnunettesting.so.*
+usr/lib/libgnunettesting_new.so.0*
+usr/lib/libgnunettestbed.so.0*
+usr/lib/libgnunettransport.so.*
+usr/lib/libgnunettransporttesting.so.*
+usr/lib/libgnunettun.so.*
+usr/lib/gnunet/*.so
+usr/share/gnunet/config.d
+usr/share/gnunet/hellos/*
+usr/share/man/man1/gnunet-arm.1
+usr/share/man/man1/gnunet-core.1
+usr/share/man/man1/gnunet-fs.1
+usr/share/man/man1/gnunet-gns.1
+usr/share/man/man1/gnunet-namestore.1
+usr/share/man/man1/gnunet-nat-server.1
+usr/share/man/man1/gnunet-peerinfo.1
+usr/share/man/man1/gnunet-rsa.1
+usr/share/man/man1/gnunet-transport.1
+usr/share/man/man1/gnunet-vpn.1
+debian/man/* usr/share/man/man1/
diff -Nru gnunet-0.9.3/debian/gnunet-server.postinst gnunet-0.9.3/debian/gnunet-server.postinst
--- gnunet-0.9.3/debian/gnunet-server.postinst	2012-07-07 15:50:27.000000000 +0200
+++ gnunet-0.9.3/debian/gnunet-server.postinst	2012-10-22 22:51:14.000000000 +0200
@@ -79,25 +79,26 @@
 		chmod 0700 "${SERVICEHOME}" || true
 		# Restrict access on setuid binaries
 		for file in /usr/bin/gnunet-helper-exit \
-			/usr/bin/gnunet-helper-fs-publish \
 			/usr/bin/gnunet-helper-nat-client \
 			/usr/bin/gnunet-helper-nat-server \
 			/usr/bin/gnunet-helper-transport-wlan \
 			/usr/bin/gnunet-helper-vpn
 		do
 			# only do something when no setting exists
-			if ! dpkg-statoverride --list $file >/dev/null 2>&1
+			if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
 			then
 				chown root:${_GROUPNAME} $file
 				chmod 4754 $file
 			fi
 		done
-		if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1
+		if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
+			&& [ -e /usr/bin/gnunet-helper-dns ]
 		then
 			chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
 			chmod 4754 /usr/bin/gnunet-helper-dns
 		fi
-		if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1
+		if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
+			&& [ -e /usr/bin/gnunet-service-dns ]
 		then
 			chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
 			chmod 2754 /usr/bin/gnunet-service-dns
diff -Nru gnunet-0.9.3/debian/patches/configure_libnss.diff gnunet-0.9.3/debian/patches/configure_libnss.diff
--- gnunet-0.9.3/debian/patches/configure_libnss.diff	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/configure_libnss.diff	2012-10-15 11:14:19.000000000 +0200
@@ -0,0 +1,71 @@
+--- a/src/gns/nss/Makefile.am
++++ b/src/gns/nss/Makefile.am
+@@ -21,20 +21,18 @@
+ 
+ AM_LDFLAGS=-avoid-version -module -export-dynamic
+ 
+-if HAVE_SUDO
+-nssdir = /lib/
+-else
+-nssdir = $(libdir)
+-endif
++nssdir = $(NSS_DIR)
+ 
+ LIBTOOL = $(SUDO_BINARY) $(SHELL) $(top_builddir)/libtool
+ 
+ if !MINGW
++if INSTALL_NSS
+ nss_LTLIBRARIES = \
+ 	libnss_gns.la \
+ 	libnss_gns4.la \
+ 	libnss_gns6.la
+ endif
++endif
+ 
+ sources = nss_gns_query.h nss_gns_query.c
+ 
+--- a/configure.ac
++++ b/configure.ac
+@@ -780,6 +780,42 @@
+ AC_SUBST(SUDO_BINARY)
+ AM_CONDITIONAL([HAVE_SUDO], [test "x$SUDO_BINARY" != "x" -o -w /])
+ 
++
++# test for nssdir
++AC_MSG_CHECKING(with nssdir)
++AC_ARG_WITH(nssdir,
++  [  --with-nssdir=PATH       where to install NSS plugins],
++  [AC_MSG_RESULT("$with_nssdir")
++   case $with_nssdir in
++   no)
++     NSS_DIR=
++     install_nss=0
++     ;;
++   yes)
++     NSS_DIR="/lib"
++     install_nss=1
++     ;;
++   *)
++     NSS_DIR=$with_nssdir
++     install_nss=1
++    ;;
++   esac
++  ],
++  [
++   if test "x$SUDO_BINARY" != "x" -o -w /
++   then
++     NSS_DIR="/lib"
++     install_nss=1
++     AC_MSG_RESULT([yes, to /lib])
++   else
++     NSS_DIR=
++     install_nss=0
++     AC_MSG_RESULT([no])
++   fi
++  ])
++AC_SUBST(NSS_DIR)
++AM_CONDITIONAL([INSTALL_NSS], [test "x$install_nss" != "x0"])
++
+ # test for gnunetdns group name
+ GNUNETDNS_GROUP=gnunetdns
+ AC_MSG_CHECKING(for gnunetdns group name)
diff -Nru gnunet-0.9.3/debian/patches/default_config_datastore.diff gnunet-0.9.3/debian/patches/default_config_datastore.diff
--- gnunet-0.9.3/debian/patches/default_config_datastore.diff	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/default_config_datastore.diff	2012-09-29 14:59:19.000000000 +0200
@@ -0,0 +1,13 @@
+Index: src/datastore/datastore.conf.in
+===================================================================
+--- a/src/datastore/datastore.conf.in
++++ b/src/datastore/datastore.conf.in
+@@ -1,7 +1,7 @@
+ [datastore]
+ AUTOSTART = YES
+ UNIXPATH = /tmp/gnunet-service-datastore.sock
+-UNIX_MATCH_UID = YES
++UNIX_MATCH_UID = NO
+ UNIX_MATCH_GID = YES
+ @UNIXONLY@ PORT = 2093
+ HOSTNAME = localhost
diff -Nru gnunet-0.9.3/debian/patches/default_config_namestore.diff gnunet-0.9.3/debian/patches/default_config_namestore.diff
--- gnunet-0.9.3/debian/patches/default_config_namestore.diff	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/default_config_namestore.diff	2012-10-18 21:14:27.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/namestore/namestore.conf.in
++++ b/src/namestore/namestore.conf.in
+@@ -1,7 +1,7 @@
+ [namestore]
+ AUTOSTART = YES
+ UNIXPATH = /tmp/gnunet-service-namestore.sock
+-UNIX_MATCH_UID = YES
++UNIX_MATCH_UID = NO
+ UNIX_MATCH_GID = YES
+ @UNIXONLY@ PORT = 2099
+ HOSTNAME = localhost
diff -Nru gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff
--- gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff	2012-09-29 11:34:25.000000000 +0200
@@ -0,0 +1,29 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -91,7 +91,7 @@
+      UNIXONLY="#"
+      AC_PATH_XTRA
+      ;;
+-freebsd*)
++*freebsd*)
+      AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system])
+      AC_DEFINE_UNQUOTED(FREEBSD,1,[This is a FreeBSD system])
+      CFLAGS="-D_THREAD_SAFE $CFLAGS"
+@@ -100,7 +100,7 @@
+      DLLDIR=lib
+      UNIXONLY="#"
+      ;;
+-openbsd*)
++*openbsd*)
+      AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system])
+      AC_DEFINE_UNQUOTED(OPENBSD,1,[This is an OpenBSD system])
+      LIBS=`echo $LIBS | sed -e "s/-ldl//"`
+@@ -109,7 +109,7 @@
+      DLLDIR=lib
+      UNIXONLY="#"
+      ;;
+-netbsd*)
++*netbsd*)
+      AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system])
+      AC_DEFINE_UNQUOTED(NETBSD,1,[This is a NetBSD system])
+      LIBPREFIX=
diff -Nru gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff
--- gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff	1970-01-01 01:00:00.000000000 +0100
+++ gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff	2012-09-29 15:15:55.000000000 +0200
@@ -0,0 +1,47 @@
+--- a/src/util/crypto_random.c
++++ b/src/util/crypto_random.c
+@@ -302,12 +302,12 @@
+ void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init ()
+ {
+   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+-  if (!gcry_check_version (GCRYPT_VERSION))
++  if (!gcry_check_version (NEED_LIBGCRYPT_VERSION))
+   {
+     FPRINTF (stderr,
+              _
+              ("libgcrypt has not the expected version (version %s is required).\n"),
+-             GCRYPT_VERSION);
++             NEED_LIBGCRYPT_VERSION);
+     GNUNET_abort ();
+   }
+ #ifdef GCRYCTL_INITIALIZATION_FINISHED
+--- a/configure.ac
++++ b/configure.ac
+@@ -211,13 +211,25 @@
+ 
+ # libgcrypt
+ gcrypt=0
+-AM_PATH_LIBGCRYPT(1.2.0, gcrypt=1)
++NEED_LIBGCRYPT_API=1
++NEED_LIBGCRYPT_VERSION=1.4.2
++
++
++AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION", gcrypt=1)
+ AC_CHECK_DECLS([gcry_mpi_lshift], [], [], [[#include <gcrypt.h>]])
+ 
+ if test $gcrypt = 0
+ then
+-  AC_MSG_ERROR([GNUnet needs libgcrypt])
++  AC_MSG_ERROR([[
++***
++*** You need libgcrypt to build this program.
++**  This library is for example available at
++***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
++*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API)
++***  is required.)
++***]])
+ fi
++AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], "$NEED_LIBGCRYPT_VERSION", [required libgcrypt version])
+ 
+ # Adam shostack suggests the following for Windows:
+ # -D_FORTIFY_SOURCE=2 -fstack-protector-all
diff -Nru gnunet-0.9.3/debian/patches/series gnunet-0.9.3/debian/patches/series
--- gnunet-0.9.3/debian/patches/series	2012-08-01 21:46:33.000000000 +0200
+++ gnunet-0.9.3/debian/patches/series	2012-10-18 21:14:51.000000000 +0200
@@ -1,2 +1,7 @@
+default_config_namestore.diff
+configure_libnss.diff
+libgcrypt_version_check.diff
+default_config_datastore.diff
+fix_kfreebsd_build.diff
 support_GNU_hurd.patch
 sparc_alignment.patch
diff -Nru gnunet-0.9.3/debian/rules gnunet-0.9.3/debian/rules
--- gnunet-0.9.3/debian/rules	2012-06-19 20:07:36.000000000 +0200
+++ gnunet-0.9.3/debian/rules	2012-10-15 18:19:45.000000000 +0200
@@ -6,7 +6,7 @@
 	dh ${@} --with autoreconf
 
 override_dh_auto_configure:
-	dh_auto_configure -- --disable-rpath --enable-guile --enable-ipv6 --with-microhttpd=yes $(shell dpkg-buildflags --export=configure)
+	dh_auto_configure -- --disable-rpath --enable-guile --enable-ipv6 --with-microhttpd=yes --with-nssdir=yes $(shell dpkg-buildflags --export=configure)
 
 override_dh_auto_test:
 	# Disabling test suite, incomplete
@@ -27,6 +27,7 @@
 	
 	# Removing useless files
 	rm -f debian/tmp/usr/lib/*.la debian/tmp/usr/lib/gnunet/*.la \
+		debian/tmp/lib/*.la \
 		debian/tmp/usr/share/doc/gnunet/COPYING \
 		debian/tmp/usr/bin/gnunet-service-template \
 		debian/tmp/usr/bin/gnunet-template \
@@ -35,9 +36,6 @@
 override_dh_install:
 	dh_install -a --fail-missing
 
-override_dh_installdocs:
-	dh_installdocs --link-doc=gnunet-common
-
 override_dh_strip:
 	dh_strip --dbg-package=gnunet-dbg

Reply to:

References:
- Re: Bug#689154: unblock: gnunet/0.9.3-4
  - From: Holger Levsen <holger@layer-acht.org>
- Bug#689154: unblock: gnunet/0.9.3-4
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#691194: marked as done (unblock: swftools/0.9.2+ds1-3)
Next by Date: Bug#691293: unblock: mosh/1.2.3-1
Previous by thread: Bug#689154: unblock: gnunet/0.9.3-4
Next by thread: Bug#689154: unblock: gnunet/0.9.3-4
Index(es):
- Date
- Thread