Bug#926870: stretch-pu: package ca-certificates-java/20170929~deb9u2

[tony mancill <tmancill@debian.org>]

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

My upload of ca-certificates-java_20170929~deb9u2 (currently in
stable-pu) [1] introduced a printf syntax problem in the postinst.  
More discussion can be found in #923176 starting at message 38:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923176#38

Thank you to Andreas Beckmann for catching the issue.

I have tested the updated code path in a stretch chroot by unpacking the
deb9u3, modifying the postinst such that FIXOLD is true (plus adding
some echo debug to make sure that the path was executed), and then
running "apt -f install" which will pull in the r-deps and then
configure ca-certificates-java.  Thus I feel confident that the
regression has been tested.

The attached debdiff (against deb9u2, but I am also attaching
deb9u1-vs-deb9u3) should address the problem.  

Thank you,
tony

[1] https://release.debian.org/proposed-updates/stable.html#ca-certificates-java_20170929~deb9u2

diff -Nru ca-certificates-java-20170929~deb9u2/debian/changelog ca-certificates-java-20170929~deb9u3/debian/changelog
--- ca-certificates-java-20170929~deb9u2/debian/changelog	2019-02-24 09:55:04.000000000 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/changelog	2019-04-10 19:59:01.000000000 -0700
@@ -1,3 +1,10 @@
+ca-certificates-java (20170929~deb9u3) stretch; urgency=medium
+
+  * Team upload.
+  * Fix printf syntax problem introduced in 20170929~deb9u2
+
+ -- tony mancill <tmancill@debian.org>  Wed, 10 Apr 2019 19:59:01 -0700
+
 ca-certificates-java (20170929~deb9u2) stretch; urgency=medium
 
   * Team upload.
diff -Nru ca-certificates-java-20170929~deb9u2/debian/postinst.in ca-certificates-java-20170929~deb9u3/debian/postinst.in
--- ca-certificates-java-20170929~deb9u2/debian/postinst.in	2019-02-24 09:55:04.000000000 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/postinst.in	2019-04-10 19:59:01.000000000 -0700
@@ -52,7 +52,7 @@
 
     # Forcibly remove diginotar cert (LP: #920758)
     if [ -n "$FIXOLD" ]; then
-        printf "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \
+        printf -- "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \
         java -Xmx64m -jar $JAR -storepass "$storepass"
     fi
 

diff -Nru ca-certificates-java-20170929~deb9u1/debian/changelog ca-certificates-java-20170929~deb9u3/debian/changelog
--- ca-certificates-java-20170929~deb9u1/debian/changelog	2019-02-11 04:14:23.000000000 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/changelog	2019-04-10 19:59:01.000000000 -0700
@@ -1,3 +1,17 @@
+ca-certificates-java (20170929~deb9u3) stretch; urgency=medium
+
+  * Team upload.
+  * Fix printf syntax problem introduced in 20170929~deb9u2
+
+ -- tony mancill <tmancill@debian.org>  Wed, 10 Apr 2019 19:59:01 -0700
+
+ca-certificates-java (20170929~deb9u2) stretch; urgency=medium
+
+  * Team upload.
+  * Address bashisms in postinst and jks-keystore (Closes: #922720)
+
+ -- tony mancill <tmancill@debian.org>  Sun, 24 Feb 2019 09:55:04 -0800
+
 ca-certificates-java (20170929~deb9u1) stretch; urgency=medium
 
   * Rebuild for stretch.
diff -Nru ca-certificates-java-20170929~deb9u1/debian/jks-keystore.hook.in ca-certificates-java-20170929~deb9u3/debian/jks-keystore.hook.in
--- ca-certificates-java-20170929~deb9u1/debian/jks-keystore.hook.in	2019-02-11 04:14:23.000000000 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/jks-keystore.hook.in	2019-04-10 19:59:01.000000000 -0700
@@ -53,7 +53,7 @@
     # the jre is not yet configured, but jvm.cfg is needed to run it
     temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
     mkdir -p /etc/${jvm%-$arch}
-    if [ "$arch" == "armhf" ]; then
+    if [ "$arch" = "armhf" ]; then
         printf -- "-client KNOWN\n-server ALIASED_TO -client\n" > $temp_jvm_cfg
     else
         printf -- "-server KNOWN\n" > $temp_jvm_cfg
diff -Nru ca-certificates-java-20170929~deb9u1/debian/postinst.in ca-certificates-java-20170929~deb9u3/debian/postinst.in
--- ca-certificates-java-20170929~deb9u1/debian/postinst.in	2019-02-11 04:14:23.000000000 -0800
+++ ca-certificates-java-20170929~deb9u3/debian/postinst.in	2019-04-10 19:59:01.000000000 -0700
@@ -52,7 +52,7 @@
 
     # Forcibly remove diginotar cert (LP: #920758)
     if [ -n "$FIXOLD" ]; then
-        echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \
+        printf -- "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \
         java -Xmx64m -jar $JAR -storepass "$storepass"
     fi
 
@@ -100,7 +100,7 @@
                 # the jre is not yet configured, but jvm.cfg is needed to run it
                 temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
                 mkdir -p /etc/${jvm%-$arch}
-                if [ "$arch" == "armhf" ]; then
+                if [ "$arch" = "armhf" ]; then
 	                printf -- "-client KNOWN\n-server ALIASED_TO -client\n" > $temp_jvm_cfg
                 else
 	                printf -- "-server KNOWN\n" > $temp_jvm_cfg

Attachment: signature.asc
Description: PGP signature