[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#932448: buster-pu: package dehydrated/0.6.2-2+deb10u1

Package: release.debian.org
User: release.debian.org@packages.debian.org
Tags: buster
Usertags: pu

Dear SRM,

I'm seeking approval to do this update in buster.
The goal is fixing a set of bugs stemming from upcoming changes on the
Let's Encrypt API.
See:
https://github.com/lukas2511/dehydrated/pull/648
https://github.com/lukas2511/dehydrated/issues/650
https://github.com/lukas2511/dehydrated/issues/647
https://github.com/lukas2511/dehydrated/issues/652

The original fix caused a couple of regression, so it's splitted in 3
commits (→ 3 patch files).
The changes are already in bullseye.

Thank you for your attention.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

diffstat for dehydrated-0.6.2 dehydrated-0.6.2

 changelog                                                               |    9 +
 gbp.conf                                                                |    2 
 patches/Fixes-559-when-HTTP-2-is-used-header-names-are-lower-case.patch |    2 
 patches/fixed-fetching-of-account-information-fixes-652-fixes-647.patch |   30 +++++
 patches/release-0.6.4-fixed-account-id-handling-again.patch             |   57 ++++++++++
 patches/release-0.6.5-fixed-apiv1-compatibility.patch                   |   45 +++++++
 patches/series                                                          |    3 
 7 files changed, 146 insertions(+), 2 deletions(-)

diff -Nru dehydrated-0.6.2/debian/changelog dehydrated-0.6.2/debian/changelog
--- dehydrated-0.6.2/debian/changelog	2019-03-11 16:25:53.000000000 +0100
+++ dehydrated-0.6.2/debian/changelog	2019-07-19 14:59:11.000000000 +0200
@@ -1,3 +1,12 @@
+dehydrated (0.6.2-2+deb10u1) buster; urgency=medium
+
+  * Add three more patches from upstream.
+    Fixing the following bug:
+     + Fixed fetching of account information.
+     + Followup fixes for account ID handling, and APIv1 compatibility.
+
+ -- Mattia Rizzolo <mattia@debian.org>  Fri, 19 Jul 2019 14:59:11 +0200
+
 dehydrated (0.6.2-2) unstable; urgency=medium
 
   * Add a number of patches from upstream.
diff -Nru dehydrated-0.6.2/debian/gbp.conf dehydrated-0.6.2/debian/gbp.conf
--- dehydrated-0.6.2/debian/gbp.conf	2018-05-08 12:08:48.000000000 +0200
+++ dehydrated-0.6.2/debian/gbp.conf	2019-07-19 14:58:48.000000000 +0200
@@ -1,6 +1,6 @@
 [DEFAULT]
 upstream-branch = upstream/master
-debian-branch = debian/master
+debian-branch = debian/buster
 upstream-tag = v%(version)s
 pristine-tar = True
 pristine-tar-commit = True
diff -Nru dehydrated-0.6.2/debian/patches/fixed-fetching-of-account-information-fixes-652-fixes-647.patch dehydrated-0.6.2/debian/patches/fixed-fetching-of-account-information-fixes-652-fixes-647.patch
--- dehydrated-0.6.2/debian/patches/fixed-fetching-of-account-information-fixes-652-fixes-647.patch	1970-01-01 01:00:00.000000000 +0100
+++ dehydrated-0.6.2/debian/patches/fixed-fetching-of-account-information-fixes-652-fixes-647.patch	2019-07-19 14:52:44.000000000 +0200
@@ -0,0 +1,30 @@
+From: Lukas Schauer <lukas@schauer.so>
+Date: Tue, 25 Jun 2019 12:19:20 +0200
+Subject: fixed fetching of account information (fixes #652, fixes #647,
+ fixes #650, closes #648)
+
+---
+ dehydrated | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/dehydrated b/dehydrated
+index 69057e7..a29910b 100755
+--- a/dehydrated
++++ b/dehydrated
+@@ -396,7 +396,16 @@ init_system() {
+ 
+   # Read account information or request from CA if missing
+   if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
++    if [[ -z "$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)" ]]; then
++      echo "+ Fetching account information..."
++      ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
++      ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
++      echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
++    fi
+     ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
++    if [[ -z "${ACCOUNT_ID}" ]]; then
++      _exiterr "Unknown error on fetching account information"
++    fi
+     if [[ ${API} -eq 1 ]]; then
+       ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}"
+     else
diff -Nru dehydrated-0.6.2/debian/patches/Fixes-559-when-HTTP-2-is-used-header-names-are-lower-case.patch dehydrated-0.6.2/debian/patches/Fixes-559-when-HTTP-2-is-used-header-names-are-lower-case.patch
--- dehydrated-0.6.2/debian/patches/Fixes-559-when-HTTP-2-is-used-header-names-are-lower-case.patch	2019-03-11 16:21:33.000000000 +0100
+++ dehydrated-0.6.2/debian/patches/Fixes-559-when-HTTP-2-is-used-header-names-are-lower-case.patch	2019-07-19 14:52:44.000000000 +0200
@@ -1,4 +1,4 @@
-From: Florent <>
+From: Florent <fake@mail>
 Date: Wed, 9 May 2018 19:29:21 +0200
 Subject: Fixes #559 : when HTTP/2 is used,
  header names are lower case. So adding ignore case option (-i) to grep's.
diff -Nru dehydrated-0.6.2/debian/patches/release-0.6.4-fixed-account-id-handling-again.patch dehydrated-0.6.2/debian/patches/release-0.6.4-fixed-account-id-handling-again.patch
--- dehydrated-0.6.2/debian/patches/release-0.6.4-fixed-account-id-handling-again.patch	1970-01-01 01:00:00.000000000 +0100
+++ dehydrated-0.6.2/debian/patches/release-0.6.4-fixed-account-id-handling-again.patch	2019-07-19 14:52:44.000000000 +0200
@@ -0,0 +1,57 @@
+From: Lukas Schauer <lukas@schauer.so>
+Date: Tue, 25 Jun 2019 15:28:09 +0200
+Subject: release 0.6.4 (fixed account id handling, again)
+
+---
+ dehydrated | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/dehydrated b/dehydrated
+index a29910b..c066d27 100755
+--- a/dehydrated
++++ b/dehydrated
+@@ -243,6 +243,7 @@ load_config() {
+   [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
+   ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
+   ACCOUNT_KEY_JSON="${ACCOUNTDIR}/${CAHASH}/registration_info.json"
++  ACCOUNT_ID_JSON="${ACCOUNTDIR}/${CAHASH}/account_id.json"
+ 
+   if [[ -f "${BASEDIR}/private_key.pem" ]] && [[ ! -f "${ACCOUNT_KEY}" ]]; then
+     echo "! Moving private_key.pem to ${ACCOUNT_KEY}"
+@@ -328,6 +329,7 @@ init_system() {
+     echo "Using private key ${PARAM_ACCOUNT_KEY} instead of account key"
+     ACCOUNT_KEY="${PARAM_ACCOUNT_KEY}"
+     ACCOUNT_KEY_JSON="${PARAM_ACCOUNT_KEY}.json"
++    ACCOUNT_ID_JSON="${PARAM_ACCOUNT_KEY}_id.json"
+     [ "${COMMAND:-}" = "register" ] && register_new_key="yes"
+   else
+     # Check if private account key exists, if it doesn't exist yet generate a new one (rsa key)
+@@ -396,13 +398,14 @@ init_system() {
+ 
+   # Read account information or request from CA if missing
+   if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
+-    if [[ -z "$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)" ]]; then
+-      echo "+ Fetching account information..."
++    if [[ ! -e "${ACCOUNT_ID_JSON}" ]]; then
++      echo "+ Fetching account ID..."
+       ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
+-      ACCOUNT_INFO="$(signed_request "${ACCOUNT_URL}" '{}')"
+-      echo "${ACCOUNT_INFO}" > "${ACCOUNT_KEY_JSON}"
++      ACCOUNT_ID="${ACCOUNT_URL##*/}"
++      echo '{"id": "'"${ACCOUNT_ID}"'"}' > "${ACCOUNT_ID_JSON}"
++    else
++      ACCOUNT_ID="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value id)"
+     fi
+-    ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
+     if [[ -z "${ACCOUNT_ID}" ]]; then
+       _exiterr "Unknown error on fetching account information"
+     fi
+@@ -1525,7 +1528,7 @@ command_help() {
+ command_env() {
+   echo "# dehydrated configuration"
+   load_config
+-  typeset -p CA CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
++  typeset -p CA CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON ACCOUNT_ID_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
+ }
+ 
+ # Main method (parses script arguments and calls command_* methods)
diff -Nru dehydrated-0.6.2/debian/patches/release-0.6.5-fixed-apiv1-compatibility.patch dehydrated-0.6.2/debian/patches/release-0.6.5-fixed-apiv1-compatibility.patch
--- dehydrated-0.6.2/debian/patches/release-0.6.5-fixed-apiv1-compatibility.patch	1970-01-01 01:00:00.000000000 +0100
+++ dehydrated-0.6.2/debian/patches/release-0.6.5-fixed-apiv1-compatibility.patch	2019-07-19 14:52:44.000000000 +0200
@@ -0,0 +1,45 @@
+From: Lukas Schauer <lukas@schauer.so>
+Date: Wed, 26 Jun 2019 12:29:39 +0200
+Subject: release 0.6.5 (fixed apiv1 compatibility...)
+
+---
+ dehydrated | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/dehydrated b/dehydrated
+index c066d27..41c7fdf 100755
+--- a/dehydrated
++++ b/dehydrated
+@@ -398,20 +398,21 @@ init_system() {
+ 
+   # Read account information or request from CA if missing
+   if [[ -e "${ACCOUNT_KEY_JSON}" ]]; then
+-    if [[ ! -e "${ACCOUNT_ID_JSON}" ]]; then
+-      echo "+ Fetching account ID..."
+-      ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
+-      ACCOUNT_ID="${ACCOUNT_URL##*/}"
+-      echo '{"id": "'"${ACCOUNT_ID}"'"}' > "${ACCOUNT_ID_JSON}"
+-    else
+-      ACCOUNT_ID="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value id)"
+-    fi
+-    if [[ -z "${ACCOUNT_ID}" ]]; then
+-      _exiterr "Unknown error on fetching account information"
+-    fi
+     if [[ ${API} -eq 1 ]]; then
++      ACCOUNT_ID="$(cat "${ACCOUNT_KEY_JSON}" | get_json_int_value id)"
+       ACCOUNT_URL="${CA_REG}/${ACCOUNT_ID}"
+     else
++      if [[ -e "${ACCOUNT_ID_JSON}" ]]; then
++        ACCOUNT_ID="$(cat "${ACCOUNT_ID_JSON}" | get_json_string_value id)"
++      else
++        echo "+ Fetching account ID..."
++        ACCOUNT_URL="$(signed_request "${CA_NEW_ACCOUNT}" '{"onlyReturnExisting": true}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
++        ACCOUNT_ID="${ACCOUNT_URL##*/}"
++        if [[ -z "${ACCOUNT_ID}" ]]; then
++          _exiterr "Unknown error on fetching account information"
++        fi
++        echo '{"id": "'"${ACCOUNT_ID}"'"}' > "${ACCOUNT_ID_JSON}"
++      fi
+       ACCOUNT_URL="${CA_ACCOUNT}/${ACCOUNT_ID}"
+     fi
+   else
diff -Nru dehydrated-0.6.2/debian/patches/series dehydrated-0.6.2/debian/patches/series
--- dehydrated-0.6.2/debian/patches/series	2019-03-11 16:21:33.000000000 +0100
+++ dehydrated-0.6.2/debian/patches/series	2019-07-19 14:52:44.000000000 +0200
@@ -4,3 +4,6 @@
 document-DOMAINS_D-parameter-in-example-config-fixes-575-.patch
 implement-POST-as-GET-closes-626.patch
 tiny-documentation-fix-per-certificate-config-can-overrid.patch
+fixed-fetching-of-account-information-fixes-652-fixes-647.patch
+release-0.6.4-fixed-account-id-handling-again.patch
+release-0.6.5-fixed-apiv1-compatibility.patch

Attachment: signature.asc
Description: PGP signature

Reply to: