Bug#928269: unblock: cryptsetup/2.1.0-3

To: Guilhem Moulin <guilhem@debian.org>
Cc: 928269@bugs.debian.org, kibi@debian.org
Subject: Bug#928269: unblock: cryptsetup/2.1.0-3
From: Ivo De Decker <ivodd@debian.org>
Date: Sun, 5 May 2019 14:38:28 +0200
Message-id: <[🔎] 20190505123826.ug6eujgd6wnyihqz@debian.org>
Reply-to: Ivo De Decker <ivodd@debian.org>, 928269@bugs.debian.org
In-reply-to: <20190430201422.GA11962@debian.org>
References: <20190430201422.GA11962@debian.org> <20190430201422.GA11962@debian.org>

Control: tags -1 confirmed d-i

Hi,

On Tue, Apr 30, 2019 at 10:14:22PM +0200, Guilhem Moulin wrote:
> The cryptsetup package found in Buster, currently at version 2:2.1.0-2,
> contains regressions affecting unlocking using OpenSC (PKCS#15 compatible
> Smart Card):
> 
>     [#926573] The `decrypt_opensc` keyscript poisons standard output,
>     causing `cryptsetup open --key-file -` to fail.  (Since 2:2.0.3-7.)
>     https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/8
> 
>     [#928263] The initramfs hook fails to copy libpcsclite.so to the
>     initramfs on non-usrmerge systems, causing the pcscd daemon to fail to
>     start, hence failing unlocking at initramfs stage.  (Since 2:2.0.3-2.)
> 
> These regressions are RC for users relying on OpenSC integration, but
> the bugs have ‘Severity: important’ since src:cryptsetup is still usable
> to others.
> 
> Debdiff between 2:2.1.0-2 and 2:2.1.0-3 attached.

This looks ok, but needs a d-i ack. Cc'ed kibi.

Thanks,

Ivo

> diff -Nru cryptsetup-2.1.0/debian/changelog cryptsetup-2.1.0/debian/changelog
> --- cryptsetup-2.1.0/debian/changelog	2019-02-28 22:32:43.000000000 +0100
> +++ cryptsetup-2.1.0/debian/changelog	2019-04-30 21:20:47.000000000 +0200
> @@ -1,3 +1,12 @@
> +cryptsetup (2:2.1.0-3) unstable; urgency=medium
> +
> +  * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
> +    Mueller for the report and patch.  (Closes: #926573.)
> +  * d/initramfs/hooks/cryptopensc: Ensure that libpcsclite.so is copied to the
> +    initramfs on non-usrmerge systems.  (Closes: #928263.)
> +
> + -- Guilhem Moulin <guilhem@debian.org>  Tue, 30 Apr 2019 21:20:47 +0200
> +
>  cryptsetup (2:2.1.0-2) unstable; urgency=medium
>  
>    * debian/copyright:
> diff -Nru cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc
> --- cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc	2019-02-28 22:32:43.000000000 +0100
> +++ cryptsetup-2.1.0/debian/initramfs/hooks/cryptopensc	2019-04-30 21:20:47.000000000 +0200
> @@ -47,7 +47,7 @@
>  # pcscd utilizes pthread_cancel
>  copy_exec /usr/sbin/pcscd
>  LIBC_DIR="$(ldd /usr/sbin/pcscd | sed -nr 's#.* => (/lib.*)/libc\.so\.[0-9.-]+ \(0x[[:xdigit:]]+\)$#\1#p')"
> -find -L "$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
> +find -L "$LIBC_DIR" "/usr$LIBC_DIR" -maxdepth 1 \( -name 'libgcc_s.*' -o -name 'libusb-*.so*' -o -name 'libpcsclite.so*' \) -type f | while read so; do
>      copy_exec "$so"
>  done
>  
> diff -Nru cryptsetup-2.1.0/debian/scripts/decrypt_opensc cryptsetup-2.1.0/debian/scripts/decrypt_opensc
> --- cryptsetup-2.1.0/debian/scripts/decrypt_opensc	2019-02-28 22:32:43.000000000 +0100
> +++ cryptsetup-2.1.0/debian/scripts/decrypt_opensc	2019-04-30 21:20:47.000000000 +0200
> @@ -12,7 +12,7 @@
>  check_card() {
>      cardfound=0
>  
> -    if /usr/bin/opensc-tool -n 2>&1; then
> +    if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
>          cardfound=1
>      fi
>  }

Reply to:

Follow-Ups:
- Bug#928269: unblock: cryptsetup/2.1.0-3
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Processed: Re: unblock / pre approval: otrs2/6.0.16-2
Next by Date: Processed: Re: unblock: cryptsetup/2.1.0-3
Previous by thread: Bug#928223: unblock / pre approval: otrs2/6.0.16-2
Next by thread: Processed: Re: unblock: cryptsetup/2.1.0-3
Index(es):
- Date
- Thread