--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libevent
[ Reason ]
libevent in testing has a ftbfs bug with glibc 2.36: #1023284
[ Impact ]
The package libevent 2.1.12-stable-5 recompiled with glibc 2.36 breaks the ABI
by removing the symbol evutil_secure_rng_add_bytes.
[ Tests ]
Tests and autopkgtest passed
[ Risks ]
Low risks, the issue has been discussed upstream
(https://github.com/libevent/libevent/issues/1393) and the patrch, which is
already implemented in other distribs, has been accepted upstream
(https://github.com/libevent/libevent/pull/1427). The patch noops the function
evutil_secure_rng_add_bytes when arc4random is already provided by the system.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
The package should have been update sooner (before freeze), the first attempt
was to change the package name to libevent-2.1-7a, as in Ubuntu, the new
package went in NEW queue and was rejected (2.1.12-stable-7), then then
question was asked upstream to find a better solution.
Thanks in advance!
/Nicolas
unblock libevent/2.1.12-stable-8
diff -Nru libevent-2.1.12-stable/debian/changelog libevent-2.1.12-stable/debian/changelog
--- libevent-2.1.12-stable/debian/changelog 2022-04-15 11:26:52.000000000 -0400
+++ libevent-2.1.12-stable/debian/changelog 2023-01-04 15:28:26.000000000 -0500
@@ -1,3 +1,30 @@
+libevent (2.1.12-stable-8) unstable; urgency=medium
+
+ * Upload to unstable
+ * Restore last unstable version
+ * d/patches: Add patch evutil_secure_rng_add_bytes_noop.patch
+ to make evutil_secure_rng_add_bytes noop with glibc's
+ implemtation of arc4random, thanks zhsj@debian.org!
+ (Closes: #1023284)
+ * d/control: upgrade Standards-Version to 4.6.2
+ * d/copyright: update year to 2023
+
+ -- Nicolas Mora <babelouest@debian.org> Wed, 04 Jan 2023 15:28:26 -0500
+
+libevent (2.1.12-stable-7) experimental; urgency=medium
+
+ * d/control: change package name to libevent-2.1-7a to update rdeps
+ (Closes: #1023284)
+
+ -- Nicolas Mora <babelouest@debian.org> Mon, 07 Nov 2022 07:14:20 -0500
+
+libevent (2.1.12-stable-6) experimental; urgency=medium
+
+ * d/symbols: remove symbol evutil_secure_rng_add_bytes
+ * d/control: upgrade Standards-Version to 4.6.1
+
+ -- Nicolas Mora <babelouest@debian.org> Wed, 02 Nov 2022 13:07:03 -0400
+
libevent (2.1.12-stable-5) unstable; urgency=medium
* d/control: Update maintainer
diff -Nru libevent-2.1.12-stable/debian/control libevent-2.1.12-stable/debian/control
--- libevent-2.1.12-stable/debian/control 2022-04-15 11:26:42.000000000 -0400
+++ libevent-2.1.12-stable/debian/control 2023-01-04 15:28:26.000000000 -0500
@@ -4,7 +4,7 @@
Priority: optional
Build-Depends: debhelper-compat (= 13),
libssl-dev
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
Vcs-Git: https://salsa.debian.org/debian/libevent.git -b master
Vcs-Browser: https://salsa.debian.org/debian/libevent
Homepage: https://libevent.org/
diff -Nru libevent-2.1.12-stable/debian/copyright libevent-2.1.12-stable/debian/copyright
--- libevent-2.1.12-stable/debian/copyright 2022-04-15 09:45:11.000000000 -0400
+++ libevent-2.1.12-stable/debian/copyright 2023-01-04 15:28:26.000000000 -0500
@@ -13,7 +13,7 @@
2007-2015 Anibal Monsalve Salazar <anibal@debian.org>
2017-2020 Balint Reczey <rbalint@ubuntu.com>
2022 Balint Reczey <balint@balintreczey.hu>
- 2022 Nicolas Mora <babelouest@debian.org>
+ 2022-2023 Nicolas Mora <babelouest@debian.org>
License: BSD-3-clause
Files: WIN32-Code/getopt.c
diff -Nru libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch
--- libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch 1969-12-31 19:00:00.000000000 -0500
+++ libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch 2023-01-04 15:28:26.000000000 -0500
@@ -0,0 +1,40 @@
+Description: Make evutil_secure_rng_add_bytes noop with glibc's implemtation of arc4random
+Author: Shengjing Zhu <zhsj@debian.org>
+Forwarded: not-needed
+--- a/evutil_rand.c
++++ b/evutil_rand.c
+@@ -190,14 +190,14 @@
+ ev_arc4random_buf(buf, n);
+ }
+
+-#if !defined(EVENT__HAVE_ARC4RANDOM) || defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)
+ void
+ evutil_secure_rng_add_bytes(const char *buf, size_t n)
+ {
++#if defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)
+ arc4random_addrandom((unsigned char*)buf,
+ n>(size_t)INT_MAX ? INT_MAX : (int)n);
+-}
+ #endif
++}
+
+ void
+ evutil_free_secure_rng_globals_(void)
+--- a/include/event2/util.h
++++ b/include/event2/util.h
+@@ -862,7 +862,6 @@
+ EVENT2_EXPORT_SYMBOL
+ int evutil_secure_rng_set_urandom_device_file(char *fname);
+
+-#if !defined(EVENT__HAVE_ARC4RANDOM) || defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)
+ /** Seed the random number generator with extra random bytes.
+
+ You should almost never need to call this function; it should be
+@@ -879,7 +878,6 @@
+ */
+ EVENT2_EXPORT_SYMBOL
+ void evutil_secure_rng_add_bytes(const char *dat, size_t datlen);
+-#endif
+
+ #ifdef __cplusplus
+ }
diff -Nru libevent-2.1.12-stable/debian/patches/series libevent-2.1.12-stable/debian/patches/series
--- libevent-2.1.12-stable/debian/patches/series 2022-04-14 19:37:51.000000000 -0400
+++ libevent-2.1.12-stable/debian/patches/series 2023-01-04 15:28:26.000000000 -0500
@@ -1 +1,2 @@
0001-Always-build-with-no-undefined.patch
+evutil_secure_rng_add_bytes_noop.patch
--- End Message ---