Bug#1033004: marked as done (unblock: libevent/2.1.12-stable-8)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 15 Mar 2023 16:22:09 +0000
with message-id <ZBHwsZEX4Wdmh61K@powdarrmonkey.net>
and subject line Re: Bug#1033004: unblock: libevent/2.1.12-stable-8
has caused the Debian Bug report #1033004,
regarding unblock: libevent/2.1.12-stable-8
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1033004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033004
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: libevent/2.1.12-stable-8
• From: Nicolas Mora <babelouest@debian.org>
• Date: Wed, 15 Mar 2023 11:22:03 -0400
• Message-id: <[🔎] 167889372387.38958.6341845679103189130.reportbug@galahad>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libevent

[ Reason ]
libevent in testing has a ftbfs bug with glibc 2.36: #1023284

[ Impact ]
The package libevent 2.1.12-stable-5 recompiled with glibc 2.36 breaks the ABI
by removing the symbol evutil_secure_rng_add_bytes.

[ Tests ]
Tests and autopkgtest passed

[ Risks ]
Low risks, the issue has been discussed upstream
(https://github.com/libevent/libevent/issues/1393) and the patrch, which is
already implemented in other distribs, has been accepted upstream
(https://github.com/libevent/libevent/pull/1427). The patch noops the function
evutil_secure_rng_add_bytes when arc4random is already provided by the system.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
The package should have been update sooner (before freeze), the first attempt
was to change the package name to libevent-2.1-7a, as in Ubuntu, the new
package went in NEW queue and was rejected (2.1.12-stable-7), then then
question was asked upstream to find a better solution.

Thanks in advance!

/Nicolas

unblock libevent/2.1.12-stable-8

diff -Nru libevent-2.1.12-stable/debian/changelog libevent-2.1.12-stable/debian/changelog
--- libevent-2.1.12-stable/debian/changelog	2022-04-15 11:26:52.000000000 -0400
+++ libevent-2.1.12-stable/debian/changelog	2023-01-04 15:28:26.000000000 -0500
@@ -1,3 +1,30 @@
+libevent (2.1.12-stable-8) unstable; urgency=medium
+
+  * Upload to unstable
+  * Restore last unstable version
+  * d/patches: Add patch evutil_secure_rng_add_bytes_noop.patch
+    to make evutil_secure_rng_add_bytes noop with glibc's
+    implemtation of arc4random, thanks zhsj@debian.org!
+    (Closes: #1023284)
+  * d/control: upgrade Standards-Version to 4.6.2
+  * d/copyright: update year to 2023
+
+ -- Nicolas Mora <babelouest@debian.org>  Wed, 04 Jan 2023 15:28:26 -0500
+
+libevent (2.1.12-stable-7) experimental; urgency=medium
+
+  * d/control: change package name to libevent-2.1-7a to update rdeps
+               (Closes: #1023284)
+
+ -- Nicolas Mora <babelouest@debian.org>  Mon, 07 Nov 2022 07:14:20 -0500
+
+libevent (2.1.12-stable-6) experimental; urgency=medium
+
+  * d/symbols: remove symbol evutil_secure_rng_add_bytes
+  * d/control: upgrade Standards-Version to 4.6.1
+
+ -- Nicolas Mora <babelouest@debian.org>  Wed, 02 Nov 2022 13:07:03 -0400
+
 libevent (2.1.12-stable-5) unstable; urgency=medium
 
   * d/control: Update maintainer
diff -Nru libevent-2.1.12-stable/debian/control libevent-2.1.12-stable/debian/control
--- libevent-2.1.12-stable/debian/control	2022-04-15 11:26:42.000000000 -0400
+++ libevent-2.1.12-stable/debian/control	2023-01-04 15:28:26.000000000 -0500
@@ -4,7 +4,7 @@
 Priority: optional
 Build-Depends: debhelper-compat (= 13),
                libssl-dev
-Standards-Version: 4.6.0
+Standards-Version: 4.6.2
 Vcs-Git: https://salsa.debian.org/debian/libevent.git -b master
 Vcs-Browser: https://salsa.debian.org/debian/libevent
 Homepage: https://libevent.org/
diff -Nru libevent-2.1.12-stable/debian/copyright libevent-2.1.12-stable/debian/copyright
--- libevent-2.1.12-stable/debian/copyright	2022-04-15 09:45:11.000000000 -0400
+++ libevent-2.1.12-stable/debian/copyright	2023-01-04 15:28:26.000000000 -0500
@@ -13,7 +13,7 @@
            2007-2015  Anibal Monsalve Salazar <anibal@debian.org>
            2017-2020 Balint Reczey <rbalint@ubuntu.com>
            2022 Balint Reczey <balint@balintreczey.hu>
-           2022 Nicolas Mora <babelouest@debian.org>
+           2022-2023 Nicolas Mora <babelouest@debian.org>
 License: BSD-3-clause
 
 Files: WIN32-Code/getopt.c
diff -Nru libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch
--- libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch	1969-12-31 19:00:00.000000000 -0500
+++ libevent-2.1.12-stable/debian/patches/evutil_secure_rng_add_bytes_noop.patch	2023-01-04 15:28:26.000000000 -0500
@@ -0,0 +1,40 @@
+Description: Make evutil_secure_rng_add_bytes noop with glibc's implemtation of arc4random
+Author: Shengjing Zhu <zhsj@debian.org>
+Forwarded: not-needed
+--- a/evutil_rand.c
++++ b/evutil_rand.c
+@@ -190,14 +190,14 @@
+ 	ev_arc4random_buf(buf, n);
+ }
+ 
+-#if !defined(EVENT__HAVE_ARC4RANDOM) || defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)
+ void
+ evutil_secure_rng_add_bytes(const char *buf, size_t n)
+ {
++#if defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)
+ 	arc4random_addrandom((unsigned char*)buf,
+ 	    n>(size_t)INT_MAX ? INT_MAX : (int)n);
+-}
+ #endif
++}
+ 
+ void
+ evutil_free_secure_rng_globals_(void)
+--- a/include/event2/util.h
++++ b/include/event2/util.h
+@@ -862,7 +862,6 @@
+ EVENT2_EXPORT_SYMBOL
+ int evutil_secure_rng_set_urandom_device_file(char *fname);
+ 
+-#if !defined(EVENT__HAVE_ARC4RANDOM) || defined(EVENT__HAVE_ARC4RANDOM_ADDRANDOM)
+ /** Seed the random number generator with extra random bytes.
+ 
+     You should almost never need to call this function; it should be
+@@ -879,7 +878,6 @@
+  */
+ EVENT2_EXPORT_SYMBOL
+ void evutil_secure_rng_add_bytes(const char *dat, size_t datlen);
+-#endif
+ 
+ #ifdef __cplusplus
+ }
diff -Nru libevent-2.1.12-stable/debian/patches/series libevent-2.1.12-stable/debian/patches/series
--- libevent-2.1.12-stable/debian/patches/series	2022-04-14 19:37:51.000000000 -0400
+++ libevent-2.1.12-stable/debian/patches/series	2023-01-04 15:28:26.000000000 -0500
@@ -1 +1,2 @@
 0001-Always-build-with-no-undefined.patch
+evutil_secure_rng_add_bytes_noop.patch

--- End Message ---

--- Begin Message ---

• To: Nicolas Mora <babelouest@debian.org>, 1033004-done@bugs.debian.org
• Subject: Re: Bug#1033004: unblock: libevent/2.1.12-stable-8
• From: Jonathan Wiltshire <jmw@debian.org>
• Date: Wed, 15 Mar 2023 16:22:09 +0000
• Message-id: <ZBHwsZEX4Wdmh61K@powdarrmonkey.net>
• In-reply-to: <[🔎] 167889372387.38958.6341845679103189130.reportbug@galahad>
• References: <[🔎] 167889372387.38958.6341845679103189130.reportbug@galahad>

On Wed, Mar 15, 2023 at 11:22:03AM -0400, Nicolas Mora wrote:
> Please unblock package libevent
> 
> [ Reason ]
> libevent in testing has a ftbfs bug with glibc 2.36: #1023284

Unblocked, thanks.


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

--- End Message ---