Bug#1034198: bullseye-pu: package golang-github-containers-common/0.33.4+ds1-1+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: golang-github-containers-common@packages.debian.org, siretart@tauware.de
Control: affects -1 + src:golang-github-containers-common
[ Reason ]
Podman relies on DBUS for correct functioning and reads the
DBUS_SESSION_BUS_ADDRESS environent variables. As it turns out, some session
managers use multiple values, separated by comma, to add additional
information, such as a "guid". Unfortunately, an oversight in the parsing code
in podman 3 fails to take multi-value items into account and leads to podman
failing to connect to the session bus.
[ Impact ]
This is highly inconvenient to the users as they would have to either use a
session manager that sets the DBUS_SESSION_BUS_ADDRESS without commas, or the
user would have to sanitize the environment manually. Only very highly skilled
users that happened to find https://github.com/containers/podman/issues/15546 or
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018816 would be able to figure
this out.
[ Tests ]
This was manually tested.
[ Risks ]
the risk of regression is minimal, the patch was taken from upstream, and is included
in later releases.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
diff --git a/debian/changelog b/debian/changelog
index c23b4b9b..97d97794 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+golang-github-containers-common (0.33.4+ds1-1+deb11u2) bullseye; urgency=medium
+
+ * Fix parsing of DBUS_SESSION_BUS_ADDRESS, Closes: #1018816
+
+ -- Reinhard Tartler <siretart@tauware.de> Mon, 10 Apr 2023 18:19:51 -0400
+
golang-github-containers-common (0.33.4+ds1-1+deb11u1) bullseye; urgency=medium
* Backport seccomp patches from upstream to allow execution of newer
diff --git a/debian/patches/DBUS_SESSION_BUS_ADDRESS_parsing.patch b/debian/patches/DBUS_SESSION_BUS_ADDRESS_parsing.patch
new file mode 100644
index 00000000..d1408a43
--- /dev/null
+++ b/debian/patches/DBUS_SESSION_BUS_ADDRESS_parsing.patch
@@ -0,0 +1,37 @@
+commit 47ea9a8cbcc35d1e758b01ae40f37fec8a2e310b
+Author: Giuseppe Scrivano <gscrivan@redhat.com>
+Date: Mon Jul 26 15:00:25 2021 +0200
+
+ config: split arguments in DBUS_SESSION_BUS_ADDRESS
+
+ split the DBUS_SESSION_BUS_ADDRESS value so that something like:
+
+ unix:path=/run/user/1000/bus,guid=817e9ffcfb383869ad17ea8360e7428a
+
+ will ignore ",guid=817e9ffcfb383869ad17ea8360e7428a" when checking
+ that the path exists.
+
+ Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1984531
+
+ Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
+
+--- a/pkg/config/config.go
++++ b/pkg/config/config.go
+@@ -538,9 +538,14 @@
+
+ session := os.Getenv("DBUS_SESSION_BUS_ADDRESS")
+ hasSession := session != ""
+- if hasSession && strings.HasPrefix(session, "unix:path=") {
+- _, err := os.Stat(strings.TrimPrefix(session, "unix:path="))
+- hasSession = err == nil
++ if hasSession {
++ for _, part := range strings.Split(session, ",") {
++ if strings.HasPrefix(part, "unix:path=") {
++ _, err := os.Stat(strings.TrimPrefix(part, "unix:path="))
++ hasSession = err == nil
++ break
++ }
++ }
+ }
+
+ if !hasSession {
diff --git a/debian/patches/series b/debian/patches/series
index c2a2b119..201ff0d9 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ seccomp-fixup.patch
08bbb0dfae71da36afd3be1ca104701e6cfa4406.patch
0f242ca74bd16175bc55013ed457c88137bec0cf.patch
689e5b074454da5228bb05604f89b7a876baa8fe.patch
+DBUS_SESSION_BUS_ADDRESS_parsing.patch
Reply to: