Bug#1106040: unblock: ocserv/1.3.0-2

To: Sebastian Ramacher <sramacher@debian.org>
Cc: 1106040@bugs.debian.org
Subject: Bug#1106040: unblock: ocserv/1.3.0-2
From: Aron Xu <aron@debian.org>
Date: Thu, 29 May 2025 15:22:21 +0800
Message-id: <[🔎] CAMr=8w411NCx18h58E+P03USz9=OPH21PV5YhpfJiRz-_gGbGw@mail.gmail.com>
Reply-to: Aron Xu <aron@debian.org>, 1106040@bugs.debian.org
In-reply-to: <[🔎] aCzAQPKDQXjhhLIa@ramacher.at>
References: <[🔎] CAMr=8w6qEiCNaxbNHExwzvGiXVd=1m=aUBv1ru0yXKN1seM0XA@mail.gmail.com> <[🔎] aCzAQPKDQXjhhLIa@ramacher.at> <[🔎] CAMr=8w6qEiCNaxbNHExwzvGiXVd=1m=aUBv1ru0yXKN1seM0XA@mail.gmail.com>

Hi,

On Wed, May 21, 2025 at 1:47 AM Sebastian Ramacher <sramacher@debian.org> wrote:
>
> Control: tags -1 moreinfo
>
> On 2025-05-19 14:57:00 +0800, Aron Xu wrote:
> > Package: release.debian.org
> > Control: affects -1 + src:ocserv
> > X-Debbugs-Cc: ocserv@packages.debian.org
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > Severity: normal
> >
> > Please unblock package ocserv
> >
> > ocserv/1.3.0-2 in unstable has a few cherry picks from upstream and
> > the debdiff is included in attachment.
> >
> > 0001-Check-return-value-of-remove.patch
> > 0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch
> > 0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch
> > 0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch
> > 0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch
>
> What is the impact of these patches? Do the fix any issues? Have they
> been tested?
>

These patches are all upstream cherry-picks and I've independently
tested them. Also for a friendlier view:
https://salsa.debian.org/debian/ocserv/-/tree/master/debian/patches?ref_type=heads

> 0001-Check-return-value-of-remove.patch

This is an upstream fix for Coverity Scan warning that the return
value isn't checked, in real life it handles the situation when
removing a socket isn't successful.

> 0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch

At some rare case the strdup() at previous block might fail, and this
patch adds checks to that.

> 0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch

This increases the stack size for the need of pam_sssd.

> 0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch

This is a Makefile change that lets OCSERV_FW_SCRIPT conform to
PREFIX. This is not absolutely necessary to make it build in trixie
but since it's trivial I still picked it.

> 0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch

On arm64 the realpath function calls readlinkat instead of readlink so
that it needs to be allowed.

Thanks,
Aron

Reply to:

References:
- Bug#1106040: unblock: ocserv/1.3.0-2
  - From: Aron Xu <aron@debian.org>
- Bug#1106040: unblock: ocserv/1.3.0-2
  - From: Sebastian Ramacher <sramacher@debian.org>

Prev by Date: Bug#1106486: pre-approval/unblock: curl/8.14.0-1
Next by Date: Bug#1106040: marked as done (unblock: ocserv/1.3.0-2)
Previous by thread: Bug#1106040: unblock: ocserv/1.3.0-2
Next by thread: Processed: Re: Bug#1106040: unblock: ocserv/1.3.0-2
Index(es):
- Date
- Thread