Bug#1107828: marked as done (unblock: mini-httpd/1.30-13)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#1107828: marked as done (unblock: mini-httpd/1.30-13)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 15 Jun 2025 20:35:02 +0000
Message-id: <[🔎] handler.1107828.D1107828.17500196431893102.ackdone@bugs.debian.org>
Reply-to: 1107828@bugs.debian.org
References: <E1uQu3F-002CEx-0o@respighi.debian.org> <[🔎] da9be79982eff7f8dd52005f16f1f7b8ddf3a723.camel@gmail.com>

Your message dated Sun, 15 Jun 2025 20:34:01 +0000
with message-id <E1uQu3F-002CEx-0o@respighi.debian.org>
and subject line unblock mini-httpd
has caused the Debian Bug report #1107828,
regarding unblock: mini-httpd/1.30-13
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1107828: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107828
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: mini-httpd/1.30-13
From: Alexandru Mihail <alexandru.mihail2897@gmail.com>
Date: Sun, 15 Jun 2025 14:46:28 +0300
Message-id: <[🔎] da9be79982eff7f8dd52005f16f1f7b8ddf3a723.camel@gmail.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: mini-httpd@packages.debian.org
Control: affects -1 + src:mini-httpd

Please unblock package mini-httpd

Hi, the lack of autopkgtests in mini-httpd blocks the transition from
1.30-12 to 1.30-13 to testing. There were no tests when I rescued the
package and I didn't have enough time to write some yet.

I'd really need this version to make its way into Trixie as it fixes a
nasty bug affecting 12 and some previous versions. Detailing below.


Specifically, 1.30-13 closes
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105097
In a nutshell, the included systemd service has hardening enabled and
by default in 1.30-12, blacklists the chroot syscall wrongly. This
results in the config option chroot=1 (which is quite commonly used,
hence the issue) breaking, the server fails to start. If users
upgrading from bookworm have chroot=1, their web server will magically
be broken in trixie. This is fixed in 13 by whitelisting the chroot
syscall. This used to work long before because there was no systemd
service to begin with.

I approve all changes, as I am the only maintainer here and wrote all
the patches. I attach the debdiff which is tiny, there is a single
relevant line in the mini-httpd.service file. The rest is only
changelog and updated copyright years.
Thank you very much and I hope the transition happens in time for
trixie. Please mail me if you need any other information whatsoever.

Have a great day,
Alexandru Mihail
mini-httpd maintainer
unblock mini-httpd/1.30-13

diff -Nru mini-httpd-1.30/debian/changelog mini-httpd-1.30/debian/changelog
--- mini-httpd-1.30/debian/changelog	2025-03-09 13:51:39.000000000 +0200
+++ mini-httpd-1.30/debian/changelog	2025-05-12 18:25:39.000000000 +0300
@@ -1,3 +1,12 @@
+mini-httpd (1.30-13) unstable; urgency=medium
+
+  * Adds chroot syscall exception to SystemCallFilter in the service.
+    This allows operation in chroot mode when using the service.
+    (Closes:  #1105097)
+  * Update copyright years for debian scripts.
+
+ -- Alexandru Mihail <alexandru.mihail2897@gmail.com>  Mon, 12 May 2025 18:25:39 +0300
+
 mini-httpd (1.30-12) unstable; urgency=medium
 
   * Declare compliance with Standards-Version 4.7.2. (no changes required).
diff -Nru mini-httpd-1.30/debian/copyright mini-httpd-1.30/debian/copyright
--- mini-httpd-1.30/debian/copyright	2023-12-03 23:57:54.000000000 +0200
+++ mini-httpd-1.30/debian/copyright	2025-05-12 18:15:43.000000000 +0300
@@ -56,7 +56,7 @@
 Files: debian/*
 Copyright: 2006-2015 Marvin Stark <marv@der-marv.de>
         	2015 Jose dos Santos Junior <j.s.junior@live.com>
-        	2023 Alexandru Mihail <alexandru.mihail2897@gmail.com>
+	   2023-2025 Alexandru Mihail <alexandru.mihail2897@gmail.com>
 License: BSD-2-clause
 
 License: BSD-2-clause
diff -Nru mini-httpd-1.30/debian/mini-httpd.service mini-httpd-1.30/debian/mini-httpd.service
--- mini-httpd-1.30/debian/mini-httpd.service	2024-04-14 15:08:04.000000000 +0300
+++ mini-httpd-1.30/debian/mini-httpd.service	2025-05-12 17:54:03.000000000 +0300
@@ -15,6 +15,7 @@
 CapabilityBoundingSet=~CAP_BPF CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_TTY_CONFIG \
                        CAP_SYS_BOOT CAP_MAC_* CAP_SYS_NICE CAP_SYS_RESOURCE CAP_SYS_PTRACE
 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete @reboot @raw-io
+SystemCallFilter=chroot
 RestrictNamespaces=~uts ipc pid user cgroup
 ProtectKernelTunables=yes
 ProtectKernelModules=yes

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

To: 1107828-done@bugs.debian.org

Subject: unblock mini-httpd

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Sun, 15 Jun 2025 20:34:01 +0000

Message-id: <E1uQu3F-002CEx-0o@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#1107828: unblock: mini-httpd/1.30-13
  - From: Alexandru Mihail <alexandru.mihail2897@gmail.com>

Prev by Date: Bug#1107823: marked as done (unblock: libadwaita-1/1.7.4-2)
Next by Date: Bug#1107852: bookworm-pu: package cjson/1.7.15-1+deb12u3
Previous by thread: Processed: unblock: mini-httpd/1.30-13
Next by thread: Bug#1107830: unblock: gtk4/4.18.6+ds-2
Index(es):
- Date
- Thread