* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
@ 2022-08-19 8:20 ` dataCobra
2022-08-19 8:22 ` dataCobra
` (29 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 8:20 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 257 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1220390655
Comment:
The chroot test seems to fail because of `File is not owned by user root`.
What should I do to fix this issue?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
2022-08-19 8:20 ` schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787 dataCobra
@ 2022-08-19 8:22 ` dataCobra
2022-08-19 8:25 ` dataCobra
` (28 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 8:22 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 818 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1220390655
Comment:
The chroot test seems to fail.
Here is the output for the failing test on my machine:
```
FAIL: sbuild-chroot
===================
.........Additional environment: CHROOT_SESSION_SOURCE=false
F......Additional environment: CHROOT_SESSION_SOURCE=false
F....
!!!FAILURES!!!
Test Results:
Run: 19 Failures: 2 Errors: 0
1) test: test_chroot::test_script_config (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()
2) test: test_chroot::test_setup_env (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()
FAIL sbuild-chroot (exit status: 1)
```
What should I do to fix this issue?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
2022-08-19 8:20 ` schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787 dataCobra
2022-08-19 8:22 ` dataCobra
@ 2022-08-19 8:25 ` dataCobra
2022-08-19 14:17 ` [PR REVIEW] " classabbyamp
` (27 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 8:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 883 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1220390655
Comment:
The chroot test seems to fail.
Here is the output for the failing test on my machine:
<details>
<summary>FAIL: sbuild-chroot</summary>
```
FAIL: sbuild-chroot
===================
.........Additional environment: CHROOT_SESSION_SOURCE=false
F......Additional environment: CHROOT_SESSION_SOURCE=false
F....
!!!FAILURES!!!
Test Results:
Run: 19 Failures: 2 Errors: 0
1) test: test_chroot::test_script_config (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()
2) test: test_chroot::test_setup_env (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()
FAIL sbuild-chroot (exit status: 1)
```
</details>
What should I do to fix this issue?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (2 preceding siblings ...)
2022-08-19 8:25 ` dataCobra
@ 2022-08-19 14:17 ` classabbyamp
2022-08-19 14:17 ` classabbyamp
` (26 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: classabbyamp @ 2022-08-19 14:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 174 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950223932
Comment:
why remove this patch?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (3 preceding siblings ...)
2022-08-19 14:17 ` [PR REVIEW] " classabbyamp
@ 2022-08-19 14:17 ` classabbyamp
2022-08-19 17:36 ` sgn
` (25 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: classabbyamp @ 2022-08-19 14:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 160 bytes --]
New review comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950220974
Comment:
@thypon
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (4 preceding siblings ...)
2022-08-19 14:17 ` classabbyamp
@ 2022-08-19 17:36 ` sgn
2022-08-19 17:46 ` sgn
` (24 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-19 17:36 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 175 bytes --]
New review comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950427487
Comment:
Don't orphan random package, plz
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (5 preceding siblings ...)
2022-08-19 17:36 ` sgn
@ 2022-08-19 17:46 ` sgn
2022-08-19 17:47 ` dataCobra
` (23 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-19 17:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 334 bytes --]
New review comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950434192
Comment:
Debian switch to CMake for `schroot` (see `debian/rules`). Build with cmake instead, otherwise `autotools` can't generate because of:
> error: BUILD_ZFSSNAP does not appear in AM_CONDITIONAL
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (6 preceding siblings ...)
2022-08-19 17:46 ` sgn
@ 2022-08-19 17:47 ` dataCobra
2022-08-19 17:48 ` dataCobra
` (22 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 17:47 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 213 bytes --]
New review comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950434954
Comment:
Sorry, to me it looked like the package is no longer maintained.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (7 preceding siblings ...)
2022-08-19 17:47 ` dataCobra
@ 2022-08-19 17:48 ` dataCobra
2022-08-19 17:50 ` dataCobra
` (21 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 17:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 192 bytes --]
New review comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950435765
Comment:
Thanks for your help.
I'll have look. :+1:
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (8 preceding siblings ...)
2022-08-19 17:48 ` dataCobra
@ 2022-08-19 17:50 ` dataCobra
2022-08-20 8:18 ` dataCobra
` (20 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 17:50 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 275 bytes --]
New review comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950434954
Comment:
Sorry, to me it looked like the package is no longer maintained.
Before I did this I checked the commits of the last 2 years.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (9 preceding siblings ...)
2022-08-19 17:50 ` dataCobra
@ 2022-08-20 8:18 ` dataCobra
2022-08-20 8:20 ` thypon
` (19 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:18 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 173 bytes --]
New review comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950667408
Comment:
I'll revert this change.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (10 preceding siblings ...)
2022-08-20 8:18 ` dataCobra
@ 2022-08-20 8:20 ` thypon
2022-08-20 8:26 ` [PR PATCH] [Updated] " dataCobra
` (18 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: thypon @ 2022-08-20 8:20 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 169 bytes --]
New comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221257035
Comment:
Have you tested dynamically?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR PATCH] [Updated] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (11 preceding siblings ...)
2022-08-20 8:20 ` thypon
@ 2022-08-20 8:26 ` dataCobra
2022-08-20 8:31 ` dataCobra
` (17 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 586 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages schroot_1.6.10-12_CVE
https://github.com/void-linux/void-packages/pull/38779
schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
**Fix CVE-2022-2787 and update to Debian Bullseye package**
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64)
A patch file from https://github.com/void-linux/void-packages/pull/38779.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-schroot_1.6.10-12_CVE-38779.patch --]
[-- Type: text/x-diff, Size: 4463 bytes --]
From 7485161df905b5b412f4477113df3009e28d797b Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sat, 20 Aug 2022 10:25:48 +0200
Subject: [PATCH] schroot: update to 1.6.10-12+deb11u1.
---
srcpkgs/schroot/template | 91 +++++++++++++++++++---------------------
1 file changed, 44 insertions(+), 47 deletions(-)
diff --git a/srcpkgs/schroot/template b/srcpkgs/schroot/template
index 85416dee5e9c..fd9ff15c7140 100644
--- a/srcpkgs/schroot/template
+++ b/srcpkgs/schroot/template
@@ -2,70 +2,67 @@
pkgname=schroot
reverts="1.7.2_9"
version=1.6.10
-revision=11
-_debian_version=3+deb9u1
-build_pie=yes
-build_style=gnu-configure
+revision=12
+_debian_version=12+deb11u1
+build_style=cmake
configure_args="
- --enable-dchroot
- --enable-lvm-snapshot
- --enable-btrfs-snapshot
- --enable-block-device
- --enable-loopback
- --enable-uuid
- BTRFS=/usr/bin/btrfs
- BTRFSCTL=/usr/bin/btrfsctl
- LVCREATE=/usr/sbin/lvcreate
- LVREMOVE=/usr/sbin/lvremove"
+ -Ddchroot=ON
+ -Dlvm-snapshot=ON
+ -Dbtrfs-snapshot=ON
+ -Dblock-device=ON
+ -Dloopback=ON
+ -Duuid=ON
+ -DBTRFS_EXECUTABLE=/usr/bin/btrfs
+ -DLVCREATE_EXECUTABLE=/usr/sbin/lvcreate
+ -DLVREMOVE_EXECUTABLE=/usr/sbin/lvremove
+ -DZFS_EXECUTABLE=/usr/bin/zfs
+ -Dbash_completion_dir=/usr/share/bash-completion/completions"
conf_files="
- /etc/schroot/minimal/nssdatabases
- /etc/schroot/minimal/fstab
- /etc/schroot/minimal/copyfiles
- /etc/schroot/buildd/nssdatabases
- /etc/schroot/buildd/fstab
- /etc/schroot/buildd/copyfiles
- /etc/schroot/default/nssdatabases
- /etc/schroot/default/fstab
- /etc/schroot/default/copyfiles
- /etc/schroot/schroot.conf
- /etc/schroot/desktop/nssdatabases
- /etc/schroot/desktop/fstab
- /etc/schroot/desktop/copyfiles
- /etc/schroot/sbuild/nssdatabases
- /etc/schroot/sbuild/fstab
- /etc/schroot/sbuild/copyfiles"
+ /etc/schroot/minimal/nssdatabases
+ /etc/schroot/minimal/fstab
+ /etc/schroot/minimal/copyfiles
+ /etc/schroot/buildd/nssdatabases
+ /etc/schroot/buildd/fstab
+ /etc/schroot/buildd/copyfiles
+ /etc/schroot/default/nssdatabases
+ /etc/schroot/default/fstab
+ /etc/schroot/default/copyfiles
+ /etc/schroot/schroot.conf
+ /etc/schroot/desktop/nssdatabases
+ /etc/schroot/desktop/fstab
+ /etc/schroot/desktop/copyfiles
+ /etc/schroot/sbuild/nssdatabases
+ /etc/schroot/sbuild/fstab
+ /etc/schroot/sbuild/copyfiles"
make_dirs="
- /var/lib/schroot/unpack 0755 root root
- /var/lib/schroot/union/underlay 0755 root root
- /var/lib/schroot/union/overlay 0755 root root
- /var/lib/schroot/session 0755 root root
- /var/lib/schroot/mount 0755 root root
- /etc/schroot/chroot.d 0755 root root"
-hostmakedepends="cmake pkg-config automake libtool gettext xz"
-makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel gettext-devel
- libcppunit-devel"
+ /var/lib/schroot/unpack 0755 root root
+ /var/lib/schroot/union/underlay 0755 root root
+ /var/lib/schroot/union/overlay 0755 root root
+ /var/lib/schroot/session 0755 root root
+ /var/lib/schroot/mount 0755 root root
+ /etc/schroot/chroot.d 0755 root root"
+hostmakedepends="pkg-config libtool gettext xz po4a groff"
+makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel
+ gettext-devel libcppunit-devel"
short_desc="Allows users to execute commands in different chroots"
maintainer="Andrea Brancaleoni <miwaxe@gmail.com>"
-license="GPL-3"
+license="GPL-3.0-only"
homepage="https://wiki.debian.org/Schroot"
distfiles="
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
+ ${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
+ http://security.debian.org/debian-security/pool/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
checksum="
-3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
-56bc82fc8ae7f6ca7eef506ccc1dca1211b2c84d83efc50d24670b8bdb9ea8bb"
+ 3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
+ 7bd4e0c2709979362c86a86c10d2b23d290d26e1a2d301a602e829327f483ec1"
nocross=yes
pre_configure() {
cat ../debian/patches/series | while read p; do
patch -p1 -i ../debian/patches/$p
done
- autoreconf -fi
}
post_install() {
- vmkdir usr/share/bash-completion/completions
- mv ${DESTDIR}/etc/bash_completion.d/* ${DESTDIR}/usr/share/bash-completion/completions
# Remove development files
rm -rf ${DESTDIR}/usr/include \
${DESTDIR}/usr/lib/*.a \
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (12 preceding siblings ...)
2022-08-20 8:26 ` [PR PATCH] [Updated] " dataCobra
@ 2022-08-20 8:31 ` dataCobra
2022-08-20 8:34 ` [PR REVIEW] " dataCobra
` (16 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 257 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221258577
Comment:
Hey @thypon,
> Have you tested dynamically?
Could you explain a bit further what you mean with dynamically?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (13 preceding siblings ...)
2022-08-20 8:31 ` dataCobra
@ 2022-08-20 8:34 ` dataCobra
2022-08-20 8:38 ` dataCobra
` (15 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:34 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 232 bytes --]
New review comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#discussion_r950668892
Comment:
Hey @sgn,
I've read the `debian/rules` now and changed the template accordingly.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (14 preceding siblings ...)
2022-08-20 8:34 ` [PR REVIEW] " dataCobra
@ 2022-08-20 8:38 ` dataCobra
2022-08-20 8:38 ` dataCobra
` (14 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 2120 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259588
Comment:
Alright, progress! :slightly_smiling_face:
now there is only `x86-64-musl` left failing.
My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?
<details>
<summary>FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o</summary>
```
[20/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o
FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o
/usr/bin/g++ -I/builddir/schroot-1.6.10/build/lib -I/builddir/schroot-1.6.10/lib -I/builddir/schroot-1.6.10/build -I/builddir/schroot-1.6.10 -I/builddir/schroot-1.6.10/sbuild -I/builddir/schroot-1.6.10/build/sbuild -DNDEBUG -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=generic -O2 -fdebug-prefix-map=/builddir/schroot-1.6.10=. -std=c++11 -pedantic -Wall -Wcast-align -Wwrite-strings -Wswitch-default -Wcast-qual -Wunused-variable -Wredundant-decls -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -fstrict-aliasing -MD -MT sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -MF sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o.d -o sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -c /builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc: In function 'int {anonymous}::auth_pam_conv_hook(int, const pam_message**, pam_response**, void*)':
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc:80:36: error: 'dgettext' was not declared in this scope
80 | if (message.message == dgettext(PAM_TEXT_DOMAIN, "Password: ") ||
| ^~~~~~~~
[21/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam-conv-tty.cc.o
ninja: build stopped: subcommand failed.
=> ERROR: schroot-1.6.10_12: do_build: '${make_cmd} ${makejobs} ${make_build_args} ${make_build_target}' exited with 1
=> ERROR: in do_build() at common/build-style/cmake.sh:92
Error: Process completed with exit code 1.
```
</details>
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (15 preceding siblings ...)
2022-08-20 8:38 ` dataCobra
@ 2022-08-20 8:38 ` dataCobra
2022-08-20 8:40 ` sgn
` (13 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 2122 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259588
Comment:
Alright, progress! :slightly_smiling_face:
now there is only `x86-64-musl` left failing.
My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?
<details>
<summary>FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o</summary>
```
[20/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o
FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o
/usr/bin/g++ -I/builddir/schroot-1.6.10/build/lib -I/builddir/schroot-1.6.10/lib -I/builddir/schroot-1.6.10/build -I/builddir/schroot-1.6.10 -I/builddir/schroot-1.6.10/sbuild -I/builddir/schroot-1.6.10/build/sbuild -DNDEBUG -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=generic -O2 -fdebug-prefix-map=/builddir/schroot-1.6.10=. -std=c++11 -pedantic -Wall -Wcast-align -Wwrite-strings -Wswitch-default -Wcast-qual -Wunused-variable -Wredundant-decls -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -fstrict-aliasing -MD -MT sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -MF sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o.d -o sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -c /builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc: In function 'int {anonymous}::auth_pam_conv_hook(int, const pam_message**, pam_response**, void*)':
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc:80:36: error: 'dgettext' was not declared in this scope
80 | if (message.message == dgettext(PAM_TEXT_DOMAIN, "Password: ") ||
| ^~~~~~~~
[21/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam-conv-tty.cc.o
ninja: build stopped: subcommand failed.
=> ERROR: schroot-1.6.10_12: do_build: '${make_cmd} ${makejobs} ${make_build_args} ${make_build_target}' exited with 1
=> ERROR: in do_build() at common/build-style/cmake.sh:92
Error: Process completed with exit code 1.
```
</details>
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (16 preceding siblings ...)
2022-08-20 8:38 ` dataCobra
@ 2022-08-20 8:40 ` sgn
2022-08-20 8:41 ` sgn
` (12 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20 8:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1169 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259896
Comment:
> Alright, progress! slightly_smiling_face
>
> now there is only `x86-64-musl` left failing.
>
> My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?
Replace musl.patch with
```diff
--- a/sbuild/sbuild-auth-pam.cc
+++ b/sbuild/sbuild-auth-pam.cc
@@ -21,6 +21,7 @@
#include "sbuild-auth-pam.h"
#include "sbuild-auth-pam-conv.h"
#include "sbuild-feature.h"
+#include "sbuild-i18n.h"
#include <cassert>
#include <cerrno>
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -176,7 +176,7 @@ if(GETTEXT_FOUND)
endif(GETTEXT_FOUND)
option(nls "Enable national language support (requires gettext)" ${NLS_DEFAULT})
set(BUILD_NLS ${nls})
-set(SBUILD_FEATURE_NLS ${pam})
+set(SBUILD_FEATURE_NLS ${nls})
# UUID generation
check_include_file_cxx(uuid/uuid.h UUID_HEADER)
--- a/sbuild/sbuild-feature.cc
+++ b/sbuild/sbuild-feature.cc
@@ -21,6 +21,7 @@
#include <iostream>
#include "sbuild-feature.h"
+#include "sbuild-i18n.h"
using namespace sbuild;
```
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (17 preceding siblings ...)
2022-08-20 8:40 ` sgn
@ 2022-08-20 8:41 ` sgn
2022-08-20 8:47 ` [PR PATCH] [Updated] " dataCobra
` (11 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20 8:41 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1190 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259896
Comment:
> Alright, progress! slightly_smiling_face
>
> now there is only `x86-64-musl` left failing.
>
> My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?
Replace musl.patch (tested with 1.6.12) with
```diff
--- a/sbuild/sbuild-auth-pam.cc
+++ b/sbuild/sbuild-auth-pam.cc
@@ -21,6 +21,7 @@
#include "sbuild-auth-pam.h"
#include "sbuild-auth-pam-conv.h"
#include "sbuild-feature.h"
+#include "sbuild-i18n.h"
#include <cassert>
#include <cerrno>
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -176,7 +176,7 @@ if(GETTEXT_FOUND)
endif(GETTEXT_FOUND)
option(nls "Enable national language support (requires gettext)" ${NLS_DEFAULT})
set(BUILD_NLS ${nls})
-set(SBUILD_FEATURE_NLS ${pam})
+set(SBUILD_FEATURE_NLS ${nls})
# UUID generation
check_include_file_cxx(uuid/uuid.h UUID_HEADER)
--- a/sbuild/sbuild-feature.cc
+++ b/sbuild/sbuild-feature.cc
@@ -21,6 +21,7 @@
#include <iostream>
#include "sbuild-feature.h"
+#include "sbuild-i18n.h"
using namespace sbuild;
```
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR PATCH] [Updated] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (18 preceding siblings ...)
2022-08-20 8:41 ` sgn
@ 2022-08-20 8:47 ` dataCobra
2022-08-20 8:53 ` dataCobra
` (10 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:47 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 586 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages schroot_1.6.10-12_CVE
https://github.com/void-linux/void-packages/pull/38779
schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
**Fix CVE-2022-2787 and update to Debian Bullseye package**
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64)
A patch file from https://github.com/void-linux/void-packages/pull/38779.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-schroot_1.6.10-12_CVE-38779.patch --]
[-- Type: text/x-diff, Size: 5953 bytes --]
From a76d50aed7db5914a7819a14a0a56a295d46120c Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sat, 20 Aug 2022 10:47:09 +0200
Subject: [PATCH] schroot: update to 1.6.10-12+deb11u1.
---
srcpkgs/schroot/patches/musl.patch | 41 ++++++++------
srcpkgs/schroot/template | 91 +++++++++++++++---------------
2 files changed, 67 insertions(+), 65 deletions(-)
diff --git a/srcpkgs/schroot/patches/musl.patch b/srcpkgs/schroot/patches/musl.patch
index a8b3d56fd2d4..e0dcaf3bae01 100644
--- a/srcpkgs/schroot/patches/musl.patch
+++ b/srcpkgs/schroot/patches/musl.patch
@@ -1,25 +1,30 @@
-From 73936a423227aa78b7682bdd3edc20643763807b Mon Sep 17 00:00:00 2001
-From: Andrea Brancaleoni <abc@pompel.me>
-Date: Wed, 19 Sep 2018 11:22:47 +0200
-Subject: [PATCH] musl
-
----
- sbuild/sbuild-feature.cc | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git sbuild/sbuild-feature.cc sbuild/sbuild-feature.cc
-index 5ac4725..9902db3 100644
+--- a/sbuild/sbuild-auth-pam.cc
++++ b/sbuild/sbuild-auth-pam.cc
+@@ -21,6 +21,7 @@
+ #include "sbuild-auth-pam.h"
+ #include "sbuild-auth-pam-conv.h"
+ #include "sbuild-feature.h"
++#include "sbuild-i18n.h"
+
+ #include <cassert>
+ #include <cerrno>
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -176,7 +176,7 @@ if(GETTEXT_FOUND)
+ endif(GETTEXT_FOUND)
+ option(nls "Enable national language support (requires gettext)" ${NLS_DEFAULT})
+ set(BUILD_NLS ${nls})
+-set(SBUILD_FEATURE_NLS ${pam})
++set(SBUILD_FEATURE_NLS ${nls})
+
+ # UUID generation
+ check_include_file_cxx(uuid/uuid.h UUID_HEADER)
--- a/sbuild/sbuild-feature.cc
+++ b/sbuild/sbuild-feature.cc
-@@ -20,6 +20,8 @@
-
+@@ -21,6 +21,7 @@
#include <iostream>
-+#include <libintl.h>
-+
#include "sbuild-feature.h"
++#include "sbuild-i18n.h"
using namespace sbuild;
---
-2.19.0
-
diff --git a/srcpkgs/schroot/template b/srcpkgs/schroot/template
index 85416dee5e9c..fd9ff15c7140 100644
--- a/srcpkgs/schroot/template
+++ b/srcpkgs/schroot/template
@@ -2,70 +2,67 @@
pkgname=schroot
reverts="1.7.2_9"
version=1.6.10
-revision=11
-_debian_version=3+deb9u1
-build_pie=yes
-build_style=gnu-configure
+revision=12
+_debian_version=12+deb11u1
+build_style=cmake
configure_args="
- --enable-dchroot
- --enable-lvm-snapshot
- --enable-btrfs-snapshot
- --enable-block-device
- --enable-loopback
- --enable-uuid
- BTRFS=/usr/bin/btrfs
- BTRFSCTL=/usr/bin/btrfsctl
- LVCREATE=/usr/sbin/lvcreate
- LVREMOVE=/usr/sbin/lvremove"
+ -Ddchroot=ON
+ -Dlvm-snapshot=ON
+ -Dbtrfs-snapshot=ON
+ -Dblock-device=ON
+ -Dloopback=ON
+ -Duuid=ON
+ -DBTRFS_EXECUTABLE=/usr/bin/btrfs
+ -DLVCREATE_EXECUTABLE=/usr/sbin/lvcreate
+ -DLVREMOVE_EXECUTABLE=/usr/sbin/lvremove
+ -DZFS_EXECUTABLE=/usr/bin/zfs
+ -Dbash_completion_dir=/usr/share/bash-completion/completions"
conf_files="
- /etc/schroot/minimal/nssdatabases
- /etc/schroot/minimal/fstab
- /etc/schroot/minimal/copyfiles
- /etc/schroot/buildd/nssdatabases
- /etc/schroot/buildd/fstab
- /etc/schroot/buildd/copyfiles
- /etc/schroot/default/nssdatabases
- /etc/schroot/default/fstab
- /etc/schroot/default/copyfiles
- /etc/schroot/schroot.conf
- /etc/schroot/desktop/nssdatabases
- /etc/schroot/desktop/fstab
- /etc/schroot/desktop/copyfiles
- /etc/schroot/sbuild/nssdatabases
- /etc/schroot/sbuild/fstab
- /etc/schroot/sbuild/copyfiles"
+ /etc/schroot/minimal/nssdatabases
+ /etc/schroot/minimal/fstab
+ /etc/schroot/minimal/copyfiles
+ /etc/schroot/buildd/nssdatabases
+ /etc/schroot/buildd/fstab
+ /etc/schroot/buildd/copyfiles
+ /etc/schroot/default/nssdatabases
+ /etc/schroot/default/fstab
+ /etc/schroot/default/copyfiles
+ /etc/schroot/schroot.conf
+ /etc/schroot/desktop/nssdatabases
+ /etc/schroot/desktop/fstab
+ /etc/schroot/desktop/copyfiles
+ /etc/schroot/sbuild/nssdatabases
+ /etc/schroot/sbuild/fstab
+ /etc/schroot/sbuild/copyfiles"
make_dirs="
- /var/lib/schroot/unpack 0755 root root
- /var/lib/schroot/union/underlay 0755 root root
- /var/lib/schroot/union/overlay 0755 root root
- /var/lib/schroot/session 0755 root root
- /var/lib/schroot/mount 0755 root root
- /etc/schroot/chroot.d 0755 root root"
-hostmakedepends="cmake pkg-config automake libtool gettext xz"
-makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel gettext-devel
- libcppunit-devel"
+ /var/lib/schroot/unpack 0755 root root
+ /var/lib/schroot/union/underlay 0755 root root
+ /var/lib/schroot/union/overlay 0755 root root
+ /var/lib/schroot/session 0755 root root
+ /var/lib/schroot/mount 0755 root root
+ /etc/schroot/chroot.d 0755 root root"
+hostmakedepends="pkg-config libtool gettext xz po4a groff"
+makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel
+ gettext-devel libcppunit-devel"
short_desc="Allows users to execute commands in different chroots"
maintainer="Andrea Brancaleoni <miwaxe@gmail.com>"
-license="GPL-3"
+license="GPL-3.0-only"
homepage="https://wiki.debian.org/Schroot"
distfiles="
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
+ ${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
+ http://security.debian.org/debian-security/pool/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
checksum="
-3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
-56bc82fc8ae7f6ca7eef506ccc1dca1211b2c84d83efc50d24670b8bdb9ea8bb"
+ 3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
+ 7bd4e0c2709979362c86a86c10d2b23d290d26e1a2d301a602e829327f483ec1"
nocross=yes
pre_configure() {
cat ../debian/patches/series | while read p; do
patch -p1 -i ../debian/patches/$p
done
- autoreconf -fi
}
post_install() {
- vmkdir usr/share/bash-completion/completions
- mv ${DESTDIR}/etc/bash_completion.d/* ${DESTDIR}/usr/share/bash-completion/completions
# Remove development files
rm -rf ${DESTDIR}/usr/include \
${DESTDIR}/usr/lib/*.a \
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (19 preceding siblings ...)
2022-08-20 8:47 ` [PR PATCH] [Updated] " dataCobra
@ 2022-08-20 8:53 ` dataCobra
2022-08-20 8:54 ` sgn
` (9 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 426 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221261515
Comment:
I've changed the musl.patch and now the checks passed. :+1:
Thanks @sgn.
Now there is only the question from @thypon left. :slightly_smiling_face:
> Hey @thypon,
>
> > Have you tested dynamically?
>
> Could you explain a bit further what you mean with dynamically?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (20 preceding siblings ...)
2022-08-20 8:53 ` dataCobra
@ 2022-08-20 8:54 ` sgn
2022-08-20 8:55 ` thypon
` (8 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20 8:54 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 238 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221261641
Comment:
I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (21 preceding siblings ...)
2022-08-20 8:54 ` sgn
@ 2022-08-20 8:55 ` thypon
2022-08-20 8:58 ` sgn
` (7 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: thypon @ 2022-08-20 8:55 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 269 bytes --]
New comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221261790
Comment:
I tried bumping to 1.7 in the past with scarse results. Schroot was super unstable. I wonder if this vuln fix is usable instead.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (22 preceding siblings ...)
2022-08-20 8:55 ` thypon
@ 2022-08-20 8:58 ` sgn
2022-08-20 8:59 ` dataCobra
` (6 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20 8:58 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 249 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262158
Comment:
I think `schroot` upstream uses 1.7 for development, Debian unstable uses `1.6.12` and Debian sid uses `1.6.13`
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (23 preceding siblings ...)
2022-08-20 8:58 ` sgn
@ 2022-08-20 8:59 ` dataCobra
2022-08-20 8:59 ` dataCobra
` (5 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:59 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 601 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262286
Comment:
> I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790
Yeah I've run the whole process manually on my system (x86_64).
We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy. "Void focuses on stability, rather than on being bleeding-edge. Install once, update routinely and safely."
You're the team members so you should decide. :+1:
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (24 preceding siblings ...)
2022-08-20 8:59 ` dataCobra
@ 2022-08-20 8:59 ` dataCobra
2022-08-20 8:59 ` dataCobra
` (4 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:59 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 493 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262286
Comment:
> I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790
Yeah I've run the whole process manually on my system (x86_64).
We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy.
You're the team members so you should decide. :+1:
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (25 preceding siblings ...)
2022-08-20 8:59 ` dataCobra
@ 2022-08-20 8:59 ` dataCobra
2022-08-20 9:00 ` thypon
` (3 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20 8:59 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 486 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262286
Comment:
> I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790
Yeah I've run the whole process manually on my system (x86_64).
We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy.
You're the team members so you decide. :+1:
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (26 preceding siblings ...)
2022-08-20 8:59 ` dataCobra
@ 2022-08-20 9:00 ` thypon
2022-08-20 9:12 ` sgn
` (2 subsequent siblings)
30 siblings, 0 replies; 32+ messages in thread
From: thypon @ 2022-08-20 9:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 258 bytes --]
New comment by thypon on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262435
Comment:
If it runs fine, I'm good. Unfortunately I won't be able to access any build machine until September to test, though.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (27 preceding siblings ...)
2022-08-20 9:00 ` thypon
@ 2022-08-20 9:12 ` sgn
2022-08-21 11:31 ` dataCobra
2022-08-21 11:57 ` [PR PATCH] [Merged]: " sgn
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20 9:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 379 bytes --]
New comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221264000
Comment:
> We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy.
We aren't Debian, we want both stable and rolling release. But, our stable is different from Debian's stable.
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (28 preceding siblings ...)
2022-08-20 9:12 ` sgn
@ 2022-08-21 11:31 ` dataCobra
2022-08-21 11:57 ` [PR PATCH] [Merged]: " sgn
30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-21 11:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 252 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221527141
Comment:
Hey @sgn,
might it be good to merge this PR to fix the CVE while you figure out 1.6.12 in your new PR?
^ permalink raw reply [flat|nested] 32+ messages in thread
* Re: [PR PATCH] [Merged]: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
2022-08-19 8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
` (29 preceding siblings ...)
2022-08-21 11:31 ` dataCobra
@ 2022-08-21 11:57 ` sgn
30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-21 11:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 412 bytes --]
There's a merged pull request on the void-packages repository
schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
https://github.com/void-linux/void-packages/pull/38779
Description:
**Fix CVE-2022-2787 and update to Debian Bullseye package**
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64)
^ permalink raw reply [flat|nested] 32+ messages in thread