Github messages for voidlinux
 help / color / mirror / Atom feed
* [PR PATCH] schroot: update to 1.6.10-12+deb11u1.
@ 2022-08-19  8:12 dataCobra
  2022-08-19  8:20 ` schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787 dataCobra
                   ` (30 more replies)
  0 siblings, 31 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19  8:12 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 567 bytes --]

There is a new pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages schroot_1.6.10-12_CVE
https://github.com/void-linux/void-packages/pull/38779

schroot: update to 1.6.10-12+deb11u1.
**Fix CVE-2022-2787 and update to Debian Bullseye package**

#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (x86_64)

A patch file from https://github.com/void-linux/void-packages/pull/38779.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-schroot_1.6.10-12_CVE-38779.patch --]
[-- Type: text/x-diff, Size: 2113 bytes --]

From 65d35e16cb0932e2c3a26e8ea1271c111be190cf Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Fri, 19 Aug 2022 10:08:42 +0200
Subject: [PATCH] schroot: update to 1.6.10-12+deb11u1.

Fix CVE-2022-2787 and update to Debian Bullseye package
---
 srcpkgs/schroot/template | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/srcpkgs/schroot/template b/srcpkgs/schroot/template
index 85416dee5e9c..ee1e4def3170 100644
--- a/srcpkgs/schroot/template
+++ b/srcpkgs/schroot/template
@@ -2,9 +2,8 @@
 pkgname=schroot
 reverts="1.7.2_9"
 version=1.6.10
-revision=11
-_debian_version=3+deb9u1
-build_pie=yes
+revision=12
+_debian_version=12+deb11u1
 build_style=gnu-configure
 configure_args="
 	--enable-dchroot
@@ -41,22 +40,23 @@ make_dirs="
 	/var/lib/schroot/session 0755 root root
 	/var/lib/schroot/mount 0755 root root
 	/etc/schroot/chroot.d 0755 root root"
-hostmakedepends="cmake pkg-config automake libtool gettext xz"
+hostmakedepends="cmake pkg-config automake autoconf libtool gettext xz"
 makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel gettext-devel
  libcppunit-devel"
 short_desc="Allows users to execute commands in different chroots"
-maintainer="Andrea Brancaleoni <miwaxe@gmail.com>"
-license="GPL-3"
+maintainer="Orphaned <orphan@voidlinux.org>"
+license="GPL-3.0-only"
 homepage="https://wiki.debian.org/Schroot"
 distfiles="
 ${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
+http://security.debian.org/debian-security/pool/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
 checksum="
 3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
-56bc82fc8ae7f6ca7eef506ccc1dca1211b2c84d83efc50d24670b8bdb9ea8bb"
+7bd4e0c2709979362c86a86c10d2b23d290d26e1a2d301a602e829327f483ec1"
 nocross=yes
 
 pre_configure() {
+	sed -i '/zfs-snapshot-support.patch/d' ../debian/patches/series
 	cat ../debian/patches/series | while read p; do
 		patch -p1 -i ../debian/patches/$p
 	done

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
@ 2022-08-19  8:20 ` dataCobra
  2022-08-19  8:22 ` dataCobra
                   ` (29 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19  8:20 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 257 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1220390655

Comment:
The chroot test seems to fail because of `File is not owned by user root`.

What should I do to fix this issue?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
  2022-08-19  8:20 ` schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787 dataCobra
@ 2022-08-19  8:22 ` dataCobra
  2022-08-19  8:25 ` dataCobra
                   ` (28 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19  8:22 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 818 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1220390655

Comment:
The chroot test seems to fail.

Here is the output for the failing test on my machine:
```
FAIL: sbuild-chroot
===================

.........Additional environment: CHROOT_SESSION_SOURCE=false
F......Additional environment: CHROOT_SESSION_SOURCE=false
F....


!!!FAILURES!!!
Test Results:
Run:  19   Failures: 2   Errors: 0


1) test: test_chroot::test_script_config (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()


2) test: test_chroot::test_setup_env (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()


FAIL sbuild-chroot (exit status: 1)
```

What should I do to fix this issue?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
  2022-08-19  8:20 ` schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787 dataCobra
  2022-08-19  8:22 ` dataCobra
@ 2022-08-19  8:25 ` dataCobra
  2022-08-19 14:17 ` [PR REVIEW] " classabbyamp
                   ` (27 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19  8:25 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 883 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1220390655

Comment:
The chroot test seems to fail.

Here is the output for the failing test on my machine:
<details>
<summary>FAIL: sbuild-chroot</summary>

```
FAIL: sbuild-chroot
===================

.........Additional environment: CHROOT_SESSION_SOURCE=false
F......Additional environment: CHROOT_SESSION_SOURCE=false
F....


!!!FAILURES!!!
Test Results:
Run:  19   Failures: 2   Errors: 0


1) test: test_chroot::test_script_config (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()


2) test: test_chroot::test_setup_env (F) line: 412 test-sbuild-chroot.h
assertion failed
- Expression: extra.empty()


FAIL sbuild-chroot (exit status: 1)
```
</details>

What should I do to fix this issue?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (3 preceding siblings ...)
  2022-08-19 14:17 ` [PR REVIEW] " classabbyamp
@ 2022-08-19 14:17 ` classabbyamp
  2022-08-19 17:36 ` sgn
                   ` (25 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: classabbyamp @ 2022-08-19 14:17 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 174 bytes --]

New review comment by classabbyamp on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950223932

Comment:
why remove this patch?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (2 preceding siblings ...)
  2022-08-19  8:25 ` dataCobra
@ 2022-08-19 14:17 ` classabbyamp
  2022-08-19 14:17 ` classabbyamp
                   ` (26 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: classabbyamp @ 2022-08-19 14:17 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 160 bytes --]

New review comment by classabbyamp on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950220974

Comment:
@thypon 

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (4 preceding siblings ...)
  2022-08-19 14:17 ` classabbyamp
@ 2022-08-19 17:36 ` sgn
  2022-08-19 17:46 ` sgn
                   ` (24 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-19 17:36 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 175 bytes --]

New review comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950427487

Comment:
Don't orphan random package, plz

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (5 preceding siblings ...)
  2022-08-19 17:36 ` sgn
@ 2022-08-19 17:46 ` sgn
  2022-08-19 17:47 ` dataCobra
                   ` (23 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-19 17:46 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 334 bytes --]

New review comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950434192

Comment:
Debian switch to CMake for `schroot` (see `debian/rules`). Build with cmake instead, otherwise `autotools` can't generate because of:
> error: BUILD_ZFSSNAP does not appear in AM_CONDITIONAL

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (6 preceding siblings ...)
  2022-08-19 17:46 ` sgn
@ 2022-08-19 17:47 ` dataCobra
  2022-08-19 17:48 ` dataCobra
                   ` (22 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 17:47 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 213 bytes --]

New review comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950434954

Comment:
Sorry, to me it looked like the package is no longer maintained.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (7 preceding siblings ...)
  2022-08-19 17:47 ` dataCobra
@ 2022-08-19 17:48 ` dataCobra
  2022-08-19 17:50 ` dataCobra
                   ` (21 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 17:48 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 192 bytes --]

New review comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950435765

Comment:
Thanks for your help.

I'll have look. :+1:

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (8 preceding siblings ...)
  2022-08-19 17:48 ` dataCobra
@ 2022-08-19 17:50 ` dataCobra
  2022-08-20  8:18 ` dataCobra
                   ` (20 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-19 17:50 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

New review comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950434954

Comment:
Sorry, to me it looked like the package is no longer maintained.

Before I did this I checked the commits of the last 2 years.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (9 preceding siblings ...)
  2022-08-19 17:50 ` dataCobra
@ 2022-08-20  8:18 ` dataCobra
  2022-08-20  8:20 ` thypon
                   ` (19 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New review comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950667408

Comment:
I'll revert this change.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (10 preceding siblings ...)
  2022-08-20  8:18 ` dataCobra
@ 2022-08-20  8:20 ` thypon
  2022-08-20  8:26 ` [PR PATCH] [Updated] " dataCobra
                   ` (18 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: thypon @ 2022-08-20  8:20 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 169 bytes --]

New comment by thypon on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221257035

Comment:
Have you tested dynamically?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR PATCH] [Updated] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (11 preceding siblings ...)
  2022-08-20  8:20 ` thypon
@ 2022-08-20  8:26 ` dataCobra
  2022-08-20  8:31 ` dataCobra
                   ` (17 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:26 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 586 bytes --]

There is an updated pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages schroot_1.6.10-12_CVE
https://github.com/void-linux/void-packages/pull/38779

schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
**Fix CVE-2022-2787 and update to Debian Bullseye package**

#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (x86_64)

A patch file from https://github.com/void-linux/void-packages/pull/38779.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-schroot_1.6.10-12_CVE-38779.patch --]
[-- Type: text/x-diff, Size: 4463 bytes --]

From 7485161df905b5b412f4477113df3009e28d797b Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sat, 20 Aug 2022 10:25:48 +0200
Subject: [PATCH] schroot: update to 1.6.10-12+deb11u1.

---
 srcpkgs/schroot/template | 91 +++++++++++++++++++---------------------
 1 file changed, 44 insertions(+), 47 deletions(-)

diff --git a/srcpkgs/schroot/template b/srcpkgs/schroot/template
index 85416dee5e9c..fd9ff15c7140 100644
--- a/srcpkgs/schroot/template
+++ b/srcpkgs/schroot/template
@@ -2,70 +2,67 @@
 pkgname=schroot
 reverts="1.7.2_9"
 version=1.6.10
-revision=11
-_debian_version=3+deb9u1
-build_pie=yes
-build_style=gnu-configure
+revision=12
+_debian_version=12+deb11u1
+build_style=cmake
 configure_args="
-	--enable-dchroot
-	--enable-lvm-snapshot
-	--enable-btrfs-snapshot
-	--enable-block-device
-	--enable-loopback
-	--enable-uuid
-	BTRFS=/usr/bin/btrfs
-	BTRFSCTL=/usr/bin/btrfsctl
-	LVCREATE=/usr/sbin/lvcreate
-	LVREMOVE=/usr/sbin/lvremove"
+ -Ddchroot=ON
+ -Dlvm-snapshot=ON
+ -Dbtrfs-snapshot=ON
+ -Dblock-device=ON
+ -Dloopback=ON
+ -Duuid=ON
+ -DBTRFS_EXECUTABLE=/usr/bin/btrfs
+ -DLVCREATE_EXECUTABLE=/usr/sbin/lvcreate
+ -DLVREMOVE_EXECUTABLE=/usr/sbin/lvremove
+ -DZFS_EXECUTABLE=/usr/bin/zfs
+ -Dbash_completion_dir=/usr/share/bash-completion/completions"
 conf_files="
-	/etc/schroot/minimal/nssdatabases
-	/etc/schroot/minimal/fstab
-	/etc/schroot/minimal/copyfiles
-	/etc/schroot/buildd/nssdatabases
-	/etc/schroot/buildd/fstab
-	/etc/schroot/buildd/copyfiles
-	/etc/schroot/default/nssdatabases
-	/etc/schroot/default/fstab
-	/etc/schroot/default/copyfiles
-	/etc/schroot/schroot.conf
-	/etc/schroot/desktop/nssdatabases
-	/etc/schroot/desktop/fstab
-	/etc/schroot/desktop/copyfiles
-	/etc/schroot/sbuild/nssdatabases
-	/etc/schroot/sbuild/fstab
-	/etc/schroot/sbuild/copyfiles"
+ /etc/schroot/minimal/nssdatabases
+ /etc/schroot/minimal/fstab
+ /etc/schroot/minimal/copyfiles
+ /etc/schroot/buildd/nssdatabases
+ /etc/schroot/buildd/fstab
+ /etc/schroot/buildd/copyfiles
+ /etc/schroot/default/nssdatabases
+ /etc/schroot/default/fstab
+ /etc/schroot/default/copyfiles
+ /etc/schroot/schroot.conf
+ /etc/schroot/desktop/nssdatabases
+ /etc/schroot/desktop/fstab
+ /etc/schroot/desktop/copyfiles
+ /etc/schroot/sbuild/nssdatabases
+ /etc/schroot/sbuild/fstab
+ /etc/schroot/sbuild/copyfiles"
 make_dirs="
-	/var/lib/schroot/unpack 0755 root root
-	/var/lib/schroot/union/underlay 0755 root root
-	/var/lib/schroot/union/overlay 0755 root root
-	/var/lib/schroot/session 0755 root root
-	/var/lib/schroot/mount 0755 root root
-	/etc/schroot/chroot.d 0755 root root"
-hostmakedepends="cmake pkg-config automake libtool gettext xz"
-makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel gettext-devel
- libcppunit-devel"
+ /var/lib/schroot/unpack 0755 root root
+ /var/lib/schroot/union/underlay 0755 root root
+ /var/lib/schroot/union/overlay 0755 root root
+ /var/lib/schroot/session 0755 root root
+ /var/lib/schroot/mount 0755 root root
+ /etc/schroot/chroot.d 0755 root root"
+hostmakedepends="pkg-config libtool gettext xz po4a groff"
+makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel
+ gettext-devel libcppunit-devel"
 short_desc="Allows users to execute commands in different chroots"
 maintainer="Andrea Brancaleoni <miwaxe@gmail.com>"
-license="GPL-3"
+license="GPL-3.0-only"
 homepage="https://wiki.debian.org/Schroot"
 distfiles="
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
+ ${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
+ http://security.debian.org/debian-security/pool/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
 checksum="
-3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
-56bc82fc8ae7f6ca7eef506ccc1dca1211b2c84d83efc50d24670b8bdb9ea8bb"
+ 3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
+ 7bd4e0c2709979362c86a86c10d2b23d290d26e1a2d301a602e829327f483ec1"
 nocross=yes
 
 pre_configure() {
 	cat ../debian/patches/series | while read p; do
 		patch -p1 -i ../debian/patches/$p
 	done
-	autoreconf -fi
 }
 
 post_install() {
-	vmkdir usr/share/bash-completion/completions
-	mv ${DESTDIR}/etc/bash_completion.d/* ${DESTDIR}/usr/share/bash-completion/completions
 	# Remove development files
 	rm -rf ${DESTDIR}/usr/include \
 		${DESTDIR}/usr/lib/*.a \

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (12 preceding siblings ...)
  2022-08-20  8:26 ` [PR PATCH] [Updated] " dataCobra
@ 2022-08-20  8:31 ` dataCobra
  2022-08-20  8:34 ` [PR REVIEW] " dataCobra
                   ` (16 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:31 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 257 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221258577

Comment:
Hey @thypon,

> Have you tested dynamically?

Could you explain a bit further what you mean with dynamically?

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR REVIEW] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (13 preceding siblings ...)
  2022-08-20  8:31 ` dataCobra
@ 2022-08-20  8:34 ` dataCobra
  2022-08-20  8:38 ` dataCobra
                   ` (15 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:34 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

New review comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#discussion_r950668892

Comment:
Hey @sgn,

I've read the `debian/rules` now and changed the template accordingly.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (14 preceding siblings ...)
  2022-08-20  8:34 ` [PR REVIEW] " dataCobra
@ 2022-08-20  8:38 ` dataCobra
  2022-08-20  8:38 ` dataCobra
                   ` (14 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:38 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 2120 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259588

Comment:
Alright, progress! :slightly_smiling_face:

now there is only `x86-64-musl` left failing.

My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?
<details>
<summary>FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o</summary>
```
[20/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o
FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o 
/usr/bin/g++  -I/builddir/schroot-1.6.10/build/lib -I/builddir/schroot-1.6.10/lib -I/builddir/schroot-1.6.10/build -I/builddir/schroot-1.6.10 -I/builddir/schroot-1.6.10/sbuild -I/builddir/schroot-1.6.10/build/sbuild -DNDEBUG -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=generic -O2    -fdebug-prefix-map=/builddir/schroot-1.6.10=. -std=c++11 -pedantic -Wall -Wcast-align -Wwrite-strings -Wswitch-default -Wcast-qual -Wunused-variable -Wredundant-decls -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -fstrict-aliasing -MD -MT sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -MF sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o.d -o sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -c /builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc: In function 'int {anonymous}::auth_pam_conv_hook(int, const pam_message**, pam_response**, void*)':
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc:80:36: error: 'dgettext' was not declared in this scope
   80 |             if (message.message == dgettext(PAM_TEXT_DOMAIN, "Password: ") ||
      |                                    ^~~~~~~~
[21/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam-conv-tty.cc.o
ninja: build stopped: subcommand failed.
=> ERROR: schroot-1.6.10_12: do_build: '${make_cmd} ${makejobs} ${make_build_args} ${make_build_target}' exited with 1
=> ERROR:   in do_build() at common/build-style/cmake.sh:92
Error: Process completed with exit code 1.
```

</details>

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (15 preceding siblings ...)
  2022-08-20  8:38 ` dataCobra
@ 2022-08-20  8:38 ` dataCobra
  2022-08-20  8:40 ` sgn
                   ` (13 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:38 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 2122 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259588

Comment:
Alright, progress! :slightly_smiling_face:

now there is only `x86-64-musl` left failing.

My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?
<details>
<summary>FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o</summary>

```
[20/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o
FAILED: sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o 
/usr/bin/g++  -I/builddir/schroot-1.6.10/build/lib -I/builddir/schroot-1.6.10/lib -I/builddir/schroot-1.6.10/build -I/builddir/schroot-1.6.10 -I/builddir/schroot-1.6.10/sbuild -I/builddir/schroot-1.6.10/build/sbuild -DNDEBUG -fstack-clash-protection -D_FORTIFY_SOURCE=2 -mtune=generic -O2    -fdebug-prefix-map=/builddir/schroot-1.6.10=. -std=c++11 -pedantic -Wall -Wcast-align -Wwrite-strings -Wswitch-default -Wcast-qual -Wunused-variable -Wredundant-decls -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -fstrict-aliasing -MD -MT sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -MF sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o.d -o sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam.cc.o -c /builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc: In function 'int {anonymous}::auth_pam_conv_hook(int, const pam_message**, pam_response**, void*)':
/builddir/schroot-1.6.10/sbuild/sbuild-auth-pam.cc:80:36: error: 'dgettext' was not declared in this scope
   80 |             if (message.message == dgettext(PAM_TEXT_DOMAIN, "Password: ") ||
      |                                    ^~~~~~~~
[21/143] Building CXX object sbuild/CMakeFiles/sbuild.dir/sbuild-auth-pam-conv-tty.cc.o
ninja: build stopped: subcommand failed.
=> ERROR: schroot-1.6.10_12: do_build: '${make_cmd} ${makejobs} ${make_build_args} ${make_build_target}' exited with 1
=> ERROR:   in do_build() at common/build-style/cmake.sh:92
Error: Process completed with exit code 1.
```

</details>

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (16 preceding siblings ...)
  2022-08-20  8:38 ` dataCobra
@ 2022-08-20  8:40 ` sgn
  2022-08-20  8:41 ` sgn
                   ` (12 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20  8:40 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1169 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259896

Comment:
> Alright, progress! slightly_smiling_face
> 
> now there is only `x86-64-musl` left failing.
> 
> My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?

Replace musl.patch with
```diff
--- a/sbuild/sbuild-auth-pam.cc
+++ b/sbuild/sbuild-auth-pam.cc
@@ -21,6 +21,7 @@
 #include "sbuild-auth-pam.h"
 #include "sbuild-auth-pam-conv.h"
 #include "sbuild-feature.h"
+#include "sbuild-i18n.h"
 
 #include <cassert>
 #include <cerrno>
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -176,7 +176,7 @@ if(GETTEXT_FOUND)
 endif(GETTEXT_FOUND)
 option(nls "Enable national language support (requires gettext)" ${NLS_DEFAULT})
 set(BUILD_NLS ${nls})
-set(SBUILD_FEATURE_NLS ${pam})
+set(SBUILD_FEATURE_NLS ${nls})
 
 # UUID generation
 check_include_file_cxx(uuid/uuid.h UUID_HEADER)
--- a/sbuild/sbuild-feature.cc
+++ b/sbuild/sbuild-feature.cc
@@ -21,6 +21,7 @@
 #include <iostream>
 
 #include "sbuild-feature.h"
+#include "sbuild-i18n.h"
 
 using namespace sbuild;
 
```

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (17 preceding siblings ...)
  2022-08-20  8:40 ` sgn
@ 2022-08-20  8:41 ` sgn
  2022-08-20  8:47 ` [PR PATCH] [Updated] " dataCobra
                   ` (11 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20  8:41 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1190 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221259896

Comment:
> Alright, progress! slightly_smiling_face
> 
> now there is only `x86-64-musl` left failing.
> 
> My knowledge about `musl` is pretty limited so can somebody help me resolv the issue?

Replace musl.patch (tested with 1.6.12) with
```diff
--- a/sbuild/sbuild-auth-pam.cc
+++ b/sbuild/sbuild-auth-pam.cc
@@ -21,6 +21,7 @@
 #include "sbuild-auth-pam.h"
 #include "sbuild-auth-pam-conv.h"
 #include "sbuild-feature.h"
+#include "sbuild-i18n.h"
 
 #include <cassert>
 #include <cerrno>
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -176,7 +176,7 @@ if(GETTEXT_FOUND)
 endif(GETTEXT_FOUND)
 option(nls "Enable national language support (requires gettext)" ${NLS_DEFAULT})
 set(BUILD_NLS ${nls})
-set(SBUILD_FEATURE_NLS ${pam})
+set(SBUILD_FEATURE_NLS ${nls})
 
 # UUID generation
 check_include_file_cxx(uuid/uuid.h UUID_HEADER)
--- a/sbuild/sbuild-feature.cc
+++ b/sbuild/sbuild-feature.cc
@@ -21,6 +21,7 @@
 #include <iostream>
 
 #include "sbuild-feature.h"
+#include "sbuild-i18n.h"
 
 using namespace sbuild;
 
```

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR PATCH] [Updated] schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (18 preceding siblings ...)
  2022-08-20  8:41 ` sgn
@ 2022-08-20  8:47 ` dataCobra
  2022-08-20  8:53 ` dataCobra
                   ` (10 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:47 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 586 bytes --]

There is an updated pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages schroot_1.6.10-12_CVE
https://github.com/void-linux/void-packages/pull/38779

schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
**Fix CVE-2022-2787 and update to Debian Bullseye package**

#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (x86_64)

A patch file from https://github.com/void-linux/void-packages/pull/38779.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-schroot_1.6.10-12_CVE-38779.patch --]
[-- Type: text/x-diff, Size: 5953 bytes --]

From a76d50aed7db5914a7819a14a0a56a295d46120c Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sat, 20 Aug 2022 10:47:09 +0200
Subject: [PATCH] schroot: update to 1.6.10-12+deb11u1.

---
 srcpkgs/schroot/patches/musl.patch | 41 ++++++++------
 srcpkgs/schroot/template           | 91 +++++++++++++++---------------
 2 files changed, 67 insertions(+), 65 deletions(-)

diff --git a/srcpkgs/schroot/patches/musl.patch b/srcpkgs/schroot/patches/musl.patch
index a8b3d56fd2d4..e0dcaf3bae01 100644
--- a/srcpkgs/schroot/patches/musl.patch
+++ b/srcpkgs/schroot/patches/musl.patch
@@ -1,25 +1,30 @@
-From 73936a423227aa78b7682bdd3edc20643763807b Mon Sep 17 00:00:00 2001
-From: Andrea Brancaleoni <abc@pompel.me>
-Date: Wed, 19 Sep 2018 11:22:47 +0200
-Subject: [PATCH] musl
-
----
- sbuild/sbuild-feature.cc | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git sbuild/sbuild-feature.cc sbuild/sbuild-feature.cc
-index 5ac4725..9902db3 100644
+--- a/sbuild/sbuild-auth-pam.cc
++++ b/sbuild/sbuild-auth-pam.cc
+@@ -21,6 +21,7 @@
+ #include "sbuild-auth-pam.h"
+ #include "sbuild-auth-pam-conv.h"
+ #include "sbuild-feature.h"
++#include "sbuild-i18n.h"
+ 
+ #include <cassert>
+ #include <cerrno>
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -176,7 +176,7 @@ if(GETTEXT_FOUND)
+ endif(GETTEXT_FOUND)
+ option(nls "Enable national language support (requires gettext)" ${NLS_DEFAULT})
+ set(BUILD_NLS ${nls})
+-set(SBUILD_FEATURE_NLS ${pam})
++set(SBUILD_FEATURE_NLS ${nls})
+ 
+ # UUID generation
+ check_include_file_cxx(uuid/uuid.h UUID_HEADER)
 --- a/sbuild/sbuild-feature.cc
 +++ b/sbuild/sbuild-feature.cc
-@@ -20,6 +20,8 @@
- 
+@@ -21,6 +21,7 @@
  #include <iostream>
  
-+#include <libintl.h>
-+
  #include "sbuild-feature.h"
++#include "sbuild-i18n.h"
  
  using namespace sbuild;
--- 
-2.19.0
-
diff --git a/srcpkgs/schroot/template b/srcpkgs/schroot/template
index 85416dee5e9c..fd9ff15c7140 100644
--- a/srcpkgs/schroot/template
+++ b/srcpkgs/schroot/template
@@ -2,70 +2,67 @@
 pkgname=schroot
 reverts="1.7.2_9"
 version=1.6.10
-revision=11
-_debian_version=3+deb9u1
-build_pie=yes
-build_style=gnu-configure
+revision=12
+_debian_version=12+deb11u1
+build_style=cmake
 configure_args="
-	--enable-dchroot
-	--enable-lvm-snapshot
-	--enable-btrfs-snapshot
-	--enable-block-device
-	--enable-loopback
-	--enable-uuid
-	BTRFS=/usr/bin/btrfs
-	BTRFSCTL=/usr/bin/btrfsctl
-	LVCREATE=/usr/sbin/lvcreate
-	LVREMOVE=/usr/sbin/lvremove"
+ -Ddchroot=ON
+ -Dlvm-snapshot=ON
+ -Dbtrfs-snapshot=ON
+ -Dblock-device=ON
+ -Dloopback=ON
+ -Duuid=ON
+ -DBTRFS_EXECUTABLE=/usr/bin/btrfs
+ -DLVCREATE_EXECUTABLE=/usr/sbin/lvcreate
+ -DLVREMOVE_EXECUTABLE=/usr/sbin/lvremove
+ -DZFS_EXECUTABLE=/usr/bin/zfs
+ -Dbash_completion_dir=/usr/share/bash-completion/completions"
 conf_files="
-	/etc/schroot/minimal/nssdatabases
-	/etc/schroot/minimal/fstab
-	/etc/schroot/minimal/copyfiles
-	/etc/schroot/buildd/nssdatabases
-	/etc/schroot/buildd/fstab
-	/etc/schroot/buildd/copyfiles
-	/etc/schroot/default/nssdatabases
-	/etc/schroot/default/fstab
-	/etc/schroot/default/copyfiles
-	/etc/schroot/schroot.conf
-	/etc/schroot/desktop/nssdatabases
-	/etc/schroot/desktop/fstab
-	/etc/schroot/desktop/copyfiles
-	/etc/schroot/sbuild/nssdatabases
-	/etc/schroot/sbuild/fstab
-	/etc/schroot/sbuild/copyfiles"
+ /etc/schroot/minimal/nssdatabases
+ /etc/schroot/minimal/fstab
+ /etc/schroot/minimal/copyfiles
+ /etc/schroot/buildd/nssdatabases
+ /etc/schroot/buildd/fstab
+ /etc/schroot/buildd/copyfiles
+ /etc/schroot/default/nssdatabases
+ /etc/schroot/default/fstab
+ /etc/schroot/default/copyfiles
+ /etc/schroot/schroot.conf
+ /etc/schroot/desktop/nssdatabases
+ /etc/schroot/desktop/fstab
+ /etc/schroot/desktop/copyfiles
+ /etc/schroot/sbuild/nssdatabases
+ /etc/schroot/sbuild/fstab
+ /etc/schroot/sbuild/copyfiles"
 make_dirs="
-	/var/lib/schroot/unpack 0755 root root
-	/var/lib/schroot/union/underlay 0755 root root
-	/var/lib/schroot/union/overlay 0755 root root
-	/var/lib/schroot/session 0755 root root
-	/var/lib/schroot/mount 0755 root root
-	/etc/schroot/chroot.d 0755 root root"
-hostmakedepends="cmake pkg-config automake libtool gettext xz"
-makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel gettext-devel
- libcppunit-devel"
+ /var/lib/schroot/unpack 0755 root root
+ /var/lib/schroot/union/underlay 0755 root root
+ /var/lib/schroot/union/overlay 0755 root root
+ /var/lib/schroot/session 0755 root root
+ /var/lib/schroot/mount 0755 root root
+ /etc/schroot/chroot.d 0755 root root"
+hostmakedepends="pkg-config libtool gettext xz po4a groff"
+makedepends="boost-devel pam-devel lockdev-devel libuuid-devel e2fsprogs-devel
+ gettext-devel libcppunit-devel"
 short_desc="Allows users to execute commands in different chroots"
 maintainer="Andrea Brancaleoni <miwaxe@gmail.com>"
-license="GPL-3"
+license="GPL-3.0-only"
 homepage="https://wiki.debian.org/Schroot"
 distfiles="
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
-${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
+ ${DEBIAN_SITE}/main/s/${pkgname}/${pkgname}_${version}.orig.tar.xz
+ http://security.debian.org/debian-security/pool/main/s/${pkgname}/${pkgname}_${version}-${_debian_version}.debian.tar.xz"
 checksum="
-3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
-56bc82fc8ae7f6ca7eef506ccc1dca1211b2c84d83efc50d24670b8bdb9ea8bb"
+ 3ce8dfd9cb97b099e4b6d4ccec421d6cc8c9ef84574681e928a12badb5643d0b
+ 7bd4e0c2709979362c86a86c10d2b23d290d26e1a2d301a602e829327f483ec1"
 nocross=yes
 
 pre_configure() {
 	cat ../debian/patches/series | while read p; do
 		patch -p1 -i ../debian/patches/$p
 	done
-	autoreconf -fi
 }
 
 post_install() {
-	vmkdir usr/share/bash-completion/completions
-	mv ${DESTDIR}/etc/bash_completion.d/* ${DESTDIR}/usr/share/bash-completion/completions
 	# Remove development files
 	rm -rf ${DESTDIR}/usr/include \
 		${DESTDIR}/usr/lib/*.a \

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (19 preceding siblings ...)
  2022-08-20  8:47 ` [PR PATCH] [Updated] " dataCobra
@ 2022-08-20  8:53 ` dataCobra
  2022-08-20  8:54 ` sgn
                   ` (9 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 426 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221261515

Comment:
I've changed the musl.patch and now the checks passed. :+1:

Thanks @sgn.

Now there is only the question from @thypon left. :slightly_smiling_face: 
> Hey @thypon,
> 
> > Have you tested dynamically?
> 
> Could you explain a bit further what you mean with dynamically?



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (20 preceding siblings ...)
  2022-08-20  8:53 ` dataCobra
@ 2022-08-20  8:54 ` sgn
  2022-08-20  8:55 ` thypon
                   ` (8 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20  8:54 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 238 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221261641

Comment:
I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (21 preceding siblings ...)
  2022-08-20  8:54 ` sgn
@ 2022-08-20  8:55 ` thypon
  2022-08-20  8:58 ` sgn
                   ` (7 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: thypon @ 2022-08-20  8:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 269 bytes --]

New comment by thypon on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221261790

Comment:
I tried bumping to 1.7 in the past with scarse results. Schroot was super unstable. I wonder if this vuln fix is usable instead.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (22 preceding siblings ...)
  2022-08-20  8:55 ` thypon
@ 2022-08-20  8:58 ` sgn
  2022-08-20  8:59 ` dataCobra
                   ` (6 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20  8:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 249 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262158

Comment:
I think `schroot` upstream uses 1.7 for development, Debian unstable uses `1.6.12` and Debian sid uses `1.6.13`

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (23 preceding siblings ...)
  2022-08-20  8:58 ` sgn
@ 2022-08-20  8:59 ` dataCobra
  2022-08-20  8:59 ` dataCobra
                   ` (5 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:59 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 601 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262286

Comment:
> I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790

Yeah I've run the whole process manually on my system (x86_64).

We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy. "Void focuses on stability, rather than on being bleeding-edge. Install once, update routinely and safely."

You're the team members so you should decide. :+1:

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (24 preceding siblings ...)
  2022-08-20  8:59 ` dataCobra
@ 2022-08-20  8:59 ` dataCobra
  2022-08-20  8:59 ` dataCobra
                   ` (4 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:59 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 493 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262286

Comment:
> I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790

Yeah I've run the whole process manually on my system (x86_64).

We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy.

You're the team members so you should decide. :+1:

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (25 preceding siblings ...)
  2022-08-20  8:59 ` dataCobra
@ 2022-08-20  8:59 ` dataCobra
  2022-08-20  9:00 ` thypon
                   ` (3 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-20  8:59 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 486 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262286

Comment:
> I guess he meant you run it manually? I think we should upgrade to match with Debian unstable #38790

Yeah I've run the whole process manually on my system (x86_64).

We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy.

You're the team members so you decide. :+1:

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (26 preceding siblings ...)
  2022-08-20  8:59 ` dataCobra
@ 2022-08-20  9:00 ` thypon
  2022-08-20  9:12 ` sgn
                   ` (2 subsequent siblings)
  30 siblings, 0 replies; 32+ messages in thread
From: thypon @ 2022-08-20  9:00 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 258 bytes --]

New comment by thypon on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221262435

Comment:
If it runs fine, I'm good. Unfortunately I won't be able to access any build machine until September to test, though.

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (27 preceding siblings ...)
  2022-08-20  9:00 ` thypon
@ 2022-08-20  9:12 ` sgn
  2022-08-21 11:31 ` dataCobra
  2022-08-21 11:57 ` [PR PATCH] [Merged]: " sgn
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-20  9:12 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 379 bytes --]

New comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221264000

Comment:
> We could upgrade to match Debian unstable. But I assumed this would conflict with the "Stable rolling release" philosophy.

We aren't Debian, we want both stable and rolling release. But, our stable is different from Debian's stable.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (28 preceding siblings ...)
  2022-08-20  9:12 ` sgn
@ 2022-08-21 11:31 ` dataCobra
  2022-08-21 11:57 ` [PR PATCH] [Merged]: " sgn
  30 siblings, 0 replies; 32+ messages in thread
From: dataCobra @ 2022-08-21 11:31 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by dataCobra on void-packages repository

https://github.com/void-linux/void-packages/pull/38779#issuecomment-1221527141

Comment:
Hey @sgn, 

might it be good to merge this PR to fix the CVE while you figure out 1.6.12 in your new PR?


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [PR PATCH] [Merged]: schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
  2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
                   ` (29 preceding siblings ...)
  2022-08-21 11:31 ` dataCobra
@ 2022-08-21 11:57 ` sgn
  30 siblings, 0 replies; 32+ messages in thread
From: sgn @ 2022-08-21 11:57 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 412 bytes --]

There's a merged pull request on the void-packages repository

schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787
https://github.com/void-linux/void-packages/pull/38779

Description:
**Fix CVE-2022-2787 and update to Debian Bullseye package**

#### Testing the changes
- I tested the changes in this PR: **briefly**

#### Local build testing
- I built this PR locally for my native architecture, (x86_64)

^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, other threads:[~2022-08-21 11:57 UTC | newest]

Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-19  8:12 [PR PATCH] schroot: update to 1.6.10-12+deb11u1 dataCobra
2022-08-19  8:20 ` schroot: update to 1.6.10-12+deb11u1. CVE-2022-2787 dataCobra
2022-08-19  8:22 ` dataCobra
2022-08-19  8:25 ` dataCobra
2022-08-19 14:17 ` [PR REVIEW] " classabbyamp
2022-08-19 14:17 ` classabbyamp
2022-08-19 17:36 ` sgn
2022-08-19 17:46 ` sgn
2022-08-19 17:47 ` dataCobra
2022-08-19 17:48 ` dataCobra
2022-08-19 17:50 ` dataCobra
2022-08-20  8:18 ` dataCobra
2022-08-20  8:20 ` thypon
2022-08-20  8:26 ` [PR PATCH] [Updated] " dataCobra
2022-08-20  8:31 ` dataCobra
2022-08-20  8:34 ` [PR REVIEW] " dataCobra
2022-08-20  8:38 ` dataCobra
2022-08-20  8:38 ` dataCobra
2022-08-20  8:40 ` sgn
2022-08-20  8:41 ` sgn
2022-08-20  8:47 ` [PR PATCH] [Updated] " dataCobra
2022-08-20  8:53 ` dataCobra
2022-08-20  8:54 ` sgn
2022-08-20  8:55 ` thypon
2022-08-20  8:58 ` sgn
2022-08-20  8:59 ` dataCobra
2022-08-20  8:59 ` dataCobra
2022-08-20  8:59 ` dataCobra
2022-08-20  9:00 ` thypon
2022-08-20  9:12 ` sgn
2022-08-21 11:31 ` dataCobra
2022-08-21 11:57 ` [PR PATCH] [Merged]: " sgn

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).