Your message dated Sat, 31 Aug 2013 13:18:57 +0000
with message-id <[email protected]>
and subject line Bug#718285: fixed in p11-kit 0.18.5-2
has caused the Debian Bug report #718285,
regarding p11-kit: issetugid() should be prefered over getauxval()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
718285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718285
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: p11-kit
Version: 0.18.5-1
Severity: serious
User: [email protected]
Usertags: kfreebsd
Hi,
this is follow up to #717912.
While the libc header can be fixed, the use case in p11-kit is wrong one.
Please try convince upstream to prefer issetugid()
and use getauxval() only under linux.
I expect that
https://bugs.freedesktop.org/show_bug.cgi?id=67451
have the same reason ...
Petr
-------------------------------------------------------------------------
p11-kit 0.18.5 uses getauxval (AT_SECURE) to detect SUID or SGID execution.
It checks at configure time for the function with
AC_CHECK_FUNCS([getauxval], but not whether AT_SECURE works. If
getauxval is missing a replacement will be used. The fact that
getauxval(AT_SECURE) does not throw a compiler error on freebsd (as
in: error: 'AT_SECURE' undeclared) makes writing a configure test
unnecessarily complicated.
Blindly using getauxval() for detecting issetugid () is wrong approach,
especially for security detection.
Please see man page:
RETURN VALUE
On success, getauxval() returns the value corresponding to type. If type
is not found, 0 is returned.
ERRORS
No errors are diagnosed.
There is no guarantee, that when AT_SECURE is defined,
it will be also supplied by kernel.
--- End Message ---
--- Begin Message ---
Source: p11-kit
Source-Version: 0.18.5-2
We believe that the bug you reported is fixed in the latest version of
p11-kit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated p11-kit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Sat, 31 Aug 2013 15:05:17 +0200
Source: p11-kit
Binary: libp11-kit-dev libp11-kit0 p11-kit libp11-kit0-dbg
Architecture: source i386
Version: 0.18.5-2
Distribution: experimental
Urgency: low
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Description:
libp11-kit-dev - Library for loading and coordinating access to PKCS#11
modules -
libp11-kit0 - Library for loading and coordinating access to PKCS#11 modules -
libp11-kit0-dbg - load and coordinate access to PKCS#11 modules - debugging
symbols
p11-kit - p11-glue utilities, proxy and trust modules
Closes: 718285
Changes:
p11-kit (0.18.5-2) experimental; urgency=low
.
* 30_nogetauxvalonbsd.diff 31_autoreconf.diff: Do not use getauxval on
!linux, prefering issetugid(). Closes: #718285
* Upload to experimental.
Checksums-Sha1:
a4a2a2ca42706da735c96d1f6622a1c6071c005a 1504 p11-kit_0.18.5-2.dsc
12d78d0dc3875ffb433adc14e147f08791dd821d 11240 p11-kit_0.18.5-2.debian.tar.gz
472294e9635b1c798c2cf3ba02629b06eb185a21 111544
libp11-kit-dev_0.18.5-2_i386.deb
0604d79cbffbd290a722b7fbe71b933848b7bc54 103670 libp11-kit0_0.18.5-2_i386.deb
079716946b894778e060954d2401e34bb713cd1d 164944 p11-kit_0.18.5-2_i386.deb
ca10f0a71bd569a22b4e38dfc531153f7859c6c4 322960
libp11-kit0-dbg_0.18.5-2_i386.deb
Checksums-Sha256:
69410e1ea0878f5cc938bb1cb2036cacbf2927af598b22b3d0e9268b26d316ad 1504
p11-kit_0.18.5-2.dsc
a4ba341372f9e4c0f5f93889c1613716c157351582c6830dc89e1f174a4793a1 11240
p11-kit_0.18.5-2.debian.tar.gz
61ac521770a905c233d86db8870ec97726f5a9f805b9ec90b635b8ba164bcdcf 111544
libp11-kit-dev_0.18.5-2_i386.deb
ab3b8b6535a823f6b9671c33b2e5e2b3b52beeba40e73339c561f2a4a96a3ae2 103670
libp11-kit0_0.18.5-2_i386.deb
a47c81b177ef75de1a7bad3ba8de0830ce23b065d045b739b5cacb04a752521a 164944
p11-kit_0.18.5-2_i386.deb
461bab1b00fa2b8b29ddadef8a964e97f67ddd9771643e8ae55aedb381a05fdd 322960
libp11-kit0-dbg_0.18.5-2_i386.deb
Files:
d7193fc6e15e36ec4035aecbf6b1c18c 1504 libs extra p11-kit_0.18.5-2.dsc
4ae9b4781e568bb2ae4a483a57e68e00 11240 libs extra
p11-kit_0.18.5-2.debian.tar.gz
e6256e6756ace86db87c28b3ae86a6cb 111544 libdevel optional
libp11-kit-dev_0.18.5-2_i386.deb
0cf1ea56bbc7fdaebea6ec78478f1f11 103670 libs standard
libp11-kit0_0.18.5-2_i386.deb
9d15c5bd43b5b7153db23d9338ff5924 164944 misc extra p11-kit_0.18.5-2_i386.deb
746a28768a7d5593c5ce5d49b07c0aa4 322960 debug extra
libp11-kit0-dbg_0.18.5-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEAREDAAYFAlIh6pQACgkQHTOcZYuNdmM/cwCcDWWlB+N0/adCfNKNKX7Zo0Ey
sIsAn2bRwDv/bYiXE5hzmbU81yjcVs3o
=yWDx
-----END PGP SIGNATURE-----
--- End Message ---
