Your message dated Sat, 11 Jul 2015 10:04:47 +0000
with message-id <[email protected]>
and subject line Bug#792095: fixed in p11-kit 0.23.1-3
has caused the Debian Bug report #792095,
regarding p11-kit: FTBFS on hurd-i386
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
792095: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792095
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: p11-kit
Version: 0.23.1-2
Severity: important
Tags: patch
User: [email protected]
Usertags: hurd
Hi,
currently, p11-kit fails to compile on hurd-i386 [1].
The first problem is in path 30_nogetauxvalonbsd.diff, due to the usage
of issetugid() in secure_getenv() when getauxval() is not present; since
that patch itself provides a _p11_getauxval() helper, then just use it.
The second issue is due to the different semantics of
__libc_enable_secure, as used for the getauxval() reimplementation.
More details in the description of attached hurd_enable_secure.diff,
which makes the getauxval() reimplementation behave as p11-kit expects.
Side note: I took the liberty to change patch 30_nogetauxvalonbsd.diff
so it does not duplicate the AC_CHECK_FUNCS; this part can be left out,
if deemed not necessary.
[1]
https://buildd.debian.org/status/fetch.php?pkg=p11-kit&arch=hurd-i386&ver=0.23.1-2&stamp=1430116334
Thanks,
--
Pino
Description: Do not use getauxval on !linux.
Origin: vendor
Bug-Debian: http://bugs.debian.org/718285
Author: Andreas Metzler <[email protected]>
Last-Update: 2015-07-11
--- a/common/compat.c
+++ b/common/compat.c
@@ -800,7 +800,7 @@
#ifndef HAVE_GETAUXVAL
unsigned long
-getauxval (unsigned long type)
+_p11_getauxval (unsigned long type)
{
static unsigned long secure = 0UL;
static bool check_secure_initialized = false;
@@ -848,7 +848,7 @@
char *
secure_getenv (const char *name)
{
- if (getauxval (AT_SECURE))
+ if (_p11_getauxval (AT_SECURE))
return NULL;
return getenv (name);
}
--- a/common/compat.h
+++ b/common/compat.h
@@ -312,10 +312,11 @@
#ifdef HAVE_GETAUXVAL
#include <sys/auxv.h>
+#define _p11_getauxval(X) getauxval(X)
#else /* !HAVE_GETAUXVAL */
-unsigned long getauxval (unsigned long type);
+unsigned long _p11_getauxval (unsigned long type);
#define AT_SECURE 23
--- a/common/path.c
+++ b/common/path.c
@@ -106,7 +106,7 @@
{
const char *env;
- if (getauxval (AT_SECURE)) {
+ if (_p11_getauxval (AT_SECURE)) {
errno = EPERM;
return NULL;
}
--- a/common/frob-getauxval.c
+++ b/common/frob-getauxval.c
@@ -55,7 +55,7 @@
abort ();
}
- ret = getauxval (type);
+ ret = _p11_getauxval (type);
printf ("getauxval(%lu) == %lu\n", type, ret);
return (int)ret;
}
--- a/configure.ac
+++ b/configure.ac
@@ -51,6 +51,12 @@
os_win32=yes
os_unix=no
;;
+ *-*-linux*)
+ AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
+ os_win32=no
+ os_unix=yes
+ os_linux=yes
+ ;;
*)
AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
os_win32=no
@@ -88,7 +94,11 @@
AC_CHECK_HEADERS([sys/resource.h])
AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include <dirent.h>])
AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp])
- AC_CHECK_FUNCS([getauxval issetugid getresuid secure_getenv])
+ AC_CHECK_FUNCS([issetugid getresuid secure_getenv])
+ if test "$os_linux" = "yes"; then
+ # Use getauxval on Linux only.
+ AC_CHECK_FUNCS([getauxval])
+ fi
AC_CHECK_FUNCS([strnstr memdup strndup strerror_r])
AC_CHECK_FUNCS([asprintf vasprintf vsnprintf])
AC_CHECK_FUNCS([timegm])
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -228,7 +228,7 @@
goto finished;
}
- if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) {
+ if (mode != CONF_USER_NONE && _p11_getauxval (AT_SECURE)) {
p11_debug ("skipping user config in setuid or setgid program");
mode = CONF_USER_NONE;
}
--- a/p11-kit/frob-setuid.c
+++ b/p11-kit/frob-setuid.c
@@ -70,7 +70,7 @@
printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
assert (field != NULL);
- if (getauxval (AT_SECURE))
+ if (_p11_getauxval (AT_SECURE))
assert (strcmp (field, "system1") == 0);
else
assert (strcmp (field, "user1") == 0);
Author: Pino Toscano <[email protected]>
Description: Disable __libc_enable_secure usage on Hurd
__libc_enable_secure is not set as 1 when executing something as sgid
and the differet gid is still part of the user's own groups. See also:
- http://lists.gnu.org/archive/html/bug-hurd/2015-06/msg00051.html
- http://lists.gnu.org/archive/html/bug-hurd/2015-07/msg00000.html
.
The rest of the getauxval reimplementation will do its job according
to what p11-kit expects.
Last-Update: 2015-07-11
--- a/common/compat.c
+++ b/common/compat.c
@@ -812,7 +812,7 @@
assert (type == AT_SECURE);
if (!check_secure_initialized) {
-#if defined(HAVE___LIBC_ENABLE_SECURE)
+#if defined(HAVE___LIBC_ENABLE_SECURE) && !defined(__GNU__)
extern int __libc_enable_secure;
secure = __libc_enable_secure;
--- End Message ---
--- Begin Message ---
Source: p11-kit
Source-Version: 0.23.1-3
We believe that the bug you reported is fixed in the latest version of
p11-kit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated p11-kit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 11 Jul 2015 11:53:04 +0200
Source: p11-kit
Binary: libp11-kit-dev libp11-kit0 p11-kit p11-kit-modules libp11-kit0-dbg
Architecture: source i386
Version: 0.23.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Description:
libp11-kit-dev - Library for loading and coordinating access to PKCS#11
modules -
libp11-kit0 - Library for loading and coordinating access to PKCS#11 modules -
libp11-kit0-dbg - load and coordinate access to PKCS#11 modules - debugging
symbols
p11-kit - p11-glue utilities
p11-kit-modules - p11-glue proxy and trust modules
Closes: 792095
Changes:
p11-kit (0.23.1-3) unstable; urgency=medium
.
* Build-fixes for hurd by Pino Toscano:
+ 30_nogetauxvalonbsd.diff: Always use _p11_getauxval() helper.
+ 35_hurd_enable_secure.diff: Disable __libc_enable_secure usage on Hurd.
Closes: #792095
Checksums-Sha1:
3c6855032c9449fdba6c79ac9f61f9c08a37ddf7 2221 p11-kit_0.23.1-3.dsc
8caddea452dcac81a23d100f45cf96aecfa52f87 14860 p11-kit_0.23.1-3.debian.tar.xz
f361033c7f03bc89e9f2fe87ccdae0827f1b652d 63556 libp11-kit-dev_0.23.1-3_i386.deb
395d952f7537fa09d5b68c7de1eaa0e4c2ae6065 539082
libp11-kit0-dbg_0.23.1-3_i386.deb
e02fdea38b13002a4629eda2ed4e68bf2f754738 114022 libp11-kit0_0.23.1-3_i386.deb
b2409b478241e3a11b12ca240680a21e5fe83658 75728
p11-kit-modules_0.23.1-3_i386.deb
b055240fb9bcd2195b264486db63df165e3605cb 108614 p11-kit_0.23.1-3_i386.deb
Checksums-Sha256:
79ea900ccd7a689136c6be540587ef9665d6bd2dcfcfefdb29977f374e0ecc1c 2221
p11-kit_0.23.1-3.dsc
d7e1984697c7d97f95932ae2f65ef96682610044c5fc82f1769662a98d304951 14860
p11-kit_0.23.1-3.debian.tar.xz
16018c855d78e8f3bd9526aa49019efd661986852ba7a05ad6e7088497fd6275 63556
libp11-kit-dev_0.23.1-3_i386.deb
6e1ed816b4474d18d72b43671c280380bdb56d2249c0a51bf52528dee3b407e0 539082
libp11-kit0-dbg_0.23.1-3_i386.deb
af19c42e87a394197d6367eb6553cccfd5ca6721313b65d7baf6d0919803ecee 114022
libp11-kit0_0.23.1-3_i386.deb
1661d59f76f65b2ee263088683e63ddea08dc87e774366676641567033185a51 75728
p11-kit-modules_0.23.1-3_i386.deb
cc6b01ef4684973e459faa89240ce861822aa73a84e84b1864d80b86bd23ecb1 108614
p11-kit_0.23.1-3_i386.deb
Files:
c26e0e99794735ef93e724fc740d0f97 2221 libs extra p11-kit_0.23.1-3.dsc
68fcec0b252263f806e2828357e1f088 14860 libs extra
p11-kit_0.23.1-3.debian.tar.xz
19917762657b72d9906b94b77e7113eb 63556 libdevel optional
libp11-kit-dev_0.23.1-3_i386.deb
f4b104447acb86677694baa65c6d0088 539082 debug extra
libp11-kit0-dbg_0.23.1-3_i386.deb
0d40af2cfbac8c1e00d31342e32b191e 114022 libs standard
libp11-kit0_0.23.1-3_i386.deb
0f3b3fd66e6de4e647734ba6d4488947 75728 misc extra
p11-kit-modules_0.23.1-3_i386.deb
bda8e5d68300d44483af2d50479c0ff1 108614 misc extra p11-kit_0.23.1-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVoOjcAAoJEKVPAYVDghSEf18P/R2RfC0dCij1g2j2gDkxjF9r
TrzixSKCWe1p7l1r1neyuDuF5lfPnwp8q6QsZwhkc2F5ebe7cbpKqu1rP5CPqauy
E2utSMwz+Dr3gPTvYqLhNKWNPRf/MNEI2ECVX5bb3p5AAHFxRL+24nhJr5jjI55b
hZTkRNKBDSkqfp6WqCd6r91NUXaDmvgO4I6eR4KvDRJAysTS0Zm/nbHqwyA2gF8A
Skrj8wi/WZfFIfsJTDKblLglvJHMpFjpuJTOqYWXWrKJisPROf/J+2bsB7Jvbum5
NlvcwbgvTqQpqRYHpeIZui7qHN5lXjuSoTSUOAn8XeKUsELlfWz9J4/U4CTzEw13
V82bXfg4Nxud8OoAEWH5X5YrQtoFEs639J2XN6CXmVZRQ+pd4DHCe0CAKPG+WDHc
YVRsbqp0FA2UHYewHXGms2LjDdjCd4MqVzQM4N7EbGvvHw4YND8qqQh16AF3xIai
o+jx5Oh3iK3nKTViuDeOG/3QqiHE4d4q4gts5avrAsfXWAXrA8t0lj4ONzvtTclU
Qr1uwTS+kGHWIqJI+hhPX5BchyQItFIKgvFZ1ltmdZ5ddpf/IWUrGacs1k6Z9df/
0epjyTFdNq4npykaA7KqPlBOL+l4ZIwzvZ+TSBZLP09Z0Xj2NJQM+sFP6EwSJkzK
ndj+u1B7NERm+tJPkuP6
=bfYJ
-----END PGP SIGNATURE-----
--- End Message ---