Dear release team, I uploaded again a new revision of gnunet, with this new fix: * Do not set-UID gnunet-helper-fs-publish (Closes: #691154).
The full debdiff against the current version in testing is attached. Do you think it would get a freeze exception ? Cheers, Bertrand
diff -Nru gnunet-0.9.3/debian/changelog gnunet-0.9.3/debian/changelog --- gnunet-0.9.3/debian/changelog 2012-08-26 16:18:16.000000000 +0200 +++ gnunet-0.9.3/debian/changelog 2012-10-22 22:55:16.000000000 +0200 @@ -1,3 +1,23 @@ +gnunet (0.9.3-4) unstable; urgency=low + + * Drop dependency on gettext for gnunet-client and gnunet-server as it is not + necessary, thanks to Ivan Shmakov (Closes: #690860). + * Revert the use dh_installdocs --link-doc (Closes: #687875, #687881, + #687883). + * Fix build on kfreebsd, thanks to Christoph Egger (Closes: #688486). + * Allways install libnss to /lib and fix FTBFS on ia64 (Closes: #688590). + * Install libnss to /lib, really fix #688590, thanks to Christian Grothoff. + * Change default option UNIX_MATCH_UID for services datastore and namestore, + so users in the gnunet group may use these services (Closes: #686238, + #684317). + * Update libgcrypt version check to a less strict check, patch picked from + upstream, following Werner Koch's advice (Closes: #684997). + * gnunet-server.postinst: check the existence of a binary before changing its + permissions (Closes: #688484). + * Do not set-UID gnunet-helper-fs-publish (Closes: #691154). + + -- Bertrand Marc <beberk...@gmail.com> Mon, 22 Oct 2012 22:52:43 +0200 + gnunet (0.9.3-3) unstable; urgency=low * debian/control: update Vcs-* to the new repository in collab-maint. diff -Nru gnunet-0.9.3/debian/control gnunet-0.9.3/debian/control --- gnunet-0.9.3/debian/control 2012-08-05 20:12:01.000000000 +0200 +++ gnunet-0.9.3/debian/control 2012-10-18 21:13:37.000000000 +0200 @@ -30,8 +30,7 @@ Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: - ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}), - gettext + ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}) Suggests: gnunet-server, libextractor-plugins Description: secure, trust-based peer-to-peer framework (client) GNUnet is a peer-to-peer framework which focuses on providing security. All @@ -75,7 +74,7 @@ Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends}, gnunet-common (= ${binary:Version}), - adduser, gettext, netbase + adduser, netbase Suggests: miniupnpc Breaks: gnunet-fuse (<<0.9), gnunet-client (<<0.9) Replaces: gnunet-fuse (<<0.9), gnunet-client (<<0.9) diff -Nru gnunet-0.9.3/debian/gnunet-client.docs gnunet-0.9.3/debian/gnunet-client.docs --- gnunet-0.9.3/debian/gnunet-client.docs 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/gnunet-client.docs 2012-09-27 22:30:34.000000000 +0200 @@ -0,0 +1,2 @@ +AUTHORS +README diff -Nru gnunet-0.9.3/debian/gnunet-dev.docs gnunet-0.9.3/debian/gnunet-dev.docs --- gnunet-0.9.3/debian/gnunet-dev.docs 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/gnunet-dev.docs 2012-09-27 22:30:34.000000000 +0200 @@ -0,0 +1,2 @@ +AUTHORS +README diff -Nru gnunet-0.9.3/debian/gnunet.docs gnunet-0.9.3/debian/gnunet.docs --- gnunet-0.9.3/debian/gnunet.docs 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/gnunet.docs 2012-09-27 22:30:34.000000000 +0200 @@ -0,0 +1,2 @@ +AUTHORS +README diff -Nru gnunet-0.9.3/debian/gnunet-server.docs gnunet-0.9.3/debian/gnunet-server.docs --- gnunet-0.9.3/debian/gnunet-server.docs 2012-05-05 14:37:00.000000000 +0200 +++ gnunet-0.9.3/debian/gnunet-server.docs 2012-09-27 22:30:34.000000000 +0200 @@ -1,2 +1,4 @@ +AUTHORS +README doc/README.mysql doc/README.postgres diff -Nru gnunet-0.9.3/debian/gnunet-server.install gnunet-0.9.3/debian/gnunet-server.install --- gnunet-0.9.3/debian/gnunet-server.install 2012-06-17 12:04:20.000000000 +0200 +++ gnunet-0.9.3/debian/gnunet-server.install 2012-10-15 12:01:20.000000000 +0200 @@ -41,9 +41,9 @@ usr/lib/libgnunettransporttesting.so.* usr/lib/libgnunettun.so.* usr/lib/libgnunetvpn.so.* -usr/lib/libnss_gns.so.2 -usr/lib/libnss_gns4.so.2 -usr/lib/libnss_gns6.so.2 +lib/libnss_gns.so.2 +lib/libnss_gns4.so.2 +lib/libnss_gns6.so.2 usr/lib/gnunet/*.so usr/share/gnunet/config.d usr/share/gnunet/hellos/* diff -Nru gnunet-0.9.3/debian/gnunet-server.install.kfreebsd gnunet-0.9.3/debian/gnunet-server.install.kfreebsd --- gnunet-0.9.3/debian/gnunet-server.install.kfreebsd 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/gnunet-server.install.kfreebsd 2012-09-29 08:13:17.000000000 +0200 @@ -0,0 +1,52 @@ +etc/gnunet.conf +usr/bin/gnunet-arm +usr/bin/gnunet-core +usr/bin/gnunet-daemon-* +usr/bin/gnunet-dht-* +usr/bin/gnunet-fs +usr/bin/gnunet-gns* +usr/bin/gnunet-helper-* +usr/bin/gnunet-namestore +usr/bin/gnunet-nat-server +usr/bin/gnunet-peerinfo +usr/bin/gnunet-resolver +usr/bin/gnunet-rsa +usr/bin/gnunet-service-* +usr/bin/gnunet-testing +usr/bin/gnunet-transport +usr/bin/gnunet-transport-certificate-creation +usr/bin/mockup-service +usr/lib/libgnunetarm.so.* +usr/lib/libgnunetats.so.* +usr/lib/libgnunetblock.so.* +usr/lib/libgnunetcore.so.* +usr/lib/libgnunetdatacache.so.* +usr/lib/libgnunetdht.so.* +usr/lib/libgnunetfragmentation.so.* +usr/lib/libgnunethello.so.* +usr/lib/libgnunetlockmanager.so.0* +usr/lib/libgnunetmesh.so.* +usr/lib/libgnunetnamestore.so.* +usr/lib/libgnunetnat.so.* +usr/lib/libgnunetnse.so.* +usr/lib/libgnunetpeerinfo.so.* +usr/lib/libgnunettesting.so.* +usr/lib/libgnunettesting_new.so.0* +usr/lib/libgnunettestbed.so.0* +usr/lib/libgnunettransport.so.* +usr/lib/libgnunettransporttesting.so.* +usr/lib/libgnunettun.so.* +usr/lib/gnunet/*.so +usr/share/gnunet/config.d +usr/share/gnunet/hellos/* +usr/share/man/man1/gnunet-arm.1 +usr/share/man/man1/gnunet-core.1 +usr/share/man/man1/gnunet-fs.1 +usr/share/man/man1/gnunet-gns.1 +usr/share/man/man1/gnunet-namestore.1 +usr/share/man/man1/gnunet-nat-server.1 +usr/share/man/man1/gnunet-peerinfo.1 +usr/share/man/man1/gnunet-rsa.1 +usr/share/man/man1/gnunet-transport.1 +usr/share/man/man1/gnunet-vpn.1 +debian/man/* usr/share/man/man1/ diff -Nru gnunet-0.9.3/debian/gnunet-server.postinst gnunet-0.9.3/debian/gnunet-server.postinst --- gnunet-0.9.3/debian/gnunet-server.postinst 2012-07-07 15:50:27.000000000 +0200 +++ gnunet-0.9.3/debian/gnunet-server.postinst 2012-10-22 22:51:14.000000000 +0200 @@ -79,25 +79,26 @@ chmod 0700 "${SERVICEHOME}" || true # Restrict access on setuid binaries for file in /usr/bin/gnunet-helper-exit \ - /usr/bin/gnunet-helper-fs-publish \ /usr/bin/gnunet-helper-nat-client \ /usr/bin/gnunet-helper-nat-server \ /usr/bin/gnunet-helper-transport-wlan \ /usr/bin/gnunet-helper-vpn do # only do something when no setting exists - if ! dpkg-statoverride --list $file >/dev/null 2>&1 + if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ] then chown root:${_GROUPNAME} $file chmod 4754 $file fi done - if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 + if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \ + && [ -e /usr/bin/gnunet-helper-dns ] then chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns chmod 4754 /usr/bin/gnunet-helper-dns fi - if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 + if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \ + && [ -e /usr/bin/gnunet-service-dns ] then chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns chmod 2754 /usr/bin/gnunet-service-dns diff -Nru gnunet-0.9.3/debian/patches/configure_libnss.diff gnunet-0.9.3/debian/patches/configure_libnss.diff --- gnunet-0.9.3/debian/patches/configure_libnss.diff 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/patches/configure_libnss.diff 2012-10-15 11:14:19.000000000 +0200 @@ -0,0 +1,71 @@ +--- a/src/gns/nss/Makefile.am ++++ b/src/gns/nss/Makefile.am +@@ -21,20 +21,18 @@ + + AM_LDFLAGS=-avoid-version -module -export-dynamic + +-if HAVE_SUDO +-nssdir = /lib/ +-else +-nssdir = $(libdir) +-endif ++nssdir = $(NSS_DIR) + + LIBTOOL = $(SUDO_BINARY) $(SHELL) $(top_builddir)/libtool + + if !MINGW ++if INSTALL_NSS + nss_LTLIBRARIES = \ + libnss_gns.la \ + libnss_gns4.la \ + libnss_gns6.la + endif ++endif + + sources = nss_gns_query.h nss_gns_query.c + +--- a/configure.ac ++++ b/configure.ac +@@ -780,6 +780,42 @@ + AC_SUBST(SUDO_BINARY) + AM_CONDITIONAL([HAVE_SUDO], [test "x$SUDO_BINARY" != "x" -o -w /]) + ++ ++# test for nssdir ++AC_MSG_CHECKING(with nssdir) ++AC_ARG_WITH(nssdir, ++ [ --with-nssdir=PATH where to install NSS plugins], ++ [AC_MSG_RESULT("$with_nssdir") ++ case $with_nssdir in ++ no) ++ NSS_DIR= ++ install_nss=0 ++ ;; ++ yes) ++ NSS_DIR="/lib" ++ install_nss=1 ++ ;; ++ *) ++ NSS_DIR=$with_nssdir ++ install_nss=1 ++ ;; ++ esac ++ ], ++ [ ++ if test "x$SUDO_BINARY" != "x" -o -w / ++ then ++ NSS_DIR="/lib" ++ install_nss=1 ++ AC_MSG_RESULT([yes, to /lib]) ++ else ++ NSS_DIR= ++ install_nss=0 ++ AC_MSG_RESULT([no]) ++ fi ++ ]) ++AC_SUBST(NSS_DIR) ++AM_CONDITIONAL([INSTALL_NSS], [test "x$install_nss" != "x0"]) ++ + # test for gnunetdns group name + GNUNETDNS_GROUP=gnunetdns + AC_MSG_CHECKING(for gnunetdns group name) diff -Nru gnunet-0.9.3/debian/patches/default_config_datastore.diff gnunet-0.9.3/debian/patches/default_config_datastore.diff --- gnunet-0.9.3/debian/patches/default_config_datastore.diff 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/patches/default_config_datastore.diff 2012-09-29 14:59:19.000000000 +0200 @@ -0,0 +1,13 @@ +Index: src/datastore/datastore.conf.in +=================================================================== +--- a/src/datastore/datastore.conf.in ++++ b/src/datastore/datastore.conf.in +@@ -1,7 +1,7 @@ + [datastore] + AUTOSTART = YES + UNIXPATH = /tmp/gnunet-service-datastore.sock +-UNIX_MATCH_UID = YES ++UNIX_MATCH_UID = NO + UNIX_MATCH_GID = YES + @UNIXONLY@ PORT = 2093 + HOSTNAME = localhost diff -Nru gnunet-0.9.3/debian/patches/default_config_namestore.diff gnunet-0.9.3/debian/patches/default_config_namestore.diff --- gnunet-0.9.3/debian/patches/default_config_namestore.diff 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/patches/default_config_namestore.diff 2012-10-18 21:14:27.000000000 +0200 @@ -0,0 +1,11 @@ +--- a/src/namestore/namestore.conf.in ++++ b/src/namestore/namestore.conf.in +@@ -1,7 +1,7 @@ + [namestore] + AUTOSTART = YES + UNIXPATH = /tmp/gnunet-service-namestore.sock +-UNIX_MATCH_UID = YES ++UNIX_MATCH_UID = NO + UNIX_MATCH_GID = YES + @UNIXONLY@ PORT = 2099 + HOSTNAME = localhost diff -Nru gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff --- gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/patches/fix_kfreebsd_build.diff 2012-09-29 11:34:25.000000000 +0200 @@ -0,0 +1,29 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -91,7 +91,7 @@ + UNIXONLY="#" + AC_PATH_XTRA + ;; +-freebsd*) ++*freebsd*) + AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system]) + AC_DEFINE_UNQUOTED(FREEBSD,1,[This is a FreeBSD system]) + CFLAGS="-D_THREAD_SAFE $CFLAGS" +@@ -100,7 +100,7 @@ + DLLDIR=lib + UNIXONLY="#" + ;; +-openbsd*) ++*openbsd*) + AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system]) + AC_DEFINE_UNQUOTED(OPENBSD,1,[This is an OpenBSD system]) + LIBS=`echo $LIBS | sed -e "s/-ldl//"` +@@ -109,7 +109,7 @@ + DLLDIR=lib + UNIXONLY="#" + ;; +-netbsd*) ++*netbsd*) + AC_DEFINE_UNQUOTED(SOMEBSD,1,[This is a BSD system]) + AC_DEFINE_UNQUOTED(NETBSD,1,[This is a NetBSD system]) + LIBPREFIX= diff -Nru gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff --- gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff 1970-01-01 01:00:00.000000000 +0100 +++ gnunet-0.9.3/debian/patches/libgcrypt_version_check.diff 2012-09-29 15:15:55.000000000 +0200 @@ -0,0 +1,47 @@ +--- a/src/util/crypto_random.c ++++ b/src/util/crypto_random.c +@@ -302,12 +302,12 @@ + void __attribute__ ((constructor)) GNUNET_CRYPTO_random_init () + { + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); +- if (!gcry_check_version (GCRYPT_VERSION)) ++ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION)) + { + FPRINTF (stderr, + _ + ("libgcrypt has not the expected version (version %s is required).\n"), +- GCRYPT_VERSION); ++ NEED_LIBGCRYPT_VERSION); + GNUNET_abort (); + } + #ifdef GCRYCTL_INITIALIZATION_FINISHED +--- a/configure.ac ++++ b/configure.ac +@@ -211,13 +211,25 @@ + + # libgcrypt + gcrypt=0 +-AM_PATH_LIBGCRYPT(1.2.0, gcrypt=1) ++NEED_LIBGCRYPT_API=1 ++NEED_LIBGCRYPT_VERSION=1.4.2 ++ ++ ++AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION", gcrypt=1) + AC_CHECK_DECLS([gcry_mpi_lshift], [], [], [[#include <gcrypt.h>]]) + + if test $gcrypt = 0 + then +- AC_MSG_ERROR([GNUnet needs libgcrypt]) ++ AC_MSG_ERROR([[ ++*** ++*** You need libgcrypt to build this program. ++** This library is for example available at ++*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ ++*** (at least version $NEED_LIBGCRYPT_VERSION (API $NEED_LIBGCRYPT_API) ++*** is required.) ++***]]) + fi ++AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], "$NEED_LIBGCRYPT_VERSION", [required libgcrypt version]) + + # Adam shostack suggests the following for Windows: + # -D_FORTIFY_SOURCE=2 -fstack-protector-all diff -Nru gnunet-0.9.3/debian/patches/series gnunet-0.9.3/debian/patches/series --- gnunet-0.9.3/debian/patches/series 2012-08-01 21:46:33.000000000 +0200 +++ gnunet-0.9.3/debian/patches/series 2012-10-18 21:14:51.000000000 +0200 @@ -1,2 +1,7 @@ +default_config_namestore.diff +configure_libnss.diff +libgcrypt_version_check.diff +default_config_datastore.diff +fix_kfreebsd_build.diff support_GNU_hurd.patch sparc_alignment.patch diff -Nru gnunet-0.9.3/debian/rules gnunet-0.9.3/debian/rules --- gnunet-0.9.3/debian/rules 2012-06-19 20:07:36.000000000 +0200 +++ gnunet-0.9.3/debian/rules 2012-10-15 18:19:45.000000000 +0200 @@ -6,7 +6,7 @@ dh ${@} --with autoreconf override_dh_auto_configure: - dh_auto_configure -- --disable-rpath --enable-guile --enable-ipv6 --with-microhttpd=yes $(shell dpkg-buildflags --export=configure) + dh_auto_configure -- --disable-rpath --enable-guile --enable-ipv6 --with-microhttpd=yes --with-nssdir=yes $(shell dpkg-buildflags --export=configure) override_dh_auto_test: # Disabling test suite, incomplete @@ -27,6 +27,7 @@ # Removing useless files rm -f debian/tmp/usr/lib/*.la debian/tmp/usr/lib/gnunet/*.la \ + debian/tmp/lib/*.la \ debian/tmp/usr/share/doc/gnunet/COPYING \ debian/tmp/usr/bin/gnunet-service-template \ debian/tmp/usr/bin/gnunet-template \ @@ -35,9 +36,6 @@ override_dh_install: dh_install -a --fail-missing -override_dh_installdocs: - dh_installdocs --link-doc=gnunet-common - override_dh_strip: dh_strip --dbg-package=gnunet-dbg