Bug#931282: unblock: s-nail/14.9.11-3

2019-08-20 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Mon, 2019-07-01 at 10:49 +0200, Paride Legovini wrote:
> Paul Gevers wrote on 30/06/2019:
> 
> > Hi Paride,
> > 
> > On 30-06-2019 14:55, Paride Legovini wrote:
> > > Please unblock package s-nail. Version 14.9.11-3 contains a
> > > targeted fix for
> > > #930691 I've got from upstream. The debdiff between -2 and -3 is
> > > attached.
> > 
> > The time for unblocks for buster has come and gone. The deadline
> > was
> > last Tuesday, we are now in deep freeze. If you consider the bug
> > severe
> > enough (please fix the bug metadata if you do) you can consider a
> > stable
> > release update targeting buster (I have updated this bugs
> > metadata),
> > such that this can be fixed in the first point release.
> 
> Thanks Paul,
> 
> I'll call this a off-by-one-week error. I am sorry. At least I know
> that
> when I've got the patch for #930691 it was already too late for an
> unblock.
> 
> I reviewed the policy for stable release updates; while definitely a
> deal breaker for some users I'm not sure #930691 qualifies as "a
> truly
> critical functionality problem". Affected users are those using the
> GSSAPI + Kerberos authentication.
> 
> What's the take of the stable release team here?

Sorry for the delay in getting back to you.

This looks like it would be OK for stable, but we would need a debdiff
of a package built and tested on stable (and appropriately versioned),
please.

Regards,

Adam

Bug#931282: unblock: s-nail/14.9.11-3

2019-07-01 Thread Sam Hartman 
> "Paride" == Paride Legovini  writes:


I think you could make a compelling argument for an important bug for
this because for those users it will make the package unusable.

I'm not a stable release team member though.

Bug#931282: unblock: s-nail/14.9.11-3

2019-07-01 Thread Paride Legovini 
Paul Gevers wrote on 30/06/2019:

> Hi Paride,
> 
> On 30-06-2019 14:55, Paride Legovini wrote:
>> Please unblock package s-nail. Version 14.9.11-3 contains a targeted fix for
>> #930691 I've got from upstream. The debdiff between -2 and -3 is attached.
> 
> The time for unblocks for buster has come and gone. The deadline was
> last Tuesday, we are now in deep freeze. If you consider the bug severe
> enough (please fix the bug metadata if you do) you can consider a stable
> release update targeting buster (I have updated this bugs metadata),
> such that this can be fixed in the first point release.

Thanks Paul,

I'll call this a off-by-one-week error. I am sorry. At least I know that
when I've got the patch for #930691 it was already too late for an unblock.

I reviewed the policy for stable release updates; while definitely a
deal breaker for some users I'm not sure #930691 qualifies as "a truly
critical functionality problem". Affected users are those using the
GSSAPI + Kerberos authentication.

What's the take of the stable release team here?

Cheers,

Paride

Bug#931282: unblock: s-nail/14.9.11-3

2019-06-30 Thread Paul Gevers 
retitle 931282 buster-pu: package s-nail/14.9.11-2+deb10u1
user release.debian@packages.debian.org
usertags 931282 - unblock
usertags 931282 pu
tags 931282 buster
thanks

Hi Paride,

On 30-06-2019 14:55, Paride Legovini wrote:
> Please unblock package s-nail. Version 14.9.11-3 contains a targeted fix for
> #930691 I've got from upstream. The debdiff between -2 and -3 is attached.

The time for unblocks for buster has come and gone. The deadline was
last Tuesday, we are now in deep freeze. If you consider the bug severe
enough (please fix the bug metadata if you do) you can consider a stable
release update targeting buster (I have updated this bugs metadata),
such that this can be fixed in the first point release.

Paul

Bug#931282: unblock: s-nail/14.9.11-3

2019-06-30 Thread Paride Legovini 
Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock

Please unblock package s-nail. Version 14.9.11-3 contains a targeted fix for
#930691 I've got from upstream. The debdiff between -2 and -3 is attached.

Thank you,

Paride Legovini

unblock s-nail/14.9.11-3

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru s-nail-14.9.11/debian/changelog s-nail-14.9.11/debian/changelog
--- s-nail-14.9.11/debian/changelog 2018-12-07 19:16:26.0 +0100
+++ s-nail-14.9.11/debian/changelog 2019-06-30 13:53:46.0 +0200
@@ -1,3 +1,10 @@
+s-nail (14.9.11-3) unstable; urgency=medium
+
+  * New patch: 0002-fix-gssapi-authentication-930691.patch.
+Thanks to Ivan Vučica and Steffen Nurpmeso (Closes: #930691)
+
+ -- Paride Legovini   Sun, 30 Jun 2019 11:53:46 +
+
 s-nail (14.9.11-2) unstable; urgency=medium
 
   * Bump Standards-Version to 4.2.1 (no changes needed)
diff -Nru s-nail-14.9.11/debian/gbp.conf s-nail-14.9.11/debian/gbp.conf
--- s-nail-14.9.11/debian/gbp.conf  2018-12-07 19:07:04.0 +0100
+++ s-nail-14.9.11/debian/gbp.conf  2019-06-30 12:40:18.0 +0200
@@ -1,3 +1,5 @@
-[buildpackage]
+[DEFAULT]
+debian-branch = debian/buster
+upstream-branch =
 pristine-tar = True
 pristine-tar-commit = True
diff -Nru 
s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch 
s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch
--- s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch   
1970-01-01 01:00:00.0 +0100
+++ s-nail-14.9.11/debian/patches/0002-fix-gssapi-authentication-930691.patch   
2019-06-30 12:25:29.0 +0200
@@ -0,0 +1,52 @@
+diff --git a/obs-imap-gssapi.h b/obs-imap-gssapi.h
+index 5d314917..70eeca7f 100644
+--- a/obs-imap-gssapi.h
 b/obs-imap-gssapi.h
+@@ -162,10 +162,7 @@ _imap_gssapi(struct mailbox *mp, struct ccred *ccred)
+ok = STOP;
+f = a_F_NONE;
+ 
+-   {  size_t i = strlen(mp->mb_imap_account) +1;
+-  server = n_autorec_alloc(i);
+-  memcpy(server, mp->mb_imap_account, i);
+-   }
++   server = savestr(mp->mb_imap_account);
+if (!strncmp(server, "imap://", 7))
+   server += 7;
+else if (!strncmp(server, "imaps://", 8))
+@@ -174,9 +171,11 @@ _imap_gssapi(struct mailbox *mp, struct ccred *ccred)
+   server = [1];
+for (cp = server; *cp; cp++)
+   *cp = lowerconv(*cp);
++
+send_tok.value = n_autorec_alloc(
+- (send_tok.length = strlen(server) -1 + 5) +1);
+-   snprintf(send_tok.value, send_tok.length, "imap@%s", server);
++ (send_tok.length = strlen(server) + 5) +1);
++   memcpy(send_tok.value, "imap@", 5);
++   memcpy(&((char*)send_tok.value)[5], server, send_tok.length - 4);
+maj_stat = gss_import_name(_stat, _tok, 
GSS_C_NT_HOSTBASED_SERVICE,
+  _name);
+f |= a_F_TARGET_NAME;
+@@ -300,14 +299,13 @@ jebase64:
+/* First octet: bit-mask with protection mechanisms (1 = no protection
+ *mechanism).
+ * Second to fourth octet: maximum message size in network byte order.
+-* Fifth and following octets: user name string.
+-*/
+-   o[0] = 1;
+-   o[1] = 0;
+-   o[2] = o[3] = (char)0377;
+-   snprintf([4], sizeof o - 4, "%s", ccred->cc_user.s);
+-   send_tok.value = o;
+-   send_tok.length = strlen([4]) -1 + 4;
++* Fifth and following octets: user name string */
++   in.s = n_autorec_alloc((send_tok.length = 4 + ccred->cc_user.l) +1);
++   memcpy([4], ccred->cc_user.s, ccred->cc_user.l +1);
++   in.s[0] = 1;
++   in.s[1] = 0;
++   in.s[2] = in.s[3] = (char)0xFF;
++   send_tok.value = in.s;
+maj_stat = gss_wrap(_stat, gss_context, 0, GSS_C_QOP_DEFAULT, 
_tok,
+  _state, _tok);
+f |= a_F_RECV_TOK;
diff -Nru s-nail-14.9.11/debian/patches/series 
s-nail-14.9.11/debian/patches/series
--- s-nail-14.9.11/debian/patches/series2018-09-09 16:43:16.0 
+0200
+++ s-nail-14.9.11/debian/patches/series2019-06-30 12:27:09.0 
+0200
@@ -1 +1,2 @@
 0001-Fix-spelling-errors.patch
+0002-fix-gssapi-authentication-930691.patch