Re: isc-dhcp-server in squeeze-lst broken after update
Hi Ben, On Mo 18 Jan 2016 12:47:51 CET, Ben Hutchings wrote: environment that makes the difference. Presumably your environment doesn't define CFLAGS as an environment variable already, but sbuild does. DANG! I have found the source of the issue... From dpkg-buildpackage's man page in jessie: """ Between dpkg 1.14.17 and 1.16.1, dpkg-buildpackage exported compiler flags (CFLAGS, CXXFLAGS, FFLAGS, CPPFLAGS and LDFLAGS) with values as """ And then dpkg -l dpkg-dev in my squeeze-lts chroot: """ (squeeze-lts-amd64-sbuild)mike@minobo:/$ dpkg -l dpkg-dev Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Description +++-===-===-== ii dpkg-dev1.16.1.2~bpo60+1+nm Debian package development tools """ Gosh!!! That is embarrassing. Sorry for the noise concerning this issue!!! No idea when that version of dpkg-dev sneaked in. The only other package that comes from squeeze-backports in my build env is "eatmydata" (which hasn't been available in squeeze). The dpkg-dev must have been installed when installing eatmydata from squeeze-backports. [...] I will upload +squeeze10 with attached .debdiff later today. Any feedback on the provided .debdiff is welcome. I will rebuild my chroots, test removing again the CFLAGS export in debian/rules and test the resulting packages once more. /me sighs and deeply apologizes, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgpmhXIacLsoL.pgp Description: Digitale PGP-Signatur
Re: isc-dhcp-server in squeeze-lst broken after update
> Bonno Bloksma wrote: > > > Please fix the package in Squeeze-lts so I can have the dhcpd.conf file in > > its proper place. > > > > Bonno Bloksma > > This is like 5 years old. At least back then I noticed the same > > so from within /etc/dhcp ln -s dhcpd.conf -> ../dhcpd.conf I can confirm that the latest upgdate to isc-dhcp-server on 15-jan-2015 broke my squeeze-lts installation exactly in the same way. There definitely is an issue with the update and it did not appear at any earlier time. Regards, Toomas Tamm Estonia
Re: isc-dhcp-server in squeeze-lst broken after update
Hi all, On Mo 18 Jan 2016 10:24:56 CET, Toomas Tamm wrote: Bonno Bloksma wrote: > Please fix the package in Squeeze-lts so I can have the dhcpd.conf file in > its proper place. > > Bonno Bloksma This is like 5 years old. At least back then I noticed the same so from within /etc/dhcp ln -s dhcpd.conf -> ../dhcpd.conf I can confirm that the latest upgdate to isc-dhcp-server on 15-jan-2015 broke my squeeze-lts installation exactly in the same way. There definitely is an issue with the update and it did not appear at any earlier time. Regards, Toomas Tamm Estonia Thanks for all the feedback given. I have prepared a +squeeze10 revision of isc-dhcp. Before uploading, I would like to get feedback from someone that experienced breakage by the +squeeze9 revision. Here [1] are binaries and sources plus build logs for an amd64 and an i386 build of the proposed/upcoming isc-dhcp 4.1.1-P1-15+squeeze10 regression fix upload. Thanks for any feedback provided. Please also check the .debdiff between +squeeze9 and +squeeze10 [2]. Greets, Mike [1] https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/ [2] https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/isc-dhcp_4.1.1-P1-15+squeeze9_4.1.1-P1-15+squeeze10.debdiff -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgprFUZQNV9U6.pgp Description: Digitale PGP-Signatur
Re: isc-dhcp-server in squeeze-lst broken after update
Hello, I tested the files isc-dhcp-common_4.1.1-P1-15+squeeze10_amd64.deb isc-dhcp-server_4.1.1-P1-15+squeeze10_amd64.deb from the location referred below and can confirm that the temporary symlink for /etc/dhdpd.conf is no longer needed, meaning that the bug has been fixed in this version. Thank you for the prompt fix! Toomas Tamm On Mon, 2016-01-18 at 10:44 +, Mike Gabriel wrote: > Hi all, > > On Mo 18 Jan 2016 10:24:56 CET, Toomas Tamm wrote: > > >> Bonno Bloksma wrote: > >> > >> > Please fix the package in Squeeze-lts so I can have the dhcpd.conf file > >> > in > >> > its proper place. > >> > > >> > Bonno Bloksma > >> > >> This is like 5 years old. At least back then I noticed the same > >> > >> so from within /etc/dhcp ln -s dhcpd.conf -> ../dhcpd.conf > > > > I can confirm that the latest upgdate to isc-dhcp-server on 15-jan-2015 > > broke my squeeze-lts installation exactly in the same way. There > > definitely is an issue with the update and it did not appear at any > > earlier time. > > > > Regards, > > Toomas Tamm > > Estonia > > Thanks for all the feedback given. > > I have prepared a +squeeze10 revision of isc-dhcp. Before uploading, I > would like to get feedback from someone that experienced breakage by > the +squeeze9 revision. > > Here [1] are binaries and sources plus build logs for an amd64 and an > i386 build of the proposed/upcoming isc-dhcp 4.1.1-P1-15+squeeze10 > regression fix upload. Thanks for any feedback provided. > > > > Please also check the .debdiff between +squeeze9 and +squeeze10 [2]. > > > Greets, > Mike > > [1] https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/ > [2] > https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/isc-dhcp_4.1.1-P1-15+squeeze9_4.1.1-P1-15+squeeze10.debdiff > >
Re: isc-dhcp-server in squeeze-lst broken after update
On Mon, 2016-01-18 at 05:08 +, Mike Gabriel wrote: > Hi Ben, hi all, > > On So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote: > > > On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote: > > > Hi Mike, > > > > > > I have the exact same problem on my server. I simply upgraded from > > > 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9. > > > Given the patch you attached, this is very strange. But after > > > downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again. > > > So there seems to be indeed a (critical) issue with 4.1.1-P1- > > > 15+squeeze9, as it basically breaks the DHCP server. > > > > I can't see anything wrong with the patch, so I wonder whether there > > was something wrong with the build environment. > > The package has been source-built on Debian jessie (debuild -uc -us > -S) and then binary-built with sbuild in a squeeze-lts (not squeeze) > chroot. > > I have checked my build log again. It seems that the CFLAGS specified > in debian/rules do not get exported properly to the build environment > and thus are not used at build time: [...] > I wonder why this has been working in the first place. I compared the strings in the 4.1.1-P1-15+squeeze{8,9} binaries and I can see the change of /etc/dhcp/dhcpd.conf to /etc/dhcpd.conf on amd64, but *not* on i386 (which was auto-built). So, yes it is your build environment that makes the difference. Presumably your environment doesn't define CFLAGS as an environment variable already, but sbuild does. [...] > I will upload +squeeze10 with attached .debdiff later today. > > Any feedback on the provided .debdiff is welcome. Looks good to me. Ben. -- Ben Hutchings A free society is one where it is safe to be unpopular. - Adlai Stevenson signature.asc Description: This is a digitally signed message part
Re: isc-dhcp-server in squeeze-lst broken after update
Hi Ben, On Mo 18 Jan 2016 12:47:51 CET, Ben Hutchings wrote: On Mon, 2016-01-18 at 05:08 +, Mike Gabriel wrote: Hi Ben, hi all, On So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote: > On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote: > > Hi Mike, > > > > I have the exact same problem on my server. I simply upgraded from > > 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9. > > Given the patch you attached, this is very strange. But after > > downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again. > > So there seems to be indeed a (critical) issue with 4.1.1-P1- > > 15+squeeze9, as it basically breaks the DHCP server. > > I can't see anything wrong with the patch, so I wonder whether there > was something wrong with the build environment. The package has been source-built on Debian jessie (debuild -uc -us -S) and then binary-built with sbuild in a squeeze-lts (not squeeze) chroot. I have checked my build log again. It seems that the CFLAGS specified in debian/rules do not get exported properly to the build environment and thus are not used at build time: [...] I wonder why this has been working in the first place. I compared the strings in the 4.1.1-P1-15+squeeze{8,9} binaries and I can see the change of /etc/dhcp/dhcpd.conf to /etc/dhcpd.conf on amd64, but *not* on i386 (which was auto-built). So, yes it is your build environment that makes the difference. Presumably your environment Yes. I also checked the build log of the i386 version. The build log looks ok compared to my amd64 build log. doesn't define CFLAGS as an environment variable already, but sbuild does. Which is funny, because I use sbuild from Debian jessie. [...] I will upload +squeeze10 with attached .debdiff later today. Any feedback on the provided .debdiff is welcome. Looks good to me. Ok. Thanks for taking a look. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de pgpxvL8bgdqaI.pgp Description: Digitale PGP-Signatur
Re: isc-dhcp-server in squeeze-lst broken after update
Hi Ben, hi all, On So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote: On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote: Hi Mike, I have the exact same problem on my server. I simply upgraded from 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9. Given the patch you attached, this is very strange. But after downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again. So there seems to be indeed a (critical) issue with 4.1.1-P1- 15+squeeze9, as it basically breaks the DHCP server. I can't see anything wrong with the patch, so I wonder whether there was something wrong with the build environment. The package has been source-built on Debian jessie (debuild -uc -us -S) and then binary-built with sbuild in a squeeze-lts (not squeeze) chroot. I have checked my build log again. It seems that the CFLAGS specified in debian/rules do not get exported properly to the build environment and thus are not used at build time: """ (from +squeeze9 build log) [...] Making all in server make[2]: Entering directory `/«PKGBUILDDIR»/server' gcc -DHAVE_CONFIG_H -I. -I../includes -I.. -DLOCALSTATEDIR='"/var"' -g -O2 -Wall -Werror -fno-strict-aliasing -MT dhcpd.o -MD -MP -MF .deps/dhcpd.Tpo -c -o dhcpd.o dhcpd.c [...] """ When adding "export CFLAGS" at the end of the CFLAGS declarations in debian/rules, I get this: """ (from upcoming +squeeze10 build log) [...] make[1]: Entering directory `/«PKGBUILDDIR»/server' gcc -DHAVE_CONFIG_H -I. -I../includes -I.. -DLOCALSTATEDIR='"/var"' -DLDAP_DEPRECATED -Wall -g -O2 -D_PATH_DHCLIENT_SCRIPT='"/sbin/dhclient-script"' -D_PATH_DHCPD_CONF='"/etc/dhcp/dhcpd.conf"' -D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"' -DNOMINUM -MT dhcpd-dhcpd.o -MD -MP -MF .deps/dhcpd-dhcpd.Tpo -c -o dhcpd-dhcpd.o `test -f 'dhcpd.c' || echo './'`dhcpd.c [...] """ I wonder why this has been working in the first place. Additionally, the patch is *not* being applied isc-dhcp-server. It is only applied when building isc-dhcp-server-ldap (see the commands for the build-stamp target). It needs to be moved further up the patch series. Oh wow... Thanks for spotting this. I am currenly preparing a +squeeze10 revision upload, but I'd really like to get the dhcpd.conf issue sorted out and addressed with next upload first. I will upload +squeeze10 with attached .debdiff later today. Any feedback on the provided .debdiff is welcome. Thanks+Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de diff -u isc-dhcp-4.1.1-P1/debian/rules isc-dhcp-4.1.1-P1/debian/rules --- isc-dhcp-4.1.1-P1/debian/rules +++ isc-dhcp-4.1.1-P1/debian/rules @@ -37,6 +37,8 @@ CFLAGS += -D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"' CFLAGS += -DNOMINUM +export CFLAGS + patched-ldap/build-stamp: dh_testdir diff -u isc-dhcp-4.1.1-P1/debian/changelog isc-dhcp-4.1.1-P1/debian/changelog --- isc-dhcp-4.1.1-P1/debian/changelog +++ isc-dhcp-4.1.1-P1/debian/changelog @@ -1,3 +1,16 @@ +isc-dhcp (4.1.1-P1-15+squeeze10) squeeze-lts; urgency=medium + + * Non-maintainer upload by the Debian LTS Team (regression fix). + * debian/patches: ++ Move CVE-2015-8605.dpatch further up in the patch series. Assure that + the patch is applied to the non-LDAP build variant. Thanks to Ben + Hutchings for spotting this. + * debian/rules: ++ Export CFLAGS before build. Make sure that our Debianic path definitions + end-up in the binary builds of isc-dhcp-server*. + + -- Mike GabrielMon, 18 Jan 2016 05:19:44 +0100 + isc-dhcp (4.1.1-P1-15+squeeze9) squeeze-lts; urgency=medium * Non-maintainer upload by the Debian LTS Team. diff -u isc-dhcp-4.1.1-P1/debian/patches/00list isc-dhcp-4.1.1-P1/debian/patches/00list --- isc-dhcp-4.1.1-P1/debian/patches/00list +++ isc-dhcp-4.1.1-P1/debian/patches/00list @@ -17,6 +17,7 @@ security-20110810 CVE-2012-3571_CVE-2012-3954 CVE-2011-4539_CVE-2012-3955 +CVE-2015-8605 # must be applied before the LDAP stuff no-libcrypto @@ -26,6 +27,4 @@ dhcp-4.1.0-ldap-code -CVE-2015-8605 - # fix build when gcc option -Werror is used drop_unused_vars_from_ldap-c.dpatch pgpxdtRDldEiP.pgp Description: Digitale PGP-Signatur
Re: Re: isc-dhcp-server in squeeze-lst broken after update
On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote: > Hi Mike, > > I have the exact same problem on my server. I simply upgraded from > 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9. > Given the patch you attached, this is very strange. But after > downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again. > So there seems to be indeed a (critical) issue with 4.1.1-P1- > 15+squeeze9, as it basically breaks the DHCP server. I can't see anything wrong with the patch, so I wonder whether there was something wrong with the build environment. Additionally, the patch is *not* being applied isc-dhcp-server. It is only applied when building isc-dhcp-server-ldap (see the commands for the build-stamp target). It needs to be moved further up the patch series. Ben. -- Ben Hutchings Theory and practice are closer in theory than in practice. - John Levine, moderator of comp.compilers signature.asc Description: This is a digitally signed message part
Re: Re: isc-dhcp-server in squeeze-lst broken after update
Hi Mike, I have the exact same problem on my server. I simply upgraded from 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9. Given the patch you attached, this is very strange. But after downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again. So there seems to be indeed a (critical) issue with 4.1.1-P1-15+squeeze9, as it basically breaks the DHCP server. Cheers, Olivier
Re: isc-dhcp-server in squeeze-lst broken after update
(Resent) Hello, Mike Gabriel a écrit : > > I did not meet that issue on my test rig. I will check the recently > upload package and report back. FWIW, I just upgraded the isc-dhcp-server package on my i386 Squeeze server and did not meet that issue. It only has /etc/dhcp/dhcpd.conf, no /etc/dhcpd.conf.