Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-18 Thread Mike Gabriel 

Hi Ben,

On  Mo 18 Jan 2016 12:47:51 CET, Ben Hutchings wrote:


environment that makes the difference.  Presumably your environment
doesn't define CFLAGS as an environment variable already, but sbuild
does.


DANG! I have found the source of the issue...

From dpkg-buildpackage's man page in jessie:

"""
Between  dpkg  1.14.17  and  1.16.1,  dpkg-buildpackage  exported   
compiler flags (CFLAGS, CXXFLAGS, FFLAGS, CPPFLAGS and LDFLAGS) with  
values as

"""

And then dpkg -l dpkg-dev in my squeeze-lts chroot:

"""
(squeeze-lts-amd64-sbuild)mike@minobo:/$ dpkg -l dpkg-dev
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ NameVersion Description
+++-===-===-==
ii  dpkg-dev1.16.1.2~bpo60+1+nm Debian package development tools
"""

Gosh!!! That is embarrassing. Sorry for the noise concerning this  
issue!!! No idea when that version of dpkg-dev sneaked in.


The only other package that comes from squeeze-backports in my build  
env is "eatmydata" (which hasn't been available in squeeze). The  
dpkg-dev must have been installed when installing eatmydata from  
squeeze-backports.



[...]

I will upload +squeeze10 with attached .debdiff later today.

Any feedback on the provided .debdiff is welcome.


I will rebuild my chroots, test removing again the CFLAGS export in  
debian/rules and test the resulting packages once more.



/me sighs and deeply apologizes,
Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de


pgpmhXIacLsoL.pgp
Description: Digitale PGP-Signatur

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-18 Thread Toomas Tamm 
> Bonno Bloksma wrote:
> 
> > Please fix the package in Squeeze-lts so I can have the dhcpd.conf file in
> > its proper place.
> > 
> > Bonno Bloksma
>
> This is like 5 years old. At least back then I noticed the same
> 
> so from within /etc/dhcp ln -s dhcpd.conf -> ../dhcpd.conf

I can confirm that the latest upgdate to isc-dhcp-server on 15-jan-2015
broke my squeeze-lts installation exactly in the same way. There
definitely is an issue with the update and it did not appear at any
earlier time.

Regards,
Toomas Tamm
Estonia

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-18 Thread Mike Gabriel 

Hi all,

On  Mo 18 Jan 2016 10:24:56 CET, Toomas Tamm wrote:


Bonno Bloksma wrote:

> Please fix the package in Squeeze-lts so I can have the dhcpd.conf file in
> its proper place.
>
> Bonno Bloksma

This is like 5 years old. At least back then I noticed the same

so from within /etc/dhcp ln -s dhcpd.conf -> ../dhcpd.conf


I can confirm that the latest upgdate to isc-dhcp-server on 15-jan-2015
broke my squeeze-lts installation exactly in the same way. There
definitely is an issue with the update and it did not appear at any
earlier time.

Regards,
Toomas Tamm
Estonia


Thanks for all the feedback given.

I have prepared a +squeeze10 revision of isc-dhcp. Before uploading, I  
would like to get feedback from someone that experienced breakage by  
the +squeeze9 revision.


Here [1] are binaries and sources plus build logs for an amd64 and an  
i386 build of the proposed/upcoming isc-dhcp 4.1.1-P1-15+squeeze10  
regression fix upload. Thanks for any feedback provided.




Please also check the .debdiff between +squeeze9 and +squeeze10 [2].


Greets,
Mike

[1] https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/
[2]  
https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/isc-dhcp_4.1.1-P1-15+squeeze9_4.1.1-P1-15+squeeze10.debdiff



--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de


pgprFUZQNV9U6.pgp
Description: Digitale PGP-Signatur

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-18 Thread Toomas Tamm 
Hello,

I tested the files
isc-dhcp-common_4.1.1-P1-15+squeeze10_amd64.deb
isc-dhcp-server_4.1.1-P1-15+squeeze10_amd64.deb
from the location referred below and can confirm that the temporary
symlink for /etc/dhdpd.conf is no longer needed, meaning that the bug
has been fixed in this version.

Thank you for the prompt fix!

Toomas Tamm

On Mon, 2016-01-18 at 10:44 +, Mike Gabriel wrote:
> Hi all,
> 
> On  Mo 18 Jan 2016 10:24:56 CET, Toomas Tamm wrote:
> 
> >> Bonno Bloksma wrote:
> >>
> >> > Please fix the package in Squeeze-lts so I can have the dhcpd.conf file 
> >> > in
> >> > its proper place.
> >> >
> >> > Bonno Bloksma
> >>
> >> This is like 5 years old. At least back then I noticed the same
> >>
> >> so from within /etc/dhcp ln -s dhcpd.conf -> ../dhcpd.conf
> >
> > I can confirm that the latest upgdate to isc-dhcp-server on 15-jan-2015
> > broke my squeeze-lts installation exactly in the same way. There
> > definitely is an issue with the update and it did not appear at any
> > earlier time.
> >
> > Regards,
> > Toomas Tamm
> > Estonia
> 
> Thanks for all the feedback given.
> 
> I have prepared a +squeeze10 revision of isc-dhcp. Before uploading, I  
> would like to get feedback from someone that experienced breakage by  
> the +squeeze9 revision.
> 
> Here [1] are binaries and sources plus build logs for an amd64 and an  
> i386 build of the proposed/upcoming isc-dhcp 4.1.1-P1-15+squeeze10  
> regression fix upload. Thanks for any feedback provided.
> 
> 
> 
> Please also check the .debdiff between +squeeze9 and +squeeze10 [2].
> 
> 
> Greets,
> Mike
> 
> [1] https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/
> [2]  
> https://people.debian.org/~sunweaver/LTS/isc-dhcp.pkg/isc-dhcp_4.1.1-P1-15+squeeze9_4.1.1-P1-15+squeeze10.debdiff
> 
>

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-18 Thread Ben Hutchings 
On Mon, 2016-01-18 at 05:08 +, Mike Gabriel wrote:
> Hi Ben, hi all,
> 
> On  So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote:
> 
> > On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote:
> > > Hi Mike,
> > > 
> > > I have the exact same problem on my server. I simply upgraded from
> > > 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9.
> > > Given the patch you attached, this is very strange. But after
> > > downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again.
> > > So there seems to be indeed a (critical) issue with 4.1.1-P1-
> > > 15+squeeze9, as it basically breaks the DHCP server.
> > 
> > I can't see anything wrong with the patch, so I wonder whether there
> > was something wrong with the build environment.
> 
> The package has been source-built on Debian jessie (debuild -uc -us  
> -S) and then binary-built with sbuild in a squeeze-lts (not squeeze)  
> chroot.
> 
> I have checked my build log again. It seems that the CFLAGS specified  
> in debian/rules do not get exported properly to the build environment  
> and thus are not used at build time:
[...]
> I wonder why this has been working in the first place.

I compared the strings in the 4.1.1-P1-15+squeeze{8,9} binaries and I
can see the change of /etc/dhcp/dhcpd.conf to /etc/dhcpd.conf on amd64,
but *not* on i386 (which was auto-built).  So, yes it is your build
environment that makes the difference.  Presumably your environment
doesn't define CFLAGS as an environment variable already, but sbuild
does.

[...]
> I will upload +squeeze10 with attached .debdiff later today.
> 
> Any feedback on the provided .debdiff is welcome.

Looks good to me.

Ben.

-- 
Ben Hutchings
A free society is one where it is safe to be unpopular. - Adlai Stevenson

signature.asc
Description: This is a digitally signed message part

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-18 Thread Mike Gabriel 

Hi Ben,

On  Mo 18 Jan 2016 12:47:51 CET, Ben Hutchings wrote:


On Mon, 2016-01-18 at 05:08 +, Mike Gabriel wrote:

Hi Ben, hi all,

On  So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote:

> On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote:
> > Hi Mike,
> >
> > I have the exact same problem on my server. I simply upgraded from
> > 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9.
> > Given the patch you attached, this is very strange. But after
> > downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again.
> > So there seems to be indeed a (critical) issue with 4.1.1-P1-
> > 15+squeeze9, as it basically breaks the DHCP server.
>
> I can't see anything wrong with the patch, so I wonder whether there
> was something wrong with the build environment.

The package has been source-built on Debian jessie (debuild -uc -us  
-S) and then binary-built with sbuild in a squeeze-lts (not squeeze)  
chroot.

I have checked my build log again. It seems that the CFLAGS specified  
in debian/rules do not get exported properly to the build environment  
and thus are not used at build time:

[...]

 I wonder why this has been working in the first place.


I compared the strings in the 4.1.1-P1-15+squeeze{8,9} binaries and I
can see the change of /etc/dhcp/dhcpd.conf to /etc/dhcpd.conf on amd64,
but *not* on i386 (which was auto-built).  So, yes it is your build
environment that makes the difference.  Presumably your environment


Yes. I also checked the build log of the i386 version. The build log  
looks ok compared to my amd64 build log.



doesn't define CFLAGS as an environment variable already, but sbuild
does.


Which is funny, because I use sbuild from Debian jessie.


[...]

I will upload +squeeze10 with attached .debdiff later today.

Any feedback on the provided .debdiff is welcome.


Looks good to me.


Ok. Thanks for taking a look.

Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de


pgpxvL8bgdqaI.pgp
Description: Digitale PGP-Signatur

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-17 Thread Mike Gabriel 

Hi Ben, hi all,

On  So 17 Jan 2016 23:42:19 CET, Ben Hutchings wrote:


On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote:

Hi Mike,

I have the exact same problem on my server. I simply upgraded from
4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9.
Given the patch you attached, this is very strange. But after
downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again.
So there seems to be indeed a (critical) issue with 4.1.1-P1-
15+squeeze9, as it basically breaks the DHCP server.


I can't see anything wrong with the patch, so I wonder whether there
was something wrong with the build environment.


The package has been source-built on Debian jessie (debuild -uc -us  
-S) and then binary-built with sbuild in a squeeze-lts (not squeeze)  
chroot.


I have checked my build log again. It seems that the CFLAGS specified  
in debian/rules do not get exported properly to the build environment  
and thus are not used at build time:


""" (from +squeeze9 build log)
[...]
Making all in server
make[2]: Entering directory `/«PKGBUILDDIR»/server'
gcc -DHAVE_CONFIG_H -I. -I../includes  -I.. -DLOCALSTATEDIR='"/var"'
-g -O2  -Wall -Werror -fno-strict-aliasing -MT dhcpd.o -MD -MP -MF  
.deps/dhcpd.Tpo -c -o dhcpd.o dhcpd.c

[...]
"""

When adding "export CFLAGS" at the end of the CFLAGS declarations in  
debian/rules, I get this:


""" (from upcoming +squeeze10 build log)
[...]
make[1]: Entering directory `/«PKGBUILDDIR»/server'
gcc -DHAVE_CONFIG_H -I. -I../includes  -I.. -DLOCALSTATEDIR='"/var"'  
-DLDAP_DEPRECATED   -Wall -g -O2  
-D_PATH_DHCLIENT_SCRIPT='"/sbin/dhclient-script"'  
-D_PATH_DHCPD_CONF='"/etc/dhcp/dhcpd.conf"'  
-D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"' -DNOMINUM  -MT  
dhcpd-dhcpd.o -MD -MP -MF .deps/dhcpd-dhcpd.Tpo -c -o dhcpd-dhcpd.o  
`test -f 'dhcpd.c' || echo './'`dhcpd.c

[...]
"""

I wonder why this has been working in the first place.


Additionally, the patch is *not* being applied isc-dhcp-server.  It is
only applied when building isc-dhcp-server-ldap (see the commands for
the build-stamp target).  It needs to be moved further up the patch
series.


Oh wow... Thanks for spotting this. I am currenly preparing a  
+squeeze10 revision upload, but I'd really like to get the dhcpd.conf  
issue sorted out and addressed with next upload first.



I will upload +squeeze10 with attached .debdiff later today.

Any feedback on the provided .debdiff is welcome.

Thanks+Greets,
Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/mailxchange/kronolith/fb.php?u=m.gabriel%40das-netzwerkteam.de
diff -u isc-dhcp-4.1.1-P1/debian/rules isc-dhcp-4.1.1-P1/debian/rules
--- isc-dhcp-4.1.1-P1/debian/rules
+++ isc-dhcp-4.1.1-P1/debian/rules
@@ -37,6 +37,8 @@
 CFLAGS += -D_PATH_DHCLIENT_CONF='"/etc/dhcp/dhclient.conf"'
 CFLAGS += -DNOMINUM
 
+export CFLAGS
+
 patched-ldap/build-stamp:
dh_testdir
 
diff -u isc-dhcp-4.1.1-P1/debian/changelog isc-dhcp-4.1.1-P1/debian/changelog
--- isc-dhcp-4.1.1-P1/debian/changelog
+++ isc-dhcp-4.1.1-P1/debian/changelog
@@ -1,3 +1,16 @@
+isc-dhcp (4.1.1-P1-15+squeeze10) squeeze-lts; urgency=medium
+
+  * Non-maintainer upload by the Debian LTS Team (regression fix).
+  * debian/patches:
++ Move CVE-2015-8605.dpatch further up in the patch series. Assure that
+  the patch is applied to the non-LDAP build variant. Thanks to Ben
+  Hutchings for spotting this.
+  * debian/rules:
++ Export CFLAGS before build. Make sure that our Debianic path definitions
+  end-up in the binary builds of isc-dhcp-server*.
+
+ -- Mike Gabriel   Mon, 18 Jan 2016 05:19:44 +0100
+
 isc-dhcp (4.1.1-P1-15+squeeze9) squeeze-lts; urgency=medium
 
   * Non-maintainer upload by the Debian LTS Team.
diff -u isc-dhcp-4.1.1-P1/debian/patches/00list 
isc-dhcp-4.1.1-P1/debian/patches/00list
--- isc-dhcp-4.1.1-P1/debian/patches/00list
+++ isc-dhcp-4.1.1-P1/debian/patches/00list
@@ -17,6 +17,7 @@
 security-20110810
 CVE-2012-3571_CVE-2012-3954
 CVE-2011-4539_CVE-2012-3955
+CVE-2015-8605
 
 # must be applied before the LDAP stuff
 no-libcrypto
@@ -26,6 +27,4 @@
 dhcp-4.1.0-ldap-code
 
-CVE-2015-8605
-
 # fix build when gcc option -Werror is used
 drop_unused_vars_from_ldap-c.dpatch


pgpxdtRDldEiP.pgp
Description: Digitale PGP-Signatur

Re: Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-17 Thread Ben Hutchings 
On Sun, 2016-01-17 at 13:10 +0100, Olivier Dousse wrote:
> Hi Mike,
> 
> I have the exact same problem on my server. I simply upgraded from
> 4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9.
> Given the patch you attached, this is very strange. But after
> downgrading back to 4.1.1-P1-15+squeeze8, everything was fine again.
> So there seems to be indeed a (critical) issue with 4.1.1-P1-
> 15+squeeze9, as it basically breaks the DHCP server.

I can't see anything wrong with the patch, so I wonder whether there
was something wrong with the build environment.

Additionally, the patch is *not* being applied isc-dhcp-server.  It is
only applied when building isc-dhcp-server-ldap (see the commands for
the build-stamp target).  It needs to be moved further up the patch
series.

Ben.

-- 
Ben Hutchings
Theory and practice are closer in theory than in practice.
- John Levine, moderator of comp.compilers


signature.asc
Description: This is a digitally signed message part

Re: Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-17 Thread Olivier Dousse 
Hi Mike,

I have the exact same problem on my server. I simply upgraded from 
4.1.1-P1-15+squeeze8 to 4.1.1-P1-15+squeeze9.
Given the patch you attached, this is very strange. But after downgrading back 
to 4.1.1-P1-15+squeeze8, everything was fine again. So there seems to be indeed 
a (critical) issue with 4.1.1-P1-15+squeeze9, as it basically breaks the DHCP 
server.

Cheers,
Olivier

Re: isc-dhcp-server in squeeze-lst broken after update

2016-01-16 Thread Pascal Hambourg 
(Resent)
Hello,

Mike Gabriel a écrit :
> 
> I did not meet that issue on my test rig. I will check the recently  
> upload package and report back.

FWIW, I just upgraded the isc-dhcp-server package on my i386 Squeeze
server and did not meet that issue. It only has /etc/dhcp/dhcpd.conf, no
/etc/dhcpd.conf.