Bug#1055826: bullseye-pu: package crun/0.17+dfsg-1+deb11u2 (bullseye regression)

2023-11-13 Thread Adam D. Barratt 
On Mon, 2023-11-13 at 06:37 +0200, Faidon Liambotis wrote:
> On Sun, Nov 12, 2023 at 03:06:34PM +, Adam D. Barratt wrote:
> > On Sun, 2023-11-12 at 09:56 +0200, Faidon Liambotis wrote:
> > > A change merged into Linux v6.6 broke crun. The change was
> > > backported
> > > in the stable branch with v6.1.55, the version in bookworm. We
> > > fixed
> > > crun last week crun 1.8.1-1+deb12u1 (unblock request: #1055241).
> > > 
> > > Salvatore Bonaccorso pointed out that the change was backported
> > > into
> > > all the stable branches, including v5.10.197, the version now in
> > > bullseye. bullseye's crun, v0.17, is also affected, therefore
> > > bullseye crun + bullseye Linux (or bullseye crun+bullseye-
> > > backports
> > > Linux etc.) are now broken as well.
> > 
> > I guess you'd like that pushed via bullseye-updates, once it's
> > ready,
> > as with the bookworm update?
> 
> Yes please :)
> 

Done, as SUA 244-1.

Regards,

Adam

Bug#1055826: bullseye-pu: package crun/0.17+dfsg-1+deb11u2 (bullseye regression)

2023-11-12 Thread Faidon Liambotis 
On Sun, Nov 12, 2023 at 03:06:34PM +, Adam D. Barratt wrote:
> On Sun, 2023-11-12 at 09:56 +0200, Faidon Liambotis wrote:
> > A change merged into Linux v6.6 broke crun. The change was backported
> > in the stable branch with v6.1.55, the version in bookworm. We fixed
> > crun last week crun 1.8.1-1+deb12u1 (unblock request: #1055241).
> > 
> > Salvatore Bonaccorso pointed out that the change was backported into
> > all the stable branches, including v5.10.197, the version now in
> > bullseye. bullseye's crun, v0.17, is also affected, therefore
> > bullseye crun + bullseye Linux (or bullseye crun+bullseye-backports
> > Linux etc.) are now broken as well.
> 
> I guess you'd like that pushed via bullseye-updates, once it's ready,
> as with the bookworm update?

Yes please :)

Thanks!
Faidon

Bug#1055826: bullseye-pu: package crun/0.17+dfsg-1+deb11u2 (bullseye regression)

2023-11-12 Thread Adam D. Barratt 
On Sun, 2023-11-12 at 09:56 +0200, Faidon Liambotis wrote:
> A change merged into Linux v6.6 broke crun. The change was backported
> in the stable branch with v6.1.55, the version in bookworm. We fixed
> crun last week crun 1.8.1-1+deb12u1 (unblock request: #1055241).
> 
> Salvatore Bonaccorso pointed out that the change was backported into
> all the stable branches, including v5.10.197, the version now in
> bullseye. bullseye's crun, v0.17, is also affected, therefore
> bullseye crun + bullseye Linux (or bullseye crun+bullseye-backports
> Linux etc.) are now broken as well.
> 

I guess you'd like that pushed via bullseye-updates, once it's ready,
as with the bookworm update?

Regards,

Adam

Bug#1055826: bullseye-pu: package crun/0.17+dfsg-1+deb11u2 (bullseye regression)

2023-11-12 Thread Faidon Liambotis 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: c...@packages.debian.org, car...@debian.org
Control: affects -1 + src:crun

A change merged into Linux v6.6 broke crun. The change was backported in
the stable branch with v6.1.55, the version in bookworm. We fixed crun
last week crun 1.8.1-1+deb12u1 (unblock request: #1055241).

Salvatore Bonaccorso pointed out that the change was backported into all
the stable branches, including v5.10.197, the version now in bullseye.
bullseye's crun, v0.17, is also affected, therefore bullseye crun +
bullseye Linux (or bullseye crun+bullseye-backports Linux etc.) are now
broken as well.

This upload just backports the same two patches that we backported to
bookworm and that are needed to address this issue. The patches apply
with minimal changes. There are no other changes included in this
upload.

See the bookworm-pu unblock request, #1055241, and SUA 243-1, for more
context.

[ Tests ]
Lightly tested on a bullseye VM.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Thanks,
Faidon
diff -Nru crun-0.17+dfsg/debian/changelog crun-0.17+dfsg/debian/changelog
--- crun-0.17+dfsg/debian/changelog 2023-02-11 23:44:44.0 +0200
+++ crun-0.17+dfsg/debian/changelog 2023-11-02 18:52:46.0 +0200
@@ -1,3 +1,12 @@
+crun (0.17+dfsg-1+deb11u2) bullseye; urgency=medium
+
+  * Backport two commits from upstream ("ignore ENOTSUP when chmod a
+symlink"), that restore containers with systemd as their init system, when
+running under Linux >= v6.6, >= v6.1.55 and >= 5.10.197, i.e. bullseye's
+and bookworm's current stable kernels. (Closes: #1053821)
+
+ -- Faidon Liambotis   Thu, 02 Nov 2023 18:52:46 +0200
+
 crun (0.17+dfsg-1+deb11u1) bullseye; urgency=medium
 
   * Backport upstream commits b847d14 ("spec: do not set inheritable
diff -Nru crun-0.17+dfsg/debian/patches/series 
crun-0.17+dfsg/debian/patches/series
--- crun-0.17+dfsg/debian/patches/series2023-02-11 23:44:44.0 
+0200
+++ crun-0.17+dfsg/debian/patches/series2023-11-02 18:52:46.0 
+0200
@@ -1,2 +1,4 @@
 CVE-2022-27650-b847d14.patch
 CVE-2022-27650-1aeeed2.patch
+utils-ignore-ENOTSUP-when-chmod-a-symlink.patch
+utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
diff -Nru 
crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
 
crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
--- 
crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
   1970-01-01 02:00:00.0 +0200
+++ 
crun-0.17+dfsg/debian/patches/utils-fix-ignore-ENOTSUP-when-chmod-a-symlink.patch
   2023-11-02 18:52:46.0 +0200
@@ -0,0 +1,36 @@
+From 60296f112fddc74f4926f8ca6f6e1ef7a61ef5b9 Mon Sep 17 00:00:00 2001
+From: Giuseppe Scrivano 
+Date: Tue, 26 Sep 2023 11:51:19 +0200
+Subject: [PATCH] utils: fix ignore ENOTSUP when chmod a symlink
+
+when ENOTSUP is encountered we must continue copying the other files,
+not doing an early return.
+
+commit 57262a2710c83fa08767f0ce3ba7a80993515bb2 introduced the
+regression with the Podman CI.
+
+Signed-off-by: Giuseppe Scrivano 
+
+Origin: upstream, 
https://github.com/containers/crun/commit/14afa8a46e2e83608a3a219402bce8ea8d071192
+Bug: https://github.com/containers/crun/issues/1308
+Bug-Debian: https://bugs.debian.org/1053821
+---
+ src/libcrun/utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c
+index 5c7f315..5306c5b 100644
+--- a/src/libcrun/utils.c
 b/src/libcrun/utils.c
+@@ -1858,7 +1858,7 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const 
char *srcname, const char
+ {
+   /* If the operation fails with ENOTSUP we are dealing with a 
symlink, so ignore it.  */
+   if (errno == ENOTSUP)
+-return 0;
++continue;
+ 
+   if (UNLIKELY (ret < 0))
+ return crun_make_error (err, errno, "chmod `%s/%s`", destname, 
de->d_name);
+-- 
+2.39.2
+
diff -Nru 
crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch 
crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch
--- 
crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch   
1970-01-01 02:00:00.0 +0200
+++ 
crun-0.17+dfsg/debian/patches/utils-ignore-ENOTSUP-when-chmod-a-symlink.patch   
2023-11-02 18:52:46.0 +0200
@@ -0,0 +1,48 @@
+From 3bc67556e2f077337e574e4c3aaf18488410b2f5 Mon Sep 17 00:00:00 2001
+From: Giuseppe Scrivano 
+Date: Fri, 22 Sep 2023 11:34:19 +0200
+Subject: [PATCH] utils: ignore ENOTSUP when chmod a symlink
+
+commit 5d1f903f75a80daa4dfb3d84e114ec8ecbf29956 in the kernel, present
+in a release since Linux 6.6