Your message dated Sun, 26 Dec 2021 23:03:37 +0000 with message-id <e1n1cyd-000feg...@fasolo.debian.org> and subject line Bug#1001961: fixed in fakeroot 1.26-1.1 has caused the Debian Bug report #1001961, regarding No longer properly hooks the stat call to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1001961: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: fakeroot Version: 1.26-1 Severity: critical Justification: Breaks unrelated software, possibly affects built packages Hello, it seems recent changes in libc6 caused the stat() call in C applications to be expanded in a different way, a way fakeroot does not properly handle, resulting in the real user-id, not 0. Reproducer Use this small programm that stats the given directory and prints its uid: =========================================================== #include <sys/stat.h> #include <stdio.h> #include <stdlib.h> int main (int argc, char **argv) { struct stat statbuf; if (argc != 2) { fprintf(stderr, "usage: %s <dir>\n", argv[0]); exit(1); } if (stat (argv[1], &statbuf)) { perror("Cannot stat"); exit(1); } printf("uid is %u\n", statbuf.st_uid); } =========================================================== Environments * Debian 11 ("bullseye") or unstable with libc6 still on 2.32 * Debian unstable Then run "fakeroot ./a.out ." Expected output: uid is 0 Actual output on current unstable: uid is 1000 (or whatever your user id is) This problem is part of the built program, not of the environment it is executed in. Additionally, if run without fakeroot, the program calls as follows: strace, old version stat(".", {st_mode=S_IFDIR|0755, st_size=19, ...}) = 0 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x504), ...}) = 0 strace, new version newfstatat(AT_FDCWD, ".", {st_mode=S_IFDIR|0755, st_size=4096, ...}, 0) = 0 newfstatat(1, "", {st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x228), ...}, AT_EMPTY_PATH) = 0 ltrace, old version __xstat(1, ".", 0x7ffeb9c0a260) = 0 ltrace, new version stat(0x7ffc5fef250d, 0x7ffc5fef07b0, 0x7ffc5fef07b0, 0x7f0122b05738) = 0 Impact: This broke the python-apt autopkgtest after uploading a new version of gnugp2, and even does when using just the old version but re-built using a current libc6. Actual breakage is caused by the fact gpg checks for the permissions of its home directory and emits a warning to stderr for possibly insecure settings. The python-apt test runs under fakeroot, and while getuid() returns 0 as expected, the stat() call now yields the actual user-id (1000 or whatever) for the directory. And any message to stderr causes autopkgtest to assume failure. No further checks where done but I am concerned this might affect packages that still use fakeroot for building. If Debian starts shipping packages where file ownership should be root but is not, we have a problem. Scanning my local package cache, I have no indication this happened for far. Additionally: Adrian Bunk mentioned this has been fixed in Ubuntu, a quick check confirms that for 22.04. Christoph -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.84 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages fakeroot depends on: ii libc6 2.33-1 ii libfakeroot 1.26-1 fakeroot recommends no packages. fakeroot suggests no packages. -- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: fakeroot Source-Version: 1.26-1.1 Done: Christoph Biedl <debian.a...@manchmal.in-ulm.de> We believe that the bug you reported is fixed in the latest version of fakeroot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1001...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Biedl <debian.a...@manchmal.in-ulm.de> (supplier of updated fakeroot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Dec 2021 08:19:30 +0100 Source: fakeroot Architecture: source Version: 1.26-1.1 Distribution: unstable Urgency: high Maintainer: Clint Adams <cl...@debian.org> Changed-By: Christoph Biedl <debian.a...@manchmal.in-ulm.de> Closes: 995393 1001961 Changes: fakeroot (1.26-1.1) unstable; urgency=high . * Non-maintainer upload * Also wrap the "stat" library call. Closes: #1001961 * Work around segfault on ppc64el. Closes: #995393 Checksums-Sha1: bcce536e653df5409650e2d878c9bd81f23815d6 1943 fakeroot_1.26-1.1.dsc 03451fac5d1530cea7306a245736359313006017 23848 fakeroot_1.26-1.1.debian.tar.xz 3e26131363c810b081384ec3651a7e9ae2e1e470 6735 fakeroot_1.26-1.1_powerpc.buildinfo Checksums-Sha256: 5afda00346347b7de942b04f72bb51004a6f1134f9decdfb223f3d0ea2656231 1943 fakeroot_1.26-1.1.dsc 8f8dec5adfcbc6c7eec64ea67258da57a6b571177f4fa2040e0496b0e30b7ab4 23848 fakeroot_1.26-1.1.debian.tar.xz 2695189387c73222e0f72bb6e2800ddb062a863630d42a61151991925bc3817e 6735 fakeroot_1.26-1.1_powerpc.buildinfo Files: f5c4a5af0146aede185b8aaca158c88d 1943 utils optional fakeroot_1.26-1.1.dsc 673c0d4ec89b04de60331900c0474a3b 23848 utils optional fakeroot_1.26-1.1.debian.tar.xz f1c35ca6845f7795de9b8679b7bba058 6735 utils optional fakeroot_1.26-1.1_powerpc.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmHE4kUACgkQxCxY61kU kv2fug//cXefGarGYBamOLBck1UBcP8FusoCIiz3iFvQlFnKZ8uPJlOEjzbpjIMa keExyGhB7rf+Mhh6beeG+AfnGAelvbNIQuXf5cdj0s+cCb2ZiZf8oRcgNpObkYKD MQ9NjIqD5FnoqKpxKdtoitwG0aFITvlbuNABwko1/pLAIcTIGLpNZhbH0t7A41or T7zx+DsHoOu3ySHqEewfroqYovm8qeZzZKhhD2MYEqkbvsKJ7zwJ5KTdT076KgeN fSW20cSW9grrGi8OCzHXIM6GsKDdoFEBaBq21PIgFGzQ0YgA/r9CLP2qSZMJ5rqm Ple9gEu/L8pQP3vDWIO2gm2TP9v7+Uky4TSNaqwq90CL+PKPbh4tmplrlivuQ4hO KBXHsjLB8SsZRjGlLhwEvnikQc/hiODM5MUFlpjFHE7Eyk2q5fCYdWw4H8TsUux6 jD0AJL+aRamgcUTqSjFrKNnheQols2UH/Ziy1ZKGs9wVuXi5g+7Yl95JB5A9eI05 MGblBP/7OsiQBoR2Z+Y2Jo7bVqMjsH/ArgfHMIXuy0mTleCb6rCRVdDkC3YuCnuU 8m8C/XK+VE5agAfl5JcYclKYp1bROfCo8sRJ+Lw/y1eXrymEQnzsT1eUdErHsvWd 2kp9V8/P6FvCcdqspZO6YdB1Uk8rk/Dy1WybEC/glQsAzKVO2lk= =ACds -----END PGP SIGNATURE-----
--- End Message ---
