Your message dated Fri, 08 Aug 2025 12:04:15 +0000
with message-id <[email protected]>
and subject line unblock policycoreutils
has caused the Debian Bug report #1110522,
regarding unblock: policycoreutils/3.8.1-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110522: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110522
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:policycoreutils
User: [email protected]
Usertags: unblock
Please unblock package policycoreutils
[ Reason ]
With version 3.8.1-1 there are significant bugs in the remove-leaf-dirs
which allow it to work in the trivial cases (all test cases I used during
development) but fails badly in the case of upgrading from the Bookworm
version of selinux-policy-default to the Trixie version.
[ Impact ]
If the unblock isn't granted then every SE Linux user who upgrades to Trixie
will have to manually relabel the main directories (/etc /usr and /var).
If it is granted then things will just work and Trixie will be the first
release of Debian to allow a clean SE Linux upgrade which is a really good
thing for SE Linux users.
For people who don't have SE Linux enabled this will have no impact.
[ Tests ]
I have tested the upgrade of policy from from Bookworm to Trixie many times
and also passed a variety of test input to the script for corner cases.
[ Risks ]
There are no risks for systems which don't use SE Linux.
For systems running SE Linux the biggest risk is that 3.8.1-2 will perform as
badly as 3.8.1-1 (IE not relabeling).
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
(Anything else the release team should know.)
unblock policycoreutils/3.8.1-2
diff -Nru policycoreutils-3.8.1/debian/changelog
policycoreutils-3.8.1/debian/changelog
--- policycoreutils-3.8.1/debian/changelog 2025-03-16 19:41:42.000000000
+1100
+++ policycoreutils-3.8.1/debian/changelog 2025-08-08 00:48:14.000000000
+1000
@@ -1,3 +1,10 @@
+policycoreutils (3.8.1-2) unstable; urgency=medium
+
+ * Fixed remove-leaf-dirs, the previous code was badly broken and only
+ worked in trivial test cases. Needed for a clean upgrade to Trixie.
+
+ -- Russell Coker <[email protected]> Fri, 08 Aug 2025 00:48:14 +1000
+
policycoreutils (3.8.1-1) unstable; urgency=medium
* New upstream release, just version change
diff -Nru policycoreutils-3.8.1/debian/remove-leaf-dirs
policycoreutils-3.8.1/debian/remove-leaf-dirs
--- policycoreutils-3.8.1/debian/remove-leaf-dirs 2025-02-06
23:27:23.000000000 +1100
+++ policycoreutils-3.8.1/debian/remove-leaf-dirs 2025-08-08
00:48:12.000000000 +1000
@@ -10,20 +10,20 @@
while(<STDIN>)
{
chomp;
- push(@arr, $_);
+ # strip "" and "/" to avoid problems
+ if(length($_) >1)
+ {
+ push(@arr, $_);
+ }
}
-my @sorted = sort { length($a) <=> length($b) } @arr;
-for(my $i = 0; $i < $#sorted; $i++)
+for(my $i = 0; $i <= $#arr; $i++)
{
- print "$sorted[$i]\n";
- for(my $j = $i + 1; $j <= $#sorted; $j++)
+ print "$arr[$i]\n";
+ my $stem = $arr[$i] . "/";
+ my $stemlen = length($arr[$i]) + 1;
+ while ($i + 1 <= $#arr and $stem eq substr($arr[$i + 1], 0, $stemlen))
{
- if($sorted[$i] . "/" eq substr($sorted[$j], 0, length($sorted[$i])+1))
- {
- splice(@sorted, $j, 1);
- $j--;
- }
+ splice(@arr, $i + 1, 1);
}
}
-print "$sorted[$#sorted]\n";
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
