Re: Please unblock schroot 1.4.16-1

2010-12-30 Thread Roger Leigh 
On Wed, Dec 08, 2010 at 08:44:48PM +, Adam D. Barratt wrote:
 On Tue, 2010-12-07 at 17:31 +, Roger Leigh wrote:
  I've made a new upload of schroot to unstable which fixes a few
  security- and upgrade-related bugs.  The bulk of the changes are
  documentation (manual pages, release notes and changelogs). The
  code changes are tiny, but are important to have to upgrade from
  lenny cleanly and fully document security issues and program
  behaviour.
 
 Unblocked; thanks.
 
 As discussed on IRC, it's a shame that this resulted in a new
 translatable (and currently untranslated) string, although the fact that
 the string should rarely be seen and is in the program translation
 rather than a debconf template mitigates this slightly.

I've allowed a fortnight for translation updates to come back, and
made a new release (1.4.17-1) containing five translation updates
and an additional RC bugfix.  Please could you unblock this to
allow it into squeeze?

Changes:
http://git.debian.org/?p=buildd-tools/schroot.git;a=commitdiff;h=debian/schroot-1.4.17-1;hp=debian/schroot-1.4.16-1

Changes with generated files included:
http://git.debian.org/?p=buildd-tools/schroot.git;a=commitdiff;h=distribution/schroot-1.4.17;hp=distribution/schroot-1.4.16


Many thanks,
Roger


schroot (1.4.17-1) unstable; urgency=low

  * New upstream stable release.
  * 15killprocs: Don't kill processes in other sessions
(Closes: #608054).  Compare full chroot path in addition to device
and inode numbers, since the device and inode are not sufficiently
unique (they are shared between non-cloned sessions such as for
directory type chroots).
  * Updated translations:
- da (Closes: #606305).  Thanks to Joe Hansen.
- de (Closes: #606245).  Thanks to Holger Wansing.
- fr (Closes: #606394).  Thanks to Thomas Blein.
- it.  Thanks to Vincenzo Campanella.
- zh_CN.  Thanks to Ji ZhengYu.

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?   http://gutenprint.sourceforge.net/
   `-GPG Public Key: 0x25BFB848   Please GPG sign your mail.
diff --git a/NEWS b/NEWS
index 8fa9bba..bdc5677 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,16 @@
 NEWS-*- outline -*-
 
 
-Welcome to schroot 1.4.16.  Please read these release notes carefully.
+Welcome to schroot 1.4.17.  Please read these release notes carefully.
 
 Full installation instructions are provided in the INSTALL file.  The
 README file also contains more specific notes regarding building and
 configuration.
 
+* Major changes in 1.4.17:
+
+  None.
+
 * Major changes in 1.4.16:
 
   1) Chroot naming restrictions introduced in 1.4.0 have been relaxed
diff --git a/debian/changelog b/debian/changelog
index 19022bf..fdb1c7f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+schroot (1.4.17-1) unstable; urgency=low
+
+  * New upstream stable release.
+  * 15killprocs: Don't kill processes in other sessions
+(Closes: #608054).  Compare full chroot path in addition to device
+and inode numbers, since the device and inode are not sufficiently
+unique (they are shared between non-cloned sessions such as for
+directory type chroots).
+  * Updated translations:
+- da (Closes: #606305).  Thanks to Joe Hansen.
+- de (Closes: #606245).  Thanks to Holger Wansing.
+- fr (Closes: #606394).  Thanks to Thomas Blein.
+- it.  Thanks to Vincenzo Campanella.
+- zh_CN.  Thanks to Ji ZhengYu.
+
+ -- Roger Leigh rle...@debian.org  Wed, 29 Dec 2010 16:41:30 +
+
 schroot (1.4.16-1) unstable; urgency=low
 
   * New upstream stable release.
diff --git a/etc/setup.d/15killprocs b/etc/setup.d/15killprocs
index 619035e..1f246b0 100755
--- a/etc/setup.d/15killprocs
+++ b/etc/setup.d/15killprocs
@@ -40,28 +40,35 @@ do_kill_all()
 info Killing processes run inside $1
 ls /proc | egrep '^[[:digit:]]+$' |
 while read pid; do
+	# Check if process root are the same device/inode as chroot
+	# root (for efficiency)
 if [ /proc/$pid/root -ef $1 ]; then
-exe=$(readlink /proc/$pid/exe || true)
-info Killing left-over pid $pid (${exe##$1})
-info   Sending SIGTERM to pid $pid
+	# Check if process and chroot root are the same (may be
+	# different even if device/inode match).
+	root=$(readlink /proc/$pid/root || true)
+	if [ $root = $1 ]; then
+		exe=$(readlink /proc/$pid/exe || true)
+		info Killing left-over pid $pid (${exe##$1})
+		info   Sending SIGTERM to pid $pid
 
-/bin/kill -TERM $pid 2/dev/null
+		/bin/kill -TERM $pid 2/dev/null
 
-count=0
-max=5
-while [ -d /proc/$pid ]; do
-count=$(( $count + 1 ))
-info   Waiting for pid $pid to shut down... ($count/$max)
-sleep 1
-# Wait for $max seconds for process to die before -9'ing

Re: Please unblock schroot 1.4.16-1

2010-12-08 Thread Adam D. Barratt 
On Tue, 2010-12-07 at 17:31 +, Roger Leigh wrote:
 I've made a new upload of schroot to unstable which fixes a few
 security- and upgrade-related bugs.  The bulk of the changes are
 documentation (manual pages, release notes and changelogs). The
 code changes are tiny, but are important to have to upgrade from
 lenny cleanly and fully document security issues and program
 behaviour.

Unblocked; thanks.

As discussed on IRC, it's a shame that this resulted in a new
translatable (and currently untranslated) string, although the fact that
the string should rarely be seen and is in the program translation
rather than a debconf template mitigates this slightly.

Regards,

Adam


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1291841088.15017.388.ca...@hathi.jungle.funky-badger.org

Re: Please unblock schroot 1.4.16-1

2010-12-08 Thread Roger Leigh 
On Wed, Dec 08, 2010 at 08:44:48PM +, Adam D. Barratt wrote:
 On Tue, 2010-12-07 at 17:31 +, Roger Leigh wrote:
  I've made a new upload of schroot to unstable which fixes a few
  security- and upgrade-related bugs.  The bulk of the changes are
  documentation (manual pages, release notes and changelogs). The
  code changes are tiny, but are important to have to upgrade from
  lenny cleanly and fully document security issues and program
  behaviour.
 
 Unblocked; thanks.
 
 As discussed on IRC, it's a shame that this resulted in a new
 translatable (and currently untranslated) string, although the fact that
 the string should rarely be seen and is in the program translation
 rather than a debconf template mitigates this slightly.

Many thanks.

I've already received updated da, de and it translations.  I should
hopefully be able to make a new release with all of the translations
updated in the next week or so once the rest come in.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?   http://gutenprint.sourceforge.net/
   `-GPG Public Key: 0x25BFB848   Please GPG sign your mail.


signature.asc
Description: Digital signature

Please unblock schroot 1.4.16-1

2010-12-07 Thread Roger Leigh 
Hi,

I've made a new upload of schroot to unstable which fixes a few
security- and upgrade-related bugs.  The bulk of the changes are
documentation (manual pages, release notes and changelogs). The
code changes are tiny, but are important to have to upgrade from
lenny cleanly and fully document security issues and program
behaviour.

Please could you consider unblocking for squeeze?


Thanks,
Roger


#601043, #605939: Upgrade failure when upgrading from lenny.  The
 restrictions on valid filenames were make much stricter
 in 1.4.0 (later than Lenny), meaning many configurations
 are broken when upgrading.  After auditing all validation
 and usage paths in the code, I've relaxed the naming
 restrictions such that it remains secure, but allows
 most names which were valid in lenny.  There's a complete
 rationale for the naming restrictions in schroot.conf(5).
#605950  This is a regression which results in mount options in the
 configuration file being ignored.  They are now correctly
 preserved.
#606162  This is a performance regression which caused schroot to
 run extremely poorly on large heavily loaded systems; this
 speeds up session cleanup by orders of magnitude by using
 shell builtins rather than invoking readlink once per
 running process on the system
#587758  Documentation of security issues relating to configuration
#599380  Documentation update (non-essential)


schroot (1.4.16-1) unstable; urgency=low

  * New upstream stable release.
  * Document schroot -- option delimiter in schroot(1)
(Closes: #599380).
  * Document security implications of bind-mounting /dev and other
filesystems in schroot.conf(5) (Closes: #587758).
  * Relax chroot naming restrictions (Closes: #601043, #605939).  The
name may not contain a leading period (‘.’).  The  characters ‘:’
(colon), ‘,’ (comma) and ‘/’ (forward slash) are not permitted
anywhere in the name.  The name may also not contain a trailing
tilde ('~').  Otherwise any characters are permitted.
  * 10mount: Respect mount options from configuration for all mountable
chroot types (Closes: #605950).  Thanks to Nelson Elhage for this
patch.
  * 15killprocs: Improve performance by omitting a readlink call for
each process running on the system, leading to a significant
reduction in overhead on busy systems (Closes: #606162).  Thanks
to Anders Kaseorg for this patch.

 -- Roger Leigh rle...@debian.org  Tue, 07 Dec 2010 12:29:25 +


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?   http://gutenprint.sourceforge.net/
   `-GPG Public Key: 0x25BFB848   Please GPG sign your mail.


signature.asc
Description: Digital signature