On Fri, May 31, 2019 at 09:01:12AM +0200, Salvatore Bonaccorso wrote: > Hi Tony, > > On Thu, May 30, 2019 at 06:47:33AM -0700, tony mancill wrote: > > On Mon, May 27, 2019 at 10:07:38PM -0700, tony mancill wrote: > > > On Sun, May 26, 2019 at 08:58:29PM +0200, Moritz Mühlenhoff wrote: > > > > Looks fine, but can you please also include the test case upstream > > > > added? > > > > Given that it's quite complex to reconstruct the specific affected ZK > > > > setup, > > > > we should at least ship/run the test case. > > > > > > I will prepare an upload for 3.4.13 in testing/unstable soon - should be > > > in the next day or so. > > > > As an update... > > > > Regarding the upload of a patched 3.4.13 for buster and unstable, > > cherry-picking and adapting the upstream patch from the 3.4.14 branch is > > straight-forward and complete [1]. The package is building, etc. > > > > The delay is that the tests for the Debian package aren't in a state > > where they are easy to run. This predates this issue, going back to the > > changes made when netty 3.9 was removed from Debian. Since the changes > > to the packaging and patches to re-enable tests would be extensive (I am > > still working through them), I'm not certain that they will be suitable > > for an upload during the freeze. At a minimum, I intend to get them > > working locally and push a branch so that others can verify, as well as > > run the updated ZK through some local smoke-testing that validates the > > ACL change. > > Thanks for giving an update on the state!
Hi Salvatore - Apologies again for the delay. The zookeeper package tests are in rough shape and I wasn't able to get all tests passing even after installing libjetty-3.9-java in a local chroot and some hacking. The work-in-progress 3.4.13-2+test branch is on Salsa [1], but getting the tests into good working order will be a goal for buster. However, I did verify the following before uploading: - the test results between 3.4.13-1 and 3.4.13-2 are the same, meaning no regressions - the newly added FinalRequestProcessorTest in 3.4.13-2 passes - I could reproduce the ACL information disclosure on 3.4.13-1 - 3.4.13-2 no longer freely shares ACLs on nodes with ACLs that prevent unauthorized reading I have just uploaded to unstable [2] and will request an unblock for buster. Thank you, tony [1] https://salsa.debian.org/java-team/zookeeper/tree/3.4.13-2+test
signature.asc
Description: PGP signature
