Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package nncp
[ Reason ]
This unblock request is to support a small three-line diff that
corrects a data handling bug in NNCP.
[ Impact ]
At
http://lists.cypherpunks.ru/archive/nncp-devel/CAACH8H_3XugxyUQkgbOMNK=H_WAw-XNPR5ZH4Si29OR2fef=m...@mail.gmail.com/T/
, a bug was reported relating to the NNCP chunked (split) file transfer mode.
When chunked mode is used, large files are split into smaller chunks to make
transport possible over small media (eg, a 1TB file across a 128GB USB drive).
The bug resulted in reassembly being impossible with certain combinations of
chunk size and file size.
A fix already in my tree was also applied to postinst, which prevents it exiting
in error if a user had manually created the nncp user prior to installing nncp.
[ Tests ]
Sergey Matveev, author of NNCP, fixed the bug upstream. The original reporter
confirmed it was fixed.
[ Risks ]
The fix itself is trivial as seen in the attached debdiff. It is limited in
scope to the chunked transfer mode. The chunked transfer mode isn't used all
that often, but for those that do wish to use it, this prevents possible data
loss.
In the release announcement for NNCP 8.8.3 at
https://nncp.mirrors.quux.org/Release-8_005f8_005f3.html , you can see it
includes this fix, as well as a bunch of updated Go dependencies. The updated
Go dependencies would not be suitable for the transition at this point.
Therefore, I applied just the fix for this bug from the 8.8.3 branch and
uploaded 8.8.2-3 with it to unstable. To say I "backported" it would, I
suppose, be technically accurate but overstating things; it applied directly to
the 8.8.2 tree since that it what it was targeted to upstream anyhow. "Cherry
picked" would be a more accurate term.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
unblock nncp/8.8.2-3
diff -Nru nncp-8.8.2/debian/changelog nncp-8.8.2/debian/changelog
--- nncp-8.8.2/debian/changelog 2023-01-01 15:32:04.000000000 -0600
+++ nncp-8.8.2/debian/changelog 2023-04-29 10:25:52.000000000 -0500
@@ -1,3 +1,11 @@
+nncp (8.8.2-3) unstable; urgency=medium
+
+ * Apply upstream bugfix to chunk reassembly.
+ * Tweak postinst to not generate an error if the nncp user was
+ previously created by the user.
+
+ -- John Goerzen <jgoer...@complete.org> Sat, 29 Apr 2023 10:25:52 -0500
+
nncp (8.8.2-2) unstable; urgency=medium
* Team upload
diff -Nru nncp-8.8.2/debian/nncp.postinst nncp-8.8.2/debian/nncp.postinst
--- nncp-8.8.2/debian/nncp.postinst 2021-09-21 07:29:18.000000000 -0500
+++ nncp-8.8.2/debian/nncp.postinst 2023-01-07 08:25:29.000000000 -0600
@@ -25,7 +25,7 @@
mkdir /var/spool/nncp
CREATED=1
fi
- adduser --no-create-home --home /var/spool/nncp --system --group
nncp
+ adduser --no-create-home --home /var/spool/nncp --system --group
nncp || true
if [ "$CREATED" = "1" ]; then
chown nncp:nncp /var/spool/nncp
fi
diff -Nru nncp-8.8.2/debian/patches/reass-backport.diff
nncp-8.8.2/debian/patches/reass-backport.diff
--- nncp-8.8.2/debian/patches/reass-backport.diff 1969-12-31
18:00:00.000000000 -0600
+++ nncp-8.8.2/debian/patches/reass-backport.diff 2023-04-29
10:24:50.000000000 -0500
@@ -0,0 +1,29 @@
+Description: Fix bug in reassembly of certain chunked files
+ On April 28 2023, a bug was reported describing that reassembly of chunked
+ files could fail when the file size is an integer multiple of the chunk size.
+
http://lists.cypherpunks.ru/archive/nncp-devel/zez6w5vhuvzr2...@stargrave.org/T/#t
+ .
+ NNCP author Sergey Matveev released NNCP 8.8.3, which also contained updates
+ to the Go dependencies, including to Go 1.20. This makes it unsuitable for
+ upload to unstable or transition to testing at this time.
+ .
+ This patch isolates just the bugfix from NNCP 8.8.3, backporting it to NNCP
+ 8.8.2.
+Author: Sergey Matveev
+Origin: upstream
+Applied-Upstream: 523ac7e7dd5a2f97711fa369f7a73e43ff7b49bc
+Last-Update: 2023-04-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/cmd/nncp-reass/main.go
++++ b/src/cmd/nncp-reass/main.go
+@@ -124,7 +124,8 @@
+ }
+ var badSize bool
+ if chunkNum+1 == len(chunksPaths) {
+- badSize = uint64(fi.Size()) !=
metaPkt.FileSize%metaPkt.ChunkSize
++ left := metaPkt.FileSize % metaPkt.ChunkSize
++ badSize = left != 0 && uint64(fi.Size()) != left
+ } else {
+ badSize = uint64(fi.Size()) != metaPkt.ChunkSize
+ }
diff -Nru nncp-8.8.2/debian/patches/series nncp-8.8.2/debian/patches/series
--- nncp-8.8.2/debian/patches/series 2023-01-01 15:32:04.000000000 -0600
+++ nncp-8.8.2/debian/patches/series 2023-04-29 10:20:18.000000000 -0500
@@ -1,3 +1,4 @@
Fix-texi-direntry
Fix-config-file-location
gvisor-20221219.patch
+reass-backport.diff
