Bug#1081034: marked as done (bookworm-pu: package ikiwiki-hosting/0.20220716-2+deb12u1)

Debian Bug Tracking System Sat, 09 Nov 2024 03:15:12 -0800

Your message dated Sat, 09 Nov 2024 10:51:02 +0000
with message-id 
<b0a29248bc631362ed06a8879f93b8cdae5414d0.ca...@adam-barratt.org.uk>
and subject line Closing bugs released with 12.8
has caused the Debian Bug report #1081034,
regarding bookworm-pu: package ikiwiki-hosting/0.20220716-2+deb12u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1081034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: ikiwiki-host...@packages.debian.org, t...@security.debian.org, 
Jonathan Nieder <jrnie...@gmail.com>, Simon McVittie <s...@debian.org>, 
car...@debian.org
Control: affects -1 + src:ikiwiki-hosting
User: release.debian....@packages.debian.org
Usertags: pu

Hi

We (security-team) plan to release an update of git fixing several
CVEs, prepared by Jonathan Nieder and rebasing git version to 2.39.5
upstream, which uncovered regressions in both fcgiwrap (#1072394) and
ikiwiki-hosting (cf. #1076751).

They were triggered as well in autopkgtests with the prepared
git/1:2.39.5-0+deb12u1 version.

We discussed this, if we should release the update for ikiwiki-hosting
(real impact) and fcgiwrap (only autopkgtests) via a corresponding
update or a proposed-update is enough. We prpoose the later, and let
it go through the upcoming point release.

Attached ist the proposed debdiff for ikiwiki-hosting (note it still
contains the debian/.gitignore removal I would need to check why I
could not properly exclude it).

I have not yet uploaded the package, but CC'ing Simon.

Regards,
Salvatore

diff -Nru ikiwiki-hosting-0.20220716/debian/.gitignore 
ikiwiki-hosting-0.20220716/debian/.gitignore
--- ikiwiki-hosting-0.20220716/debian/.gitignore        2023-03-30 
11:56:12.000000000 +0200
+++ ikiwiki-hosting-0.20220716/debian/.gitignore        1970-01-01 
01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-*.debhelper
-*.debhelper.log
-*.substvars
-/files
-/ikiwiki-hosting-common/
-/ikiwiki-hosting-dns/
-/ikiwiki-hosting-web/
-/tmp/
diff -Nru ikiwiki-hosting-0.20220716/debian/changelog 
ikiwiki-hosting-0.20220716/debian/changelog
--- ikiwiki-hosting-0.20220716/debian/changelog 2023-03-30 11:56:12.000000000 
+0200
+++ ikiwiki-hosting-0.20220716/debian/changelog 2024-09-07 11:38:42.000000000 
+0200
@@ -1,3 +1,13 @@
+ikiwiki-hosting (0.20220716-2+deb12u1) bookworm; urgency=medium
+
+  [ Simon McVittie ]
+  * d/ikiwiki-hosting-web.{init,service}: Allow reading other users' 
repositories.
+    Each website's git repository is owned by its own uid, and the
+    git-daemon running as ikiwiki-anon needs to be able to read them all.
+    (Closes: #1076751)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sat, 07 Sep 2024 11:38:42 +0200
+
 ikiwiki-hosting (0.20220716-2) unstable; urgency=medium
 
   * d/p/ikisite-backup-Create-the-bundle-as-the-site-s-user.patch:
diff -Nru ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.init 
ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.init
--- ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.init  2023-03-30 
11:56:12.000000000 +0200
+++ ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.init  2024-09-07 
11:37:47.000000000 +0200
@@ -42,6 +42,10 @@
        #   2 if daemon could not be started
        start-stop-daemon --start --chuid $gitdaemonuser:$gitdaemonuser --quiet 
--pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
                || return 1
+
+       export GIT_CONFIG_COUNT=1
+       export GIT_CONFIG_KEY_0=safe.directory
+       export GIT_CONFIG_VALUE_0='*'
        start-stop-daemon --start --chuid $gitdaemonuser:$gitdaemonuser --quiet 
--make-pidfile --pidfile $PIDFILE --background --exec $DAEMON -- \
                $DAEMON_ARGS \
                || return 2
diff -Nru ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.service 
ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.service
--- ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.service       
2023-03-30 11:56:12.000000000 +0200
+++ ikiwiki-hosting-0.20220716/debian/ikiwiki-hosting-web.service       
2024-09-07 11:37:47.000000000 +0200
@@ -9,6 +9,11 @@
 User=ikiwiki-anon
 Group=ikiwiki-anon
 Restart=on-failure
+# ikiwiki-anon needs to be willing to serve the git repositories of
+# websites owned by each site-specific uid
+Environment=GIT_CONFIG_COUNT=1
+Environment=GIT_CONFIG_KEY_0=safe.directory
+Environment=GIT_CONFIG_VALUE_0=*
 
 [Install]
 WantedBy=multi-user.target

--- End Message ---

--- Begin Message ---

Source: release.debian.org
Version: 12.8

Hi,

Each of the updates tracked by these bugs was included in today's 12.8
bookworm point release.

Regards,

Adam

--- End Message ---

Bug#1081034: marked as done (bookworm-pu: package ikiwiki-hosting/0.20220716-2+deb12u1)

Reply via email to