Bug#1034809: bullseye-pu: package argon2/0~20171227-0.3+deb12u1

Guilhem Moulin Mon, 24 Apr 2023 15:21:16 -0700

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
Control: affects -1 + src:argon2 cryptsetup-udeb


Dear Release Team,

[ Reason ]

While collecting LUKS2 PBKDF memory cost values in kibi and I discovered
that memory cost were significantly lower when `cryptsetup luksFormat`
was run in d-i compared to the final system.

elbrus argued at https://bugs.debian.org/1032235#107 that ≥0~20190702-0.1
was not suitable for bookworm at this point of the release cycle, hence
the targeted fix for t-p-u.

[ Impact ]

The lower memory cost has security implications for the volume.  See
https://bugs.debian.org/1028250#78 and follow-up messages.

[ Tests ]

 * Upstream test suite.
 * New benchmarks (with cryptsetup/2:2.6.1-4~deb12u1) at
   https://bugs.debian.org/1028250#93 .
 * DEP-8 for cryptsetup (reverse dependency).

[ Risks ]

Changing d/rules so late in the release cycle might sound scary, however
the change merely reverts a commit from 2018 that is no longer relevant
and is causing the issue.  It was partially reverted in 0~20190702-0.1
already, but but for the argon2 binary only (see #1032234) not
libargon2-1-udeb.

[ Checklist ]

  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

  * Add Breaks on cryptsetup-initramfs <2:2.6.1-2 as the rebuild with
    recent glibc broke it.
  * Set 'debian-branch = debian/bookworm' in d/gbp.conf.
  * Restore threading support to libargon2-1-udeb as well an the argon2
    binary.

[ Other info ]

CC'ing kibi for d-i-ack.

-- 
Guilhem.

diffstat for argon2-0~20171227 argon2-0~20171227

 changelog                |   18 ++++++++++++++++++
 control                  |    1 +
 gbp.conf                 |    2 +-
 libargon2-1-udeb.install |    2 ++
 rules                    |   11 -----------
 5 files changed, 22 insertions(+), 12 deletions(-)

diff -Nru argon2-0~20171227/debian/changelog argon2-0~20171227/debian/changelog
--- argon2-0~20171227/debian/changelog  2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/changelog  2023-04-21 21:29:33.000000000 +0200
@@ -1,3 +1,21 @@
+argon2 (0~20171227-0.3+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Bastian Germann ]
+  * Add Breaks on cryptsetup-initramfs (see #1032235)
+
+  [ Guilhem Moulin ]
+  * d/gbp.conf: Set 'debian-branch = debian/bookworm'.
+  * d/rules: Restore threading support to libargon2-1-udeb (closes: #1034696).
+    This is beneficial for cryptsetup-udeb, see #1028250.  Removing threading
+    support in libargon2-1-udeb was done for historical reasons no longer
+    relevant since Debian Bookworm.  This also restores threading support to
+    argon2 which was inadvertently dropped in 0~20171227-0.1 (closes:
+    #1032234).
+
+ -- Guilhem Moulin <guil...@debian.org>  Fri, 21 Apr 2023 21:29:33 +0200
+
 argon2 (0~20171227-0.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru argon2-0~20171227/debian/control argon2-0~20171227/debian/control
--- argon2-0~20171227/debian/control    2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/control    2023-04-21 21:29:33.000000000 +0200
@@ -60,6 +60,7 @@
 Architecture: any
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}
+Breaks: cryptsetup-initramfs (<<2:2.6.1-2)
 Multi-Arch: same
 Description: memory-hard hashing function - runtime library
  Argon2 is a password-hashing function that can be used to hash passwords
diff -Nru argon2-0~20171227/debian/gbp.conf argon2-0~20171227/debian/gbp.conf
--- argon2-0~20171227/debian/gbp.conf   2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/gbp.conf   2023-04-21 21:29:33.000000000 +0200
@@ -1,7 +1,7 @@
 [DEFAULT]
 debian-tag = debian/%(version)s
 pristine-tar = True
-debian-branch = debian/sid
+debian-branch = debian/bookworm
 
 [buildpackage]
 upstream-tag = v%(version)s
diff -Nru argon2-0~20171227/debian/libargon2-1-udeb.install 
argon2-0~20171227/debian/libargon2-1-udeb.install
--- argon2-0~20171227/debian/libargon2-1-udeb.install   1970-01-01 
01:00:00.000000000 +0100
+++ argon2-0~20171227/debian/libargon2-1-udeb.install   2023-04-21 
21:29:33.000000000 +0200
@@ -0,0 +1,2 @@
+#!/usr/bin/dh-exec
+libargon2.so.1 => usr/lib/${DEB_HOST_MULTIARCH}/${SONAME}
diff -Nru argon2-0~20171227/debian/rules argon2-0~20171227/debian/rules
--- argon2-0~20171227/debian/rules      2022-02-13 10:41:34.000000000 +0100
+++ argon2-0~20171227/debian/rules      2023-04-21 21:29:33.000000000 +0200
@@ -16,26 +16,15 @@
 export SOVER=1
 export DEBPREFIX=0~
 export UPSTREAMVER=$(subst $(DEBPREFIX),,$(DEB_VERSION_UPSTREAM))
-export UDEBLIB=$(SONAME).udeb
 
 %:
        dh $@
 
-override_dh_auto_build:
-       dh_auto_build -- NO_THREADS=1
-       mv $(SONAME) $(UDEBLIB)
-       dh_auto_build
-
 override_dh_install:
        dh_install
        sed -i '/^## /d' 
debian/${PKG}-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libargon2.pc
        sed -i s/@HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/ 
debian/${PKG}-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libargon2.pc
        sed -i s/@UPSTREAM_VER@/$(UPSTREAMVER)/ 
debian/${PKG}-dev/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/libargon2.pc
-       install -D $(UDEBLIB) 
debian/$(SOPKG)-udeb/usr/lib/$(DEB_HOST_MULTIARCH)/$(SONAME)
-
-override_dh_auto_clean:
-       dh_auto_clean
-       -rm $(UDEBLIB)
 
 override_dh_auto_test:
        -$(MAKE) -j1 test

signature.asc
Description: PGP signature

Bug#1034809: bullseye-pu: package argon2/0~20171227-0.3+deb12u1

Reply via email to