I am uploading a NMU to DELAYED/10 in order to fix this.
The debdiff is attached.
diff -Nru compartment-1.1.0/compartment.1 compartment-1.1.0/compartment.1
--- compartment-1.1.0/compartment.1 2023-10-02 22:20:34.000000000 +0200
+++ compartment-1.1.0/compartment.1 2000-04-16 14:54:39.000000000 +0200
@@ -12,7 +12,7 @@
.SH DESCRIPTION
The
-.I Secure Compartment
+.I SuSE Secure Compartment
was designed to allow safe execution of priviliged and/or untrusted
executables and services.
It has got all features possible included, which can be used to minimize the
risk of a trojanized or vulnerable program/service.
@@ -107,9 +107,6 @@
an RPM file from the SuSE FTP servers. It can also be downloaded as a .tar.gz
file from
.I http://www.suse.de/~marc
-.PP
-It has been also part of the Debian GNU/Linux distribution since just
-after woody (Debian 3.0)
.SH LICENCE
.Sp
@@ -128,4 +125,4 @@
.I chroot
(1),
.I chroot
-(2)
+(2)
\ Kein Zeilenumbruch am Dateiende.
diff -Nru compartment-1.1.0/compartment.c compartment-1.1.0/compartment.c
--- compartment-1.1.0/compartment.c 2023-10-02 22:20:34.000000000 +0200
+++ compartment-1.1.0/compartment.c 2001-02-25 13:16:43.000000000 +0100
@@ -35,7 +35,7 @@
#include <sys/time.h>
#include <sys/resource.h>
-#define PROGRAM_NAME "Secure compartment"
+#define PROGRAM_NAME "SuSE secure compartment"
#define VERSION "v1.1"
#define AUTHOR "Marc Heuse <m...@suse.de>"
#define POINTER "http://www.suse.de/~marc";
@@ -43,16 +43,16 @@
char *_env[] = { "HOME=/", "COMPARTMENT=YES", "PATH=/bin:/usr/bin:/", "" };
-int cap_set_no[28] = {
+int cap_set_no[29] = {
CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH,CAP_FOWNER,CAP_FSETID,
- CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
+ CAP_FS_MASK,CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK,
CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT,CAP_SYS_PTRACE,
CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE,CAP_SYS_RESOURCE,
CAP_SYS_TIME,CAP_SYS_TTY_CONFIG, 0 };
-char cap_set_names[28][29] = {
+char cap_set_names[29][29] = {
"CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID",
- "CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
+ "CAP_FS_MASK","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
"CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST",
"CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE",
"CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT",
@@ -74,7 +74,18 @@
void help() {
fprintf(stderr, "%s %s %s %s\n\n", PROGRAM_NAME, VERSION, AUTHOR, POINTER);
fprintf(stderr, "Syntax: %s [options] /full/path/to/program\n", prg);
- fprintf(stderr, "Options:\n\t --chroot path\t chroot to path\n\t --user
user\t change uid to this user\n\t --group group\t change gid to this group\n\t
--init program\t execute this program/script before doing anything\n\t --cap
capset\t set capset name. This option can be used several times.\n\t
--verbose\t be verbose\n\t --quiet\t do no logging (to syslog)\n\t --fork\t\t
fork (if everything is fine)\n\nHints: always try to chroot; use --user&group
if possible; chroot and chown all\nfiles to another user than root if you use
capabilties. Read the README file!\n\nKnown capset names: none");
+ fprintf(stderr, "Options:
+\t --chroot path\t chroot to path
+\t --user user\t change uid to this user
+\t --group group\t change gid to this group
+\t --init program\t execute this program/script before doing anything
+\t --cap capset\t set capset name. This option can be used several times.
+\t --verbose\t be verbose
+\t --quiet\t do no logging (to syslog)
+\t --fork\t\t fork (if everything is fine)
+\nHints: always try to chroot; use --user&group if possible; chroot and chown
all
+files to another user than root if you use capabilties. Read the README file!
+\nKnown capset names: none");
tmp = 0;
while(strlen(cap_set_names[tmp])>0)
fprintf(stderr," %s",cap_set_names[tmp++]);
@@ -90,7 +101,7 @@
va_start(arg, format);
vfprintf(stderr, format, arg);
vsnprintf(log, LOGBUF, format, arg);
- syslog(LOG_NOTICE, "%s\n", log);
+ syslog(LOG_NOTICE, log);
va_end(arg);
free(log);
}
@@ -162,11 +173,11 @@
help();
my_secure();
- openlog("compartment", LOG_PID, LOG_DAEMON);
+ openlog("SuSEcompartment", LOG_PID, LOG_DAEMON);
if (sizeof(uid_t) == 4) {
- uidrange = 65535;
+ (unsigned long int) uidrange = 65535;
} else { if (sizeof(uid_t) == 8) {
- uidrange = (unsigned long int) 2147483646; //4294967295;
+ (unsigned long int) uidrange = (unsigned long int) 2147483646;
//4294967295;
} else
fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t));
}
@@ -407,7 +418,11 @@
if (access(_argv[0], X_OK) < 0)
print_msg("Execute bit missing, or no permissions to execute
%s\n", _argv[0]);
else
- print_msg("Could not properly execute %s - the chroot
environment might not be\nset up correctly:\nCreate the directories /etc and
/lib in chroot_dir and run \"ldd %s\"\nto see which libraries are needed. Copy
these to chroot_dir/lib, then chdir to\nchroot_dir and execute \"ldconfig -X -r
.\"\n", _argv[0], _argv[0]);
+ print_msg("Could not properly execute %s - the chroot
environment might not be
+set up correctly:
+Create the directories /etc and /lib in chroot_dir and run \"ldd %s\"
+to see which libraries are needed. Copy these to chroot_dir/lib, then chdir to
+chroot_dir and execute \"ldconfig -X -r .\"\n", _argv[0], _argv[0]);
}
return 1;
diff -Nru compartment-1.1.0/debian/changelog compartment-1.1.0/debian/changelog
--- compartment-1.1.0/debian/changelog 2023-10-02 22:20:34.000000000 +0200
+++ compartment-1.1.0/debian/changelog 2023-10-02 22:16:27.000000000 +0200
@@ -1,3 +1,10 @@
+compartment (1.1.0-5.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * Convert to source format 3.0 (Closes: #1007416)
+
+ -- Bastian Germann <b...@debian.org> Mon, 02 Oct 2023 22:16:27 +0200
+
compartment (1.1.0-5) unstable; urgency=medium
* debian/rules: Use simplified debhelper version
diff -Nru compartment-1.1.0/debian/patches/debian.patch
compartment-1.1.0/debian/patches/debian.patch
--- compartment-1.1.0/debian/patches/debian.patch 1970-01-01
01:00:00.000000000 +0100
+++ compartment-1.1.0/debian/patches/debian.patch 2023-10-02
22:16:27.000000000 +0200
@@ -0,0 +1,163 @@
+--- compartment-1.1.0.orig/Makefile
++++ compartment-1.1.0/Makefile
+@@ -1,24 +1,31 @@
+ CC=gcc
+ OPTS=-Wall -O2
+-BIN_DIR=/usr/sbin
++INSTALL=install -s
++PREFIX=/usr
++BIN_DIR=${PREFIX}/sbin
+ BIN_LIST=compartment
+-DOC_DIR=/usr/doc/packages/compartment
+-DOC_LIST=README LICENCE CHANGES TODO
+-MAN_DIR=/usr/share/man/man1
++DOC_DIR=${PREFIX}/share/doc/packages/compartment
++DOC_LIST=README CHANGES TODO
++MAN_DIR=${PREFIX}/share/man/man1
+ MAN_LIST=compartment.1
+
+ all: compartment
+
+ compartment: compartment.c
+- ${CC} ${OPTS} -o ${BIN_LIST} compartment.c
+- strip ${BIN_LIST}
++ ${CC} -c ${CFLAGS} ${CPPFLAGs} -o ${BIN_LIST} compartment.c
++# strip ${BIN_LIST}
+
+ clean:
+ rm -f ${BIN_LIST} core *~
+
+-install: compartment
+- install -o root -g root -m 751 ${BIN_LIST} ${BIN_DIR}
+- install -d -o root -g root -m 755 ${DOC_DIR}
+- install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR}
+- install -d -o root -g root -m 755 ${MAN_DIR}
+- install -o root -g root -m 644 ${MAN_LIST} ${MAN_DIR}
++install: install-doc install-bin
++
++install-bin: compartment
++ $(INSTALL) -o root -g root -m 751 ${BIN_LIST} ${DESTDIR}${BIN_DIR}
++
++install-doc:
++ install -d -o root -g root -m 755 ${DESTDIR}${DOC_DIR}
++ install -o root -g root -m 644 ${DOC_LIST} ${DESTDIR}${DOC_DIR}
++ install -d -o root -g root -m 755 ${DESTDIR}${MAN_DIR}
++ install -o root -g root -m 644 ${MAN_LIST} ${DESTDIR}${MAN_DIR}
++
+--- compartment-1.1.0.orig/compartment.1
++++ compartment-1.1.0/compartment.1
+@@ -12,7 +12,7 @@ compartment \- secure program/service wr
+
+ .SH DESCRIPTION
+ The
+-.I SuSE Secure Compartment
++.I Secure Compartment
+ was designed to allow safe execution of priviliged and/or untrusted
executables and services.
+ It has got all features possible included, which can be used to minimize the
risk of a trojanized or vulnerable program/service.
+
+@@ -107,6 +107,9 @@ is part of the SuSE Linux Distribtution
+ an RPM file from the SuSE FTP servers. It can also be downloaded as a .tar.gz
+ file from
+ .I http://www.suse.de/~marc
++.PP
++It has been also part of the Debian GNU/Linux distribution since just
++after woody (Debian 3.0)
+
+ .SH LICENCE
+ .Sp
+@@ -125,4 +128,4 @@ for more details.
+ .I chroot
+ (1),
+ .I chroot
+-(2)
+\ No newline at end of file
++(2)
+--- compartment-1.1.0.orig/compartment.c
++++ compartment-1.1.0/compartment.c
+@@ -35,7 +35,7 @@
+ #include <sys/time.h>
+ #include <sys/resource.h>
+
+-#define PROGRAM_NAME "SuSE secure compartment"
++#define PROGRAM_NAME "Secure compartment"
+ #define VERSION "v1.1"
+ #define AUTHOR "Marc Heuse <m...@suse.de>"
+ #define POINTER "http://www.suse.de/~marc";
+@@ -43,16 +43,16 @@
+
+ char *_env[] = { "HOME=/", "COMPARTMENT=YES", "PATH=/bin:/usr/bin:/", "" };
+
+-int cap_set_no[29] = {
++int cap_set_no[28] = {
+ CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH,CAP_FOWNER,CAP_FSETID,
+- CAP_FS_MASK,CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
++ CAP_KILL,CAP_SETGID,CAP_SETUID,CAP_SETPCAP,CAP_LINUX_IMMUTABLE,
+
CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_ADMIN,CAP_NET_RAW,CAP_IPC_LOCK,
+ CAP_IPC_OWNER,CAP_SYS_MODULE,CAP_SYS_RAWIO,CAP_SYS_CHROOT,CAP_SYS_PTRACE,
+ CAP_SYS_PACCT,CAP_SYS_ADMIN,CAP_SYS_BOOT,CAP_SYS_NICE,CAP_SYS_RESOURCE,
+ CAP_SYS_TIME,CAP_SYS_TTY_CONFIG, 0 };
+-char cap_set_names[29][29] = {
++char cap_set_names[28][29] = {
+
"CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID",
+- "CAP_FS_MASK","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
++ "CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP",
+ "CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST",
+
"CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE",
+ "CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT",
+@@ -74,18 +74,7 @@ struct group *gr;
+ void help() {
+ fprintf(stderr, "%s %s %s %s\n\n", PROGRAM_NAME, VERSION, AUTHOR,
POINTER);
+ fprintf(stderr, "Syntax: %s [options] /full/path/to/program\n", prg);
+- fprintf(stderr, "Options:
+-\t --chroot path\t chroot to path
+-\t --user user\t change uid to this user
+-\t --group group\t change gid to this group
+-\t --init program\t execute this program/script before doing anything
+-\t --cap capset\t set capset name. This option can be used several times.
+-\t --verbose\t be verbose
+-\t --quiet\t do no logging (to syslog)
+-\t --fork\t\t fork (if everything is fine)
+-\nHints: always try to chroot; use --user&group if possible; chroot and chown
all
+-files to another user than root if you use capabilties. Read the README file!
+-\nKnown capset names: none");
++ fprintf(stderr, "Options:\n\t --chroot path\t chroot to path\n\t --user
user\t change uid to this user\n\t --group group\t change gid to this group\n\t
--init program\t execute this program/script before doing anything\n\t --cap
capset\t set capset name. This option can be used several times.\n\t
--verbose\t be verbose\n\t --quiet\t do no logging (to syslog)\n\t --fork\t\t
fork (if everything is fine)\n\nHints: always try to chroot; use --user&group
if possible; chroot and chown all\nfiles to another user than root if you use
capabilties. Read the README file!\n\nKnown capset names: none");
+ tmp = 0;
+ while(strlen(cap_set_names[tmp])>0)
+ fprintf(stderr," %s",cap_set_names[tmp++]);
+@@ -101,7 +90,7 @@ void print_msg(const char *format, ...)
+ va_start(arg, format);
+ vfprintf(stderr, format, arg);
+ vsnprintf(log, LOGBUF, format, arg);
+- syslog(LOG_NOTICE, log);
++ syslog(LOG_NOTICE, "%s\n", log);
+ va_end(arg);
+ free(log);
+ }
+@@ -173,11 +162,11 @@ int main (int argc, char *argv[]) {
+ help();
+
+ my_secure();
+- openlog("SuSEcompartment", LOG_PID, LOG_DAEMON);
++ openlog("compartment", LOG_PID, LOG_DAEMON);
+ if (sizeof(uid_t) == 4) {
+- (unsigned long int) uidrange = 65535;
++ uidrange = 65535;
+ } else { if (sizeof(uid_t) == 8) {
+- (unsigned long int) uidrange = (unsigned long int) 2147483646;
//4294967295;
++ uidrange = (unsigned long int) 2147483646; //4294967295;
+ } else
+ fprintf(stderr, "Warning: weird uid size: %d\n", sizeof(uid_t));
+ }
+@@ -418,11 +407,7 @@ int main (int argc, char *argv[]) {
+ if (access(_argv[0], X_OK) < 0)
+ print_msg("Execute bit missing, or no permissions to execute
%s\n", _argv[0]);
+ else
+- print_msg("Could not properly execute %s - the chroot
environment might not be
+-set up correctly:
+-Create the directories /etc and /lib in chroot_dir and run \"ldd %s\"
+-to see which libraries are needed. Copy these to chroot_dir/lib, then chdir to
+-chroot_dir and execute \"ldconfig -X -r .\"\n", _argv[0], _argv[0]);
++ print_msg("Could not properly execute %s - the chroot
environment might not be\nset up correctly:\nCreate the directories /etc and
/lib in chroot_dir and run \"ldd %s\"\nto see which libraries are needed. Copy
these to chroot_dir/lib, then chdir to\nchroot_dir and execute \"ldconfig -X -r
.\"\n", _argv[0], _argv[0]);
+ }
+
+ return 1;
diff -Nru compartment-1.1.0/debian/patches/series
compartment-1.1.0/debian/patches/series
--- compartment-1.1.0/debian/patches/series 1970-01-01 01:00:00.000000000
+0100
+++ compartment-1.1.0/debian/patches/series 2023-10-02 22:16:27.000000000
+0200
@@ -0,0 +1 @@
+debian.patch
diff -Nru compartment-1.1.0/debian/source/format
compartment-1.1.0/debian/source/format
--- compartment-1.1.0/debian/source/format 1970-01-01 01:00:00.000000000
+0100
+++ compartment-1.1.0/debian/source/format 2023-10-02 22:16:20.000000000
+0200
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru compartment-1.1.0/Makefile compartment-1.1.0/Makefile
--- compartment-1.1.0/Makefile 2023-10-02 22:20:34.000000000 +0200
+++ compartment-1.1.0/Makefile 2000-04-24 13:04:43.000000000 +0200
@@ -1,31 +1,24 @@
CC=gcc
OPTS=-Wall -O2
-INSTALL=install -s
-PREFIX=/usr
-BIN_DIR=${PREFIX}/sbin
+BIN_DIR=/usr/sbin
BIN_LIST=compartment
-DOC_DIR=${PREFIX}/share/doc/packages/compartment
-DOC_LIST=README CHANGES TODO
-MAN_DIR=${PREFIX}/share/man/man1
+DOC_DIR=/usr/doc/packages/compartment
+DOC_LIST=README LICENCE CHANGES TODO
+MAN_DIR=/usr/share/man/man1
MAN_LIST=compartment.1
all: compartment
compartment: compartment.c
- ${CC} -c ${CFLAGS} ${CPPFLAGs} -o ${BIN_LIST} compartment.c
-# strip ${BIN_LIST}
+ ${CC} ${OPTS} -o ${BIN_LIST} compartment.c
+ strip ${BIN_LIST}
clean:
rm -f ${BIN_LIST} core *~
-install: install-doc install-bin
-
-install-bin: compartment
- $(INSTALL) -o root -g root -m 751 ${BIN_LIST} ${DESTDIR}${BIN_DIR}
-
-install-doc:
- install -d -o root -g root -m 755 ${DESTDIR}${DOC_DIR}
- install -o root -g root -m 644 ${DOC_LIST} ${DESTDIR}${DOC_DIR}
- install -d -o root -g root -m 755 ${DESTDIR}${MAN_DIR}
- install -o root -g root -m 644 ${MAN_LIST} ${DESTDIR}${MAN_DIR}
-
+install: compartment
+ install -o root -g root -m 751 ${BIN_LIST} ${BIN_DIR}
+ install -d -o root -g root -m 755 ${DOC_DIR}
+ install -o root -g root -m 644 ${DOC_LIST} ${DOC_DIR}
+ install -d -o root -g root -m 755 ${MAN_DIR}
+ install -o root -g root -m 644 ${MAN_LIST} ${MAN_DIR}
