Your message dated Sun, 22 Jan 2023 11:34:12 +0000 with message-id <e1pjyc0-00f9ww...@fasolo.debian.org> and subject line Bug#1026781: fixed in pkgconf 1.8.1-1 has caused the Debian Bug report #1026781, regarding pkgconf: breaks adequate missing-pkgconfig-dependency check due to behaviour change in: pkg-config --exists --print-errors to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1026781: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026781 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: pkgconf Severity: serious When a pkg doesn't have its dependencies satisfied, pkgconf --cflags etc all print an error message and return a failure exit code. With pkg-config, --exists does this check too, exits with an error and with --print-errors present, prints the same error as --cflags etc do. With pkgconf, --exists exits with an error only when the .pc file doesn't actually exist, so I think it doesn't check if dependencies are satisfied either, since with --print-errors no errors are printed. This breaks the adequate test missing-pkgconfig-dependency, which runs pkg-config and parses the output for errors about missing dependencies, see below for the code that does this parsing. pkg-config --exists --print-errors foo An example of the behaviour under pkg-config: $ pkg-config --exists --print-errors mpv ; echo $? Package wayland-protocols was not found in the pkg-config search path. Perhaps you should add the directory containing `wayland-protocols.pc' to the PKG_CONFIG_PATH environment variable Package 'wayland-protocols', required by 'mpv', not found 1 An example of the behaviour under pkgconf: $ pkgconf --exists --print-errors mpv ; echo $? 0 $ pkgconf --cflags mpv ; echo $? Package wayland-protocols was not found in the pkg-config search path. Perhaps you should add the directory containing `wayland-protocols.pc' to the PKG_CONFIG_PATH environment variable Package 'wayland-protocols', required by 'mpv', not found 1 This is the bug that lead me to this pkgconf bug: https://bugs.debian.org/1026624 Here is the code from adequate that performs this check, please ensure that the error message matches the regex below. $ dgrep -EC4 pkg-?conf adequate /usr/bin/adequate- check_elfs(%file_map); /usr/bin/adequate- check_paths(%file_map); /usr/bin/adequate- check_alternatives(\%package_map, \%file_map); /usr/bin/adequate- check_binfmts(@packages); /usr/bin/adequate: check_pkgconfig(%file_map); /usr/bin/adequate- flush_debconf(); /usr/bin/adequate- return; /usr/bin/adequate-} /usr/bin/adequate- -- /usr/bin/adequate- } /usr/bin/adequate- return; /usr/bin/adequate-} /usr/bin/adequate- /usr/bin/adequate:sub check_pkgconfig /usr/bin/adequate:: Tags(qw(missing-pkgconfig-dependency)) /usr/bin/adequate-{ /usr/bin/adequate- my %file_map = @_; /usr/bin/adequate- my %pkg_map = (); /usr/bin/adequate: -x '/usr/bin/pkg-config' or return; /usr/bin/adequate- while (my ($debpkg, $files) = each %file_map) { /usr/bin/adequate- for my $file (@{$files}) { /usr/bin/adequate: $file =~ m{^/usr/(?:share|lib(?:/[^/]+)?)/pkgconfig/([^/]+)[.]pc$} or next; /usr/bin/adequate- my $pkg = $1; /usr/bin/adequate- $pkg_map{$pkg} = $debpkg; /usr/bin/adequate- } /usr/bin/adequate- } /usr/bin/adequate- while (my ($pkg, $debpkg) = each %pkg_map) { /usr/bin/adequate- local $ENV{LC_ALL} = 'C'; /usr/bin/adequate- flush_std_fh(); /usr/bin/adequate: my $pkgconfig_pid = open(my $pkgconfig, '-|') // die "can't fork: $ERRNO"; /usr/bin/adequate: if ($pkgconfig_pid) { # parent /usr/bin/adequate: while (<$pkgconfig>) { /usr/bin/adequate- if (m/^Package '(.+)', required by '\Q$pkg\E', not found$/) { /usr/bin/adequate- my $deppkg = $1; /usr/bin/adequate: tag $debpkg, 'missing-pkgconfig-dependency', $pkg, '=>', $deppkg; /usr/bin/adequate- } /usr/bin/adequate- } /usr/bin/adequate: wait or die "pkg-config --exists: $ERRNO"; /usr/bin/adequate: close $pkgconfig; ## no critic (CheckedSyscalls) /usr/bin/adequate- } else { # child /usr/bin/adequate- open(STDERR, '>&STDOUT') or die "can't redirect stderr: $ERRNO"; /usr/bin/adequate: exec('pkg-config', '--exists', '--print-errors', $pkg); /usr/bin/adequate: die "can't exec pkg-config: $ERRNO"; /usr/bin/adequate- } /usr/bin/adequate- } /usr/bin/adequate- return; /usr/bin/adequate-} -- System Information: Debian Release: bookworm/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-6-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pkgconf depends on: ii pkgconf-bin 1.8.0-11 pkgconf recommends no packages. pkgconf suggests no packages. -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: pkgconf Source-Version: 1.8.1-1 Done: Andrej Shadura <andre...@debian.org> We believe that the bug you reported is fixed in the latest version of pkgconf, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1026...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrej Shadura <andre...@debian.org> (supplier of updated pkgconf package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 22 Jan 2023 12:06:42 +0100 Source: pkgconf Architecture: source Version: 1.8.1-1 Distribution: unstable Urgency: high Maintainer: Andrej Shadura <andre...@debian.org> Changed-By: Andrej Shadura <andre...@debian.org> Closes: 1026781 Changes: pkgconf (1.8.1-1) unstable; urgency=high . * New upstream release. - Fix a buffer overflow vulnerability involving very large variable expansions (CVE-2023-24056). * Apply an upstream patch to validate the dependency graph when --exists is specified (Closes: #1026781). * Regenerate the documentation for libpkgconf. Checksums-Sha1: 809f6128d03a0031188218fa5e7f85fd639d9b8f 1570 pkgconf_1.8.1-1.dsc 5d338fad0c8e2374687f42cadfdd8ebf8ab5dffc 302372 pkgconf_1.8.1.orig.tar.xz ae974d9ec03d2b1196d2109b2a0f3789daa5786a 15060 pkgconf_1.8.1-1.debian.tar.xz Checksums-Sha256: cf1f645d7a9522354a334130a55d16be7d62e304070d6675f826844b143dc47e 1570 pkgconf_1.8.1-1.dsc 644361ada2942be05655d4452eb018791647c31bba429b287f1f68deb2dc6840 302372 pkgconf_1.8.1.orig.tar.xz bd9330105d17bf4b9a9d2aaba4a150b35da21b7ba4b45d4bf7e034fa6e53ba2f 15060 pkgconf_1.8.1-1.debian.tar.xz Files: ca45b4872bb91a35338077f73d4eebc3 1570 devel optional pkgconf_1.8.1-1.dsc 51fad3383640dfc47a92731581dd2917 302372 devel optional pkgconf_1.8.1.orig.tar.xz 3ad430d6d7089cb78665f45007e49ca5 15060 devel optional pkgconf_1.8.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCY80ahQAKCRDoRGtKyMdy YbnoAP9Eq/7+b7TQizAf3cYEoriw0+qESOsqjnUf0FA/qPYW1AEAqcFFCpDYdkIg QOxFVeVu8k/KdwEGt+rOsaJ2hSjdpQs= =YWK+ -----END PGP SIGNATURE-----
--- End Message ---
