Merge into ubuntu/devel : kinetic-sasl2-digestmd5-noise : lp:~ahasenack/ubuntu/+source/cyrus-sasl2 : Git : Code : cyrus-sasl2 package : Ubuntu

Status:

Merged

Merged at revision:

2cb706ea1b8228261ab6d0ebe7866b2207777d30

Proposed branch:

~ahasenack/ubuntu/+source/cyrus-sasl2:kinetic-sasl2-digestmd5-noise

Merge into:

ubuntu/+source/cyrus-sasl2:ubuntu/devel

Diff against target:

124 lines (+90/-1)

4 files modified

debian/changelog (+7/-0)
debian/control (+2/-1)
debian/patches/0033-honor-log_level-option-on-clients-too.patch (+80/-0)
debian/patches/series (+1/-0)

Low

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Bryce Harrington (community)	2022-05-26	Approve on 2022-05-27
Canonical Server	2022-05-26	Pending
Review via email: mp+423455@code.launchpad.net

Description of the change

Upstream patch to fix some default logging noise in client apps using the cyrus-sasl2 libraries.

I didn't push this one to Debian because it's not really a severe bug, and since it's committed usptream it will be part of the next release, and we will sync the pacakge again when debian updates it. Also, having it as a patch like this makes it easier to provide an SRU if deemed necessary.

PPA with just amd64, but proposed enabled: https://launchpad.net/~ahasenack/+archive/ubuntu/sasl-verbose-digestmd5

DEP8 tests pass:
autopkgtest [09:22:07]: @@@@@@@@@@@@@@@@@@@@ summary
pluginviewer PASS
saslauthd PASS
gssapi PASS
shared-secret-mechs PASS

(shared-secret-mechs is the one that tests digest-md5, among others)

To test, install in a container:
apt install slapd ldap-utils

Tail the auth log:
tail -f /var/log/auth.log

Run this command, with any password (it will fail, as expected):
ldapwhoami -Y DIGEST-MD5

Watch the logs get lots of debugging messages for digest-md5:
May 26 12:30:57 k1 ldapwhoami: DIGEST-MD5 client step 2
May 26 12:30:57 k1 ldapwhoami: DIGEST-MD5 parse_server_challenge()
May 26 12:30:57 k1 ldapwhoami: DIGEST-MD5 ask_user_info()
May 26 12:30:58 k1 ldapwhoami: DIGEST-MD5 client step 2
May 26 12:30:58 k1 ldapwhoami: DIGEST-MD5 ask_user_info()
May 26 12:30:58 k1 ldapwhoami: DIGEST-MD5 make_client_response()
May 26 12:30:58 k1 ldapwhoami: DIGEST-MD5 create_layer_keys()
May 26 12:30:58 k1 ldapwhoami: DIGEST-MD5 client mech dispose
May 26 12:30:58 k1 ldapwhoami: DIGEST-MD5 common mech dispose

With the new cyrus-sasl2 packages, there is blissed silence.

Revision history for this message

Bryce Harrington (bryce) wrote on 2022-05-27:

#

I've triggered autopkgtests against the PPA

$ lp-test-ppa -r kinetic --showpass ppa:ahasenack/sasl-verbose-digestmd5
Tests for PPA sasl-verbose-digestmd5
---- ---- ---- ----
Release: kinetic
Sources:
  SRC: cyrus-sasl2 @ 2.1.28+dfsg-6ubuntu1~ppa1 - Published
Triggers on published Sources:
           cyrus-sasl2 @ amd64 for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1 Trigger @amd64 ♻️ Trigger all proposed @amd64 ♻️ 💍
           cyrus-sasl2 @ s390x for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1 Trigger @s390x ♻️ Trigger all proposed @s390x ♻️ 💍
           cyrus-sasl2 @ ppc64el for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1 Trigger @ppc64el ♻️ Trigger all proposed @ppc64el ♻️ 💍
           cyrus-sasl2 @ arm64 for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1 Trigger @arm64 ♻️ Trigger all proposed @arm64 ♻️ 💍
           cyrus-sasl2 @ armhf for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1 Trigger @armhf ♻️ Trigger all proposed @armhf ♻️ 💍
           cyrus-sasl2 @ riscv64 for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1 Trigger @riscv64 ♻️ Trigger all proposed @riscv64 ♻️ 💍
Results from https://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-ahasenack-sasl-verbose-digestmd5/?format=plain:
    No results published yet
Running:
    time pkg release arch ppa trigger
    0:00:20 cyrus-sasl2 kinetic amd64 ahasenack/sasl-verbose-digestmd5 cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
    0:01:20 cyrus-sasl2 kinetic s390x ahasenack/sasl-verbose-digestmd5 cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
    0:01:20 cyrus-sasl2 kinetic ppc64el ahasenack/sasl-verbose-digestmd5 cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
    0:01:20 cyrus-sasl2 kinetic armhf ahasenack/sasl-verbose-digestmd5 cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
Waiting:
    Q-num pkg release arch ppa trigger
    1 cyrus-sasl2 kinetic arm64 ahasenack/sasl-verbose-digestmd5 cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1

I've triggered autopkgtests against the PPA

$ lp-test-ppa -r kinetic --showpass ppa:ahasenack/sasl-verbose-digestmd5
Tests for PPA sasl-verbose-digestmd5
---- ---- ---- ----
Release: kinetic
Sources:
  SRC: cyrus-sasl2 @ 2.1.28+dfsg-6ubuntu1~ppa1 - Published
Triggers on published Sources:
           cyrus-sasl2 @ amd64   for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1     Trigger @amd64 ♻️      Trigger all proposed @amd64 ♻️ 💍
           cyrus-sasl2 @ s390x   for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1     Trigger @s390x ♻️      Trigger all proposed @s390x ♻️ 💍
           cyrus-sasl2 @ ppc64el for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1     Trigger @ppc64el ♻️      Trigger all proposed @ppc64el ♻️ 💍
           cyrus-sasl2 @ arm64   for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1     Trigger @arm64 ♻️      Trigger all proposed @arm64 ♻️ 💍
           cyrus-sasl2 @ armhf   for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1     Trigger @armhf ♻️      Trigger all proposed @armhf ♻️ 💍
           cyrus-sasl2 @ riscv64 for cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1     Trigger @riscv64 ♻️      Trigger all proposed @riscv64 ♻️ 💍
Results from https://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-ahasenack-sasl-verbose-digestmd5/?format=plain:
    No results published yet
Running:
    time     pkg                                      release  arch     ppa                                      trigger
    0:00:20  cyrus-sasl2                              kinetic  amd64    ahasenack/sasl-verbose-digestmd5         cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
    0:01:20  cyrus-sasl2                              kinetic  s390x    ahasenack/sasl-verbose-digestmd5         cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
    0:01:20  cyrus-sasl2                              kinetic  ppc64el  ahasenack/sasl-verbose-digestmd5         cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
    0:01:20  cyrus-sasl2                              kinetic  armhf    ahasenack/sasl-verbose-digestmd5         cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
Waiting:
    Q-num    pkg                                      release  arch     ppa                                      trigger
    1        cyrus-sasl2                              kinetic  arm64    ahasenack/sasl-verbose-digestmd5         cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1

Revision history for this message

Bryce Harrington (bryce) wrote on 2022-05-27:

#

Some inline discussion but mostly me talking to myself, nothing that really has to be changed.

I'm not sure how this is enacted in the client, but I noticed you asked that question and got an answer, and you've tested thoroughly enough to confirm it does behave as expected in practice, so presumably you're confident it's being enacted properly.

Everything LGTM, +1.

Results from https://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-ahasenack-sasl-verbose-digestmd5/?format=plain:
Log 🗒️ ✅ Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
PASS ✅
PASS ✅
PASS ✅
/>secret-mechs PASS ✅
Log 🗒️ ✅ Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
PASS ✅
PASS ✅
PASS ✅
/>secret-mechs PASS ✅
Log 🗒️ ✅ Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
PASS ✅
PASS ✅
PASS ✅
/>secret-mechs PASS ✅
Log 🗒️ ✅ Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
PASS ✅
PASS ✅
PASS ✅
/>secret-mechs PASS ✅
release arch ppa trigger
kinetic amd64 ahasenack/sasl-verbose-digestmd5 cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1

Some inline discussion but mostly me talking to myself, nothing that really has to be changed.

I'm not sure how this is enacted in the client, but I noticed you asked that question and got an answer, and you've tested thoroughly enough to confirm it does behave as expected in practice, so presumably you're confident it's being enacted properly.

Everything LGTM, +1.

Results from https://autopkgtest.ubuntu.com/results/autopkgtest-kinetic-ahasenack-sasl-verbose-digestmd5/?format=plain:
  cyrus-sasl2 @ arm64:
    27.05.22 18:52:51    Log 🗒️	✅     Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
      pluginviewer         PASS                          ✅ 
      saslauthd            PASS                          ✅ 
      gssapi               PASS                          ✅ 
      shared-secret-mechs  PASS                          ✅ 
  cyrus-sasl2 @ armhf:
    27.05.22 18:54:57    Log 🗒️	✅     Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
      pluginviewer         PASS                          ✅ 
      saslauthd            PASS                          ✅ 
      gssapi               PASS                          ✅ 
      shared-secret-mechs  PASS                          ✅ 
  cyrus-sasl2 @ ppc64el:
    27.05.22 18:43:38    Log 🗒️	✅     Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
      pluginviewer         PASS                          ✅ 
      saslauthd            PASS                          ✅ 
      gssapi               PASS                          ✅ 
      shared-secret-mechs  PASS                          ✅ 
  cyrus-sasl2 @ s390x:
    27.05.22 18:42:11    Log 🗒️	✅     Triggers: ['cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1']
      pluginviewer         PASS                          ✅ 
      saslauthd            PASS                          ✅ 
      gssapi               PASS                          ✅ 
      shared-secret-mechs  PASS                          ✅ 
Running:
    time     pkg                                      release  arch     ppa                                      trigger
    0:23:22  cyrus-sasl2                              kinetic  amd64    ahasenack/sasl-verbose-digestmd5         cyrus-sasl2/2.1.28+dfsg-6ubuntu1~ppa1
Waiting:

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-05-27:

#

Thanks Bryce for the thorough checks

 diff --git a/debian/changelog b/debian/changelog
 index 4383f9f..3bb340c 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,10 @@
++cyrus-sasl2 (2.1.28+dfsg-6ubuntu1) kinetic; urgency=medium
++
++  * d/p/0033-honor-log_level-option-on-clients-too.patch: honor log
++    level option on clients (LP: #827151)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Wed, 25 May 2022 16:41:43 -0300
++
  cyrus-sasl2 (2.1.28+dfsg-6) unstable; urgency=high
    * d/copyright: Add debian/tests info
 diff --git a/debian/control b/debian/control
 index 3974a90..4c87ba6 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: cyrus-sasl2
  Section: libs
  Priority: optional
--Maintainer: Debian Cyrus Team <team+cyrus@tracker.debian.org>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Cyrus Team <team+cyrus@tracker.debian.org>
  Uploaders: Fabian Fagerholm <fabbe@debian.org>,
             Ondřej Surý <ondrej@debian.org>,
             Bastian Germann <bage@debian.org>,
 diff --git a/debian/patches/0033-honor-log_level-option-on-clients-too.patch b/debian/patches/0033-honor-log_level-option-on-clients-too.patch
 new file mode 100644
 index 0000000..f2806e0
 --- /dev/null
 +++ b/debian/patches/0033-honor-log_level-option-on-clients-too.patch
@@ -0,0 +1,80 @@
++From cb549ef71c5bb646fe583697ebdcaba93267a237 Mon Sep 17 00:00:00 2001
++From: Howard Chu <hyc@symas.com>
++Date: Thu, 14 Apr 2022 16:27:54 +0100
++Subject: [PATCH] Fix #386 - honor log_level option on clients too
++
++Signed-off-by: Howard Chu <hyc@symas.com>
++---
++ include/saslplug.h | 2 +-
++ lib/client.c       | 5 ++++-
++ lib/common.c       | 7 ++++++-
++ 3 files changed, 11 insertions(+), 3 deletions(-)
++
++Origin: upstream, https://github.com/cyrusimap/cyrus-sasl/commit/cb549ef71c5bb646fe583697ebdcaba93267a237
++Bug: https://github.com/cyrusimap/cyrus-sasl/issues/386
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/jammy/+source/cyrus-sasl2/+bug/827151
++Last-Update: 2022-05-25
++
++diff --git a/include/saslplug.h b/include/saslplug.h
++index ab79e68c..988010f6 100755
++--- a/include/saslplug.h
+++++ b/include/saslplug.h
++@@ -305,7 +305,7 @@ typedef struct sasl_client_params {
++     int (*spare_fptr1)(void);
++
++     unsigned int cbindingdisp;
++-    int spare_int2;
+++    int log_level;
++     int spare_int3;
++
++     /* flags field as passed to sasl_client_new */
++diff --git a/lib/client.c b/lib/client.c
++index 3784bb0e..443f8cde 100644
++--- a/lib/client.c
+++++ b/lib/client.c
++@@ -403,7 +403,7 @@ int sasl_client_new(const char *service,
++   sasl_utils_t *utils;
++   sasl_getopt_t *getopt;
++   void *context;
++-  const char *mlist = NULL;
+++  const char *mlist = NULL, *log_level;
++   int plus = 0;
++
++   if (_sasl_client_active == 0) return SASL_NOTINIT;
++@@ -445,9 +445,12 @@ int sasl_client_new(const char *service,
++   utils->conn= *pconn;
++   conn->cparams->utils = utils;
++
+++  log_level = NULL;
++   if(_sasl_getcallback(*pconn, SASL_CB_GETOPT, (sasl_callback_ft *)&getopt, &context) == SASL_OK) {
+++    getopt(context, NULL, "log_level", &log_level, NULL);
++     getopt(context, NULL, "client_mech_list", &mlist, NULL);
++   }
+++  conn->cparams->log_level = log_level ? atoi(log_level) : SASL_LOG_ERR;
++
++   /* if we have a client_mech_list, create ordered list of
++      available mechanisms for this conn */
++diff --git a/lib/common.c b/lib/common.c
++index d9104c89..fd8fcc3c 100644
++--- a/lib/common.c
+++++ b/lib/common.c
++@@ -1480,13 +1480,18 @@ static int _sasl_syslog(void *context,
++ 			const char *message)
++ {
++     int syslog_priority;
++-    sasl_server_conn_t *sconn;
++
++     if (context) {
++ 	if (((sasl_conn_t *)context)->type == SASL_CONN_SERVER) {
+++	    sasl_server_conn_t *sconn;
++ 	    sconn = (sasl_server_conn_t *)context;
++ 	    if (sconn->sparams->log_level < priority)
++ 		return SASL_OK;
+++	} else {
+++	    sasl_client_conn_t *conn;
+++	    conn = (sasl_client_conn_t *)context;
+++	    if (conn->cparams->log_level < priority)
+++		return SASL_OK;
++ 	}
++     }
++
 diff --git a/debian/patches/series b/debian/patches/series
 index 3f0a7da..cecd7ba 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -18,3 +18,4 @@
 -Catch-errors-from-EVP_Digest-functions.patch
 -Load-OpenSSL3-legacy-provider-digestmd5.patch
 -Add-with_pgsql-include-postgresql-to-include-path.patch
++0033-honor-log_level-option-on-clients-too.patch

Ubuntu
cyrus-sasl2 package

Merge ~ahasenack/ubuntu/+source/cyrus-sasl2:kinetic-sasl2-digestmd5-noise into ubuntu/+source/cyrus-sasl2:ubuntu/devel

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntucyrus-sasl2 package

Merge ~ahasenack/ubuntu/+source/cyrus-sasl2:kinetic-sasl2-digestmd5-noise into ubuntu/+source/cyrus-sasl2:ubuntu/devel

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
cyrus-sasl2 package