Version in base suite: 2022.7-2 Base version: ostree_2022.7-2 Target version: ostree_2022.7-2+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/ostree/ostree_2022.7-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/ostree/ostree_2022.7-2+deb12u1.dsc changelog | 13 ++ control | 2 gbp.conf | 2 patches/curl-Assert-that-curl_multi_assign-worked.patch | 31 ++++ patches/curl-Make-socket-callback-during-cleanup-into-no-op.patch | 64 ++++++++++ patches/series | 2 6 files changed, 112 insertions(+), 2 deletions(-) diff -Nru ostree-2022.7/debian/changelog ostree-2022.7/debian/changelog --- ostree-2022.7/debian/changelog 2022-12-06 11:11:05.000000000 +0000 +++ ostree-2022.7/debian/changelog 2024-10-01 11:25:32.000000000 +0000 @@ -1,3 +1,16 @@ +ostree (2022.7-2+deb12u1) bookworm; urgency=medium + + * d/control, d/gbp.conf: Configure for stable updates + * d/p/curl-Assert-that-curl_multi_assign-worked.patch, + d/p/curl-Make-socket-callback-during-cleanup-into-no-op.patch: + Add patches from upstream 2024.8 to avoid libflatpak crash with an + assertion failure when using curl 8.10.x. + This was originally reported in testing/unstable, but can affect + bookworm if using libcurl3-gnutls from bookworm-backports. + (Closes: #1082121) + + -- Simon McVittie Tue, 01 Oct 2024 12:25:32 +0100 + ostree (2022.7-2) unstable; urgency=medium * Skip test-sysroot.js on s390x (Mitigates: #1025532) diff -Nru ostree-2022.7/debian/control ostree-2022.7/debian/control --- ostree-2022.7/debian/control 2022-12-06 11:11:05.000000000 +0000 +++ ostree-2022.7/debian/control 2024-10-01 11:25:32.000000000 +0000 @@ -50,7 +50,7 @@ Rules-Requires-Root: no Standards-Version: 4.6.1 Homepage: https://github.com/ostreedev/ostree/ -Vcs-Git: https://salsa.debian.org/debian/ostree.git +Vcs-Git: https://salsa.debian.org/debian/ostree.git -b debian/bookworm Vcs-Browser: https://salsa.debian.org/debian/ostree Package: gir1.2-ostree-1.0 diff -Nru ostree-2022.7/debian/gbp.conf ostree-2022.7/debian/gbp.conf --- ostree-2022.7/debian/gbp.conf 2022-12-06 11:11:05.000000000 +0000 +++ ostree-2022.7/debian/gbp.conf 2024-10-01 11:25:32.000000000 +0000 @@ -1,7 +1,7 @@ [DEFAULT] pristine-tar = True compression = xz -debian-branch = debian/latest +debian-branch = debian/bookworm upstream-branch = upstream/latest patch-numbers = False upstream-vcs-tag = v%(version)s diff -Nru ostree-2022.7/debian/patches/curl-Assert-that-curl_multi_assign-worked.patch ostree-2022.7/debian/patches/curl-Assert-that-curl_multi_assign-worked.patch --- ostree-2022.7/debian/patches/curl-Assert-that-curl_multi_assign-worked.patch 1970-01-01 00:00:00.000000000 +0000 +++ ostree-2022.7/debian/patches/curl-Assert-that-curl_multi_assign-worked.patch 2024-10-01 11:25:32.000000000 +0000 @@ -0,0 +1,31 @@ +From: Colin Walters +Date: Wed, 18 Sep 2024 13:21:27 -0400 +Subject: curl: Assert that curl_multi_assign worked + +ref https://github.com/ostreedev/ostree/issues/3299 + +This won't fix that issue, but *if* this assertion triggers +it should give us a better idea of the possible codepaths +where it is happening. + +Signed-off-by: Colin Walters +Origin: upstream, 2024.8, commit:472d9d493a3e4a08415da4c337a7e831e0c5a5e2 +Bug-Debian: https://bugs.debian.org/1082121 +--- + src/libostree/ostree-fetcher-curl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libostree/ostree-fetcher-curl.c b/src/libostree/ostree-fetcher-curl.c +index 522eacf..3bbd9ba 100644 +--- a/src/libostree/ostree-fetcher-curl.c ++++ b/src/libostree/ostree-fetcher-curl.c +@@ -509,7 +509,8 @@ addsock (curl_socket_t s, CURL *easy, int action, OstreeFetcher *fetcher) + fdp->refcount = 1; + fdp->fetcher = fetcher; + setsock (fdp, s, action, fetcher); +- curl_multi_assign (fetcher->multi, s, fdp); ++ CURLMcode rc = curl_multi_assign (fetcher->multi, s, fdp); ++ g_assert_cmpint (rc, ==, CURLM_OK); + g_hash_table_add (fetcher->sockets, fdp); + } + diff -Nru ostree-2022.7/debian/patches/curl-Make-socket-callback-during-cleanup-into-no-op.patch ostree-2022.7/debian/patches/curl-Make-socket-callback-during-cleanup-into-no-op.patch --- ostree-2022.7/debian/patches/curl-Make-socket-callback-during-cleanup-into-no-op.patch 1970-01-01 00:00:00.000000000 +0000 +++ ostree-2022.7/debian/patches/curl-Make-socket-callback-during-cleanup-into-no-op.patch 2024-10-01 11:25:32.000000000 +0000 @@ -0,0 +1,64 @@ +From: Colin Walters +Date: Wed, 18 Sep 2024 13:41:59 -0400 +Subject: curl: Make socket callback during cleanup into no-op + +Because curl_multi_cleanup may invoke callbacks, we effectively have +some circular references going on here. See discussion in + +https://github.com/curl/curl/issues/14860 + +Basically what we do is the socket callback libcurl may invoke into a no-op when +we detect we're finalizing. The data structures are owned by this object and +not by the callbacks, and will be destroyed below. Note that +e.g. g_hash_table_unref() may itself invoke callbacks, which is where +some data is cleaned up. + +Signed-off-by: Colin Walters +Origin: upstream, 2024.8, commit:4d755a85225ea0a02d4580d088bb8a97138cb040 +Bug: https://github.com/ostreedev/ostree/issues/3299 +Bug-Debian: https://bugs.debian.org/1082121 +[smcv: Backport to 2022.7 by using gboolean instead of stdbool.h] +Signed-off-by: Simon McVittie +--- + src/libostree/ostree-fetcher-curl.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/libostree/ostree-fetcher-curl.c b/src/libostree/ostree-fetcher-curl.c +index 3bbd9ba..eae6c4a 100644 +--- a/src/libostree/ostree-fetcher-curl.c ++++ b/src/libostree/ostree-fetcher-curl.c +@@ -75,6 +75,7 @@ struct OstreeFetcher + char *proxy; + struct curl_slist *extra_headers; + int tmpdir_dfd; ++ gboolean finalizing; // Set if we're in the process of teardown + char *custom_user_agent; + + GMainContext *mainctx; +@@ -174,6 +175,15 @@ _ostree_fetcher_finalize (GObject *object) + { + OstreeFetcher *self = OSTREE_FETCHER (object); + ++ // Because curl_multi_cleanup may invoke callbacks, we effectively have ++ // some circular references going on here. See discussion in ++ // https://github.com/curl/curl/issues/14860 ++ // Basically what we do is make most callbacks libcurl may invoke into no-ops when ++ // we detect we're finalizing. The data structures are owned by this object and ++ // not by the callbacks, and will be destroyed below. Note that ++ // e.g. g_hash_table_unref() may itself invoke callbacks, which is where ++ // some data is cleaned up. ++ self->finalizing = TRUE; + curl_multi_cleanup (self->multi); + g_free (self->remote_name); + g_free (self->tls_ca_db_path); +@@ -521,6 +531,10 @@ sock_cb (CURL *easy, curl_socket_t s, int what, void *cbp, void *sockp) + OstreeFetcher *fetcher = cbp; + SockInfo *fdp = (SockInfo*) sockp; + ++ // We do nothing if we're in the process of teardown; see below. ++ if (fetcher->finalizing) ++ return 0; ++ + if (what == CURL_POLL_REMOVE) + { + if (!g_hash_table_remove (fetcher->sockets, fdp)) diff -Nru ostree-2022.7/debian/patches/series ostree-2022.7/debian/patches/series --- ostree-2022.7/debian/patches/series 2022-12-06 11:11:05.000000000 +0000 +++ ostree-2022.7/debian/patches/series 2024-10-01 11:25:32.000000000 +0000 @@ -1,3 +1,5 @@ configure-use-pkg-config-with-newer-gpgme-and-gpg-error.patch +curl-Assert-that-curl_multi_assign-worked.patch +curl-Make-socket-callback-during-cleanup-into-no-op.patch debian/Skip-test-pull-repeated-during-CI.patch debian/test-sysroot-Skip-on-s390x-by-default.patch