diff -Nru consul-1.8.7+dfsg1/debian/changelog consul-1.8.7+dfsg1/debian/changelog --- consul-1.8.7+dfsg1/debian/changelog 2021-04-24 10:06:56.000000000 +0000 +++ consul-1.8.7+dfsg1/debian/changelog 2021-11-09 14:44:58.000000000 +0000 @@ -1,3 +1,15 @@ +consul (1.8.7+dfsg1-3) unstable; urgency=medium + + * Team upload. + + [ Lucas Kanashiro ] + * Add upstream patch to fix FTBFS (Closes: #997133) + + [ Reinhard Tartler ] + * Do install "github.com/hashicorp/consul/vendor" into dev package + + -- Lucas Kanashiro Tue, 09 Nov 2021 11:44:58 -0300 + consul (1.8.7+dfsg1-2) unstable; urgency=medium * Add patch for CVE-2020-25864 (Closes: #987351) diff -Nru consul-1.8.7+dfsg1/debian/.gitlab-ci.yml consul-1.8.7+dfsg1/debian/.gitlab-ci.yml --- consul-1.8.7+dfsg1/debian/.gitlab-ci.yml 2021-04-24 10:06:56.000000000 +0000 +++ consul-1.8.7+dfsg1/debian/.gitlab-ci.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ ---- -# https://docs.gitlab.com/ce/ci/yaml/#include -include: - - remote: https://salsa.debian.org/onlyjob/ci/raw/master/onlyjob-ci.yml - -## "amd64-unstable" always runs by default followed by lintian. - -## Only for arch:all packages: -binary-indep: - extends: .build-indep - -## Job to check Build-Depends versioning: -amd64-testing_unstable: - extends: .build - variables: - arch: amd64 - dist: testing_unstable - -i386-unstable: - extends: .build - variables: - arch: i386 - dist: unstable - -amd64-experimental: - extends: .build - variables: - arch: amd64 - dist: experimental - -amd64-stable: - extends: .build - when: manual - allow_failure: true - variables: - arch: amd64 - dist: stable diff -Nru consul-1.8.7+dfsg1/debian/patches/fix-test-for-go1.16.patch consul-1.8.7+dfsg1/debian/patches/fix-test-for-go1.16.patch --- consul-1.8.7+dfsg1/debian/patches/fix-test-for-go1.16.patch 1970-01-01 00:00:00.000000000 +0000 +++ consul-1.8.7+dfsg1/debian/patches/fix-test-for-go1.16.patch 2021-11-08 20:06:09.000000000 +0000 @@ -0,0 +1,65 @@ +From 3e20bd25bdbec9b1b50fb5b1e0591314ec0c5fe2 Mon Sep 17 00:00:00 2001 +From: Daniel Nephin +Date: Tue, 13 Apr 2021 13:25:45 -0400 +Subject: [PATCH] connect: fix test for go1.16 + +There is no way to compare x509.CertPools now that it has an unexpected +function field. This comparison is as close as we can get. + +See https://github.com/golang/go/issues/26614 for a related issue. + +Origin: upstream, https://github.com/hashicorp/consul/commit/3e20bd25bdbec9b +--- + connect/tls_test.go | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +--- a/connect/tls_test.go ++++ b/connect/tls_test.go +@@ -6,13 +6,15 @@ + "encoding/pem" + "testing" + +- "github.com/hashicorp/consul/sdk/testutil" +- "github.com/hashicorp/consul/testrpc" ++ "github.com/google/go-cmp/cmp" ++ "github.com/google/go-cmp/cmp/cmpopts" ++ "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/api" +- "github.com/stretchr/testify/require" ++ "github.com/hashicorp/consul/sdk/testutil" ++ "github.com/hashicorp/consul/testrpc" + ) + + func Test_verifyServerCertMatchesURI(t *testing.T) { +@@ -260,7 +262,7 @@ + func requireEqualTLSConfig(t *testing.T, expect, got *tls.Config) { + require := require.New(t) + require.Equal(expect.RootCAs, got.RootCAs) +- require.Equal(expect.ClientCAs, got.ClientCAs) ++ assertDeepEqual(t, expect.ClientCAs, got.ClientCAs, cmpCertPool) + require.Equal(expect.InsecureSkipVerify, got.InsecureSkipVerify) + require.Equal(expect.MinVersion, got.MinVersion) + require.Equal(expect.CipherSuites, got.CipherSuites) +@@ -287,6 +289,19 @@ + require.Equal(expectLeaf, gotLeaf) + } + ++// lazyCerts has a func field which can't be compared. ++var cmpCertPool = cmp.Options{ ++ cmpopts.IgnoreFields(x509.CertPool{}, "lazyCerts"), ++ cmp.AllowUnexported(x509.CertPool{}), ++} ++ ++func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { ++ t.Helper() ++ if diff := cmp.Diff(x, y, opts...); diff != "" { ++ t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) ++ } ++} ++ + // requireCorrectVerifier invokes got.VerifyPeerCertificate and expects the + // tls.Config arg to be returned on the provided channel. This ensures the + // correct verifier func was attached to got. diff -Nru consul-1.8.7+dfsg1/debian/patches/series consul-1.8.7+dfsg1/debian/patches/series --- consul-1.8.7+dfsg1/debian/patches/series 2021-04-24 10:06:56.000000000 +0000 +++ consul-1.8.7+dfsg1/debian/patches/series 2021-11-08 20:07:37.000000000 +0000 @@ -1,3 +1,4 @@ provider-no-k8s.patch t-skip-unreliable-tests.patch CVE-2020-25864.patch +fix-test-for-go1.16.patch diff -Nru consul-1.8.7+dfsg1/debian/rules consul-1.8.7+dfsg1/debian/rules --- consul-1.8.7+dfsg1/debian/rules 2021-04-24 10:06:56.000000000 +0000 +++ consul-1.8.7+dfsg1/debian/rules 2021-11-09 11:57:45.000000000 +0000 @@ -47,7 +47,7 @@ GIT_COMMIT=$(DEB_VERSION_UPSTREAM) \ GIT_COMMIT_YEAR=$(shell date -u -d @$(SOURCE_DATE_EPOCH) +%Y) \ && $(MAKE) -C _build/src/$(LIBSELF) --makefile=$(CURDIR)/GNUmakefile proto - + dh_auto_build -v ## Quoting upstream as per ".github/CONTRIBUTING.md": @@ -60,8 +60,7 @@ dh_auto_test -v --max-parallel=4 -- -short -failfast -timeout 8m override_dh_install: - ## Do not install "github.com/hashicorp/consul/vendor" to -dev package. - dh_install -X/src/github.com/hashicorp/consul/vendor -Xcertgen + dh_install -Xcertgen override_dh_installsystemd: dh_installsystemd --no-enable --no-start