From ${URL} : https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 libceph: do not hard code max auth ticket len We hard code cephx auth ticket buffer size to 256 bytes. This isn't enough for any moderate setups and, in case tickets themselves are not encrypted, leads to buffer overflows (ceph_x_decrypt() errors out, but ceph_decode_copy() doesn't - it's just a memcpy() wrapper). Since the buffer is allocated dynamically anyway, allocated it a bit later, at the point where we know how much is going to be needed. Fixes: http://tracker.ceph.com/issues/8979 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I'm CCing kernel team, since it's a kernel patch... also notice it has already been CCed to stable-kernel mailing list,so guess it will eventually goes to sys-kernel/gentoo-sources-3.14.x? thanks
The kernel patch landed in linux-3.17-rc5. It was backported to linux-3.2.64 linux-3.4.105 linux-3.10.55 linux-3.12.29 linux-3.16.3 sys-kernel/gentoo-sources-3.2.x are not available. sys-kernel/gentoo-sources-3.4.x has no stable ebuild containing the fix, =sys-kernel/gentoo-sources-3.4.113 will be stabilized in bug 599526 at the moment. sys-kernel/gentoo-sources-3.10.x has a stable ebuild since >=sys-kernel/gentoo-sources-3.10.61. sys-kernel/gentoo-sources-3.12.x has a stable ebuild since >=sys-kernel/gentoo-sources-3.12.30. sys-kernel/gentoo-sources-3.16.x are not available.
@ Arches, test and mark stable: =sys-kernel/gentoo-sources-3.4.113
amd64 stable
x86 stable
*** Bug 599526 has been marked as a duplicate of this bug. ***
Keywords for sys-kernel/gentoo-sources: | a a a h i p p s x m a m n r s s | e u s | r | l m r p a p p p 8 i r 6 i i 3 h | a n l | e | p d m p 6 c c a 6 p m 8 o s 9 | p u o | p | h 6 a 4 6 r s 6 k s c 0 | i s t | o | a 4 4 c 4 2 v | e | | | d | -------------+---------------------------------+-----------------+------- 3.4.113 | + + ~ ~ ~ ~ ~ ~ + o o o o o ~ ~ | 5 o 3.4.113 | gentoo -------------+---------------------------------+-----------------+------- 3.4.113-r1 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o o o o o ~ ~ | 5 o 3.4.113-r1 | gentoo -------------+---------------------------------+-----------------+------- 3.4.9999 | o o o o o o o o o o o o o o o o | 5 o 3.4.9999 | gentoo Nothing to do here. Stable users of the 3.4 branch are already in trouble/on their own, and belatedly stabilising isn't going to help them.
What is the status of this finally? :/ Looks that the stabilization was interrupted
Can we get a status on this?
this is probably obsolete as the only affected version in the tree could be 3.10.x and now we have a new enough version in the tree to fix it
Unable to check for sanity: > no match for package: =sys-kernel/gentoo-sources-3.4.113
3.X is not in tree. Closing
