Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 478498 - net-fs/openafs-1.6.5 version bump
Summary: net-fs/openafs-1.6.5 version bump
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Andrej Filipcic
URL:
Whiteboard:
Keywords: EBUILD
Depends on:
Blocks: CVE-2013-4135 CVE-2013-4134
  Show dependency tree
 
Reported: 2013-07-28 19:33 UTC by Andrej Filipcic
Modified: 2013-08-27 08:15 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
net-fs/openafs-1.6.5 ebuild (openafs-1.6.5.ebuild,4.33 KB, text/plain)
2013-07-28 19:35 UTC, Andrej Filipcic
Details
net-fs/openafs-kernel-1.6.5 ebuild (openafs-kernel-1.6.5.ebuild,2.49 KB, text/plain)
2013-07-28 19:35 UTC, Andrej Filipcic
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrej Filipcic 2013-07-28 19:33:19 UTC
Attached are the ebuilds for net-fs/openafs-1.6.5 and net-fs/openafs-kernel-1.6.5.

The patchset openafs-1.6.5-patches-1.tar.bz2 should be the same as openafs-1.6.2-patches-1.tar.bz2 (no changes to the patches).

Bugs fixed:
478296 (security)
478282 (security)
472184
469992
463477
460494
Comment 1 Andrej Filipcic 2013-07-28 19:35:05 UTC
Created attachment 354432 [details]
net-fs/openafs-1.6.5 ebuild
Comment 2 Andrej Filipcic 2013-07-28 19:35:30 UTC
Created attachment 354434 [details]
net-fs/openafs-kernel-1.6.5 ebuild
Comment 3 Manuel Rüger gentoo-dev 2013-07-31 05:06:14 UTC
Is bug #463477 really fixed? I received the same error with gentoo-sources-3.10.4 and CONFIG_USER_NS enabled with openafs-kernel-1.6.5
Comment 4 Andrej Filipcic 2013-07-31 06:56:20 UTC
Ah, sorry. the bug 463477 is not fixed.
Comment 5 Andrew Hamilton 2013-08-15 16:58:33 UTC
Is this bug blocking on bug #463477? If so, I would like to propose that !CONFIG_USER_NS be added to CONFIG_CHECK in the openafs-kernel ebuild as a temporary solution.

The upstream bug report for that issue (http://rt.central.org/rt/Ticket/Display.html?id=131665) shows that they consider support for user namespaces to be a feature enhancement, not a regresssion.

Given that 1.6.5 fixes two significant security vulnerabilities, I believe it would be beneficial to work on stabilizing 1.6.5 without waiting for user namespace support to be fixed.
Comment 6 Tamas Jantvik 2013-08-24 09:15:49 UTC
The in-portage version of openafs doesn't compile against gentoo-sources-3.10.7, which was made stable recently. A version bump would indeed be nice.
Comment 7 Chris Reffett gentoo-dev Security 2013-08-27 00:52:02 UTC
Please make the bump. Security team policy is that it's okay to bump-and-stable with outstanding bugs as long as the bugs were pre-existing (and, for that matter, a quick fix for a warning has been suggested here). I'd like to get those security bugs closed.
Comment 8 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-08-27 08:15:52 UTC
=== openafs-kernel ===

+  27 Aug 2013; Tom Wijsman <TomWij@gentoo.org> +openafs-kernel-1.6.5.ebuild:
+  Version bump to 1.6.5. Fixes bug #478498 which fixes security bug #478296,
+  security bug #478282, bug #472184, bug #469992, bug #463477 and bug #460494.
+  Proxied commit for Andrej Filipcic.

+  27 Aug 2013; Tom Wijsman <TomWij@gentoo.org> openafs-kernel-1.6.2.ebuild,
+  openafs-kernel-1.6.5.ebuild:
+  Drop autotools eclass because none of its functions are used.

^ Please run `repoman manifest ; repoman full` before attaching, thank you.

=== openafs ===

 * QA Notice: file does not exist:
 * 
 * 	dohtml: doc/html/* does not exist
 * QA Notice: make jobserver unavailable:
 * 
 * 	make[3]: warning: jobserver unavailable: using -j1.  Add `+' to parent make rule.
 * 	make[3]: warning: jobserver unavailable: using -j1.  Add `+' to parent make rule.
 * 	make[3]: warning: jobserver unavailable: using -j1.  Add `+' to parent make rule.

^ Please try to fix these for the next bump, thank you in advance.

+  27 Aug 2013; Tom Wijsman <TomWij@gentoo.org> +openafs-1.6.5.ebuild:
+  Version bump to 1.6.5. Fixes bug #478498 which fixes security bug #478296,
+  security bug #478282, bug #472184, bug #469992, bug #463477 and bug #460494.
+  Proxied commit for Andrej Filipcic. Drop autotools eclass because none of
+  its functions are used.