Now all is in place, but due to all the delay this is now much later than
intended.
We will prepare the changes to samba and qemu which will pull this in, but
given the time I'd feel more comfortable to have a quick release-team FFE-ack.
PPA (just started building, lets hope it works as good as
** Changed in: glusterfs (Ubuntu)
Assignee: Steve Beattie (sbeattie) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage notifications about
I reviewed glusterfs 10.1-1 as checked into jammy. This
shouldn't be considered a full audit but rather a quick gauge
of maintainability.
GlusterFS is a clustered network file-system.
- CVE History: 27 CVEs, though the most recent are from
2018. Issue resolution looks okay. One or two of the la
Just to state it also here and not just in meetings and calls, this is
urgent and important for Jammy, so as much asap as you can manage to
complete this is appreciated :-)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
I agree, and the current packaging is like this. fusermount-glusterfs is
not suid root.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage notifications about th
I'm working on the Security review of GlusterFS, which I have not quite
completed, but to offer a comment on fusermount-glusterfs binary, the
Security team would strongly prefer to not have another setuid binary
for this; the original setuid fusermount has had its own security
history and we would
** Changed in: glusterfs (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Steve Beattie
(sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To
An update on this MIR, we might have to drop the armhf builds, see
https://github.com/gluster/glusterfs/issues/2979#issuecomment-1036057298
** Bug watch added: github.com/gluster/glusterfs/issues #2979
https://github.com/gluster/glusterfs/issues/2979
--
You received this bug notification beca
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: glusterfs (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
I filed an issue asking upstream to consider using the system provided
fuse libraries: https://github.com/gluster/glusterfs/issues/3145
** Bug watch added: github.com/gluster/glusterfs/issues #3145
https://github.com/gluster/glusterfs/issues/3145
--
You received this bug notification because
I clarified a bit my understsanding of how glusterfs is using fuse. Long
comment below.
TL;DR
gluster uses its own copy of fuse for both the fuse xlator, and the fusermount
tool (called fusermount-glusterfs). It won't use fuse's fusermount. This also
means the depdendencies on libfuse-dev (build
Upstream is awesome, they have a PR up for being able to use the system
provided lib xxhash instead of the bundled one, if one is found on the
system: https://github.com/gluster/glusterfs/pull/3127
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
** Changed in: glusterfs (Ubuntu)
Milestone: ubuntu-22.02 => ubuntu-22.04-feature-freeze
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage notifications abo
Required for 22.04, setting Critical + Milestone 22.02 (FeatureFreeze)
** Changed in: glusterfs (Ubuntu)
Milestone: None => ubuntu-22.02
** Changed in: glusterfs (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
Here is an explanation about fuse's fusermount vs gluster's:
https://github.com/gluster/glusterfs/discussions/2212
"""
Glusterfs cannot use standard fusermount; the choice is either installing and
using its own variant, or not facilitate unprivileged mounting.
"""
I didn't yet fully understand t
I filed https://github.com/gluster/glusterfs/issues/3097 for gluster to
consider switching to the external xxhash library.
** Bug watch added: github.com/gluster/glusterfs/issues #3097
https://github.com/gluster/glusterfs/issues/3097
--
You received this bug notification because you are a mem
I'll file an upstream bug asking if they can switch to the upstream
xxhash, and experiment a bit with building the glusterfs package with
the option to use the system's fusermount command.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
On Tue, Jan 4, 2022 at 9:25 PM Andreas Hasenack
<1950...@bugs.launchpad.net> wrote:
>
> I did some investigation in all of the contrib/ directories:
Thanks for that investigation, it seems most of them are unused or
really only a minor concern.
The two more interesting according to your analysis I
I did some investigation in all of the contrib/ directories:
[Embedded Sources]
[contrib/xxhash]
- https://github.com/Cyan4973/xxHash
- devel ML thread discussing its inclusion:
http://lists.gluster.org/pipermail/gluster-devel/2017-June/053173.html
- mailing list thread said back then the linux
> - State a plan of how you will stay on top of the embedded sources (security
> issues, updates, ...)
I'll do this analysis in parallel
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
Thereby the required TODOs are done AFAICS.
Feel free to add more of the recommended steps,
but until then this is New@ubuntu-security as it is waiting for the review.
** Changed in: glusterfs (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a membe
Debian adopted the dep8 test, and the package is in sync again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage notifications about this bug go to:
https://bu
A DEP8 test was added and uploaded to jammy, and it migrated already.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage notifications about this bug go to:
http
Review for Package: src:glusterfs
[Summary]
This is a big piece of software and might have quite some security implications
(embedded sources, root daemon, regex parsing, lintian warnings,
openssl3 warnings, ...) but I'll leave this to the security-team to judge on.
It is really unfortunate that i
** Changed in: glusterfs (Ubuntu)
Assignee: (unassigned) => Lukas Märdian (slyon)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage notifications about thi
I'm adding a DEP8 test to glusterfs here:
https://bugs.launchpad.net/ubuntu/+source/glusterfs/+bug/1954452
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950321
Title:
[MIR] glusterfs
To manage not
** Description changed:
- Placeholder for new MIR attempt for glusterfs. Old MIR is bug #1274247
+ Old MIR is bug #1274247
+
+ (launchpad will definitely wrap these lines and break the formatting: if
+ you want, I can post this content elsewhere, like a git repo)
+
+ [Availability]
+ The package
27 matches
Mail list logo