On Sun, Oct 21, 2012 at 10:57:38PM +0200, Arthur de Jong wrote: > On Tue, 2012-10-02 at 14:37 +0200, Moritz Muehlenhoff wrote: > > Please see the thread starting at > > http://www.openwall.com/lists/oss-security/2012/09/07/2 > > for details. > > I've had a quick look at this bug to see if it can be fixed in Debian. > There are four patches referenced in the thread (I haven't verified if > there are more patches required): > > - > http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30 > 32 files changed, 182 insertions(+), 1166 deletions(-) > This change is huge and mainly seems to be quivalent to setting > SPINXPL as defined and ensuring SYSVSEM isn't. There are however a few > other changes in there which may be due to the removal of the > compatibility code. > This patch doesn't apply cleanly to 2.3.1 in Debian but I've managed > to manually fix it (attached is a version if anyone is interested). > - > http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9 > 31 files changed, 2975 insertions(+), 280 deletions(-) > Lots of changes in the tests but it also seems to contain some > cleanups related to the previous change, a change from lock_shm() to > XProcLock(), some moving of locks to /var/lock and a few other > changes. > - > http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=8a63b3b17d34718d0f8c7525f93b5eb3c623076a > 23 files changed, 449 insertions(+), 99 deletions(-) > Includes a FAQ typo fix and the introduction of a lot of new code. > - > http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=5667edb52cd27b7e512f48f823b4bcc6b872ab15 > 1 files changed, 3 insertions(+), 3 deletions(-) > Very small change in the Makfile which creates the lock directory. > Should not be relevant for Debian because subdirectories of /var/lock > should be created on the fly. > > The changes are huge and can probably not be easily backported to > Debian's 2.3.1. A few other options come to mind: > - see if upstream can provide patches for 2.3.1 > - see if the necessary fixes can be made some other way > - upgrade to upstream 2.4.2 > - remove from wheezy > (the only reverse dependency for opencryptoki seems to be tpm-tools) > > Anyway, I don't think I can do much more for this bug because I'm afraid > it will take a little more time than I have available at the moment. I > was having a look and I though I would just add my notes to the bug log. > > Good luck with this bug! ;)
Removing opencryptoki from Wheezy seems best to me. We should't keep outdated crypto toolkits without an active maintainer in the archive. CCing the Pierre, the tpm-tools maintainer to see, whether tpm-tools is usable withput opencryptoki or whether he's interested in adopting it himself. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org