[Bug 1271653] Re: [MIR] libiscsi
This bug was fixed in the package qemu - 1:2.5+dfsg-5ubuntu4
---
qemu (1:2.5+dfsg-5ubuntu4) xenial; urgency=medium
* d/control{-in}: Re-generate and build with libiscsi-dev now
that its in Ubuntu main (LP: #1271653).
-- James Page Wed, 24 Feb 2016 17:59:13 +
** Changed in: qemu (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to qemu in Ubuntu.
https://bugs.launchpad.net/bugs/1271653
Title:
[MIR] libiscsi
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libiscsi/+bug/1271653/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1271653] Re: [MIR] libiscsi
** Also affects: qemu (Ubuntu) Importance: Undecided Status: New ** Changed in: qemu (Ubuntu) Status: New => In Progress ** Changed in: qemu (Ubuntu) Importance: Undecided => Medium ** Changed in: qemu (Ubuntu) Assignee: (unassigned) => James Page (james-page) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1271653 Title: [MIR] libiscsi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libiscsi/+bug/1271653/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1271653] Re: [MIR] libiscsi
Override component to main libiscsi 1.12.0-2 in xenial: universe/net -> main libiscsi-bin 1.12.0-2 in xenial amd64: universe/net/optional/100% -> main libiscsi-bin 1.12.0-2 in xenial arm64: universe/net/optional/100% -> main libiscsi-bin 1.12.0-2 in xenial armhf: universe/net/optional/100% -> main libiscsi-bin 1.12.0-2 in xenial i386: universe/net/optional/100% -> main libiscsi-bin 1.12.0-2 in xenial powerpc: universe/net/optional/100% -> main libiscsi-bin 1.12.0-2 in xenial ppc64el: universe/net/optional/100% -> main libiscsi-bin 1.12.0-2 in xenial s390x: universe/net/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial amd64: universe/libdevel/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial arm64: universe/libdevel/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial armhf: universe/libdevel/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial i386: universe/libdevel/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial powerpc: universe/libdevel/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial ppc64el: universe/libdevel/optional/100% -> main libiscsi-dev 1.12.0-2 in xenial s390x: universe/libdevel/optional/100% -> main libiscsi2 1.12.0-2 in xenial amd64: universe/libs/optional/100% -> main libiscsi2 1.12.0-2 in xenial arm64: universe/libs/optional/100% -> main libiscsi2 1.12.0-2 in xenial armhf: universe/libs/optional/100% -> main libiscsi2 1.12.0-2 in xenial i386: universe/libs/optional/100% -> main libiscsi2 1.12.0-2 in xenial powerpc: universe/libs/optional/100% -> main libiscsi2 1.12.0-2 in xenial ppc64el: universe/libs/optional/100% -> main libiscsi2 1.12.0-2 in xenial s390x: universe/libs/optional/100% -> main 22 publications overridden. ** Changed in: libiscsi (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libiscsi in Ubuntu. https://bugs.launchpad.net/bugs/1271653 Title: [MIR] libiscsi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libiscsi/+bug/1271653/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1271653] Re: [MIR] libiscsi
** Changed in: libiscsi (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libiscsi in Ubuntu. https://bugs.launchpad.net/bugs/1271653 Title: [MIR] libiscsi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libiscsi/+bug/1271653/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1271653] Re: [MIR] libiscsi
I reviewed libiscsi version 1.12.0-2 as checked into xenial. This shouldn't be considered a full security audit but rather a quick gauge of maintainability. - libiscsi provides user-space iscsi initiator support so applications can use iscsi targets without needing privileged access to the host. - Build-Depends: debhelper, dh-autoreconf, libcunit1-dev - Only does CHAP, MD5 cryptography - Extensive networking support - Does not itself daemonize - Does not itself listen on the network - No pre/post inst/rm - No initscripts - No dbus services - No setuid executables - iscsi-test-cu, iscsi-ls, iscsi-swp, iscsi-inq, iscsi-readcapacity16 executables in path - No sudo fragments - No udev rules - iscsi-test-cu looks like an incredible test suite, if it functions as advertised - No cron jobs - Clean build logs - No subprocesses spawned - Very careful memory management, nice per-scsi-task abstraction layer - No file IO - Extensive error logging, spot checks all looked careful - Several environment variables are used: LD_ISCSI_GET_LBA_STATUS LD_ISCSI_DEBUG (not-packaged ld_iscsi.so) LIBISCSI_DEBUG LIBISCSI_TCP_USER_TIMEOUT LIBISCSI_TCP_KEEPCNT LIBISCSI_TCP_KEEPINTVL LIBISCSI_TCP_KEEPIDLE LIBISCSI_TCP_SYNCNT LIBISCSI_BIND_INTERFACES LIBISCSI_CHAP_USERNAME LIBISCSI_CHAP_PASSWORD Results were typically handed to atoi(3) and then used to set settings; maybe strtoul(3) would be more robust but this is fine - No privileged operations - Essentially no cryptography -- CHAP barely counts. Use this on trusted networks or over IPsec. (Trusted networks is the expected use, this isn't unreasonable.) - Extensive networking; spot checks on networking syscalls all looked careful - No portions of code looked more privileged than others - No temporary file handling - Does not use WebKit - Clean cppcheck - Clean shellcheck - No PolicyKit libiscsi looks professionally programmed; SCSI and TCP/IP aren't exactly easy things but the design of this package looks careful and thoughtful. I haven't inspected the SCSI state machine in any way but the methods I inspected all looked like they inspected preconditions and logged violations, all pieces feel like logical separations of concerns and designed for testing. The iscsi-test-cu test suite looks incredible if true. No tests are run during the build but it would be difficult to test these functions deeply during build. The only bug I found is a series of slightly misleading error messages: - lib/login.c has instances of 'aprintf failed' error strings but the memory allocation is stack-based buffers, and the failed function is snprintf(). ld_iscsi looks like a _very_ cute hack -- pity it is too immature to enable it but I love the idea. (I did not review its code because it's clearly labeled not-yet-ready for use.) Security team ACK for promoting libiscsi to main. Please keep an eye on ld_iscsi in future syncs with Debian to ensure it doesn't get released before it is ready. Thanks ** Changed in: libiscsi (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libiscsi in Ubuntu. https://bugs.launchpad.net/bugs/1271653 Title: [MIR] libiscsi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libiscsi/+bug/1271653/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1271653] Re: [MIR] libiscsi
Added ubuntu-server and ubuntu-openstack teams for bugs... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libiscsi in Ubuntu. https://bugs.launchpad.net/bugs/1271653 Title: [MIR] libiscsi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libiscsi/+bug/1271653/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
