Moved to main per #9 and #10, now that the hardening fixes are in place.
** Changed in: schroot (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1259153
I uploaded a fix for the hardening problems, currently waiting in the
unapproved queue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1259153
Title:
[MIR] schroot
To manage notifications about this
I reviewed schroot version 1.6.8-1 as checked into trusty. This should not
be considered a full security review but rather a quick gauge of
maintainability.
- schroot provides a setuid mechanism to allow unprivileged users to
access predefined chroot environments, especially useful for managing
** Changed in: schroot (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Seth Arnold
(seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1259153
Title:
[MIR] schroot
To man
lockdev isn't needed anymore
** Changed in: lockdev (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1259153
Title:
[MIR] schroot
To manage notifications
1.6.8-1 now uses hardening defaults. looks ok, pending the security
review
** Summary changed:
- [MIR] schroot (and lockdev)
+ [MIR] schroot
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1259153
Ti
Please see http://people.debian.org/~rleigh/schroot/schroot_1.6.6-1.dsc
(distribution of git commit fe9f3fa on schroot-1.6). It should cover
most of the points raised above (with the exception of symbols files).
Is there anything additional you'd like in this release (either missing
stuff, stuff
Regarding the timescale, schroot development isn't really done in mind
for Ubuntu freezes. The 1.7.x series is being (roughly) aimed at jessie
for a stable 1.8 release. However, we can certainly try to accomodate
them.
Note that I have backported the lockdev removal to schroot 1.6. cmake
buildi
All the above is on the schroot-1.6 git branch; 1.7 is on the master
branch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1259153
Title:
[MIR] schroot (and lockdev)
To manage notifications about t
> Note that current development (1.7.x releases, in experimental)
> have dropped the lockdev dependency.
is there an estimate for the upload to unstable in time before the
trusty feature freeze?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
schroot:
- missing a symbols file
- not built using hardening defaults
- not using verbose build (hiding that it is built without hardening defaults)
(optional)
- doesn't cross build (wishlist)
- would be nice to build it in parallel (wishlist)
assigning to the security team for security rev
lockdev:
- missing a symbols file
- not built using hardening defaults (note that explicit build flags are
hardcoded for the perl-lib target)
- not multiarched (optional)
- would be nice to cross-build, and have stage1 support (not (cross-)building
the perl bits) (wishlist)
maybe not necessa
Note that current development (1.7.x releases, in experimental) have
dropped the lockdev dependency. And we're actively removing the lockdev
rdeps to allow lockdev removal for jessie. We also updated to dh9 and
cmake for building.
Regards,
Roger
--
You received this bug notification because yo
13 matches
Mail list logo