Bug#734819: enable pam_keyinit by default
On Wed, 08 Jan 2014 19:00:54 -0800 Russ Allbery wrote: Hi, > It would be better for any application that uses the kernel keyring > if pam_keyinit were run by default in the PAM session stack. Without > this module, users are placed in a default UID-based user session, > which doesn't isolate each session's keys. > > Worse, currently (although this is a separate bug that's been > separately reported and may be fixed in the future), the kernel uses > the UID session for reading, but when writing creates a new session > keyring that's limited to children of the writing process. This > basically makes use of keyring Kerberos caches impossible unless one > does the equivalent of what pam_keyinit does first. It's rather > inobvious that this is necessary. > > The problem with this, which will make it more complex, is that one > generally does not want to create a new session keyring when running > commands like su or sudo, just for login sessions, since you normally > want to preserve the user's existing credentials. I'm not sure what > this means for how to achieve this configuration. What is the status of this? Could this be implemented for stretch? The number of "login" pam services is quite limited IMHO (xDM, login, openssh,...) so I'm not sure that waiting for pam-auth-update support for these (#677288) is really needed, for example we have added pam_selinux modules already in all these login services. openssh and gdm are already calling the pam_keyinit.so module for quite sometimes now without any visible complains. Regards, Laurent Bigonville
Processed: reassigning #850746
Processing commands for cont...@bugs.debian.org: > reassign 850746 qt5-gtk-platformtheme 5.7.1+dfsg-2 Bug #850746 [retext] retext segfaults when attempting to open 'open file' dialogue Bug reassigned from package 'retext' to 'qt5-gtk-platformtheme'. No longer marked as found in versions retext/6.0.2-2. Ignoring request to alter fixed versions of bug #850746 to the same values previously set Bug #850746 [qt5-gtk-platformtheme] retext segfaults when attempting to open 'open file' dialogue Marked as found in versions qtbase-opensource-src/5.7.1+dfsg-2. > tags 850746 +pending Bug #850746 [qt5-gtk-platformtheme] retext segfaults when attempting to open 'open file' dialogue Added tag(s) pending. > -- Stopping processing here. Please contact me if you need assistance. -- 850746: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850746 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#850874: ark: CVE-2017-5330: Unintended execution of scripts and executable files
Source: ark Version: 4:16.08.3-1 Severity: grave Tags: upstream patch security fixed-upstream Justification: user security hole Forwarded: https://bugs.kde.org/show_bug.cgi?id=374572 Hi, the following vulnerability was published for ark. CVE-2017-5330[0]: unintended execution of scripts and executable files If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5330 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330 [1] https://bugs.kde.org/show_bug.cgi?id=374572 [2] https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Processed: cloning 828364, retitle -1 to ruby2.3: Please migrate to openssl1.1 in buster, unblock 827061 with -1 ...
Processing commands for cont...@bugs.debian.org: > # Split bug so we can properly track issues > clone 828364 -1 Bug #828364 [src:kdelibs4support] kdelibs4support: FTBFS with openssl 1.1.0 Bug 828364 cloned as bug 850888 827061 was blocked by: 828395 828478 844366 828554 828374 828563 828318 828590 828482 828379 828586 828614 828340 828390 829465 828505 828370 828380 828467 828604 828349 828501 828562 828297 828469 828404 828422 828399 828389 828571 828343 837960 844949 828287 828230 828534 828492 828503 828535 809271 835799 843532 828293 828308 844311 828558 828598 828530 828579 828259 835798 828301 828541 828508 828485 844975 828231 828366 828458 828367 828459 828313 828257 828510 828526 828355 828292 828472 828356 835793 828369 828517 835797 828585 828273 828529 828619 828455 828597 828432 828354 828618 828402 828371 828346 828239 850880 828381 828587 828519 828411 828447 828303 844018 828333 828516 828406 828375 828490 828285 828521 828620 828512 828286 828580 828593 828341 835790 828549 828610 828238 828338 828083 828552 835786 844347 845016 828449 846769 828362 828319 828246 828452 828506 828544 828504 844706 828595 828268 828304 828311 828600 828305 808669 828269 828531 828260 828347 844800 828265 844928 828536 844916 828445 828288 828296 828298 828398 844877 828424 828359 828606 828615 828255 850881 828448 828235 841635 828461 828336 828391 843871 828609 828583 828473 828295 828280 828256 828502 828613 828480 828533 828514 828446 850883 850882 828352 828497 828537 828427 828495 828414 828546 828515 844833 828365 828393 843682 835800 828233 828611 828250 828325 828326 828607 845106 828464 844945 828527 828572 828262 828567 844931 846113 835811 828441 828279 828407 828342 828281 848680 828261 828416 844345 828450 844936 828316 828243 828591 828322 828543 828555 828435 828426 828274 828418 828466 828496 828545 828547 828350 828332 828397 828551 828433 828127 844920 844906 828315 828436 828457 828328 828330 828460 828488 828277 835549 828434 828582 844904 828302 828588 828573 828429 828507 845030 828484 828401 828569 828494 828373 828384 828491 828428 828476 844870 828576 828487 828378 828241 828410 828608 828335 835785 828479 828264 829452 828561 828339 828331 828423 828258 828348 828242 828489 828584 828275 828612 828540 844234 828240 828324 828360 828550 828578 828271 828283 828307 828282 844948 828440 843852 844534 828317 828388 828430 828553 828602 828345 828431 828575 828363 828539 828309 828263 828412 828278 828392 827068 828237 828254 828358 828409 828568 828556 828577 828421 828351 828320 828400 828474 828382 828289 828532 828306 835796 836419 828364 844838 828564 844254 828270 828229 828518 844907 835794 828394 828451 828601 822380 828403 843988 828589 828499 828252 828372 844301 828596 848681 828251 828272 844271 828592 828415 828344 828437 828574 828417 835789 828463 828520 814600 828387 828321 828232 828314 844845 844663 828538 828511 844836 828249 828310 828323 828377 828560 828337 828396 844947 828267 828276 828420 844909 828294 828361 828383 828419 844951 828385 828425 845729 828581 828465 828470 828439 828253 828284 828234 828542 828376 828599 828334 828444 828456 828565 828605 844664 828442 828291 828617 828300 828386 828548 828486 828462 828525 828616 828082 828566 828500 828524 828438 828453 828454 828468 844815 844926 844213 828290 828570 828248 828594 828357 835585 828368 828559 828603 828493 828244 835804 828228 828528 828405 828523 828509 828139 844503 828443 827061 was not blocking any bugs. Added blocking bug(s) of 827061: 850888 > retitle -1 ruby2.3: Please migrate to openssl1.1 in buster Bug #850888 [src:kdelibs4support] kdelibs4support: FTBFS with openssl 1.1.0 Changed Bug title to 'ruby2.3: Please migrate to openssl1.1 in buster' from 'kdelibs4support: FTBFS with openssl 1.1.0'. > unblock 827061 with -1 Bug #827061 [release.debian.org] transition: openssl 827061 was blocked by: 828281 828534 828610 828427 835793 828391 828374 828287 828082 828508 828544 844947 844800 828373 828432 844907 828482 850888 828451 828231 828264 828230 828504 828596 844945 828274 843988 828419 828355 828321 828262 844301 835797 844906 828540 828288 829452 828382 828420 828570 828460 828341 828239 828311 828465 844928 828510 828459 828339 828588 828364 828296 850883 828575 828257 828388 843852 828499 828258 835799 828455 828365 844845 828533 850882 828248 828442 828361 828458 828395 828396 828259 828416 828261 828567 828297 828491 828368 828595 828298 828345 828538 828429 828252 828445 828454 828545 828324 828558 844975 828254 828409 835585 828362 828597 828428 828490 828546 828292 828614 828521 835790 828267 828282 828301 828233 828424 828286 844833 828619 828497 828242 828335 828284 828383 828379 828467 828505 828562 828346 835800 828568 828553 828397 828386 828518 844534 828235 828255 843682 828590 828485 828524 828392 844948 828384 828563 828370 828495 828313 828263 828398 828509 828376 828305 828369 835811 828474 835549 828531 828270 82
Processed: retitle 850888 to kdelibs4support: Please migrate to openssl1.1 in buster
Processing commands for cont...@bugs.debian.org: > # This time with less copy-waste fail > retitle 850888 kdelibs4support: Please migrate to openssl1.1 in buster Bug #850888 [src:kdelibs4support] ruby2.3: Please migrate to openssl1.1 in buster Changed Bug title to 'kdelibs4support: Please migrate to openssl1.1 in buster' from 'ruby2.3: Please migrate to openssl1.1 in buster'. > thanks Stopping processing here. Please contact me if you need assistance. -- 850888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850888 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: cloning 828519, retitle -1 to qca2: Please migrate to openssl1.1 in buster, unblock 827061 with -1 ...
Processing commands for cont...@bugs.debian.org: > # Split bug so we can properly track issues > clone 828519 -1 Bug #828519 [src:qca2] qca2: FTBFS with openssl 1.1.0 Bug 828519 cloned as bug 850897 827061 was blocked by: 828262 845016 828620 828486 828259 828263 828507 828416 828301 828453 828577 828530 828300 828279 828571 828310 828563 828606 828422 828258 844845 828605 828603 844815 828333 828510 828250 828345 828584 828394 835800 828269 828409 828385 828418 828551 828357 828284 828512 828487 828410 828230 828561 828434 814600 843532 844345 844833 844836 844018 835799 828585 844234 822380 828308 844949 828495 828451 844663 809271 828375 828244 828392 828588 828504 828538 844945 828558 828431 828581 844503 835797 828519 828296 848680 828582 828235 828460 828549 835794 828518 835786 828472 828127 828492 828358 828374 828467 828237 828493 828482 828241 828488 828387 844936 844301 828231 844213 828406 828544 835785 828500 828525 828336 828553 844664 828570 828474 828294 828468 828366 828248 828455 828567 828411 829465 828503 828264 835793 828594 828497 828412 846769 828346 844931 828485 828578 828253 828423 844534 828527 828489 828285 828469 828608 828536 828350 828521 828607 828338 828442 828322 828444 828531 828543 828290 844948 828325 828232 828598 828331 828274 850881 828281 828454 828600 828326 828516 828545 828586 828435 828447 828364 828355 828344 828421 828564 828466 828615 828612 828450 828457 828371 828514 828295 828360 828593 828307 836419 835798 828462 828377 828365 828379 828362 828315 841635 828548 828429 828306 828318 828324 844366 844975 828539 828430 835790 828251 844926 828459 828478 844928 828398 828601 828082 828268 828316 828554 828407 828479 828303 828599 828461 828508 828347 844920 837960 828405 828255 828587 828403 828568 828376 828616 828540 828341 828286 828378 828383 828349 828597 828343 828592 828249 828602 828456 828517 828276 828260 828529 844706 828404 828334 828575 844904 850883 828437 808669 843871 828463 828562 828337 828458 828289 828369 828380 828476 828352 848681 828574 828261 828363 828565 828381 828275 828402 844838 828257 835796 828384 828433 828265 828420 828580 828617 828618 828319 828396 828596 828239 828452 828277 835585 828288 835804 828604 828473 828254 828401 828391 828595 828528 828256 828395 844907 828314 828579 828445 844254 828611 828382 828280 828388 828228 828233 835811 828330 828609 850880 828282 828515 845030 844947 828242 844916 844951 843988 828446 828298 828339 828555 844311 828523 828397 828389 828320 828509 828234 828438 828424 828305 828240 828613 844347 828589 828556 828526 828448 828291 828499 828505 828335 828393 828426 828502 828470 828340 828415 845106 827068 829452 828428 835549 844906 835789 828321 828537 828083 828436 828348 828541 828417 828372 828328 844909 828439 828501 828443 828432 844877 828494 828414 828573 828590 828368 828229 828449 828534 828246 828464 828427 828283 828354 828386 828390 828304 828351 828614 828293 828370 828292 828610 828311 828572 828317 828576 844800 828323 828267 828400 828532 828373 828496 828361 843852 828270 828547 844870 828566 828524 828440 828550 828367 828619 845729 828552 828139 828302 828297 828287 828559 828490 828271 828591 828238 828511 828491 828484 828252 828419 846113 828359 828309 828542 828533 828546 828272 828243 828506 828313 828569 844271 828356 843682 828278 828583 828342 828535 828480 828399 850882 828465 827061 was not blocking any bugs. Added blocking bug(s) of 827061: 850897 > retitle -1 qca2: Please migrate to openssl1.1 in buster Bug #850897 [src:qca2] qca2: FTBFS with openssl 1.1.0 Changed Bug title to 'qca2: Please migrate to openssl1.1 in buster' from 'qca2: FTBFS with openssl 1.1.0'. > unblock 827061 with -1 Bug #827061 [release.debian.org] transition: openssl 827061 was blocked by: 828309 828499 844800 828290 828396 835799 828392 828321 828282 828374 828587 828556 828228 828579 828412 835793 828426 828615 828387 828409 828370 828563 828366 828347 828378 828377 828400 843532 828536 828507 828575 828407 828390 828295 828324 828265 828301 828372 828297 828450 828454 828313 828379 828447 828538 828373 828237 828595 814600 828294 828505 828254 828509 828541 828319 828252 828457 828340 828323 828566 844706 828435 828456 828371 828375 828451 844838 828567 828585 828616 828357 828546 828577 844920 828292 828526 828604 828620 828232 828328 828600 828364 844664 846769 844975 829452 828597 828470 828394 828241 828529 828427 828433 844916 828376 828384 828484 828260 828410 828562 828478 828544 850883 828289 828582 828464 828578 828511 843852 828591 828248 844271 828610 828432 828420 828355 828308 828267 828306 828493 828555 828293 844936 828386 828539 845729 828497 828338 828341 828437 828315 828542 844949 828573 844877 828405 828284 828516 828261 828311 828307 828614 828523 828424 828344 828354 828414 828570 828547 828360 828482 828603 844926 828404 844366 828594 828430 828537 828551 828276 828474 828250 828300 836419 828494 835549
