| 2016-01-08 13:57:07 |
Leann Ogasawara |
bug |
|
|
added bug |
| 2016-01-08 13:57:58 |
Leann Ogasawara |
description |
Following the process documented at https://wiki.ubuntu.com/MainInclusionProcess , the following template needs to be filled in to start the MIR for zfs-linux
[Availability]
[Rationale]
[Security]
[Quality assurance]
[Dependencies]
[Standards compliance]
[Maintenance]
[Background information] |
Following the process documented at https://wiki.ubuntu.com/MainInclusionProcess , the following template needs to be filled in to start the MIR for zfs-linux in 16.04
[Availability]
[Rationale]
[Security]
[Quality assurance]
[Dependencies]
[Standards compliance]
[Maintenance]
[Background information] |
|
| 2016-01-08 19:08:56 |
Darik Horn |
bug |
|
|
added subscriber Darik Horn |
| 2016-01-11 14:07:17 |
Colin Ian King |
description |
Following the process documented at https://wiki.ubuntu.com/MainInclusionProcess , the following template needs to be filled in to start the MIR for zfs-linux in 16.04
[Availability]
[Rationale]
[Security]
[Quality assurance]
[Dependencies]
[Standards compliance]
[Maintenance]
[Background information] |
Following the process documented at https://wiki.ubuntu.com/MainInclusionProcess , the following template needs to be filled in to start the MIR for zfs-linux in 16.04
Below are my answers to the various main inclusion requirements, marked by a * prefix:
[Availability]:
"The package must already be in the Ubuntu universe, and must
build for the architectures it is designed to work on."
* http://packages.ubuntu.com/xenial/admin/zfsutils-linux
* Yes - built for 64 bit arches only, because ZFS is designed to run
well only on 64 bit architectures.
[Rationale]:
"There must be a certain level of demand for the package, for example:
The package is useful for a large part of our user base."
* Yes - there is a lot of interest in ZFS in the server space and for
users wanting to use a file system that supports huge collections of
disks with excellent reliable features such as checksummed raid, mirroring
striping with easy configuration and also simple data sanity checking and
fixing.
* Being requested by Kiko
"The package is a new build dependency or dependency of a package that we
already support (additionally, the official image builder requires all
used packages be in main)."
* Yes, already in Wily as a technology demo.
"The package helps meet a specific Blueprint goal."
* No blueprint goal.
"The package replaces another package we currently support and promises
higher quality and/or better features, so that we can drop the old
package from the supported set."
* Not applicable
[Security]:
"The security history and the current state of security issues in
the package must allow us to support the package for at least 18 months
without exposing its users to an inappropriate level of security risks.
This requires checking of several things that are explained in detail in
the subsection Security checks."
"Check how many vulnerabilities the package had in the past and how they
were handled by upstream and the Debian/Ubuntu package:"
"http://cve.mitre.org/cve/cve.html: Search in the National Vulnerability
Database using the package as a keyword"
NO ZFS Linux CVEs found, here is the complete list from Mitre:
CVE-2015-1415
The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring
full disk encrypted ZFS, uses world-readable permissions for the GELI
keyfile (/boot/encryption.key), which allows local users to obtain sensitive
key information by reading the file.
CVE-2015-0448
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to
affect confidentiality, integrity, and availability via vectors related to
ZFS File system.
CVE-2013-3266
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new
NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a
READDIR request is for a directory node, which allows remote attackers to
cause a denial of service (memory corruption) or possibly execute arbitrary
code by specifying a plain file instead of a directory.
CVE-2011-2313
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect
availability, related to ZFS.
CVE-2011-2312
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect
confidentiality, related to ZFS.
CVE-2011-2311
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect
availability, related to ZFS.
CVE-2011-2286
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote
authenticated users to affect availability, related to ZFS.
CVE-2010-4458
Unspecified vulnerability in Oracle Solaris 11 Express allows local users
to affect availability, related to ZFS.
CVE-2010-3540
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local
users to affect availability, related to ZFS.
CVE-2010-2392
Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local
users to affect integrity and availability, related to ZFS.
CVE-2010-0318
The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2,
and 8.0, when creating files during replay of a setattr transaction, uses
7777 permissions instead of the original permissions, which might allow
local users to read or modify unauthorized files in opportunistic
circumstances after a system crash or power failure.
CVE-2009-3706
Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and
OpenSolaris snv_100 through snv_117, allows local users to bypass intended
limitations of the file_chown_self privilege via certain uses of the chown
system call.
"http://secunia.com/advisories/search/: search for the package as a keyword"
* No security advisories found
Ubuntu CVE Tracker:
http://people.ubuntu.com/~ubuntu-security/cve/main.html
* No
http://people.ubuntu.com/~ubuntu-security/cve/universe.html
* No
http://people.ubuntu.com/~ubuntu-security/cve/partner.html
* No
"Check for security relevant binaries. If any are present, this
requires a more in-depth security review."
"Executables which have the suid or sgid bit set."
* Not applicable
"Executables in /sbin, /usr/sbin."
* Applicable. This requires security review
"Packages which install daemons (/etc/init.d/*)"
* Applicable. This requires security review
"Packages which open privileged ports (ports < 1024)."
* Not applicable
"Add-ons and plugins to security-sensitive software (filters,
scanners, UI skins, etc)"
* Not applicable
[Quality assurance]
"After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading."
* Will work "out-of-the-box" once zfsutils-linux installed with 4.4 kernel
* Quick start ZFS reference guide written:
https://wiki.ubuntu.com/Kernel/Reference/ZFS
* Package contains main pages
"The package must not ask debconf questions higher than medium if it is
going to be installed by default. The debconf questions must have
reasonable defaults."
* Does not apply.
"There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package."
* We have good upstream support from ZFS maintainers, response to bugs
file upstream is within 24 hours
"The status of important bugs in Debian's, Ubuntu's, and upstream's bug
tracking systems must be evaluated. Links to these bug trackers need to
be provided in the MIR report. Important bugs must be pointed out and
discussed in the MIR report."
Upsteam bug tracking:
ZFS - https://github.com/zfsonlinux/zfs/issues
SPL - https://github.com/zfsonlinux/spl/issues
Ubuntu bug tracking:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux
Resolved bugs:
LP#1521952 Add dependency on dh-systemd for zfs-linux
LP#1513124 Fix FTBFSs on ppc64el and arm64
"The package is maintained well in Debian/Ubuntu (check out the Debian PTS)"
Maintained by Kernel team in sync with kernel
Testing: We have several sets of ZFS specific regression tests in the
kernel team autotest test infrastructure:
* The ZFS test suite:
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs
* fstest (Linux POSIX file system test suite)
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs_fstest
* ZFS I/O stress tests:
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs_stress
* XFS generic tests on ZFS:
http://kernel.ubuntu.com/git/ubuntu/autotest-client-tests.git/tree/ubuntu_zfs_xfs_generic
Note: currently working on a adt set of tests for ZFS to cover core features as
as set of kernel team smoke tests.
[Dependencies]:
All build and binary dependencies (including Recommends:) must be
satisfyable in main (i. e. the preferred alternative must be in main).
If not, these dependencies need a separate MIR report (this can be a
separate bug or another task on the main MIR bug)
zfs-linux:
* autotools-dev - Yes
* autoconf - Yes
* autogen - Yes
* automake - Yes
* debhelper - Yes
* dh-autoreconf - Yes
* dh-systemd - Yes
* dkms - Yes
* libselinux1-dev - Yes
* libtool - Yes
* uuid-dev - Yes
* zlib1g-dev - Yes
[Standards compliance]
"Standards compliance: The package should meet the FHS and Debian Policy
standards. Major violations should be documented and justified. Also, the
source packaging should be reasonably easy to understand and maintain."
Yes, I believe so.
[Maintenance]
"The package must have an acceptable level of maintenance
corresponding to its complexity:
Simple packages (e.g. language bindings, simple Perl modules, small
command-line programs, etc.) might not need very much maintenance effort,
and if they are maintained well in Debian we can just keep them synced
More complex packages will usually need a developer or team of
developers paying attention to their bugs, whether that be in Ubuntu or
elsewhere (often Debian). Packages that deliver major new headline
features in Ubuntu need to have commitment from Ubuntu developers
willing to spend substantial time on them."
* Falls into the complex package category. Colin King will primarily
maintain this package, with ownership owned and covered by the
Canonical Kernel Team. We have already performed SRU on ZFS in
Wily, showing we have the means to actively support this package.
"All packages must have a designated "owning" team, regardless of
complexity, which is set as a package bug contact."
* Yes, Canononical Kernel Team
https://launchpad.net/~canonical-kernel-team
[Background information]
"The package descriptions should explain the general purpose and context
of the package. Additional explanations/justifications should be done
in the MIR report."
* Yes, package description covers the scope of the package
"If the package was renamed recently, or has a different upstream name,
this needs to be explained in the MIR report."
The ZFS on Linux provides ZFS packaged under the debian-zfs. Debian
provides zfsutils for *BSD based kernels (kFreeBSD). The package name
zfsutils-linux was chosen for Linux based arches. |
|
| 2016-01-12 11:42:39 |
Colin Ian King |
bug |
|
|
added subscriber MIR approval team |
| 2016-01-12 13:32:05 |
Michael Terry |
zfs-linux (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2016-01-20 18:12:50 |
Tyler Hicks |
zfs-linux (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
Ubuntu Security Team (ubuntu-security) |
|
| 2016-01-22 13:39:31 |
Colin Ian King |
zfs-linux (Ubuntu): importance |
Undecided |
High |
|
| 2016-01-30 19:02:30 |
Marlin Cremers |
bug |
|
|
added subscriber Marlin Cremers |
| 2016-01-31 01:32:28 |
Hajo Möller |
cve linked |
|
2015-3400 |
|
| 2016-02-17 09:31:47 |
en |
bug |
|
|
added subscriber en |
| 2016-02-22 22:22:04 |
Simon Déziel |
bug |
|
|
added subscriber Simon Déziel |
| 2016-02-27 06:38:01 |
Seth Arnold |
bug |
|
|
added subscriber Seth Arnold |
| 2016-02-27 06:38:04 |
Seth Arnold |
zfs-linux (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2016-02-29 14:19:06 |
Michael Terry |
zfs-linux (Ubuntu): status |
New |
Incomplete |
|
| 2016-03-07 21:44:44 |
Hajo Möller |
bug |
|
|
added subscriber Hajo Möller |
| 2016-03-14 18:41:14 |
Matthias Klose |
bug task added |
|
spl-linux (Ubuntu) |
|
| 2016-03-14 18:41:43 |
Matthias Klose |
spl-linux (Ubuntu): status |
New |
Incomplete |
|
| 2016-03-14 20:25:52 |
Michael Terry |
spl-linux (Ubuntu): assignee |
|
Jamie Strandboge (jdstrand) |
|
| 2016-03-17 02:35:18 |
Arto Bendiken |
bug |
|
|
added subscriber Arto Bendiken |
| 2016-04-04 17:52:20 |
Jamie Strandboge |
spl-linux (Ubuntu): assignee |
Jamie Strandboge (jdstrand) |
Ubuntu Security Team (ubuntu-security) |
|
| 2016-04-07 00:45:58 |
William Grant |
bug |
|
|
added subscriber William Grant |
| 2016-04-08 16:27:04 |
Launchpad Janitor |
zfs-linux (Ubuntu): status |
Incomplete |
Fix Released |
|
| 2016-04-12 18:52:21 |
Seth Arnold |
spl-linux (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2016-04-13 16:03:23 |
Stéphane Graber |
zfs-linux (Ubuntu): status |
Fix Released |
Incomplete |
|
| 2016-04-13 16:03:26 |
Stéphane Graber |
bug task deleted |
spl-linux (Ubuntu) |
|
|
| 2016-04-19 17:03:35 |
Wouter van Os |
bug |
|
|
added subscriber Wouter van Os |
| 2016-04-25 18:03:46 |
Richard Laager |
bug |
|
|
added subscriber Richard Laager |
| 2016-05-11 18:34:28 |
Colin Ian King |
zfs-linux (Ubuntu): assignee |
|
Colin Ian King (colin-king) |
|
| 2016-05-11 19:14:17 |
Michael Terry |
zfs-linux (Ubuntu): status |
Incomplete |
Fix Committed |
|
| 2016-05-11 19:14:17 |
Michael Terry |
zfs-linux (Ubuntu): assignee |
Colin Ian King (colin-king) |
|
|
| 2016-07-06 20:45:31 |
Steve Langasek |
zfs-linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
