Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#982050: There are fresh upstream releases (8.9.11 ATM) which address security and other issues
4 views
Skip to first unread message
Yaroslav Halchenko
Feb 5, 2021, 6:30:03 PM2/5/21
to
Package: htcondor
Version: 8.6.8~dfsg.1-2
Severity: normal
8.6.8~dfsg.1-1 was uploaded over 3 years ago. Since then multiple
upstream releases were made, possibly (didn't check) addressing CVE of
Bugs with severity grave
1) #963777 condor: CVE-2019-18823
and possibly
Bugs with severity serious
2) #925657 condor: ftbfs with GCC-9
3) #966726 condor: Unversioned Python removal in sid/bullseye
In our case we also encountered "buffer overflow detected" upon running
condor_q -json and it is unlikely worth filing a new issue without checking
first if a upstream work of the past 3 years has likely addressed it.
So it would be great to see a newer version of condor be shipped in
Debian.
Cheers,
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (600, 'unstable'), (300, 'experimental'), (100, 'unstable-debug'), (100, 'stable-updates'), (100, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-4-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages htcondor depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.74
ii libc6 2.31-5
pn libcgroup1 <none>
pn libclassad8 <none>
ii libcom-err2 1.45.6-1
ii libcurl4 7.72.0-1
ii libdate-manip-perl 6.83-1
ii libexpat1 2.2.10-1
ii libgcc-s1 [libgcc1] 10.2.1-1
pn libglobus-callout0 <none>
pn libglobus-common0 <none>
pn libglobus-ftp-client2 <none>
pn libglobus-gass-transfer2 <none>
pn libglobus-gram-client3 <none>
pn libglobus-gram-protocol3 <none>
pn libglobus-gsi-callback0 <none>
pn libglobus-gsi-cert-utils0 <none>
pn libglobus-gsi-credential1 <none>
pn libglobus-gsi-openssl-error0 <none>
pn libglobus-gsi-proxy-core0 <none>
pn libglobus-gsi-proxy-ssl1 <none>
pn libglobus-gsi-sysconfig1 <none>
pn libglobus-gss-assist3 <none>
pn libglobus-gssapi-error2 <none>
pn libglobus-gssapi-gsi4 <none>
pn libglobus-io3 <none>
pn libglobus-openssl-module0 <none>
pn libglobus-rsl2 <none>
pn libglobus-xio0 <none>
ii libgomp1 10.2.1-1
ii libgssapi-krb5-2 1.18.3-4
ii libk5crypto3 1.18.3-4
ii libkrb5-3 1.18.3-4
ii libkrb5support0 1.18.3-4
ii libldap-2.4-2 2.4.56+dfsg-1
ii libltdl7 2.4.6-14
ii libpcre3 2:8.39-13
ii libssl1.1 1.1.1h-1
ii libstdc++6 10.2.1-1
ii libuuid1 2.36.1-2
ii libvirt0 6.9.0-1+b2
ii libx11-6 2:1.7.0-2
ii libxext6 2:1.3.3-1+b2
ii libxss1 1:1.2.3-1
ii lsb-base 11.1.0
ii perl 5.32.0-6
pn python <none>
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages htcondor recommends:
pn dmtcp <none>
pn ecryptfs-utils <none>
Versions of packages htcondor suggests:
pn coop-computing-tools <none>
ii docker.io 20.10.0+dfsg2-1
ii singularity-container 3.5.2+ds1-1
pn slurm-client <none>
Version: 8.6.8~dfsg.1-2
Severity: normal
8.6.8~dfsg.1-1 was uploaded over 3 years ago. Since then multiple
upstream releases were made, possibly (didn't check) addressing CVE of
Bugs with severity grave
1) #963777 condor: CVE-2019-18823
and possibly
Bugs with severity serious
2) #925657 condor: ftbfs with GCC-9
3) #966726 condor: Unversioned Python removal in sid/bullseye
In our case we also encountered "buffer overflow detected" upon running
condor_q -json and it is unlikely worth filing a new issue without checking
first if a upstream work of the past 3 years has likely addressed it.
So it would be great to see a newer version of condor be shipped in
Debian.
Cheers,
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (600, 'unstable'), (300, 'experimental'), (100, 'unstable-debug'), (100, 'stable-updates'), (100, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.9.0-4-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages htcondor depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.74
ii libc6 2.31-5
pn libcgroup1 <none>
pn libclassad8 <none>
ii libcom-err2 1.45.6-1
ii libcurl4 7.72.0-1
ii libdate-manip-perl 6.83-1
ii libexpat1 2.2.10-1
ii libgcc-s1 [libgcc1] 10.2.1-1
pn libglobus-callout0 <none>
pn libglobus-common0 <none>
pn libglobus-ftp-client2 <none>
pn libglobus-gass-transfer2 <none>
pn libglobus-gram-client3 <none>
pn libglobus-gram-protocol3 <none>
pn libglobus-gsi-callback0 <none>
pn libglobus-gsi-cert-utils0 <none>
pn libglobus-gsi-credential1 <none>
pn libglobus-gsi-openssl-error0 <none>
pn libglobus-gsi-proxy-core0 <none>
pn libglobus-gsi-proxy-ssl1 <none>
pn libglobus-gsi-sysconfig1 <none>
pn libglobus-gss-assist3 <none>
pn libglobus-gssapi-error2 <none>
pn libglobus-gssapi-gsi4 <none>
pn libglobus-io3 <none>
pn libglobus-openssl-module0 <none>
pn libglobus-rsl2 <none>
pn libglobus-xio0 <none>
ii libgomp1 10.2.1-1
ii libgssapi-krb5-2 1.18.3-4
ii libk5crypto3 1.18.3-4
ii libkrb5-3 1.18.3-4
ii libkrb5support0 1.18.3-4
ii libldap-2.4-2 2.4.56+dfsg-1
ii libltdl7 2.4.6-14
ii libpcre3 2:8.39-13
ii libssl1.1 1.1.1h-1
ii libstdc++6 10.2.1-1
ii libuuid1 2.36.1-2
ii libvirt0 6.9.0-1+b2
ii libx11-6 2:1.7.0-2
ii libxext6 2:1.3.3-1+b2
ii libxss1 1:1.2.3-1
ii lsb-base 11.1.0
ii perl 5.32.0-6
pn python <none>
ii zlib1g 1:1.2.11.dfsg-2
Versions of packages htcondor recommends:
pn dmtcp <none>
pn ecryptfs-utils <none>
Versions of packages htcondor suggests:
pn coop-computing-tools <none>
ii docker.io 20.10.0+dfsg2-1
ii singularity-container 3.5.2+ds1-1
pn slurm-client <none>
Diane Trout
Feb 19, 2021, 5:00:03 PM2/19/21
to
Hello,
I had been wondering if the htcondor package is effectively orphaned.
There hasn't been any activity in quite some time.
It looks like the wusc.edu developer stopped in 2018.
https://contributors.debian.org/contributor/ttheisen-guest@alioth/
It looks like the Debian developer Michael Hanke is still around as of
2020 though.
https://contributors.debian.org/contributor/mih/
Diane
I had been wondering if the htcondor package is effectively orphaned.
There hasn't been any activity in quite some time.
It looks like the wusc.edu developer stopped in 2018.
https://contributors.debian.org/contributor/ttheisen-guest@alioth/
It looks like the Debian developer Michael Hanke is still around as of
2020 though.
https://contributors.debian.org/contributor/mih/
Diane
Yaroslav Halchenko
Feb 19, 2021, 7:30:03 PM2/19/21
to
There are updated packages floating around... BCCing someone who might
facilitate pinging etc. I bet if changes pushed somewhere, should be
easy to get updated package finalized etc
On Fri, 19 Feb 2021, Diane Trout wrote:
> I had been wondering if the htcondor package is effectively orphaned.
> There hasn't been any activity in quite some time.
--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW: http://www.linkedin.com/in/yarik
facilitate pinging etc. I bet if changes pushed somewhere, should be
easy to get updated package finalized etc
On Fri, 19 Feb 2021, Diane Trout wrote:
> I had been wondering if the htcondor package is effectively orphaned.
> There hasn't been any activity in quite some time.
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
WWW: http://www.linkedin.com/in/yarik
Diane Trout
Feb 19, 2021, 9:50:03 PM2/19/21
to
On Fri, 2021-02-19 at 18:31 -0600, Tim Theisen wrote:
> I have HTCondor 8.8.12 ready to upload to salsa. The condor
> repository is moving from the neurodebian team to the HPC. I have
> been waiting for the repository to move before my upload.
> Debian follows the stable release series (8.8 right now). The
> development series (8.9) can be changing and that is counter to
> Debian goal for stability.
> I will upload changes to the neurodebian project this weekend.
> As for the security issues, they were introduced in 8.9.2 and 8.9.7
> and so are not in the current version that is in Debian.
> ...Tim
Thank you!
I'm in the Debian Python, Med & Science teams and have HTCondor
deployed on our labs cluster. I might be able to provide some
assistance if you need.
Is there any chance the Python bindings might get re-enabled in the new
release?
Diane
> I have HTCondor 8.8.12 ready to upload to salsa. The condor
> repository is moving from the neurodebian team to the HPC. I have
> been waiting for the repository to move before my upload.
> Debian follows the stable release series (8.8 right now). The
> development series (8.9) can be changing and that is counter to
> Debian goal for stability.
> I will upload changes to the neurodebian project this weekend.
> As for the security issues, they were introduced in 8.9.2 and 8.9.7
> and so are not in the current version that is in Debian.
> ...Tim
Thank you!
I'm in the Debian Python, Med & Science teams and have HTCondor
deployed on our labs cluster. I might be able to provide some
assistance if you need.
Is there any chance the Python bindings might get re-enabled in the new
release?
Diane
Alex Waite
Mar 1, 2021, 8:20:03 AM3/1/21
to
@Tim That is great to hear that you're planning to push your changes for 8.8.12 to NeuroDebian. I have been working on packaging the same release, and I have everything working except GLOBUS (which causes it to fail to build for me).
I've pushed what I have to https://salsa.debian.org/aqw-guest/htcondor
Let me know if/how you'd like to coordinate. :-)
I also have a problem with `/usr/lib/condor/libexec/condor_gpu_discovery -properties` segfaulting on ppc64el. It sounds a lot like HTCondor bug #7605 [1], but persists in 8.8.12. What is the preferred way to report bugs to the HTCondor project: the mailing list or on HTCondor's bug tracker?
---Alex
[1] https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=7605
I've pushed what I have to https://salsa.debian.org/aqw-guest/htcondor
Let me know if/how you'd like to coordinate. :-)
I also have a problem with `/usr/lib/condor/libexec/condor_gpu_discovery -properties` segfaulting on ppc64el. It sounds a lot like HTCondor bug #7605 [1], but persists in 8.8.12. What is the preferred way to report bugs to the HTCondor project: the mailing list or on HTCondor's bug tracker?
---Alex
[1] https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=7605
Diane Trout
Mar 10, 2021, 2:10:04 PM3/10/21
to
On Sat, 2021-02-20 at 08:23 -0600, Tim Theisen wrote:
> Regarding Python, I will prepare the 8.9.11 release. The Python
> support
> is far superior in the 8.9 series. We plan to have the stable 9.0
> release out by the end of March and hopefully, that will make it into
> bullseye.
>
> Python 3 bindings will be available.
>
> Thank you for asking about Python, it led me to making a better
> choice
> of version.
Hello,
I was wondering if you'd had any chance to work on htcondor for Debian?
I hadn't seen anything show up on tracker or in
https://salsa.debian.org/debian/htcondor
Thanks,
Diane
> Regarding Python, I will prepare the 8.9.11 release. The Python
> support
> is far superior in the 8.9 series. We plan to have the stable 9.0
> release out by the end of March and hopefully, that will make it into
> bullseye.
>
> Python 3 bindings will be available.
>
> Thank you for asking about Python, it led me to making a better
> choice
> of version.
Hello,
I was wondering if you'd had any chance to work on htcondor for Debian?
I hadn't seen anything show up on tracker or in
https://salsa.debian.org/debian/htcondor
Thanks,
Diane
0 new messages