1. Forum
  2. Usenet
  3. LINUX.DEBIAN.KERNEL

  • Bug#1106788: unblock: ktls-utils/1.0.0-1 (1/10)

    From Ben Hutchings@1:229/2 to All on Thu May 29 22:40:01 2025
    XPost: linux.debian.bugs.dist, linux.debian.devel.release
    From: ben@decadent.org.uk

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: ktls-utils@packages.debian.org, debian-kernel@lists.debian.org Control: affects -1 + src:ktls-utils
    User: release.debian.org@packages.debian.org
    Usertags: unblock

    Please unblock package ktls-utils

    [ Reason ]
    Update to the first stable upstream version.

    [ Impact ]
    Several bugs were fixed in this upstream version:
    - Memory leak during every handshake
    - Timeout errors were reported to the kernel with the wrong error
    code, which looks like it could lead to data loss
    - Possible buffer overruns (but it's not clear that they are
    exploitable)
    - A kernel request to handshake a QUIC connection would wrongly be
    handled as regular TLS over TCP, and is now treated as an error
    (since QUIC support is not enabled)

    This is also supposed to make NVMe over TLS work without extra
    configuration, but I have not yet tested NVMe support at all.

    [ Tests ]
    I manually tested use of tlshd for NFS with mutual authentication
    (mTLS), following the instructions in README.Debian.

    [ Risks ]
    This is a new upstream version with a comparatively large delta.
    However, most of that is for adding QUIC support, and that is
    currently disabled at build time. I have reviewed all the remaining
    changes.

    This package is new for trixie, so there is no risk of a regression
    from bookworm.

    [ Checklist ]
    [X] all changes are documented in the d/changelog
    [X] I reviewed all changes and I approve them
    [X] attach debdiff against the package in testing

    [ Other info ]

    unblock ktls-utils/1.0.0-1

    diff -Nru ktls-utils-0.11/.github/workflows/makefile.yml ktls-utils-1.0.0/.github/workflows/makefile.yml
    --- ktls-utils-0.11/.github/workflows/makefile.yml 2024-06-14 16:54:21.000000000 +0200
    +++ ktls-utils-1.0.0/.github/workflows/makefile.yml 2025-05-05 19:58:55.000000000 +0200
    @@ -16,12 +16,12 @@
    - linux/arm64

    steps:
    - - uses: actions/checkout@v3
    + - uses: actions/checkout@v4

    - name: Install dependencies
    run: |
    sudo apt-get update
    - sudo apt-get -y install gnutls-dev libkeyutils-dev libnl-3-dev libnl-genl-3-dev
    + sudo apt-get -y install gnutls-dev libkeyutils-dev libnl-3-dev libnl-genl-3-dev libglib2.0-dev

    - name: Configure
    run: |
    diff -Nru ktls-utils-0.11/ChangeLog ktls-utils-1.0.0/ChangeLog
    --- ktls-utils-0.11/ChangeLog 2024-06-14 16:54:21.000000000 +0200
    +++ ktls-utils-1.0.0/ChangeLog 2025-05-05 19:58:55.000000000 +0200
    @@ -1,5 +1,10 @@
    Change Log - In newest-release-first order

    +ktls-utils 1.0 - 2025-05-05
    + * Handshake support for in-kernel QUIC
    + * Package is no longer "experimental"
    + * Fix minor bugs
    +