<div dir="ltr">Privet Kir and Igor<div><br></div><div>Sources and patches here:</div><div><a href="ftp://ftp.debian.org/debian/pool/main/v/vzctl/">ftp://ftp.debian.org/debian/pool/main/v/vzctl/</a><br></div><div><br></div><div>Source is named .orig.tar.gz</div><div>and the patches are either in .diff.gz or packaged in .debian.tar.gz</div><div><br></div><div>I think we should at least backport 4.8 (current stable) and then maybe oldstable 3.0.30. 3.0.24 is oldold stable so I guess you can skip that.</div><div><br></div><div>Thanks in advance</div><div><br></div><div>// Ola</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 31, 2015 at 11:17 PM, Kir Kolyshkin <span dir="ltr"><<a href="mailto:kir@odin.com" target="_blank">kir@odin.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<br>
<br>
<div>On 08/31/2015 12:15 PM, Ola Lundqvist
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I was. :-) Thanks!
<div><br>
</div>
<div>Will look into this shortly. Will also look into
backporting the fix.<br>
</div>
</div>
</blockquote>
<br></span>
Ola,<br>
<br>
I think Igor (in Cc) will be able to provide the fix backported,<br>
just let us know which version do you have in Debian (and a link<br>
to sources, as I guess you have some patches in there, too).<span class="HOEnZb"><font color="#888888"><br>
<br>
Kir.</font></span><div><div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div>// Ola</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Aug 31, 2015 at 8:47 PM, Kir
Kolyshkin <span dir="ltr"><<a href="mailto:kir@openvz.org" target="_blank">kir@openvz.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
<br>
On 08/26/2015 01:26 AM, Sergey Bronnikov wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi<br>
<br>
On 23:19 Tue 25 Aug , Ola Lundqvist wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi again<br>
<br>
Also I can not find where to download the software
(neither binaries nor<br>
sources). Is it only available in git?<br>
</blockquote>
It is not so difficult to find sources.<br>
We have one git repo for openvz sources -<br>
<a href="http://src.openvz.org" rel="noreferrer" target="_blank">src.openvz.org</a>.<br>
vzctl sources are here <a href="https://src.openvz.org/projects/OVZL/repos/vzctl/browse" rel="noreferrer" target="_blank">https://src.openvz.org/projects/OVZL/repos/vzctl/browse</a><br>
</blockquote>
<br>
</span>
Ola is probably asking about the source tarball. It's here:<br>
<a href="http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2" rel="noreferrer" target="_blank">http://download.openvz.org/utils/vzctl/4.9.4/src/vzctl-4.9.4.tar.bz2</a>
<div>
<div><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers<br>
<br>
// Ola<br>
<br>
On Tue, Aug 25, 2015 at 11:15 PM, Ola Lundqvist <<a href="mailto:ola@inguza.com" target="_blank"></a><a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a>>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Sergey<br>
<br>
How serious should we consider this problem?
Should I ask the Debian<br>
security team (Debian do not accept new revisions,
just backports for<br>
security fixes to their stable releases) to
backport this correction to the<br>
current vzctl stable package?<br>
<br>
In the meantime I'll build this 4.9.4 for debian
unstable and also upload<br>
to the openvz download directory. First testing
and then after a few days<br>
to the wheezy and jessie stable targets.<br>
<br>
Regards,<br>
<br>
// Ola<br>
<br>
<br>
<br>
On Tue, Aug 25, 2015 at 2:32 PM, Sergey Bronnikov
<<a href="mailto:sergeyb@openvz.org" target="_blank">sergeyb@openvz.org</a>><br>
wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
OpenVZ project has released a new vzctl update
for legacy OpenVZ.<br>
Read below for more information. Everybody is
advised to upgrade.<br>
<br>
Changes<br>
=======<br>
* store VE layout to VE config on start<br>
* store VE layout in VE config during create and
convert<br>
<br>
See full changelog here:<br>
<a href="https://src.openvz.org/projects/OVZL/repos/vzctl/commits" rel="noreferrer" target="_blank">https://src.openvz.org/projects/OVZL/repos/vzctl/commits</a><br>
<br>
Download<br>
========<br>
<a href="http://wiki.openvz.org/Download/vzctl/4.9.4" rel="noreferrer" target="_blank">http://wiki.openvz.org/Download/vzctl/4.9.4</a><br>
<br>
<br>
Thanks<br>
======<br>
OpenVZ project would like to thank the
RACK911LABS for discovering this<br>
bug and<br>
providing the attack scenario.<br>
<br>
<br>
Bug reporting<br>
=============<br>
Please report all bugs found to <a href="https://bugs.openvz.org/" rel="noreferrer" target="_blank"></a><a href="https://bugs.openvz.org/" target="_blank">https://bugs.openvz.org/</a><br>
<br>
<br>
Other sources of info on updates<br>
================================<br>
See <a href="http://planet.openvz.org/" rel="noreferrer" target="_blank">http://planet.openvz.org/</a>
to view all the news (including updates)<br>
online.<br>
There you can also find RSS/Atom feed links.<br>
<br>
<br>
Regards,<br>
OpenVZ team<br>
_______________________________________________<br>
Announce mailing list<br>
<a href="mailto:Announce@openvz.org" target="_blank">Announce@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/announce" rel="noreferrer" target="_blank">https://lists.openvz.org/mailman/listinfo/announce</a><br>
<br>
</blockquote>
<br>
<br>
--<br>
--- Inguza Technology AB --- MSc in Information
Technology ----<br>
/ <a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a>
Annebergsslingan 37 \<br>
| <a href="mailto:opal@debian.org" target="_blank">opal@debian.org</a>
654 65 KARLSTAD |<br>
| <a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a>
Mobile: <a href="tel:%2B46%20%280%2970-332%201551" value="+46703321551" target="_blank">+46
(0)70-332 1551</a> |<br>
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1
B1CF 0FE5 3DD9 /<br>
---------------------------------------------------------------<br>
<br>
<br>
</blockquote>
<br>
-- <br>
--- Inguza Technology AB --- MSc in Information
Technology ----<br>
/ <a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a>
Annebergsslingan 37 \<br>
| <a href="mailto:opal@debian.org" target="_blank">opal@debian.org</a>
654 65 KARLSTAD |<br>
| <a href="http://inguza.com/" rel="noreferrer" target="_blank">http://inguza.com/</a>
Mobile: <a href="tel:%2B46%20%280%2970-332%201551" value="+46703321551" target="_blank">+46 (0)70-332
1551</a> |<br>
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF
0FE5 3DD9 /<br>
---------------------------------------------------------------<br>
</blockquote>
</blockquote>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div>
<div dir="ltr">
<div>
<div><font face="courier new, monospace" size="1"> ---
Inguza Technology AB --- MSc in Information Technology
----</font></div>
<div><font face="courier new, monospace" size="1">/ <a href="mailto:ola@inguza.com" target="_blank"></a><a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a>
Annebergsslingan 37 \</font></div>
<div><font face="courier new, monospace" size="1">| <a href="mailto:opal@debian.org" target="_blank"></a><a href="mailto:opal@debian.org" target="_blank">opal@debian.org</a>
654 65 KARLSTAD |</font></div>
<div><font face="courier new, monospace" size="1">| <a href="http://inguza.com/" target="_blank"></a><a href="http://inguza.com/" target="_blank">http://inguza.com/</a>
Mobile: <a href="tel:%2B46%20%280%2970-332%201551" value="+46703321551" target="_blank">+46 (0)70-332 1551</a> |</font></div>
<div><font face="courier new, monospace" size="1">\
gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF
0FE5 3DD9 /</font></div>
<div><font face="courier new, monospace" size="1"> ---------------------------------------------------------------</font></div>
</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div><font face="courier new, monospace" size="1"> --- Inguza Technology AB --- MSc in Information Technology ----</font></div><div><font face="courier new, monospace" size="1">/ <a href="mailto:ola@inguza.com" target="_blank">ola@inguza.com</a> Annebergsslingan 37 \</font></div><div><font face="courier new, monospace" size="1">| <a href="mailto:opal@debian.org" target="_blank">opal@debian.org</a> 654 65 KARLSTAD |</font></div><div><font face="courier new, monospace" size="1">| <a href="http://inguza.com/" target="_blank">http://inguza.com/</a> Mobile: +46 (0)70-332 1551 |</font></div><div><font face="courier new, monospace" size="1">\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /</font></div><div><font face="courier new, monospace" size="1"> ---------------------------------------------------------------</font></div></div><div><br></div></div></div>
</div>