condor (7.8.2~dfsg.1-1+deb7u3) wheezy-security; urgency=medium * Non-maintainer upload by the Security Team * Add a default SENDMAIL variable to the config file, to properly fix CVE-2014-8126 -- Sebastien Delafond Sun, 01 Feb 2015 21:40:39 +0100 condor (7.8.2~dfsg.1-1+deb7u2) wheezy-security; urgency=medium * Non-maintainer upload by the Security Team * Fix CVE-2014-8126: mailx invocation enabled code execution as condor user -- Sebastien Delafond Sun, 01 Feb 2015 11:14:00 +0100 condor (7.8.2~dfsg.1-1+deb7u1) unstable; urgency=high * Security update. This release addresses four CVE issues (Closes: #688210): - Security Item: Some code that was no longer used was removed. The presence of this code could expose information which would allow an attacker to control another user's job. (CVE-2012-3493) - Security Item: Some code that was no longer used was removed. The presence of this code could have lead to a Denial-of-Service attack which would allow an attacker to remove another user's idle job. (CVE-2012-3491) - Security Item: Filesystem (FS) authentication was improved to check the UNIX permissions of the directory used for authentication. Without this, an attacker may have been able to impersonate another submitter on the same submit machine. (CVE-2012-3492) - Security item: Check setuid return value (CVE-2012-3490) -- Michael Hanke Wed, 26 Sep 2012 16:10:17 +0200 condor (7.8.2~dfsg.1-1) unstable; urgency=high * Upstream security release. Prevent an attacker who is manipulating reverse-DNS entries and is able to connect to a Condor daemon to gain access to a Condor pool that is using DNS/hostname host-based authentication (only). CVE-2012-3416 -- Michael Hanke Thu, 16 Aug 2012 08:32:49 +0200 condor (7.8.1~dfsg.1-2) unstable; urgency=low * Remove dangling symlink /usr/sbin/condor -> ../bin/condor. This file no longer exists (Closes: #678425). * Add Debconf template translations: - Czech -- courtesy of Martin Å Ãn (Closes: #678952) - Spanish -- courtesy of Fernando C. Estrada (Closes: #680201) * Only issue 'condor_restart' command in postinst, when condor_master is actually running. If that is not the case, for example when daemon startup is prevented by system policy, package installation would fail otherwise. Thanks to Andreas Beckmann for the report. (Closes: #681144) -- Michael Hanke Thu, 21 Jun 2012 18:40:11 +0200 condor (7.8.1~dfsg.1-1) unstable; urgency=low * New upstream bugfix release: - Fixed a bug in the condor init script that would cause the init script to hang if condor wasn't running (Ticket 2872) - Fixed a bug that caused Parallel Universe jobs using Parallel Scheduling Groups to occasionally stay idle even when there were available machines to run them (Ticket 3017) - Fixed a bug that caused the Condor GridManager to crash when attempting to submit jobs to a local PBS/LSF/SGI cluster (Ticket 3014) - Fixed a bug in the handling of local universe jobs which caused the Condor SCHEDD to log a spurious ERROR message every time a local universe job exited, and then further caused the statistics for local universe jobs to be incorrectly computed (Ticket 3008) - Fixed a bug when Condor runs under the PrivSep model, in which if a job created a hard link from one file to another, Condor was unable to transfer the files back to the submit side, and the job was put on hold. (Ticket 2987) - When configuration variables MaxJobRetirementTime or MachineMaxVacateTime were very large, estimates of machine draining badput and completion time were sometimes nonsensical because of integer overflow (Ticket 3001) - Fixed a bug where per-job sub-directories and their contents in the SPOOL directory would not be removed when the associated job left the queue (Ticket 2942). Closes: #663031 * Updated Swedish Debconf translation (Closes: #676943). -- Michael Hanke Wed, 06 Jun 2012 10:39:35 +0200 condor (7.8.0~dfsg.1-2) unstable; urgency=low * Actually include the Russian, Italian, and Polish translations. * Add Debconf template translations: - Swedish -- courtesy of Martin Bagge (Closes: #673877) - French -- courtesy of Steve Petruzzello (Closes: #673138) - Portuguese -- courtesy of Pedro Ribeiro (Closes: #674943) * Add explicit dependency on Python (for condor_router_history). * Remove word duplication from package description. * Fix typos in debian/copyright. -- Michael Hanke Mon, 04 Jun 2012 08:49:07 +0200 condor (7.8.0~dfsg.1-1) unstable; urgency=low * New upstream release (Closes: #670304). This is the first release of the new 7.8 stable series. Patches introduced to prevent FTBFS on mips, ia64 and s390x are merged/obsolete. * Add Debconf template translations (Closes: #670487): - German -- courtesy of Erik Pfannenstein (Closes: #671394) - Russian -- courtesy of Yuri Kozlov (Closes: #671510) - Italian -- courtesy of Beatrice Torracca (Closes: #671641) - Polish -- courtesy of Michał Kułach (Closes: #671547) -- Michael Hanke Wed, 09 May 2012 11:35:19 +0200 condor (7.7.6~dfsg.1-3) experimental; urgency=low * Temporarily drop cgroups dependency and, consequently, support for cgroups in Condor. The cgroups package is not in the condition to migrate into wheezy, hence blocking Condor's migration as well. cgroups maintainer suggests to drop this dependency for now. http://lists.debian.org/debian-devel/2012/04/msg00617.html * Improved Debconf templates after review by debian-l10n-english. Thanks to Justin B. Rye and Christian Perrier. * Add Debconf template translations: - Danish -- courtesy of Joe Dalton (Closes: #671090). -- Michael Hanke Wed, 02 May 2012 08:13:55 +0200 condor (7.7.6~dfsg.1-2) unstable; urgency=low * Add upstream patch to address FTBFS on ia64 and s390x (Closes: #670393). -- Michael Hanke Wed, 25 Apr 2012 18:18:08 +0200 condor (7.7.6~dfsg.1-1) unstable; urgency=low * New upstream development release. Last one before the 7.8 stable series. * Majority of patches has been merged upstream or have been made obsolete. * Stop supporting alternative LOCAL_DIR settings via Debconf. In addition the pre/postrm scripts no longer support non-standard (aka /var) LOCAL_DIR settings. This was done to be able to keep runtime data (logs, etc.) when the package gets removed, but not purged (Closes: #668088). Previously the package relied on Condor's own configuration facilities to deduce LOCAL_DIR, which is impossible to perform in 'postrm'. * Do not remove the condor user during package purge (Closes: #667533). Along the lines of the discussion in #621833 the user is kept in a locked state (condor user has login disabled by default). * Simplify logic of adding the condor system user in maintainer scripts. * Change daemon restart behavior on package upgrade -- confirmed with upstream. Condor is now kept running during package upgrade (was unconditionally stopped in prerm before). Upon finishing installtion of the new version, Condor is just started (if not already running) and a 'condor_restart' command is issued. Before a complete stop-start cycle was performed. The new behavior should allow for a more graceful upgrade of Condor pools, by safely shutting down all running jobs and jobs submitted from the localhost. * Add patch to allow building on MIPS. Rename variable name 'mips' to 'mips_' to avoid name clash (Closes: #669689). * Fix a bug in the debconf script that caused the default start policy setting for a personal Condor installation to have no effect, i.e. it would not run jobs regardless of machine activity by default. -- Michael Hanke Tue, 24 Apr 2012 20:15:31 +0200 condor (7.7.5~dfsg.1-2) experimental; urgency=low * New primary Debian maintainer contact is Condor upstream. Previous maintainer remains uploader. * Guard against failure due to missing directories in pre-removal script (Closes: #662739). Thanks to Andreas Beckmann for detecting the bug. * Fix DMTCP integration for version 1.2.4 and later -- file location tests became invalid. * Set default DMTCP snapshotting interval to zero -- no regular snapshotting, but on-demand snapshots on vacate command. In addition the shim script now honors DMTCP_CHECKPOINT_INTERVAL. * Call dmtcp_command with option --quiet in shim_dmtcp to achieve more readable logs, by suppressing DMTCP's license and author boilerplate output. * Added patch to ignore PIDs from a stale PID file when trying to stop condor. This could otherwise prevent package removal/upgrade (Closes: #663033). The patch has been forwarded upstream. * Cherry-pick upstream patch that let's Condor build on all Debian-derived distributions identically. This patch allows the unmodified Debian package to build on Ubuntu. * Cherry-pick upstream patch to bump the libclassad SO version from 2 to 3 -- fixed an overlooked and somewhat hidden change of API. Should now be stable for the 7.8 series. Also changed associated package name and dependencies accordingly. * Let DMTCP perform a blocking checkpointing operation, to avoid Condor killing DMTCP before a checkpoint file is written completely (Closes: #663078). * Make an attempt to let shim_dmtcp remove DMTCP checkpoint output files from a job's EXEC_DIR upon job termination. This is experimental. * Improve README.Debian regarding DMTCP checkpointing setup. * Bumped Standards-version to 3.9.3; no changes necessary. * Added homepage and VCS information to control file. -- Michael Hanke Fri, 09 Mar 2012 13:20:25 +0100 condor (7.7.5~dfsg.1-1) UNRELEASED; urgency=low * New upstream release. Feature freeze for upcoming 7.8 stable series. - better statistics for monitoring a Condor pool, - better support for absent ads in the collector - fast claiming of partitionable slots - support for some newer Linux kernel features to better support process isolation. * Remove 'disable_java_gt4X' patch -- corresponding upstream code has been removed. * Remove 'debian_dynamic_run' patch -- merged upstream. -- Michael Hanke Thu, 01 Mar 2012 08:47:40 +0100 condor (7.7.4+git3-gd7ce75b~dfsg.1-1) experimental; urgency=low * Initial upload to Debian experimental (Closes: #233482). After acceptance into Debian an upload to unstable is expected to happen once a build-time test suite is operational. * Drop NeuroDebian team as maintainer, upstream will eventually become the primary maintainer, with Michael Hanke being the uploader for the time being. * Merge commits from 7.7.4 maintenance branch. * Enable GSOAP support. -- Michael Hanke Fri, 24 Feb 2012 08:37:32 +0100 condor (7.7.4-2) UNRELEASED; urgency=low * Forcing runtime dependency on libcgroup1 (>= 0.37~), as otherwise Condor's procd refuses to start. * Fix problem in the Debconf setup that caused the initially provided settings to be overwritten during installation on a clean system (without and existing Condor installation). * Modify condor_qsub to always execute submitted scripts via the configured shell and not directly (expecting them to be executable). The seems to be the behavior of SGE's qsub. -- Michael Hanke Tue, 17 Jan 2012 14:01:27 +0100 condor (7.7.4-1) UNRELEASED; urgency=low * New upstream release. RPATH setup now officially supported. * Added emulator for SGE-style qsub calls (condor_qsub; incl. manpage). * Update DMCTP shim script to version 0.4. * Added dependency to libdate-manip-perl for condor_gather_info. * Remove patch to disable scimark in favor of proper configuration default. -- Michael Hanke Thu, 22 Dec 2011 16:19:00 +0100 condor (7.7.1+git837-g37b7fa3-1) UNRELEASED; urgency=low * New upstream code. Support for dynamic linking against system libraries. Condor's internal libs have been merged into a single library. * Fix build-deps on BOOST. * Bumped Standards-version to 3.9.2; no changes necessary. * Build using embedded classad library -- upstream will (or did) stop releasing it separately. libclassad binary packages are now built from the Condor source package. * Drop shared library, sysapi and postgres patches -- merged or obsolete. * Adjust rules for now included doc source code. * Add sanity checks into maintainer script to avoid creating bogus directories and installation errors. Thanks to Mats Rynge for reporting. * Add Python as runtime dependency. * Add patch to make condor_run work with Condor's new file transfer behavior. Courtesy of Jaime Frey. * Stop building a PDF version of the manual (takes long, and segfaults ghostscript at the moment). Keep HTML version. * Add patch to provide a sane default configuration for ssh_to_job and install condor_ssh_to_job_sshd_config_template as a conffile in /etc/condor/. * Added condor-dev package, containing headers files and static versions of Condor libraries. * Add build-dep on libldap-dev to ensure nordugrid_gahp being built. * Added DMTCP integration for snapshotting of vanilla universe jobs. -- Michael Hanke Tue, 11 Oct 2011 08:42:35 +0200 condor (7.6.1-1) UNRELEASED; urgency=low * New upstream release. * Adjust shared library patch. -- Michael Hanke Sat, 04 Jun 2011 20:36:29 -0400 condor (7.6.0-1) UNRELEASED; urgency=low * New upstream stable release. * Adjusted patches. * Added missing debhelper dependencies. * Added missing sysv-style init script symlinks. * Fixed various typos. * Prevent local classad header files from being used, in favor of system-wide libclassad installations. -- Michael Hanke Mon, 18 Apr 2011 22:07:08 -0400 condor (7.5.5+git995-ga9a0d2a-1) UNRELEASED; urgency=low * New upstream code from V7.6 branch. Updated various patches, removed some merged ones. * No longer compile the 'contrib' parts -- upstream recommended it due to lack of stability. * Added patch to create /var/run/condor upon daemon startup with proper permissions. That helps to conform to the FHS that declares /var/run as volatile and to be cleaned upon boot. Moreover, some systems have /var/run mounted as tmpfs. -- Michael Hanke Tue, 15 Mar 2011 16:37:56 -0400 condor (7.5.4+git567-gb10f6b4-2) UNRELEASED; urgency=low * Applied patch to allow adding submit specs in condor_run calls. Thanks to Matthew Farrellee . * Improved configuration for a "Personal Condor". Bind network traffic to the loopback interface. Better documentation in the generated configuration file. -- Michael Hanke Thu, 06 Jan 2011 17:28:59 -0500 condor (7.5.4+git567-gb10f6b4-1) UNRELEASED; urgency=low * Initial packaging. -- Michael Hanke Sun, 26 Dec 2010 10:10:19 -0500