[Bug 1638957] Re: [MIR] http-parser, dependency of sssd
Andreas Hasenack
andreas at canonical.com
Thu Mar 8 14:07:09 UTC 2018
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 | bionic/universe | source
+
+ Upstream: https://github.com/nodejs/http-parser
[Rationale]
sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket.
The Debian sssd package has the secrets service enabled, and disabling
it in the Ubuntu package is part of the delta we carry.
The secrets service can be used as a generic key/value database for
secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
Manager), implemented by sssd-kcm.
sssd-secrets is unix socket activated and won't be running until there
is a connection to that socket.
The goal of this MIR is then twofold:
a) drop a delta we have with regards to debian
b) provide the sssd-secrets service for Ubuntu users
[Security]
+ ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
[Quality assurance]
[Dependencies]
[Standards compliance]
[Maintenance]
[Background information]
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 | bionic/universe | source
Upstream: https://github.com/nodejs/http-parser
[Rationale]
sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket.
The Debian sssd package has the secrets service enabled, and disabling
it in the Ubuntu package is part of the delta we carry.
The secrets service can be used as a generic key/value database for
secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
Manager), implemented by sssd-kcm.
sssd-secrets is unix socket activated and won't be running until there
is a connection to that socket.
The goal of this MIR is then twofold:
a) drop a delta we have with regards to debian
b) provide the sssd-secrets service for Ubuntu users
[Security]
ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
+ There are still no CVEs for http-parser or libhttp-parser.
+
+
[Quality assurance]
[Dependencies]
[Standards compliance]
[Maintenance]
[Background information]
** Description changed:
[Availability]
Package is in universe since trusty:
$ rmadison http-parser
http-parser | 2.1-2 | trusty/universe | source
http-parser | 2.1-2 | xenial/universe | source
http-parser | 2.1-2 | artful/universe | source
http-parser | 2.7.1-2 | bionic/universe | source
Upstream: https://github.com/nodejs/http-parser
[Rationale]
sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket.
The Debian sssd package has the secrets service enabled, and disabling
it in the Ubuntu package is part of the delta we carry.
The secrets service can be used as a generic key/value database for
secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
Manager), implemented by sssd-kcm.
sssd-secrets is unix socket activated and won't be running until there
is a connection to that socket.
The goal of this MIR is then twofold:
a) drop a delta we have with regards to debian
b) provide the sssd-secrets service for Ubuntu users
[Security]
ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
There are still no CVEs for http-parser or libhttp-parser.
-
[Quality assurance]
[Dependencies]
+ libhttp-parser2.7.1
+ Reverse Depends:
+ libhttp-parser-dev
+ tcpflow-nox
+ tcpflow
+ tang-nagios
+ tang
+ ruby-http-parser.rb
+ purple-matrix
+ ocserv
+ jabberd2
+ libgit2-26
+
[Standards compliance]
[Maintenance]
[Background information]
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1638957
Title:
[MIR] http-parser, dependency of sssd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/+subscriptions
More information about the Ubuntu-server-bugs
mailing list