Hi, people claim that the crypto API is a source of security issues when (mis-)used by user space. LWN commenters on the recent algif_aead issue have some more notes: https://lwn.net/Articles/1070682/ partial quotes: https://lwn.net/Articles/1070960/ So it appears there are some tradeoffs to be made. Please take a look and consider turning the crypto user api off. Best, Chris PS: For src:util-linux, a quick look suggests we can easily stop using the kernels crypto API.
Hi, That will be up for further discussion in the kernel-team meeting. I wonder if we already can do that. There was the following follup as well from Eric: https://www.openwall.com/lists/oss-security/2026/05/06/5 Will iwd still work if we disable i now? Regards, Salvatore
Control: clone -1 -2 Control: reassign -2 src:util-linux Control: retitle -2 util-linux: drop AF_ALG support Control: forwarded -2 https://github.com/util-linux/util-linux/issues/4329 [..] Thanks, that is indeed useful commentary. Needs to be seen, I think. For u-l I've asked upstream to drop the AF_ALG stuff, as it seems completely non-critical. Best, Chris
We believe that the bug you reported is fixed in the latest version of docker-credential-gcr, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1135729@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Maytham Alsudany <maytham@debian.org> (supplier of updated docker-credential-gcr package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Thu, 07 May 2026 11:42:23 +0800 Source: docker-credential-gcr Binary: docker-credential-gcr docker-credential-gcr-dbgsym golang-github-googlecloudplatform-docker-credential-gcr-dev Architecture: source amd64 all Version: 2.1.32-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Maytham Alsudany <maytham@debian.org> Description: docker-credential-gcr - Docker credential helper for GCR users (program) golang-github-googlecloudplatform-docker-credential-gcr-dev - Docker credential helper for GCR users (library) Closes: 1135729 Changes: docker-credential-gcr (2.1.32-1) unstable; urgency=medium . * Initial release (Closes: #1135729) Checksums-Sha1: 6f46038070594f9c917189cc83a834f138ba57e3 2678 docker-credential-gcr_2.1.32-1.dsc a3a6bd0d349dfccb6d06a44ba1fd74cc3a041e02 39545 docker-credential-gcr_2.1.32.orig.tar.gz 144d6658be362b37c6b635b3158a305bec69ce86 4536 docker-credential-gcr_2.1.32-1.debian.tar.xz d1c1dd9ae9676f6c1cd747f512eb6d863b417115 2738184 docker-credential-gcr-dbgsym_2.1.32-1_amd64.deb 10fcfbe2a523b12aada8c398219524bf26aaa848 33266 docker-credential-gcr_2.1.32-1_amd64.buildinfo ed333dd283c195c577f8a84c392b069946f321ad 2563672 docker-credential-gcr_2.1.32-1_amd64.deb 0d38321801ac05ea66dbeaa689256803decd327d 28800 golang-github-googlecloudplatform-docker-credential-gcr-dev_2.1.32-1_all.deb Checksums-Sha256: 984b913a37f1466c935c9459b37c4c1e3ec8d39bf8236ed37ec21817c6c1c510 2678 docker-credential-gcr_2.1.32-1.dsc 106375cdfc48a08724fd8a45dbc026363fbe03153c0b201e50356483e3cd2517 39545 docker-credential-gcr_2.1.32.orig.tar.gz 905ef162e06c0cba138488265a1b6634ee8d60c36f40264a7f397680207d36b3 4536 docker-credential-gcr_2.1.32-1.debian.tar.xz e5654caa257649fe88299eba068bf47c18e2cd4db25c2374a045c9def9f2d469 2738184 docker-credential-gcr-dbgsym_2.1.32-1_amd64.deb 45a2d1c5d03ffe96b995fda45ec3410c6bc5004a57ef821fcef3946dca2da7d9 33266 docker-credential-gcr_2.1.32-1_amd64.buildinfo 4b9646e628e63de925df93331ecbb8dafddbe8b197b80bb3b7d33ba50dee035c 2563672 docker-credential-gcr_2.1.32-1_amd64.deb 22ce06abd9336b8c0185b10d89f7da21542e6f8fc5243bf781a65da2b1743d7f 28800 golang-github-googlecloudplatform-docker-credential-gcr-dev_2.1.32-1_all.deb Files: 245b2232e0ae3818c404ef855ef48699 2678 golang optional docker-credential-gcr_2.1.32-1.dsc 6310de0da9345408be8e01dc41d5b1ab 39545 golang optional docker-credential-gcr_2.1.32.orig.tar.gz 6f26bd0578547a44428a72f2ee7b6d69 4536 golang optional docker-credential-gcr_2.1.32-1.debian.tar.xz 4ee50256b4970de0af0fef935d36cb4d 2738184 debug optional docker-credential-gcr-dbgsym_2.1.32-1_amd64.deb 1253a4f6b4d416ff3568ed41bdaec572 33266 golang optional docker-credential-gcr_2.1.32-1_amd64.buildinfo d0dbda922ada0e15f6886087eaaf0c1b 2563672 admin optional docker-credential-gcr_2.1.32-1_amd64.deb b297a5b4a4850d91d330590d8719ec4d 28800 golang optional golang-github-googlecloudplatform-docker-credential-gcr-dev_2.1.32-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEESl/RzRFQh8wD3DXB1ZeJcgbF8H8FAmn8DiMACgkQ1ZeJcgbF 8H8CfA/+N1+Muzz+NTIRNMZDaJrJHLW1ToekAsrba3ePwmzTvRRCbgIJO1AR8fWJ EKWxC+iLDW3E35KvmYydK2HZ0mlAmeCbkB/tncVfe/XO0/jvjg87dE1hwkpwmDkn Lz67Z+89A5jY1qTBBab/Jbh1BCJAL+1raGtY3WDrYioPeSVBjwvAt5oXiQhdF0Bu yjv7bh6oVPQgP2m0XDnAnGsZ+6OuP6o82ws9CwnRTeMqH8+hJNI90YSpy4eGEIEe 2tKoxp4UKdBsiAyz3+KI8nhD+tWZU4R9VEbYfmaYgd2udERczdz/3qys32lBxt/r t0i7Xri7emOBSXc7zZ4r5+QLP0typ11w/ub0LOab7PejVm+49HxLIA9g+mH+EIAF BgsOm8w09jsdmwIUprY+Z91dQ79PQJASNJPGKh5SUlU9mFBkvqGtzM4neUpPSACj CAbsecB4+MldBX/5hqJDyVfxqSA7KJQS/qVp8NGteQjPCAoOSuz8tH4C0QXqFCv+ uTUQRwE2Ko1/wS7vQIpeQSvtsTf1h4p+YSCM/0dL1j1xCYPrZfLBPE5Erbh3Ifv3 mRukZTfDv0ELV0yz8Xug6M8c8g/fZggZ86Ii2B/kIa9VL/ZhJwi2R/t3mdI1hCrT /xErEf+y1WVGucZMucpNJIx9dEki/PoQ01JR2nYf79u+lAMZO5c= =X342 -----END PGP SIGNATURE-----
reopen 1135729 thanks Apologies, I've listed the wrong bug in my d/changelog.