[Group.of.nepali.translators] [Bug 1941638] Re: xenial/linux: 4.4.0-214.246 -proposed tracker
** Changed in: kernel-sru-workflow/prepare-package Status: Fix Committed => Fix Released ** Description changed: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- built: main: build#1 meta: build#1 route: 1 signed: build#1 delta: sru-review: - main - signed - meta packages: main: linux meta: linux-meta signed: linux-signed phase: Packaging phase-changed: Wednesday, 25. August 2021 23:46 UTC reason: - :prepare-packages: Pending -- building in ppa (main:P meta:D - signed:D) + :prepare-packages: Ongoing -- building in ppa (meta:B signed:B) derivatives-held: Stalled -- derivative preparation block requested - prepare-package: Ongoing -- main package not yet fully built prepare-package-meta: Ongoing -- meta package not yet fully built prepare-package-signed: Ongoing -- signed package not yet fully built sru-review: Pending -- ready for review synthetic: :promote-to-as-proposed: Invalid trackers: trusty/linux-aws: bug 1941636 trusty/linux-lts-xenial: bug 1941637 xenial/linux-aws: bug 1941631 xenial/linux-cascade: bug 1941633 xenial/linux-fips: bug 1941634 xenial/linux-kvm: bug 1941635 xenial/linux/caracalla-kernel: bug 1941627 xenial/linux/pc-kernel: bug 1941628 xenial/linux/stlouis-kernel: bug 1941629 variant: debs versions: main: 4.4.0-214.246 meta: 4.4.0.214.221 signed: 4.4.0-214.246 source: 4.4.0-214.246 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1941638 Title: xenial/linux: 4.4.0-214.246 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Invalid Status in Kernel SRU Workflow boot-testing series: New Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow kernel-signoff series: New Status in Kernel SRU Workflow prepare-package series: Fix Released Status in Kernel SRU Workflow prepare-package-meta series: Fix Committed Status in Kernel SRU Workflow prepare-package-signed series: Fix Committed Status in Kernel SRU Workflow promote-signing-to-proposed series: New Status in Kernel SRU Workflow promote-to-proposed series: New Status in Kernel SRU Workflow promote-to-security series: Invalid Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: New Status in Kernel SRU Workflow security-signoff series: Invalid Status in Kernel SRU Workflow sru-review series: Confirmed Status in Kernel SRU Workflow verification-testing series: New Status in linux source package in Xenial: New Bug description: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- built: main: build#1 meta: build#1 route: 1 signed: build#1 delta: sru-review: - main - signed - meta packages: main: linux meta: linux-meta signed: linux-signed phase: Packaging phase-changed: Wednesday, 25. August 2021 23:46 UTC reason: :prepare-packages: Pending -- building in ppa (meta:P signed:P) derivatives-held: Stalled -- derivative preparation block requested prepare-package-meta: Ongoing -- meta package not yet fully built prepare-package-signed: Ongoing -- signed package not yet fully built sru-review: Pending -- ready for review synthetic: :promote-to-as-proposed: Invalid trackers: trusty/linux-aws: bug 1941636 trusty/linux-lts-xenial: bug 1941637 xenial/linux-aws: bug 1941631 xenial/linux-cascade: bug 1941633 xenial/linux-fips: bug 1941634 xenial/linux-kvm: bug 1941635 xenial/linux/caracalla-kernel: bug 1941627 xenial/linux/pc-kernel: bug 1941628 xenial/linux/stlouis-kernel: bug 1941629 variant: debs versions: main: 4.4.0-214.246 meta: 4.4.0.214.221 signed: 4.4.0-214.246 source: 4.4.0-214.246 To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1941638/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1928648] Re: expiring trust anchor compatibility issue
** Changed in: gnutls28 (Ubuntu Bionic) Status: New => In Progress ** Changed in: gnutls28 (Ubuntu Precise) Status: New => Won't Fix ** Changed in: gnutls28 (Ubuntu Bionic) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1928648 Title: expiring trust anchor compatibility issue Status in gnutls28 package in Ubuntu: Fix Released Status in gnutls28 source package in Precise: Won't Fix Status in gnutls28 source package in Trusty: New Status in gnutls28 source package in Xenial: New Status in gnutls28 source package in Bionic: In Progress Bug description: [Impact] * gnutls28 fails to talk to letsencrypt website past September 2021, despite trusting the letsencrypt root certificate. [Test Plan] * Import staging cert equivalent to ISRG Root X1 https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem * Import expired staging cert equivalen tto DST Root CA X3 https://letsencrypt.org/certs/staging/letsencrypt-stg-root-dst.pem * Test connectivity to the expired-root-ca test website https://expired-root-ca-test.germancoding.com setup: apt install wget gnutls-bin wget https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem wget https://letsencrypt.org/certs/staging/letsencrypt-stg-root-dst.pem cat letsencrypt-stg-root-x1.pem letsencrypt-stg-root-dst.pem >> ca.pem test case: gnutls-cli --x509cafile=ca.pem expired-root-ca-test.germancoding.com bad result: - Status: The certificate is NOT trusted. The certificate chain uses expired certificate. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. *** handshake has failed: Error in the certificate. good result: - Status: The certificate is trusted. - Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) - Session ID: A8:2B:AF:85:54:64:3A:79:81:99:16:D4:6D:9A:FC:30:F1:EC:49:A4:09:A9:0C:31:37:38:C2:0E:73:C7:C9:04 - Options: OCSP status request, - Handshake was completed Connection should be successful and trusted with correctly working gnutls client that can manage to ignore expired CA, and build a valid trust path using non-expired CA in the chain. [Where problems could occur] * Changes as to how the trust paths are built in TLS connection may result in introducing bugs (failure to connect to valid sites) and/or security vulnerabilities (connecting to invalid sites successfully). [Other Info] * Background info * The current chain from letsencrypt is expiring, they are adding a new chain, but also keeping the expiring one. This will result in connectivity issues when using old gnutls/openssl against websites using the default letsencrypt configuration after September 2021. https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816 https://community.letsencrypt.org/t/questions-re-openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143817 Currently gnutls28 in bionic and earlier will not establish a connection, if any parts of the trust chain have expired, even though alternative non-expired chains are available. This has been fixed in GnuTLS 3.6.14, but probably should be backported to bionic and earlier if it was not already been done so. https://gitlab.com/gnutls/gnutls/-/issues/1008 https://gitlab.com/gnutls/gnutls/-/merge_requests/1271 Openssl bug report for this issue is https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1928989 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1928648/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1941638] Re: xenial/linux: 4.4.0-214.246 -proposed tracker
** Changed in: kernel-sru-workflow/promote-to-security Status: New => Invalid ** Changed in: kernel-sru-workflow/security-signoff Status: New => Invalid ** Description changed: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- packages: main: linux meta: linux-meta signed: linux-signed - phase: Ready for Packaging - phase-changed: Wednesday, 25. August 2021 17:39 UTC + phase: Packaging + phase-changed: Wednesday, 25. August 2021 23:46 UTC reason: - :prepare-packages: Pending -b Debs ready to be cranked + :prepare-packages: 'Ongoing -b Being cranked by: cascardo' derivatives-held: Stalled -- derivative preparation block requested - prepare-package: Pending -- version not specified + prepare-package: Pending -- tag not published and package not + uploaded + prepare-package-meta: Pending -- tag not published and package not + uploaded + prepare-package-signed: Pending -- tag not published and package not + uploaded + synthetic: + :promote-to-as-proposed: Invalid trackers: trusty/linux-aws: bug 1941636 trusty/linux-lts-xenial: bug 1941637 xenial/linux-aws: bug 1941631 xenial/linux-cascade: bug 1941633 xenial/linux-fips: bug 1941634 xenial/linux-kvm: bug 1941635 xenial/linux/caracalla-kernel: bug 1941627 xenial/linux/pc-kernel: bug 1941628 xenial/linux/stlouis-kernel: bug 1941629 variant: debs -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1941638 Title: xenial/linux: 4.4.0-214.246 -proposed tracker Status in Kernel SRU Workflow: In Progress Status in Kernel SRU Workflow automated-testing series: Invalid Status in Kernel SRU Workflow boot-testing series: New Status in Kernel SRU Workflow certification-testing series: Invalid Status in Kernel SRU Workflow kernel-signoff series: New Status in Kernel SRU Workflow prepare-package series: In Progress Status in Kernel SRU Workflow prepare-package-meta series: In Progress Status in Kernel SRU Workflow prepare-package-signed series: In Progress Status in Kernel SRU Workflow promote-signing-to-proposed series: New Status in Kernel SRU Workflow promote-to-proposed series: New Status in Kernel SRU Workflow promote-to-security series: Invalid Status in Kernel SRU Workflow promote-to-updates series: New Status in Kernel SRU Workflow regression-testing series: New Status in Kernel SRU Workflow security-signoff series: Invalid Status in Kernel SRU Workflow sru-review series: New Status in Kernel SRU Workflow verification-testing series: New Status in linux source package in Xenial: New Bug description: This bug will contain status and test results related to a kernel source (or snap) as stated in the title. For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow -- swm properties -- packages: main: linux meta: linux-meta signed: linux-signed phase: Packaging phase-changed: Wednesday, 25. August 2021 23:46 UTC reason: :prepare-packages: 'Ongoing -b Being cranked by: cascardo' derivatives-held: Stalled -- derivative preparation block requested prepare-package: Pending -- tag not published and package not uploaded prepare-package-meta: Pending -- tag not published and package not uploaded prepare-package-signed: Pending -- tag not published and package not uploaded synthetic: :promote-to-as-proposed: Invalid trackers: trusty/linux-aws: bug 1941636 trusty/linux-lts-xenial: bug 1941637 xenial/linux-aws: bug 1941631 xenial/linux-cascade: bug 1941633 xenial/linux-fips: bug 1941634 xenial/linux-kvm: bug 1941635 xenial/linux/caracalla-kernel: bug 1941627 xenial/linux/pc-kernel: bug 1941628 xenial/linux/stlouis-kernel: bug 1941629 variant: debs To manage notifications about this bug go to: https://bugs.launchpad.net/kernel-sru-workflow/+bug/1941638/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1764618] Re: python-API test in ubuntu_lxc will fail on X-kvm kernel
We no longer have X-kvm kernel anymore and Xenial is now an ESM series, I am not sure if we can sru non-CVE fixes to it. Closing this bug with Won't Fix. Thanks! ** Changed in: ubuntu-kernel-tests Status: New => Won't Fix ** Changed in: python3-lxc (Ubuntu) Status: Confirmed => Won't Fix ** Changed in: python3-lxc (Ubuntu Xenial) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1764618 Title: python-API test in ubuntu_lxc will fail on X-kvm kernel Status in ubuntu-kernel-tests: Won't Fix Status in python3-lxc package in Ubuntu: Won't Fix Status in python3-lxc source package in Xenial: Won't Fix Bug description: Steps: 1. Deploy a KVM node with Xenial, install linux-kvm on it 2. Run the ubutnu_lxc test from autotest-client-tests Output: FAIL: python3: API --- Using image from local cache Unpacking the rootfs --- You just created an Ubuntu container (release=xenial, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. Getting instance for '785bd96e-41ef-11e8-a707-5254004f0f0f' Creating rootfs using 'download', arch=amd64 Testing the configuration Testing the networking Starting the container Getting the interface names Traceback (most recent call last): File "/tmp/tmp.jDauiqznXt", line 109, in assert(set(container.get_interfaces()) == set(('lo', 'eth0'))) AssertionError If you try to intercept the ontainer.get_interfaces() result, you'll see: ('eth0', 'lo', 'sit0') ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-1021-kvm 4.4.0-1021.26 ProcVersionSignature: User Name 4.4.0-1021.26-kvm 4.4.117 Uname: Linux 4.4.0-1021-kvm x86_64 ApportVersion: 2.20.1-0ubuntu2.16 Architecture: amd64 Date: Tue Apr 17 03:46:14 2018 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: linux-kvm UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1764618/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp