[Touch-packages] [Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
I updated to wpasupplicant 2:2.10-6, and I was able to undo the modifications from #22 and still connect normally using PEAP and MSCHAPv2 authentication, confirmed by restarting wpasupplicant service and reboot. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older Status in wpa package in Ubuntu: Triaged Status in wpa source package in Jammy: Confirmed Status in wpa package in Debian: New Bug description: wpa built with in openssl3 fails to connect to TLS 1.1 or lower server those uses MD5-SHA1 as digest in its signature algorithm which no longer meets OpenSSL default level of security of 80 bits http://lists.infradead.org/pipermail/hostap/2022-May/040563.html Workaround are described in #22 and #36 by basically using CipherString = DEFAULT@SECLEVEL=0 which lowers the security level --- With the current jammy version of wpasupplicant (2:2.10-1), I cannot connect to the WPA Enterprise network eduroam, which is used by Universities worldwide. I get a "Connection failed" message or a request to re-enter the password. - I've re-tried the credentials: no fix ;-) - Tried a 21.10 live session on the same machine: works fine! - Manually downgraded wpasupplicant to the impish version (2:2.9.0-21build1): connected normally. - Upgraded wpasupplicant to the latest version: fails to connect again. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-1 ProcVersionSignature: Ubuntu 5.15.0-17.17-generic 5.15.12 Uname: Linux 5.15.0-17-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu75 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jan 18 09:56:23 2022 InstallationDate: Installed on 2021-11-30 (48 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211130) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: wpa UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959408] Comment bridged from LTC Bugzilla
--- Comment From boris.m...@de.ibm.com 2022-05-18 23:07 EDT--- Fix released, hence closing the bug. Status: -> CLOSED -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1959408 Title: [22.04 FEAT] BINUTILS: Support for new IBM Z Hardware Status in Ubuntu on IBM z Systems: Fix Released Status in binutils package in Ubuntu: Fix Released Bug description: BINUTILS: Support for new IBM Z Hardware Upstream target: binutils = 2.37 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959408/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1959407] Comment bridged from LTC Bugzilla
--- Comment From boris.m...@de.ibm.com 2022-05-18 23:17 EDT--- fix verified and released, hence closing the bug. Staus: => CLOSED. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1959407 Title: [22.04 FEAT] BINUTILS: Support for new IBM Z Hardware - GDB Part Status in Ubuntu on IBM z Systems: Fix Released Status in binutils package in Ubuntu: Fix Released Status in gdb package in Ubuntu: Fix Released Bug description: BINUTILS: Support for new IBM Z Hardware This request will track the inclusion of the patches for this feature in GDB to provide the GDB disassembler support for the new instructions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1959407/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974018] Re: UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21
** Summary changed: - dmesg + UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21 ** Package changed: xorg (Ubuntu) => linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1974018 Title: UBSAN: invalid-load in /build/linux- WD899k/linux-5.15.0/net/mac80211/status.c:1164:21 Status in linux package in Ubuntu: Confirmed Bug description: $ lsb_release -rd Description:Ubuntu 22.04 LTS Release:22.04 [ 29.170087] [ 29.170097] UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21 [ 29.170102] load of value 255 is not a valid value for type '_Bool' [ 29.170105] CPU: 3 PID: 549 Comm: in:imuxsock Tainted: P OE 5.15.0-30-generic #31-Ubuntu [ 29.170110] Hardware name: ASUSTeK COMPUTER INC. X550CL/X550CL, BIOS X550CL.204 10/17/2013 [ 29.170113] Call Trace: [ 29.170116] [ 29.170119] show_stack+0x52/0x58 [ 29.170128] dump_stack_lvl+0x4a/0x5f [ 29.170136] dump_stack+0x10/0x12 [ 29.170140] ubsan_epilogue+0x9/0x45 [ 29.170144] __ubsan_handle_load_invalid_value.cold+0x44/0x49 [ 29.170149] ieee80211_tx_status_ext.cold+0x4e/0x5f [mac80211] [ 29.170251] ieee80211_tx_status+0x72/0xa0 [mac80211] [ 29.170320] ath_txq_unlock_complete+0x12d/0x160 [ath9k] [ 29.170336] ath_tx_edma_tasklet+0xef/0x4c0 [ath9k] [ 29.170349] ? del_timer_sync+0x6c/0xb0 [ 29.170355] ath9k_tasklet+0x14e/0x290 [ath9k] [ 29.170367] tasklet_action_common.constprop.0+0xc0/0xf0 [ 29.170373] tasklet_action+0x22/0x30 [ 29.170378] __do_softirq+0xd9/0x2e3 [ 29.170385] irq_exit_rcu+0x8c/0xb0 [ 29.170389] common_interrupt+0x8a/0xa0 [ 29.170396] [ 29.170398] [ 29.170400] asm_common_interrupt+0x1e/0x40 [ 29.170404] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 29.170411] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 29.170414] RSP: 0018:ae00c0b83c10 EFLAGS: 0202 [ 29.170419] RAX: 7f4885d52298 RBX: ae00c0b83c40 RCX: 0007 [ 29.170422] RDX: RSI: 7f4885d52260 RDI: ae00c0b83c40 [ 29.170424] RBP: ae00c0b83c30 R08: R09: 9a32e177e418 [ 29.170427] R10: R11: R12: 0038 [ 29.170429] R13: ae00c0b83cd8 R14: ae00c0b83ce0 R15: 0040 [ 29.170434] ? _copy_from_user+0x2e/0x60 [ 29.170440] __copy_msghdr_from_user+0x3d/0x130 [ 29.170446] ___sys_recvmsg+0x68/0x110 [ 29.170450] ? check_preempt_curr+0x5d/0x70 [ 29.170455] ? ttwu_do_wakeup+0x1c/0x160 [ 29.170460] ? rseq_get_rseq_cs.isra.0+0x1b/0x220 [ 29.170466] ? ttwu_do_activate+0x72/0xf0 [ 29.170470] ? __fget_files+0x86/0xc0 [ 29.170476] ? __fget_light+0x32/0x80 [ 29.170481] __sys_recvmsg+0x5f/0xb0 [ 29.170485] ? switch_fpu_return+0x4e/0xc0 [ 29.170491] ? exit_to_user_mode_prepare+0x92/0xb0 [ 29.170496] ? syscall_exit_to_user_mode+0x27/0x50 [ 29.170501] __x64_sys_recvmsg+0x1d/0x20 [ 29.170505] do_syscall_64+0x5c/0xc0 [ 29.170510] ? __x64_sys_futex+0x78/0x1e0 [ 29.170515] ? exit_to_user_mode_prepare+0x37/0xb0 [ 29.170520] ? syscall_exit_to_user_mode+0x27/0x50 [ 29.170524] ? do_syscall_64+0x69/0xc0 [ 29.170528] ? do_syscall_64+0x69/0xc0 [ 29.170533] ? do_syscall_64+0x69/0xc0 [ 29.170537] ? do_syscall_64+0x69/0xc0 [ 29.170541] ? asm_common_interrupt+0x8/0x40 [ 29.170546] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 29.170550] RIP: 0033:0x7f48864179ef [ 29.170554] Code: 44 00 00 89 54 24 0c 48 89 34 24 89 7c 24 08 e8 97 90 f6 ff 8b 54 24 0c 48 8b 34 24 41 89 c0 8b 7c 24 08 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 4c 63 e0 44 89 c7 e8 de 90 f6 ff 48 83 c4 [ 29.170557] RSP: 002b:7f4885d52140 EFLAGS: 0293 ORIG_RAX: 002f [ 29.170561] RAX: ffda RBX: RCX: 7f48864179ef [ 29.170564] RDX: 0040 RSI: 7f4885d52260 RDI: 0003 [ 29.170566] RBP: R08: R09: 7f4878000bb0 [ 29.170568] R10: 7f4878002b50 R11: 0293 R12: 55d6ce037580 [ 29.170570] R13: 55d6cc64e4cc R14: 1fa0 R15: 7f4878000bb0 [ 29.170575] [ 29.170585] ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux
[Touch-packages] [Bug 1940141] Autopkgtest regression report (openssl/1.1.1-1ubuntu2.1~18.04.18)
All autopkgtests for the newly accepted openssl (1.1.1-1ubuntu2.1~18.04.18) for bionic have finished running. The following regressions have been reported in tests triggered by the package: mysql-5.7/5.7.38-0ubuntu0.18.04.1 (amd64) streamlink/0.10.0+dfsg-1 (armhf, arm64) pgbouncer/1.8.1-1build1 (amd64) openvswitch/2.9.8-0ubuntu0.18.04.2 (i386) diaspora-installer/0.7.3.1+debian2ubuntu2 (ppc64el, s390x, arm64) linux-hwe-5.0/5.0.0-65.71 (ppc64el, s390x, armhf, arm64) Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html#openssl [1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1940141 Title: OpenSSL servers can send a non-empty status_request in a CertificateRequest Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Bug description: [Impact] openssl does not conform to RFC8446, Sec. 4.4.2.1., by sending a CertificateRequest message to the client with a non-empty status_request extension. This issue was fixed in openssl-1.1.1d and is included in Focal onward. Upstream issue is tracked at https://github.com/openssl/openssl/issues/9767 Upstream patch review at https://github.com/openssl/openssl/pull/9780 The issue leads to various client failures with TLS 1.3 as described in, e.g. https://github.com/golang/go/issues/35722 https://github.com/golang/go/issues/34040 [Test Plan] The issue can be reproduced by building with `enable-ssl-trace` and then running `s_server` like this: ``` openssl s_server -key key.pem -cert cert.pem -status_file test/recipes/ocsp-response.der -Verify 5 ``` And running `s_client` like this: ``` openssl s_client -status -trace -cert cert.pem -key key.pem ``` The output shows a `status_request` extension in the `CertificateRequest` as follows: Received Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 1591 Inner Content Type = Handshake (22) CertificateRequest, Length=1570 request_context (len=0): extensions, length = 1567 extension_type=status_request(5), length=1521 - 01 00 05 ed 30 82 05 e9-0a 01 00 a0 82 05 e2 0.. 000f - 30 82 05 de 06 09 2b 06-01 05 05 07 30 01 01 0.+.0.. 001e - 04 82 05 cf 30 82 05 cb-30 82 01 1a a1 81 86 0...0.. 002d - 30 81 83 31 0b 30 09 06-03 55 04 06 13 02 47 0..1.0...UG ...more lines omitted... If the `status_request` extension is present in a `CertificateRequest` then it must be empty according to RFC8446, Sec. 4.4.2.1. [Where problems could occur] The patch disables the `status_request` extension inside a `CertificateRequest`. Applications expecting the incorrect, non-empty reply for the `status_request` extension will break with this patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec
> apparmor_parser -R /etc/apparmor.d -R means to unload profiles, in this case all profiles in /etc/apparmor.d/. That's probably a bit ;-) too much... I'd guess you want to unload only the tcpdump profile, which would be done with apparmor_parser -R /etc/apparmor.d/usr.bin.tcpdump An alternative would be to use aa-remove-unknown (run it with -n to see what it would unload). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1641236 Title: Confined processes inside container cannot fully access host pty device passed in by lxc exec Status in apparmor package in Ubuntu: Confirmed Status in lxd package in Ubuntu: Invalid Bug description: Now that AppArmor policy namespaces and profile stacking is in place, I noticed odd stdout buffering behavior when running confined processes via lxc exec. Much more data stdout data is buffered before getting flushed when the program is confined by an AppArmor profile inside of the container. I see that lxd is calling openpty(3) in the host environment, using the returned fd as stdout, and then executing the command inside of the container. This results in an AppArmor denial because the file descriptor returned by openpty(3) originates outside of the namespace used by the container. The denial is likely from glibc calling fstat(), from inside the container, on the file descriptor associated with stdout to make a decision on how much buffering to use. The fstat() is denied by AppArmor and glibc ends up handling the buffering differently than it would if the fstat() would have been successful. Steps to reproduce (using an up-to-date 16.04 amd64 VM): Create a 16.04 container $ lxc launch ubuntu-daily:16.04 x Run tcpdump in one terminal and generate traffic in another terminal (wget google.com) $ lxc exec x -- tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 47 packets captured 48 packets received by filter 1 packet dropped by kernel Note that everything above was printed immediately because it was printed to stderr. , which is printed to stdout, was not printed until you pressed ctrl-c and the buffers were flushed thanks to the program terminating. Also, this AppArmor denial shows up in the logs: audit: type=1400 audit(1478902710.025:440): apparmor="DENIED" operation="getattr" info="Failed name lookup - disconnected path" error=-13 namespace="root//lxd-x_" profile="/usr/sbin/tcpdump" name="dev/pts/12" pid=15530 comm="tcpdump" requested_mask="r" denied_mask="r" fsuid=165536 ouid=165536 Now run tcpdump unconfined and take note that is printed immediately, before you terminate tcpdump. Also, there are no AppArmor denials. $ lxc exec x -- aa-exec -p unconfined -- tcpdump -i eth0 ... Now run tcpdump confined but in lxc exec's non-interactive mode and note that is printed immediately and no AppArmor denials are present. (Looking at the lxd code in lxd/container_exec.go, openpty(3) is only called in interactive mode) $ lxc exec x --mode=non-interactive -- tcpdump -i eth0 ... Applications that manually call fflush(stdout) are not affected by this as manually flushing stdout works fine. The problem seems to be caused by glibc not being able to fstat() the /dev/pts/12 fd from the host's namespace. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1641236/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973470] Re: Ubuntu-bug command can't find Firefox on Lubuntu Kinetic
Apologies for the long delay, I've had a lot I was doing. The command you listed successfully launches Firefox, with https://ubuntu.com in the address bar, and the Ubuntu website visible. Note that I'm on the same Kinetic install that I was on when I first posted the bug report. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1973470 Title: Ubuntu-bug command can't find Firefox on Lubuntu Kinetic Status in apport package in Ubuntu: New Bug description: Test hardware is an Elitebook 8570p, 16 GB RAM, 120 GB SSD. While reporting Bug #1973469, I discovered that ubuntu-bug was unable to open Firefox at the very end of the process. Sadly, I closed the terminal window that contained the initial error, but I was able to easily reproduce it reporting this bug. The full console output of "ubuntu-bug apport" on Lubuntu Kinetic is: *** Collecting problem information The collected information can be sent to the developers to improve the application. This might take a few minutes. .. *** Send problem report to the developers? After the problem report has been sent, please fill out the form in the automatically opened web browser. What would you like to do? Your options are: S: Send report (5.1 KB) V: View report K: Keep report file for sending later or copying to somewhere else I: Cancel and ignore future crashes of this program version C: Cancel Please choose (S/V/K/I/C): s *** Uploading problem information The collected information is being sent to the bug tracking system. This might take a few minutes. 94% *** To continue, you must visit the following URL: https://bugs.launchpad.net/ubuntu/+source/apport/+filebug/d7ffa3e0-d46d-11ec-a167-40a8f03099c8? You can launch a browser now, or copy this URL into a browser on another computer. Choices: 1: Launch a browser now C: Cancel Please choose (1/C): 1 /usr/bin/xdg-open: 882: firefox: not found /usr/bin/xdg-open: 882: firefox: not found xdg-open: no method available for opening 'https://bugs.launchpad.net/ubuntu/+source/apport/+filebug/d7ffa3e0-d46d-11ec-a167-40a8f03099c8?' I am unsure if this problem is in Apport or Lubuntu. ubuntu-bug works just fine for me on Ubuntu Kinetic, but not on Lubuntu. I suspect this is due to the Snap version of Firefox, but I don't know for sure. Since ubuntu-bug is what gave me the error, I'm filing this against Apport. ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: apport 2.20.11-0ubuntu82 ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30 Uname: Linux 5.15.0-27-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass CasperVersion: 1.470 CurrentDesktop: LXQt Date: Sun May 15 11:41:07 2022 LiveMediaBuild: Lubuntu 22.10 "Kinetic Kudu" - Alpha amd64 (20220514) PackageArchitecture: all SourcePackage: apport UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1973470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128
** Changed in: cyrus-sasl2 (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title: Crash when using DIGEST-MD5 with SSF>=128 Status in cyrus-sasl2 package in Ubuntu: In Progress Status in cyrus-sasl2 package in Debian: New Bug description: I'm still troubleshooting this, but at the moment apps negotiating a DIGEST-MD5 authentication and requesting some form of transport encryption (ssf != 0) are crashing. The only example I have so far is the openldap client tools (so just one app really). ssf=0 works: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 0 dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth ssf=128 crashes: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 128 SASL data security layer installed. Segmentation fault (core dumped) The crash seems to be inside openssl. I'll get a proper stack trace. 2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in kinetic-proposed). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded
** Attachment added: "systemd-analyze-plot-sirius-2022-05-18.svg" https://bugs.launchpad.net/apparmor/+bug/1871148/+attachment/5590993/+files/systemd-analyze-plot-sirius-2022-05-18.svg -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1871148 Title: services start before apparmor profiles are loaded Status in AppArmor: Invalid Status in snapd: Fix Released Status in apparmor package in Ubuntu: Fix Released Status in snapd package in Ubuntu: Fix Released Status in zsys package in Ubuntu: Invalid Status in apparmor source package in Focal: Fix Released Status in snapd source package in Focal: Fix Released Status in zsys source package in Focal: Invalid Bug description: Per discussion with Zyga in #snapd on Freenode, I have hit a race condition where services are being started by the system before apparmor has been started. I have a complete log of my system showing the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/. Restarting apparmor using `sudo systemctl restart apparmor` is enough to bring installed snaps back to full functionality. Previously, when running any snap I would receive the following in the terminal: --- cannot change profile for the next exec call: No such file or directory snap-update-ns failed with code 1: File exists --- Updated to add for Jamie: $ snap version snap2.44.2+20.04 snapd 2.44.2+20.04 series 16 ubuntu 20.04 kernel 5.4.0-21-generic To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1871148] Re: services start before apparmor profiles are loaded
The issue that I am seeing is exactly the one explained in the bug description. More precisely, on my slower machine, each time I start firefox (which is now a snap) from a terminal, following error message is displayed : cannot change profile for the next exec call: No such file or directory snap-update-ns failed with code 1 Workaround : After each reboot : $ sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/* I did NOT find 'snap.firefox.service', but I attach the output of following command : $ systemctl list-dependencies --after snap-firefox-1351.mount ** Attachment added: "systemctl_list-dependencies_--after_snap-firefox-1351.mount.log" https://bugs.launchpad.net/apparmor/+bug/1871148/+attachment/5590992/+files/systemctl_list-dependencies_--after_snap-firefox-1351.mount.log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1871148 Title: services start before apparmor profiles are loaded Status in AppArmor: Invalid Status in snapd: Fix Released Status in apparmor package in Ubuntu: Fix Released Status in snapd package in Ubuntu: Fix Released Status in zsys package in Ubuntu: Invalid Status in apparmor source package in Focal: Fix Released Status in snapd source package in Focal: Fix Released Status in zsys source package in Focal: Invalid Bug description: Per discussion with Zyga in #snapd on Freenode, I have hit a race condition where services are being started by the system before apparmor has been started. I have a complete log of my system showing the effect somewhere within at https://paste.ubuntu.com/p/Jyx6gfFc3q/. Restarting apparmor using `sudo systemctl restart apparmor` is enough to bring installed snaps back to full functionality. Previously, when running any snap I would receive the following in the terminal: --- cannot change profile for the next exec call: No such file or directory snap-update-ns failed with code 1: File exists --- Updated to add for Jamie: $ snap version snap2.44.2+20.04 snapd 2.44.2+20.04 series 16 ubuntu 20.04 kernel 5.4.0-21-generic To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1871148/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128
** Bug watch added: Debian Bug tracker #1011249 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249 ** Also affects: cyrus-sasl2 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title: Crash when using DIGEST-MD5 with SSF>=128 Status in cyrus-sasl2 package in Ubuntu: In Progress Status in cyrus-sasl2 package in Debian: Unknown Bug description: I'm still troubleshooting this, but at the moment apps negotiating a DIGEST-MD5 authentication and requesting some form of transport encryption (ssf != 0) are crashing. The only example I have so far is the openldap client tools (so just one app really). ssf=0 works: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 0 dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth ssf=128 crashes: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 128 SASL data security layer installed. Segmentation fault (core dumped) The crash seems to be inside openssl. I'll get a proper stack trace. 2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in kinetic-proposed). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: fwupd (Ubuntu Impish) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969976 Title: DynamicUser=1 doesn't get along with services that need dbus-daemon Status in Fwupd: Fix Released Status in systemd: New Status in fwupd package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Won't Fix Status in fwupd source package in Focal: Confirmed Status in systemd source package in Focal: Won't Fix Status in fwupd source package in Impish: Confirmed Status in systemd source package in Impish: Won't Fix Status in fwupd source package in Jammy: Confirmed Status in systemd source package in Jammy: Won't Fix Bug description: Updating to systemd 245.4-4ubuntu3.16 has caused a regression in Ubuntu 20.04, that fwupd-refresh.service always fails to run. This has been root caused down to the changes in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538 Unfortunately this is an upstream issue introduced by stable systemd. https://github.com/systemd/systemd/issues/22737 The problem also occurs in Ubuntu 22.04 with a newer systemd release. As discussed in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61 it's a tradeoff of issues. So within Ubuntu something probably needs to be done about fwupd-refresh.service. One proposal is to remove DynamicUser=yes from the systemd unit, but this will mean fwupdgmr refresh runs as root. It's relatively sandboxed by other security mechanisms, but still not ideal. Could we repurpose any other service account? Or alternatively we can make a new fwupd service account that this systemd unit uses. To manage notifications about this bug go to: https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: fwupd (Ubuntu Jammy) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969976 Title: DynamicUser=1 doesn't get along with services that need dbus-daemon Status in Fwupd: Fix Released Status in systemd: New Status in fwupd package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Won't Fix Status in fwupd source package in Focal: Confirmed Status in systemd source package in Focal: Won't Fix Status in fwupd source package in Impish: Confirmed Status in systemd source package in Impish: Won't Fix Status in fwupd source package in Jammy: Confirmed Status in systemd source package in Jammy: Won't Fix Bug description: Updating to systemd 245.4-4ubuntu3.16 has caused a regression in Ubuntu 20.04, that fwupd-refresh.service always fails to run. This has been root caused down to the changes in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538 Unfortunately this is an upstream issue introduced by stable systemd. https://github.com/systemd/systemd/issues/22737 The problem also occurs in Ubuntu 22.04 with a newer systemd release. As discussed in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61 it's a tradeoff of issues. So within Ubuntu something probably needs to be done about fwupd-refresh.service. One proposal is to remove DynamicUser=yes from the systemd unit, but this will mean fwupdgmr refresh runs as root. It's relatively sandboxed by other security mechanisms, but still not ideal. Could we repurpose any other service account? Or alternatively we can make a new fwupd service account that this systemd unit uses. To manage notifications about this bug go to: https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: fwupd (Ubuntu Focal) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969976 Title: DynamicUser=1 doesn't get along with services that need dbus-daemon Status in Fwupd: Fix Released Status in systemd: New Status in fwupd package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Won't Fix Status in fwupd source package in Focal: Confirmed Status in systemd source package in Focal: Won't Fix Status in fwupd source package in Impish: Confirmed Status in systemd source package in Impish: Won't Fix Status in fwupd source package in Jammy: Confirmed Status in systemd source package in Jammy: Won't Fix Bug description: Updating to systemd 245.4-4ubuntu3.16 has caused a regression in Ubuntu 20.04, that fwupd-refresh.service always fails to run. This has been root caused down to the changes in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538 Unfortunately this is an upstream issue introduced by stable systemd. https://github.com/systemd/systemd/issues/22737 The problem also occurs in Ubuntu 22.04 with a newer systemd release. As discussed in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61 it's a tradeoff of issues. So within Ubuntu something probably needs to be done about fwupd-refresh.service. One proposal is to remove DynamicUser=yes from the systemd unit, but this will mean fwupdgmr refresh runs as root. It's relatively sandboxed by other security mechanisms, but still not ideal. Could we repurpose any other service account? Or alternatively we can make a new fwupd service account that this systemd unit uses. To manage notifications about this bug go to: https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128
Submitted python-bonsai DEP8 fixes to Debian via https://salsa.debian.org/python-team/packages/python- bonsai/-/merge_requests/1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title: Crash when using DIGEST-MD5 with SSF>=128 Status in cyrus-sasl2 package in Ubuntu: In Progress Bug description: I'm still troubleshooting this, but at the moment apps negotiating a DIGEST-MD5 authentication and requesting some form of transport encryption (ssf != 0) are crashing. The only example I have so far is the openldap client tools (so just one app really). ssf=0 works: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=0 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 0 dn:uid=ubuntu@lxd,cn=vms,cn=digest-md5,cn=auth ssf=128 crashes: $ ldapwhoami -U ubuntu@lxd -w ubuntusecret -O maxssf=128 SASL/DIGEST-MD5 authentication started SASL username: ubuntu@lxd SASL SSF: 128 SASL data security layer installed. Segmentation fault (core dumped) The crash seems to be inside openssl. I'll get a proper stack trace. 2.1.27, also built with openssl3, does not crash. So far only 2.1.28 (in kinetic-proposed). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1973760/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1859353] Re: software-properties-gtk not working
*** This bug is a duplicate of bug 1900098 *** https://bugs.launchpad.net/bugs/1900098 ** This bug has been marked a duplicate of bug 1900098 software-properties-gtk fails to open with error -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1859353 Title: software-properties-gtk not working Status in software-properties package in Ubuntu: Fix Released Bug description: Additional Drivers /Software & Update not working Hello, I am running :- Description: Ubuntu 19.10 Release: 19.10 software-properties-gtk: Installed: 0.98.5 Candidate: 0.98.5 Version table: *** 0.98.5 500 500 http://ca.archive.ubuntu.com/ubuntu eoan/main amd64 Packages 500 http://ca.archive.ubuntu.com/ubuntu eoan/main i386 Packages 100 /var/lib/dpkg/status I am trying to run Additional Drivers /Software & Update . But it opened once and froze and never opened again. When I try running the command:- $ sudo software-properties-gtk Did a remove and reinstall of the same, but did not work. It returns:- ERROR:dbus.proxies:Introspect error on :1.2559:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Traceback (most recent call last): File "/usr/bin/software-properties-gtk", line 100, in app = SoftwarePropertiesGtk(datadir=options.data_dir, options=options, file=file) File "/usr/lib/python3/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py", line 175, in __init__ self.backend.Reload(); File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 147, in __call__ **keywords) File "/usr/lib/python3/dist-packages/dbus/connection.py", line 653, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.2559 was not provided by any .service files Also, the syslog says:- name='com.ubuntu.SoftwareProperties' requested by ':1.2455' (uid=1000 pid=2267 comm="/usr/bin/python3 /usr/bin/software-properties-gtk " label="unconfined") (using servicehelper) Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: Unable to init server: Could not connect: Connection refused Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: Unable to init server: Could not connect: Connection refused Jan 12 11:58:55 gillZ dbus-daemon[2192]: [system] Successfully activated service 'com.ubuntu.SoftwareProperties' Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: Traceback (most recent call last): Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: File "/usr/lib/software-properties/software-properties-dbus", line 68, in Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: server = SoftwarePropertiesDBus(bus, datadir=datadir) Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: File "/lib/python3/dist-packages/softwareproperties/dbus/SoftwarePropertiesDBus.py", line 66, in __init__ Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: self._livepatch_service = LivepatchService() Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: File "/lib/python3/dist-packages/softwareproperties/LivepatchService.py", line 93, in __init__ Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: self._session = requests_unixsocket.Session() Jan 12 11:58:55 gillZ com.ubuntu.SoftwareProperties[2192]: NameError: name 'requests_unixsocket' is not defined Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: ERROR:dbus.proxies:Introspect error on :1.2457:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: Traceback (most recent call last): Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: File "/usr/bin/software-properties-gtk", line 100, in Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: app = SoftwarePropertiesGtk(datadir=options.data_dir, options=options, file=file) Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: File "/usr/lib/python3/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py", line 175, in __init__ Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: self.backend.Reload(); Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__ Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: return self._proxy_method(*args, **keywords) Jan 12 11:58:55 gillZ software-properties-drivers.desktop[3536]: File "/usr/lib/python3/dist-packages/dbus/proxies.py",
[Touch-packages] [Bug 1900098] Re: software-properties-gtk fails to open with error
I encountered the same error (see duplicate https://bugs.launchpad.net/ubuntu/+source/software- properties/+bug/1930974/comments/5) and was able to resolve the issue by reinstalling packages "python3-six" and "python3-certifi" as suggested in https://bugs.launchpad.net/ubuntu/+source/software- properties/+bug/1900098/comments/2. Those packages were installed before. The relevant journalctl section is: May 18 18:45:47 gungnir dbus-daemon[1746]: [system] Activating service name='com.ubuntu.SoftwareProperties' requested by ':1.7781' (uid=1000 pid=497419 comm="/usr/bin/python3 /usr/bin/software-properties-gtk " label="unconfined") (using servicehelper) May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Unable to init server: Could not connect: Connection refused May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Unable to init server: Could not connect: Connection refused May 18 18:45:48 gungnir dbus-daemon[1746]: [system] Successfully activated service 'com.ubuntu.SoftwareProperties' May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Traceback (most recent call last): May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/usr/lib/software-properties/software-properties-dbus", line 68, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: server = SoftwarePropertiesDBus(bus, datadir=datadir) May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/softwareproperties/dbus/SoftwarePropertiesDBus.py", line 66, in __init__ May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: self._livepatch_service = LivepatchService() May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/softwareproperties/LivepatchService.py", line 93, in __init__ May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: self._session = requests_unixsocket.Session() May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: NameError: name 'requests_unixsocket' is not defined May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Error in sys.excepthook: May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Traceback (most recent call last): May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/apport_python_hook.py", line 72, in apport_excepthook May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: from apport.fileutils import likely_packaged, get_recent_crashes May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/apport/__init__.py", line 5, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: from apport.report import Report May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/apport/report.py", line 32, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: import apport.fileutils May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/apport/fileutils.py", line 12, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: import os, glob, subprocess, os.path, time, pwd, sys, requests_unixsocket May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/requests_unixsocket/__init__.py", line 1, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: import requests May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/requests/__init__.py", line 112, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: from . import utils May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/requests/utils.py", line 24, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: from . import certs May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/requests/certs.py", line 15, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: from certifi import where May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: ModuleNotFoundError: No module named 'certifi' May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Original exception was: May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: Traceback (most recent call last): May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/usr/lib/software-properties/software-properties-dbus", line 68, in May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: server = SoftwarePropertiesDBus(bus, datadir=datadir) May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]: File "/lib/python3/dist-packages/softwareproperties/dbus/SoftwarePropertiesDBus.py", line 66, in __init__ May 18 18:45:48 gungnir com.ubuntu.SoftwareProperties[497432]:
[Touch-packages] [Bug 1930974] Re: software-properties-gtk is broken again
*** This bug is a duplicate of bug 1900098 *** https://bugs.launchpad.net/bugs/1900098 I am getting the same error: $ software-properties-gtk ERROR:dbus.proxies:Introspect error on :1.8502:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Traceback (most recent call last): File "/usr/bin/software-properties-gtk", line 100, in app = SoftwarePropertiesGtk(datadir=options.data_dir, options=options, file=file) File "/usr/lib/python3/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py", line 222, in __init__ self.backend.Reload(); File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 141, in __call__ return self._connection.call_blocking(self._named_service, File "/usr/lib/python3/dist-packages/dbus/connection.py", line 652, in call_blocking reply_message = self.send_message_with_reply_and_block( dbus.exceptions.DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.8502 was not provided by any .service files -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1930974 Title: software-properties-gtk is broken again Status in software-properties package in Ubuntu: Expired Bug description: Hello, This issue is happening very often $ software-properties-gtk ERROR:dbus.proxies:Introspect error on :1.127:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Traceback (most recent call last): File "/usr/bin/software-properties-gtk", line 100, in app = SoftwarePropertiesGtk(datadir=options.data_dir, options=options, file=file) File "/usr/lib/python3/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py", line 211, in __init__ self.backend.Reload(); File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 141, in __call__ return self._connection.call_blocking(self._named_service, File "/usr/lib/python3/dist-packages/dbus/connection.py", line 652, in call_blocking reply_message = self.send_message_with_reply_and_block( dbus.exceptions.DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.127 was not provided by any .service files I tried the usual solution I used before: $ sudo apt-get update && sudo apt-get install --reinstall python3-six python3-certifi However, the package is still broken and there is no way to open software and updates. = $ lsb_release -rd Description: Ubuntu 20.04.2 LTS Release: 20.04 = $ apt-cache policy software-properties-gtk software-properties-gtk: Installed: 0.98.9.5 Candidate: 0.98.9.5 Version table: *** 0.98.9.5 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-updates/main i386 Packages 100 /var/lib/dpkg/status 0.98.9.2 500 500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-security/main i386 Packages 0.98.9 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1930974/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1930974] Re: software-properties-gtk is broken again
*** This bug is a duplicate of bug 1900098 *** https://bugs.launchpad.net/bugs/1900098 The Qt (software-properties-qt) and KDE (software-properties-kde) versions still work when launched as root via sudo. ** This bug has been marked a duplicate of bug 1900098 software-properties-gtk fails to open with error -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1930974 Title: software-properties-gtk is broken again Status in software-properties package in Ubuntu: Expired Bug description: Hello, This issue is happening very often $ software-properties-gtk ERROR:dbus.proxies:Introspect error on :1.127:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying Traceback (most recent call last): File "/usr/bin/software-properties-gtk", line 100, in app = SoftwarePropertiesGtk(datadir=options.data_dir, options=options, file=file) File "/usr/lib/python3/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py", line 211, in __init__ self.backend.Reload(); File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 72, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python3/dist-packages/dbus/proxies.py", line 141, in __call__ return self._connection.call_blocking(self._named_service, File "/usr/lib/python3/dist-packages/dbus/connection.py", line 652, in call_blocking reply_message = self.send_message_with_reply_and_block( dbus.exceptions.DBusException: org.freedesktop.DBus.Error.ServiceUnknown: The name :1.127 was not provided by any .service files I tried the usual solution I used before: $ sudo apt-get update && sudo apt-get install --reinstall python3-six python3-certifi However, the package is still broken and there is no way to open software and updates. = $ lsb_release -rd Description: Ubuntu 20.04.2 LTS Release: 20.04 = $ apt-cache policy software-properties-gtk software-properties-gtk: Installed: 0.98.9.5 Candidate: 0.98.9.5 Version table: *** 0.98.9.5 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-updates/main i386 Packages 100 /var/lib/dpkg/status 0.98.9.2 500 500 http://archive.ubuntu.com/ubuntu focal-security/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal-security/main i386 Packages 0.98.9 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1930974/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1948376] Re: race condition in apport lead to Local Privilege Escalation
** Also affects: apport
Importance: Undecided
Status: New
** Changed in: apport
Milestone: None => 2.21.0
** Changed in: apport
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1948376
Title:
race condition in apport lead to Local Privilege Escalation
Status in Apport:
Fix Committed
Status in apport package in Ubuntu:
Fix Released
Bug description:
Hello. I'm Muqing Liu @Singurlar Security Lab. I would like to report
a vulnerability that lead to Local Privilege Escalation. I found this
vurlnebiltiy together with neoni
An attacker can use this vulnerability to get a root shell, if one of the
following conditions is satisfied:
1. If an unprivilieged user ( e.g. nobody ) is allowed to run a command (e.g.
ping) as root via sudo.
2. Or `sendmail` package is installed on system (It's may possible but I have
not tested.)
Here is the detail:
Apport will check if pid is reused, by check if the start time of the process
is later than apport self:
# /usr/share/apport/apport
594 apport_start = get_apport_starttime()
595 process_start = get_process_starttime()
596 if process_start > apport_start:
597 error_log('process was replaced after Apport started, ignoring')
598 sys.exit(0)
But an attacker could reused pid just after apport launched. In such
case, get_apport_starttime() == get_process_starttime().
So, an attacker can get root shell under Condition 1, by following steps.
1. prepare a process X to crash, whose pid is A
2. repeating fork process, until current pid reaches A - 2
3. make process X crash, apport will be launched by kernel with pid A - 1.
Then attacker kill process X, so pid A is now available.
4. attacker run command `sudo ping 8.8.8.8` with current directory
/etc/logrotate.d/. a process running under root:root will re-occupy pid A.
5. Since the start time of sudo and apport are same, line 596 is by-passed.
Apport then drop a core file of process X in /etc/logrotate.d
For Condtion 2:
Sudo will execute sendmail to send incident report if sendmail is installed.
So arbitrary user can run sudo to trigger sendmail at /etc/logrotate.d. I have
not tested this case, but I think it's possible to win the race.
PoC of Condition 1 is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1948376/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962454] Re: Oops pages show wrong time window in JournalErrors
** Changed in: apport Status: In Progress => Fix Committed ** Changed in: apport Milestone: None => 2.21.0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1962454 Title: Oops pages show wrong time window in JournalErrors Status in Apport: Fix Committed Status in Errors: Invalid Status in apport package in Ubuntu: Triaged Status in apport source package in Jammy: Triaged Bug description: For example, I just experienced a crash at: Feb 28 17:31:12 And the JournalErrors entries are: Feb 28 17:31:30 - Feb 28 17:31:41 So don't relate to the crash. But it should be possible to tell journalctl to collect entries starting *before* the crash and cover the full crash timeframe. To manage notifications about this bug go to: https://bugs.launchpad.net/apport/+bug/1962454/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931902] Re: [AMD Ellesmere] Crackling sound on Pulseaudio
can confirm this also affects combination of Ryzen 5600X Asus Strix B550-I motherboard Sapphire 6600XT graphics card monitor is connected via display port "killall speech-dispatcher" fixes issue (had previously used "pulseaudio -k" but that is more of a pain) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1931902 Title: [AMD Ellesmere] Crackling sound on Pulseaudio Status in pulseaudio package in Ubuntu: Confirmed Status in speech-dispatcher package in Ubuntu: Confirmed Bug description: While playing back any sounds, a certain crackling sound (static) will play with a fixed delay of the sound being played. The amount and volume of the static will depend on the sound/music that is being played, and this only starts occurring after a somewhat long time (30 minutes or more). What is interesting to see is that while playing back music from Spotify (Snap) the static will only start after a second or so, but when playing YouTube videos on Firefox, it will be immediate and output that static while the video is playing. I've added two sound recordings, one while playing back a song from Spotify and the other while playing a song from YouTube. This issue goes away when restarting the PulseAudio service, but it comes back after a random amount of time. 1) Description: Ubuntu 21.04 Release: 21.04 2) pulseaudio: Installed: 1:14.2-1ubuntu1 Candidate: 1:14.2-1ubuntu1 Version table: 1:14.2-1ubuntu1.1 1 (phased 10%) 500 http://br.archive.ubuntu.com/ubuntu hirsute-updates/main amd64 Packages *** 1:14.2-1ubuntu1 500 500 http://br.archive.ubuntu.com/ubuntu hirsute/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 21.04 Package: pulseaudio 1:14.2-1ubuntu1 ProcVersionSignature: Ubuntu 5.11.0-18.19-generic 5.11.17 Uname: Linux 5.11.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu65.1 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC3: matheus 18662 F pulseaudio /dev/snd/controlC2: matheus 18662 F pulseaudio /dev/snd/controlC0: matheus 18662 F pulseaudio /dev/snd/pcmC0D8p: matheus 18662 F...m pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Jun 14 16:58:43 2021 ExecutablePath: /usr/bin/pulseaudio InstallationDate: Installed on 2021-05-03 (41 days ago) InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420) ProcEnviron: LANG=pt_BR.UTF-8 LANGUAGE=pt_BR:pt:en PATH=(custom, user) SHELL=/bin/bash XDG_RUNTIME_DIR= SourcePackage: pulseaudio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 03/11/2021 dmi.bios.release: 5.17 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: Default string dmi.board.name: PRIME B450-PLUS dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd03/11/2021:br5.17:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnPRIMEB450-PLUS:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: System manufacturer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1931902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1931902] Re: [AMD Ellesmere] Crackling sound on Pulseaudio
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: speech-dispatcher (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1931902 Title: [AMD Ellesmere] Crackling sound on Pulseaudio Status in pulseaudio package in Ubuntu: Confirmed Status in speech-dispatcher package in Ubuntu: Confirmed Bug description: While playing back any sounds, a certain crackling sound (static) will play with a fixed delay of the sound being played. The amount and volume of the static will depend on the sound/music that is being played, and this only starts occurring after a somewhat long time (30 minutes or more). What is interesting to see is that while playing back music from Spotify (Snap) the static will only start after a second or so, but when playing YouTube videos on Firefox, it will be immediate and output that static while the video is playing. I've added two sound recordings, one while playing back a song from Spotify and the other while playing a song from YouTube. This issue goes away when restarting the PulseAudio service, but it comes back after a random amount of time. 1) Description: Ubuntu 21.04 Release: 21.04 2) pulseaudio: Installed: 1:14.2-1ubuntu1 Candidate: 1:14.2-1ubuntu1 Version table: 1:14.2-1ubuntu1.1 1 (phased 10%) 500 http://br.archive.ubuntu.com/ubuntu hirsute-updates/main amd64 Packages *** 1:14.2-1ubuntu1 500 500 http://br.archive.ubuntu.com/ubuntu hirsute/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 21.04 Package: pulseaudio 1:14.2-1ubuntu1 ProcVersionSignature: Ubuntu 5.11.0-18.19-generic 5.11.17 Uname: Linux 5.11.0-18-generic x86_64 ApportVersion: 2.20.11-0ubuntu65.1 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC3: matheus 18662 F pulseaudio /dev/snd/controlC2: matheus 18662 F pulseaudio /dev/snd/controlC0: matheus 18662 F pulseaudio /dev/snd/pcmC0D8p: matheus 18662 F...m pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Jun 14 16:58:43 2021 ExecutablePath: /usr/bin/pulseaudio InstallationDate: Installed on 2021-05-03 (41 days ago) InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Release amd64 (20210420) ProcEnviron: LANG=pt_BR.UTF-8 LANGUAGE=pt_BR:pt:en PATH=(custom, user) SHELL=/bin/bash XDG_RUNTIME_DIR= SourcePackage: pulseaudio UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 03/11/2021 dmi.bios.release: 5.17 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 3002 dmi.board.asset.tag: Default string dmi.board.name: PRIME B450-PLUS dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr3002:bd03/11/2021:br5.17:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnPRIMEB450-PLUS:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: System manufacturer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1931902/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974046] Re: Please merge wget 1.21.3 (main) from Debian unstable (main)
** Patch added: "Against Debian unstable" https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1974046/+attachment/5590967/+files/1.21.3--1.21.3-1ubuntu1.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1974046 Title: Please merge wget 1.21.3 (main) from Debian unstable (main) Status in wget package in Ubuntu: Confirmed Bug description: Please merge wget 1.21.3 from Debian stable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1974046/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974046] Re: Please merge wget 1.21.3 (main) from Debian unstable (main)
Tested with pbuild. ** Changed in: wget (Ubuntu) Assignee: Nathan Teodosio (nteodosio) => (unassigned) ** Changed in: wget (Ubuntu) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1974046 Title: Please merge wget 1.21.3 (main) from Debian unstable (main) Status in wget package in Ubuntu: Confirmed Bug description: Please merge wget 1.21.3 from Debian stable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1974046/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974046] Re: Please merge wget 1.21.3 (main) from Debian unstable (main)
** Patch added: "Against Ubuntu's last version" https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1974046/+attachment/5590968/+files/1.21.2-2ubuntu1--1.21.3-1ubuntu1.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1974046 Title: Please merge wget 1.21.3 (main) from Debian unstable (main) Status in wget package in Ubuntu: Confirmed Bug description: Please merge wget 1.21.3 from Debian stable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1974046/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
** Changed in: wpa (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older Status in wpa package in Ubuntu: Triaged Status in wpa source package in Jammy: Confirmed Status in wpa package in Debian: New Bug description: wpa built with in openssl3 fails to connect to TLS 1.1 or lower server those uses MD5-SHA1 as digest in its signature algorithm which no longer meets OpenSSL default level of security of 80 bits http://lists.infradead.org/pipermail/hostap/2022-May/040563.html Workaround are described in #22 and #36 by basically using CipherString = DEFAULT@SECLEVEL=0 which lowers the security level --- With the current jammy version of wpasupplicant (2:2.10-1), I cannot connect to the WPA Enterprise network eduroam, which is used by Universities worldwide. I get a "Connection failed" message or a request to re-enter the password. - I've re-tried the credentials: no fix ;-) - Tried a 21.10 live session on the same machine: works fine! - Manually downgraded wpasupplicant to the impish version (2:2.9.0-21build1): connected normally. - Upgraded wpasupplicant to the latest version: fails to connect again. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-1 ProcVersionSignature: Ubuntu 5.15.0-17.17-generic 5.15.12 Uname: Linux 5.15.0-17-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu75 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jan 18 09:56:23 2022 InstallationDate: Installed on 2021-11-30 (48 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211130) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: wpa UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974056] Re: iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 fails on s390x
** Also affects: ubuntu-z-systems Importance: Undecided Status: New ** Changed in: ubuntu-z-systems Assignee: (unassigned) => bugproxy (bugproxy) ** Tags added: reverse-proxy-bugzilla -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1974056 Title: iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 fails on s390x Status in iptables: Unknown Status in Ubuntu on IBM z Systems: New Status in iptables package in Ubuntu: New Bug description: In Ubuntu, we execute the full iptables shell testcases across all architectures. They seem to all pass everywhere, however iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 is currently failing on s390x like so: command17FAIL stderr: W: [FAILED] ././testcases/nft- only/0009-needless-bitwise_0: expected 0 but got 1 i wonder if there is some endian bug, as this is currently Ubuntu's only big-endian architecture. this can be reproduced with: pull-lp-source iptables cd iptables-1.8.7/ chmod +x ./iptables/tests/shell/testcases/iptables/0007-zero-counters_0 cd iptables/tests/shell sudo ./run-tests.sh --host To manage notifications about this bug go to: https://bugs.launchpad.net/iptables/+bug/1974056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1966886] Re: ssh-copy-id and Dropbear Server
Thanks for the further clarification. We don't carry delta for openssh in Ubuntu, and since this is a low priority bug it should really be reported against the Debian openssh package. Could you please file a bug there and post its link here? Thanks. ** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1966886 Title: ssh-copy-id and Dropbear Server Status in openssh package in Ubuntu: Triaged Bug description: on Dropbear SSH Servers ssh-copy-id installs the key in /etc/dropbear/authorized_keys only the openwrt dropbear server uses that path https://github.com/openwrt/openwrt/blob/2211ee0037764e1c6b1576fe7a0975722cd4acdc/package/network/services/dropbear/patches/100-pubkey_path.patch the upstream dropbear server uses the normal path ~/.ssh/authorized_keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1966886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
On Wed, May 18, 2022 at 13:41:06 -, Simon Chopin wrote: > Also, does tinc work in a purely Jammy context? :-) Sorry, I just realized that I had not mentioned here on this bug the results of my tests between various Ubuntu versions. I didn't test Jammy-to-Jammy, but (briefly): * Jammy (1.0.36/libssl3) to Xenial (1.0.26/libssl1.0.0) fails * Impish (1.0.36/libssl1.1) works to both Jammy and Xenial (no openssl.cnf changes needed on any node) * Focal (also 1.0.36/libssl1.1]) worked to Xenial. (I did not test that to Jammy.) * Jammy to Bionic (1.0.33/libssl1.1) works (no openssl.cnf changes needed) (I did not test point-releases between Xenial and Bionic.) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974029] Re: vram memory leak under Wayland
** Package changed: ubuntu => xorg (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1974029 Title: vram memory leak under Wayland Status in xorg package in Ubuntu: New Bug description: I use 3 monitors. When I turn two of then off and on, the "memory usage" shown by nvidia-smi grows by approximately 400 MB each cycle. When used video memory reaches maximum my card has (it ix GTX 970 with 4GB) the graphical system sort of crashes (desktop is not shown, one of the monitor does not show image at all). This occurs only under Wayland. Description: Ubuntu 22.04 LTS Release: 22.04 ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp nvidia_modeset nvidia .proc.driver.nvidia.capabilities.gpu0: Error: path was not a regular file. .proc.driver.nvidia.capabilities.mig: Error: path was not a regular file. .proc.driver.nvidia.gpus..0c.00.0: Error: path was not a regular file. .proc.driver.nvidia.registry: Binary: "" .proc.driver.nvidia.suspend: suspend hibernate resume .proc.driver.nvidia.suspend_depth: default modeset uvm .proc.driver.nvidia.version: NVRM version: NVIDIA UNIX x86_64 Kernel Module 510.60.02 Wed Mar 16 11:24:05 UTC 2022 GCC version: gcc version 11.2.0 (Ubuntu 11.2.0-19ubuntu1) ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log' CasperMD5CheckResult: unknown CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Wed May 18 14:50:11 2022 DistUpgraded: 2022-03-19 09:03:59,252 INFO cache.commit() DistroCodename: jammy DistroVariant: ubuntu DkmsStatus: nvidia/510.60.02, 5.15.0-27-generic, x86_64: installed nvidia/510.60.02, 5.15.0-30-generic, x86_64: installed EcryptfsInUse: Yes ExtraDebuggingInterest: Yes GraphicsCard: NVIDIA Corporation GM204 [GeForce GTX 970] [10de:13c2] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd GM204 [GeForce GTX 970] [1458:367a] MachineType: System manufacturer System Product Name ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-30-generic root=UUID=ca73c670-cd82-4bb7-9d49-1e036cf94a1a ro usbcore.autosuspend=-1 libata.force=1.00:noncq acpi_enforce_resources=lax libata.noacpi=1 amd_iommu=on iommu=pt SourcePackage: xorg Symptom: display UpgradeStatus: Upgraded to jammy on 2022-03-19 (60 days ago) dmi.bios.date: 08/10/2021 dmi.bios.release: 5.17 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 5861 dmi.board.asset.tag: Default string dmi.board.name: PRIME X470-PRO dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr5861:bd08/10/2021:br5.17:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnPRIMEX470-PRO:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: System manufacturer mtime.conffile..etc.apport.crashdb.conf: 2021-05-03T18:07:38.595923 version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.110-1ubuntu1 version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.1-1ubuntu2 version.libgl1-mesa-glx: libgl1-mesa-glx 22.0.1-1ubuntu2 version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2build3 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20210115-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1974029/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974056] Re: iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 fails on s390x
** Tags added: rls-kk-incoming ** Description changed: In Ubuntu, we execute the full iptables shell testcases across all architectures. They seem to all pass everywhere, however iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 is currently failing on s390x like so: command17FAIL stderr: W: [FAILED] ././testcases/nft- only/0009-needless-bitwise_0: expected 0 but got 1 i wonder if there is some endian bug, as this is currently Ubuntu's only big-endian architecture. + + this can be reproduced with: + + pull-lp-source iptables + cd iptables-1.8.7/ + chmod +x ./iptables/tests/shell/testcases/iptables/0007-zero-counters_0 + cd iptables/tests/shell + sudo ./run-tests.sh --host -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1974056 Title: iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 fails on s390x Status in iptables: Unknown Status in iptables package in Ubuntu: New Bug description: In Ubuntu, we execute the full iptables shell testcases across all architectures. They seem to all pass everywhere, however iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 is currently failing on s390x like so: command17FAIL stderr: W: [FAILED] ././testcases/nft- only/0009-needless-bitwise_0: expected 0 but got 1 i wonder if there is some endian bug, as this is currently Ubuntu's only big-endian architecture. this can be reproduced with: pull-lp-source iptables cd iptables-1.8.7/ chmod +x ./iptables/tests/shell/testcases/iptables/0007-zero-counters_0 cd iptables/tests/shell sudo ./run-tests.sh --host To manage notifications about this bug go to: https://bugs.launchpad.net/iptables/+bug/1974056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974029] [NEW] vram memory leak under Wayland
You have been subscribed to a public bug: I use 3 monitors. When I turn two of then off and on, the "memory usage" shown by nvidia-smi grows by approximately 400 MB each cycle. When used video memory reaches maximum my card has (it ix GTX 970 with 4GB) the graphical system sort of crashes (desktop is not shown, one of the monitor does not show image at all). This occurs only under Wayland. Description:Ubuntu 22.04 LTS Release:22.04 ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp nvidia_modeset nvidia .proc.driver.nvidia.capabilities.gpu0: Error: path was not a regular file. .proc.driver.nvidia.capabilities.mig: Error: path was not a regular file. .proc.driver.nvidia.gpus..0c.00.0: Error: path was not a regular file. .proc.driver.nvidia.registry: Binary: "" .proc.driver.nvidia.suspend: suspend hibernate resume .proc.driver.nvidia.suspend_depth: default modeset uvm .proc.driver.nvidia.version: NVRM version: NVIDIA UNIX x86_64 Kernel Module 510.60.02 Wed Mar 16 11:24:05 UTC 2022 GCC version: gcc version 11.2.0 (Ubuntu 11.2.0-19ubuntu1) ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log' CasperMD5CheckResult: unknown CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Wed May 18 14:50:11 2022 DistUpgraded: 2022-03-19 09:03:59,252 INFO cache.commit() DistroCodename: jammy DistroVariant: ubuntu DkmsStatus: nvidia/510.60.02, 5.15.0-27-generic, x86_64: installed nvidia/510.60.02, 5.15.0-30-generic, x86_64: installed EcryptfsInUse: Yes ExtraDebuggingInterest: Yes GraphicsCard: NVIDIA Corporation GM204 [GeForce GTX 970] [10de:13c2] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gigabyte Technology Co., Ltd GM204 [GeForce GTX 970] [1458:367a] MachineType: System manufacturer System Product Name ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.15.0-30-generic root=UUID=ca73c670-cd82-4bb7-9d49-1e036cf94a1a ro usbcore.autosuspend=-1 libata.force=1.00:noncq acpi_enforce_resources=lax libata.noacpi=1 amd_iommu=on iommu=pt SourcePackage: xorg Symptom: display UpgradeStatus: Upgraded to jammy on 2022-03-19 (60 days ago) dmi.bios.date: 08/10/2021 dmi.bios.release: 5.17 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 5861 dmi.board.asset.tag: Default string dmi.board.name: PRIME X470-PRO dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr5861:bd08/10/2021:br5.17:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnPRIMEX470-PRO:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring:skuSKU: dmi.product.family: To be filled by O.E.M. dmi.product.name: System Product Name dmi.product.sku: SKU dmi.product.version: System Version dmi.sys.vendor: System manufacturer mtime.conffile..etc.apport.crashdb.conf: 2021-05-03T18:07:38.595923 version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.110-1ubuntu1 version.libgl1-mesa-dri: libgl1-mesa-dri 22.0.1-1ubuntu2 version.libgl1-mesa-glx: libgl1-mesa-glx 22.0.1-1ubuntu2 version.nvidia-graphics-drivers: nvidia-graphics-drivers-* N/A version.xserver-xorg-core: xserver-xorg-core 2:21.1.3-2ubuntu2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2build3 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20210115-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-2build1 ** Affects: xorg (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy ubuntu wayland-session -- vram memory leak under Wayland https://bugs.launchpad.net/bugs/1974029 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974040] Re: Cannot connect to PEAP wifi (eduroam)
*** This bug is a duplicate of bug 1958267 *** https://bugs.launchpad.net/bugs/1958267 thanks for your quick answer Sebastien. I tried to do as suggested in #22 and then #36 but still not working. Can I provide and further information to help track this problem down? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1974040 Title: Cannot connect to PEAP wifi (eduroam) Status in wpa package in Ubuntu: New Bug description: Connection to wifi fails with May 18 15:08:55 attila wpa_supplicant[9698]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error Description:Ubuntu 22.04 LTS Release:22.04 wpasupplicant: Installed: 2:2.10-6ubuntu1 Candidate: 2:2.10-6ubuntu1 Version table: *** 2:2.10-6ubuntu1 1 (phased 40%) 500 http://fr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 2:2.10-6 500 500 http://fr.archive.ubuntu.com/ubuntu jammy/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-6ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed May 18 15:13:41 2022 InstallationDate: Installed on 2019-10-22 (938 days ago) InstallationMedia: Kubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: wpa UpgradeStatus: Upgraded to jammy on 2022-04-22 (26 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1974040/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974056] [NEW] iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless-bitwise_0 fails on s390x
Public bug reported: In Ubuntu, we execute the full iptables shell testcases across all architectures. They seem to all pass everywhere, however iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 is currently failing on s390x like so: command17FAIL stderr: W: [FAILED] ././testcases/nft- only/0009-needless-bitwise_0: expected 0 but got 1 i wonder if there is some endian bug, as this is currently Ubuntu's only big-endian architecture. ** Affects: iptables Importance: Unknown Status: Unknown ** Affects: iptables (Ubuntu) Importance: Undecided Status: New ** Tags: s390x ** Bug watch added: bugzilla.netfilter.org/ #1606 http://bugzilla.netfilter.org/show_bug.cgi?id=1606 ** Also affects: iptables via http://bugzilla.netfilter.org/show_bug.cgi?id=1606 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1974056 Title: iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 fails on s390x Status in iptables: Unknown Status in iptables package in Ubuntu: New Bug description: In Ubuntu, we execute the full iptables shell testcases across all architectures. They seem to all pass everywhere, however iptables-1.8.7/iptables/tests/shell/testcases/nft-only/0009-needless- bitwise_0 is currently failing on s390x like so: command17FAIL stderr: W: [FAILED] ././testcases/nft- only/0009-needless-bitwise_0: expected 0 but got 1 i wonder if there is some endian bug, as this is currently Ubuntu's only big-endian architecture. To manage notifications about this bug go to: https://bugs.launchpad.net/iptables/+bug/1974056/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
On Wed, May 18, 2022 at 13:37:46 -, Simon Chopin wrote: > Could you give more details about what happens when using the legacy > providers? The short version is that by enabling the legacy provider and setting SECLEVEL to 1, I'm able to get past the "digital envelope routines::unsupported" error during the tinc metadata channel setup... but the Jammy node still (just a step or two later in the negotiation process) reports a "Bogus data received from" error and then aborts the connection. The "Bogus data received from" error is a tinc error message, but as far as I can tell the likely trigger for that message is some sort of failure to decrypt incoming data by the OpenSSL library -- and since Focal, Impish and Jammy all have exactly the same tinc version, it would seem the issue is libssl3-related... but I am not sure precisely how You can find additional details in this tinc-mailing-list thread: https://www.tinc-vpn.org/pipermail/tinc/2022-May/005598.html (but so far the discussion there hasn't managed to narrow down the exact interaction between tinc and libssl that's causing the problem). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1958267] Re: wpa can't connect to servers using TLS 1.1 or older
Retitling this report to focus on the issue connecting to TLS <= 1.1 servers, which is reported upstream now on http://lists.infradead.org/pipermail/hostap/2022-May/040563.html ** Summary changed: - "Connection failed" for WPA Enterprise network (e.g. eduroam) + wpa can't connect to servers using TLS 1.1 or older ** Changed in: wpa (Ubuntu) Status: Confirmed => Triaged ** Description changed: + wpa built with in openssl3 fails to connect to TLS 1.1 or lower server + + those uses MD5-SHA1 as digest in its signature algorithm which no longer + meets OpenSSL default level of security of 80 bits + + http://lists.infradead.org/pipermail/hostap/2022-May/040563.html + + Workaround are described in #22 and #36 by basically using + CipherString = DEFAULT@SECLEVEL=0 + + which lowers the security level + + --- + With the current jammy version of wpasupplicant (2:2.10-1), I cannot connect to the WPA Enterprise network eduroam, which is used by Universities worldwide. I get a "Connection failed" message or a request to re-enter the password. - I've re-tried the credentials: no fix ;-) - Tried a 21.10 live session on the same machine: works fine! - Manually downgraded wpasupplicant to the impish version (2:2.9.0-21build1): connected normally. - Upgraded wpasupplicant to the latest version: fails to connect again. - ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-1 ProcVersionSignature: Ubuntu 5.15.0-17.17-generic 5.15.12 Uname: Linux 5.15.0-17-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu75 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jan 18 09:56:23 2022 InstallationDate: Installed on 2021-11-30 (48 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211130) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: wpa UpgradeStatus: No upgrade log present (probably fresh install) ** Changed in: wpa (Ubuntu Jammy) Milestone: None => ubuntu-22.04.1 ** Bug watch added: Debian Bug tracker #1011121 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011121 ** Changed in: wpa (Debian) Status: Fix Released => Unknown ** Changed in: wpa (Debian) Remote watch: Debian Bug tracker #1010603 => Debian Bug tracker #1011121 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1958267 Title: wpa can't connect to servers using TLS 1.1 or older Status in wpa package in Ubuntu: Triaged Status in wpa source package in Jammy: Confirmed Status in wpa package in Debian: Unknown Bug description: wpa built with in openssl3 fails to connect to TLS 1.1 or lower server those uses MD5-SHA1 as digest in its signature algorithm which no longer meets OpenSSL default level of security of 80 bits http://lists.infradead.org/pipermail/hostap/2022-May/040563.html Workaround are described in #22 and #36 by basically using CipherString = DEFAULT@SECLEVEL=0 which lowers the security level --- With the current jammy version of wpasupplicant (2:2.10-1), I cannot connect to the WPA Enterprise network eduroam, which is used by Universities worldwide. I get a "Connection failed" message or a request to re-enter the password. - I've re-tried the credentials: no fix ;-) - Tried a 21.10 live session on the same machine: works fine! - Manually downgraded wpasupplicant to the impish version (2:2.9.0-21build1): connected normally. - Upgraded wpasupplicant to the latest version: fails to connect again. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-1 ProcVersionSignature: Ubuntu 5.15.0-17.17-generic 5.15.12 Uname: Linux 5.15.0-17-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu75 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jan 18 09:56:23 2022 InstallationDate: Installed on 2021-11-30 (48 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20211130) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: wpa UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974040] Re: Cannot connect to PEAP wifi (eduroam)
*** This bug is a duplicate of bug 1958267 *** https://bugs.launchpad.net/bugs/1958267 Thanks, it sounds like the same as bug #1958267 which is detailed on http://lists.infradead.org/pipermail/hostap/2022-May/040563.html but basically an issue when trying to connect to servers using old TLS versions The workaround described on the other bug is to use DEFAULT@SECLEVEL=0 , #22 has details on how to create a configuration specific to wpa ** This bug has been marked a duplicate of bug 1958267 wpa can't connect to servers using TLS 1.1 or older -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1974040 Title: Cannot connect to PEAP wifi (eduroam) Status in wpa package in Ubuntu: New Bug description: Connection to wifi fails with May 18 15:08:55 attila wpa_supplicant[9698]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error Description:Ubuntu 22.04 LTS Release:22.04 wpasupplicant: Installed: 2:2.10-6ubuntu1 Candidate: 2:2.10-6ubuntu1 Version table: *** 2:2.10-6ubuntu1 1 (phased 40%) 500 http://fr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 2:2.10-6 500 500 http://fr.archive.ubuntu.com/ubuntu jammy/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-6ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed May 18 15:13:41 2022 InstallationDate: Installed on 2019-10-22 (938 days ago) InstallationMedia: Kubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: wpa UpgradeStatus: Upgraded to jammy on 2022-04-22 (26 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1974040/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971984] Re: pcscd 1.9.5-3 do not start automatically, only manual
I reinstalled Ubuntu 22.04 in another VM (still using VirtualBox) and I do NOT get the problem. So it is not related to the hardware (I was expecting this result). Strange. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1971984 Title: pcscd 1.9.5-3 do not start automatically, only manual Status in pcsc-lite package in Ubuntu: Confirmed Bug description: Ubuntu Mate 22.04 with the latest updates. Problem is present with internal smart-card reader and also external usb smart-card reader. eid-viewer sees no card reader,but When i do: sudo pcscd -f it is working, also following the tips of Ludovic: https://ludovicrousseau.blogspot.com/2011/11/pcscd-auto-start-using-systemd.html sudo systemctl stop pcscd.socket sudo systemctl start pcscd.socket It is working until next restart. libacsccid1 version: 1.1.8-1 libccid version: 1.5.0-2 pcscd version: 1.9.5-3 eid-archive version: 2022.3 eid-mw version: 5.0.28v5.0.28-0u2204-1 eid-viewer version: 5.0.28v5.0.28-0u2204-1 In Firefox, my eid card is then also recognized, but only in the ESR version, but this is a know Mozilla bug. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pcsc-lite/+bug/1971984/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974046] Re: Please merge wget 1.21.3 (main) from Debian unstable (main)
** Package changed: ubuntu => wget (Ubuntu) ** Changed in: wget (Ubuntu) Status: Invalid => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1974046 Title: Please merge wget 1.21.3 (main) from Debian unstable (main) Status in wget package in Ubuntu: In Progress Bug description: Please merge wget 1.21.3 from Debian stable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1974046/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
On Wed, May 18, 2022 at 13:41:06 -, Simon Chopin wrote: > Also, does tinc work in a purely Jammy context? :-) As far as I can determine the issue relates to compatibility between libssl3 and the algorithms used by the Xenial-era tinc, and thus I can't imagine Jammy-to-Jammy would be a problem -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974046] [NEW] Please merge wget 1.21.3 (main) from Debian unstable (main)
You have been subscribed to a public bug: Please merge wget 1.21.3 from Debian stable ** Affects: wget (Ubuntu) Importance: Wishlist Assignee: Nathan Teodosio (nteodosio) Status: In Progress -- Please merge wget 1.21.3 (main) from Debian unstable (main) https://bugs.launchpad.net/bugs/1974046 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1897932] Re: systemd-repart not packaged
Any chance it could be enabled now that Jammy shipped? It's really fine to enable it in 249 for 20.10, there's really no reason to wait for a new version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1897932 Title: systemd-repart not packaged Status in systemd package in Ubuntu: Triaged Status in systemd package in Debian: Fix Released Bug description: systemd-repart is not (as of 246.6-1ubuntu1) packaged in the Ubuntu/Debian packages of systemd - probably because it has an extra dependency? I'd like to use it in our new raspberry pi images where we don't have cloud-init installed. We're already using systemd-growfs, but we are missing the nice partition resizing part (so are using cloud- initramfs-growroot). Could you please consider enabling it? In another binary package - so it can have extra deps - would be just fine by me. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1897932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1903516] Re: aborted (core dumped) when using ConnectTimeout > 2147483
Since the only thing left here is the staged SRU for impish, I am unsubscribing the server team and removing the server-todo tag from this bug. ** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1903516 Title: aborted (core dumped) when using ConnectTimeout > 2147483 Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Bionic: Fix Released Status in openssh source package in Focal: Fix Released Status in openssh source package in Impish: Fix Committed Status in openssh source package in Jammy: Fix Released Bug description: [Impact] Setting ConnectTimeout to a value higher than INT_MAX/1000 causes the ssh client to crash. This happens due to an integer overflow which was fixed upstream with the patch being proposed for this SRU, which caps the effective value for that option at INT_MAX/1000. While use cases triggering the bug may be uncommon, the patch is straightforward and the fix could be staged for the next time an upload is needed. [Test Plan] Running ssh -o "ConnectTimeout=$(perl -e 'use POSIX; my $max = int(POSIX::INT_MAX/1000)+1; print "$max\n";')" localhost triggers the error. In this case, the ssh client will crash and Aborted will be printed to stderr. By applying the proposed fix, running the same command should allow the ssh connection to proceed to the authentication steps. [Where problems could occur] Most problems would manifest due to rebuilding the package (e.g., dependency changes). Since this proposal is to stage these SRUs, such risk is being deferred to be shared with the next, more critical, upload. [Other Info] All the SRUs proposed here should be staged due to the low priority nature of the bug. [Original bug report] The ssh client fails with the message "Aborted (core dumped)" when setting the ConnectTimeout to 2147484 or higher. lsb_release: Linux Mint 20 (but also tested this on latest ubuntu:20.04 docker container) openssh-client version: 1:8.2p1-4ubuntu0.1 I expected that either the connect timeout would be used correctly, or that it would fail with a proper error message saying the connect timeout can't be higher than 2147483. What happened: $ ssh -o "ConnectTimeout=2147484" localhost Aborted (core dumped) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1903516/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1958019]
(In reply to Cameron Berkenpas from comment #600) > Looking at the model number, there's a chance it's compatible with the > verbs of the 15IMHG05, or another model from around that time. > > Do you know how to build and run your own kernel? > > Also, please provide a URL to your alsa-info. > > On 5/15/2022 12:12 PM, bugzilla-dae...@kernel.org wrote: > > https://bugzilla.kernel.org/show_bug.cgi?id=208555 > > > > --- Comment #599 from Andrei Miculita (andreimiculita+k...@gmail.com) --- > > Lenovo Legion S7 15IMH5 > > > > Has anyone managed to get their sound working on it? Would appreciate a > > tutorial or some tips (the more specific, the better, as this thread is > full > > of > > other devices as well and it'd take a long time to try everything) > > I do, it might take me a while to get it done if I start now, but I've done it before for fun. My alsa-info: http://alsa-project.org/db/?f=c1ba1098da13b2d7d6793fbce823e4feed2ac4ee -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1958019 Title: [Lenovo Legion7 16ACHg6 82N6, Realtek ALC287, Speaker, Internal] No sound at all Status in sound-2.6 (alsa-kernel): Confirmed Status in alsa-driver package in Ubuntu: Confirmed Bug description: On my Lenovo Legion-7-16ACHg6 laptop I can't hear any sound by internal speakers, but it work by headphones connected to standard jack aux. uname -r 5.11.0-44-generic ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 5.11.0-44.48~20.04.2-generic 5.11.22 Uname: Linux 5.11.0-44-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.21 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: i3draven 1266 F pulseaudio /dev/snd/controlC0: i3draven 1266 F pulseaudio /dev/snd/controlC1: i3draven 1266 F pulseaudio /dev/snd/pcmC1D0p: i3draven 1266 F...m pulseaudio CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sat Jan 15 15:10:53 2022 InstallationDate: Installed on 2021-10-11 (96 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:Generic failed Symptom_Card: Family 17h (Models 10h-1fh) HD Audio Controller - HD-Audio Generic Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC2: i3draven 1266 F pulseaudio /dev/snd/controlC0: i3draven 1266 F pulseaudio /dev/snd/controlC1: i3draven 1266 F pulseaudio /dev/snd/pcmC1D0p: i3draven 1266 F...m pulseaudio Symptom_Jack: Speaker, Internal Symptom_Type: No sound at all Title: [82N6, Realtek ALC287, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/08/2021 dmi.bios.release: 1.49 dmi.bios.vendor: LENOVO dmi.bios.version: GKCN49WW dmi.board.asset.tag: NO Asset Tag dmi.board.name: LNVNB161216 dmi.board.vendor: LENOVO dmi.board.version: SDK0R32862 WIN dmi.chassis.asset.tag: NO Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Legion 7 16ACHg6 dmi.ec.firmware.release: 1.49 dmi.modalias: dmi:bvnLENOVO:bvrGKCN49WW:bd11/08/2021:br1.49:efr1.49:svnLENOVO:pn82N6:pvrLegion716ACHg6:skuLENOVO_MT_82N6_BU_idea_FM_Legion716ACHg6:rvnLENOVO:rnLNVNB161216:rvrSDK0R32862WIN:cvnLENOVO:ct10:cvrLegion716ACHg6: dmi.product.family: Legion 7 16ACHg6 dmi.product.name: 82N6 dmi.product.sku: LENOVO_MT_82N6_BU_idea_FM_Legion 7 16ACHg6 dmi.product.version: Legion 7 16ACHg6 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/sound-2.6/+bug/1958019/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1962541] Re: PEAP wifi can't connect (ubuntu live/installer is also not working
Same as @melser-anton I installed 2:2.10-6ubuntu1 from ubuntu-updates but still no luck. I followed the instructions in #35 and submitted a new bug #1974040 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1962541 Title: PEAP wifi can't connect (ubuntu live/installer is also not working Status in wpa package in Ubuntu: Fix Released Status in wpa source package in Jammy: Fix Released Bug description: * Impact Connecting to some PEAP wifi doesn't work anymore since the openssl3 transition Details on the issue can be found on http://lists.infradead.org/pipermail/hostap/2022-May/040511.html * Test case Try using a PEAP wifi not implementing RFC5746, it should be able to connect * Regression potential The change allows to connect to less secure WiFis the same way that wpa allowed before openssl3, lower security enforcement isn't ideal but still better than non working hardware. WPA2 enterprise can't connect PEAP ubuntu 22.04 live/installer is not working too ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: ubuntu-release-upgrader-core 1:22.04.6 Uname: Linux 5.16.0-kali1-amd64 x86_64 ApportVersion: 2.20.11-0ubuntu78 Architecture: amd64 CasperMD5CheckResult: unknown CrashDB: ubuntu CurrentDesktop: ubuntu:GNOME Date: Tue Mar 1 09:18:42 2022 PackageArchitecture: all SourcePackage: ubuntu-release-upgrader Symptom: dist-upgrade UpgradeStatus: No upgrade log present (probably fresh install) VarLogDistupgradeTermlog: mtime.conffile..etc.update-manager.release-upgrades: 2022-02-27T21:07:16.553410 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1962541/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974040] Re: Cannot connect to PEAP wifi (eduroam)
This looks like the same as bug #1962541 Followed the instructions in comment #35 therein. ** Attachment added: "journalctl.log" https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1974040/+attachment/5590933/+files/journalctl.log -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1974040 Title: Cannot connect to PEAP wifi (eduroam) Status in wpa package in Ubuntu: New Bug description: Connection to wifi fails with May 18 15:08:55 attila wpa_supplicant[9698]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error Description:Ubuntu 22.04 LTS Release:22.04 wpasupplicant: Installed: 2:2.10-6ubuntu1 Candidate: 2:2.10-6ubuntu1 Version table: *** 2:2.10-6ubuntu1 1 (phased 40%) 500 http://fr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 2:2.10-6 500 500 http://fr.archive.ubuntu.com/ubuntu jammy/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-6ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed May 18 15:13:41 2022 InstallationDate: Installed on 2019-10-22 (938 days ago) InstallationMedia: Kubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: wpa UpgradeStatus: Upgraded to jammy on 2022-04-22 (26 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1974040/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974037] Re: openssl: EVP_EC_gen() segfault without init
** Changed in: openssl (Debian) Status: New => Fix Released ** Changed in: openssl (Debian) Importance: Undecided => Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1974037 Title: openssl: EVP_EC_gen() segfault without init Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: Fix Released Bug description: Imported from Debian bug http://bugs.debian.org/1010958: Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg=3.0.2-1%2Bb1 ... 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV Ok: 9 Expected Fail: 0 Fail: 1 Unexpected Pass:0 Skipped:0 Timeout:0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 This has also been reported on the openssl-users mailing list: https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974037] Re: openssl: EVP_EC_gen() segfault without init
This issue has been introduced in 3.0.3 upstream but we've backported the patch set to Jammy as well. The cherry-picked fix is in Debian in 3.0.3-4. ** Changed in: openssl (Ubuntu) Status: New => Confirmed ** Also affects: openssl (Ubuntu Kinetic) Importance: Undecided Status: Confirmed ** Also affects: openssl (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu Jammy) Status: New => Confirmed ** Changed in: openssl (Ubuntu Jammy) Importance: Undecided => High ** Changed in: openssl (Ubuntu Kinetic) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1974037 Title: openssl: EVP_EC_gen() segfault without init Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: New Bug description: Imported from Debian bug http://bugs.debian.org/1010958: Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg=3.0.2-1%2Bb1 ... 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV Ok: 9 Expected Fail: 0 Fail: 1 Unexpected Pass:0 Skipped:0 Timeout:0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 This has also been reported on the openssl-users mailing list: https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974040] [NEW] Cannot connect to PEAP wifi (eduroam)
Public bug reported: Connection to wifi fails with May 18 15:08:55 attila wpa_supplicant[9698]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error Description:Ubuntu 22.04 LTS Release:22.04 wpasupplicant: Installed: 2:2.10-6ubuntu1 Candidate: 2:2.10-6ubuntu1 Version table: *** 2:2.10-6ubuntu1 1 (phased 40%) 500 http://fr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 2:2.10-6 500 500 http://fr.archive.ubuntu.com/ubuntu jammy/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-6ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed May 18 15:13:41 2022 InstallationDate: Installed on 2019-10-22 (938 days ago) InstallationMedia: Kubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: wpa UpgradeStatus: Upgraded to jammy on 2022-04-22 (26 days ago) ** Affects: wpa (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1974040 Title: Cannot connect to PEAP wifi (eduroam) Status in wpa package in Ubuntu: New Bug description: Connection to wifi fails with May 18 15:08:55 attila wpa_supplicant[9698]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error Description:Ubuntu 22.04 LTS Release:22.04 wpasupplicant: Installed: 2:2.10-6ubuntu1 Candidate: 2:2.10-6ubuntu1 Version table: *** 2:2.10-6ubuntu1 1 (phased 40%) 500 http://fr.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 100 /var/lib/dpkg/status 2:2.10-6 500 500 http://fr.archive.ubuntu.com/ubuntu jammy/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-6ubuntu1 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: KDE Date: Wed May 18 15:13:41 2022 InstallationDate: Installed on 2019-10-22 (938 days ago) InstallationMedia: Kubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017) SourcePackage: wpa UpgradeStatus: Upgraded to jammy on 2022-04-22 (26 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1974040/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974037] [NEW] openssl: EVP_EC_gen() segfault without init
Public bug reported: Imported from Debian bug http://bugs.debian.org/1010958: Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg=3.0.2-1%2Bb1 ... 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV Ok: 9 Expected Fail: 0 Fail: 1 Unexpected Pass:0 Skipped:0 Timeout:0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 This has also been reported on the openssl-users mailing list: https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html ** Affects: openssl (Ubuntu) Importance: High Status: Confirmed ** Affects: openssl (Ubuntu Jammy) Importance: High Status: Confirmed ** Affects: openssl (Ubuntu Kinetic) Importance: High Status: Confirmed ** Affects: openssl (Debian) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #1010958 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010958 ** Changed in: openssl (Debian) Remote watch: None => Debian Bug tracker #1010958 ** Summary changed: - sscg FTBFS with OpenSSL 3.0.3 + openssl: EVP_EC_gen() segfault without init ** Description changed: Imported from Debian bug http://bugs.debian.org/1010958: Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg=3.0.2-1%2Bb1 ... - 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV + 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: - 1/10 generate_rsa_key_test FAIL 0.01s killed by signal + 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV - - Ok: 9 - Expected Fail: 0 - Fail: 1 - Unexpected Pass:0 - Skipped:0 - Timeout:0 + Ok: 9 + Expected Fail: 0 + Fail: 1 + Unexpected Pass:0 + Skipped:0 + Timeout:0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 + + This has also been reported on the openssl-users mailing list: + + https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1974037 Title: openssl: EVP_EC_gen() segfault without init Status in openssl package in Ubuntu: Confirmed Status in openssl source package in Jammy: Confirmed Status in openssl source package in Kinetic: Confirmed Status in openssl package in Debian: New Bug description: Imported from Debian bug http://bugs.debian.org/1010958: Source: sscg Version: 3.0.2-1 Severity: serious Tags: ftbfs https://buildd.debian.org/status/logs.php?pkg=sscg=3.0.2-1%2Bb1 ... 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV 04:32:21 MALLOC_PERTURB_=87 /<>/obj-x86_64-linux-gnu/generate_rsa_key_test ... Summary of Failures: 1/10 generate_rsa_key_test FAIL 0.01s killed by signal 11 SIGSEGV Ok: 9 Expected Fail: 0 Fail: 1 Unexpected Pass:0 Skipped:0 Timeout:0 dh_auto_test: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 MESON_TESTTHREADS=4 ninja test returned exit code 1 make: *** [debian/rules:6: binary-arch] Error 25 This has also been reported on the openssl-users mailing list: https://www.mail-archive.com/openssl-users@openssl.org/msg90830.html To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974037/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1969976] Re: DynamicUser=1 doesn't get along with services that need dbus-daemon
This bug was fixed in the package fwupd - 1.7.7-1ubuntu2 --- fwupd (1.7.7-1ubuntu2) kinetic; urgency=medium * d/t/ci: don't stderr-fail the autopkgtest on modprobe error + it's optional as tests can be skipped, if mtdram module isn't there -- Lukas Märdian Wed, 18 May 2022 09:34:56 +0200 ** Changed in: fwupd (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969976 Title: DynamicUser=1 doesn't get along with services that need dbus-daemon Status in Fwupd: Fix Released Status in systemd: New Status in fwupd package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Won't Fix Status in fwupd source package in Focal: New Status in systemd source package in Focal: Won't Fix Status in fwupd source package in Impish: New Status in systemd source package in Impish: Won't Fix Status in fwupd source package in Jammy: New Status in systemd source package in Jammy: Won't Fix Bug description: Updating to systemd 245.4-4ubuntu3.16 has caused a regression in Ubuntu 20.04, that fwupd-refresh.service always fails to run. This has been root caused down to the changes in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538 Unfortunately this is an upstream issue introduced by stable systemd. https://github.com/systemd/systemd/issues/22737 The problem also occurs in Ubuntu 22.04 with a newer systemd release. As discussed in https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1871538/comments/61 it's a tradeoff of issues. So within Ubuntu something probably needs to be done about fwupd-refresh.service. One proposal is to remove DynamicUser=yes from the systemd unit, but this will mean fwupdgmr refresh runs as root. It's relatively sandboxed by other security mechanisms, but still not ideal. Could we repurpose any other service account? Or alternatively we can make a new fwupd service account that this systemd unit uses. To manage notifications about this bug go to: https://bugs.launchpad.net/fwupd/+bug/1969976/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
Could you give more details about what happens when using the legacy providers? ** Changed in: tinc (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
Also, does tinc work in a purely Jammy context? :-) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974035] [NEW] openssl: Merge 3.0.3-4 from Debian unstable
Public bug reported: The version 3.0.3-4 from Debian unstable should be merged in Kinetic. ** Affects: openssl (Ubuntu) Importance: High Assignee: Simon Chopin (schopin) Status: Confirmed ** Tags: fr-2393 ** Tags added: fr-2393 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1974035 Title: openssl: Merge 3.0.3-4 from Debian unstable Status in openssl package in Ubuntu: Confirmed Bug description: The version 3.0.3-4 from Debian unstable should be merged in Kinetic. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1974035/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1964642] Re: Packer virtualbox ssh can't connect to unattended Ubuntu 20.04.1/2/3/4 but can connect to Ubuntu 20.4
** Tags added: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1964642
Title:
Packer virtualbox ssh can't connect to unattended Ubuntu 20.04.1/2/3/4
but can connect to Ubuntu 20.4
Status in openssh package in Ubuntu:
Expired
Bug description:
Two years ago I was able to create a Virtualbox Ubuntu 20.04 guest in a
Windows 10 host with Packer 1.5.6, using an unattended installation.
The Packer command was:
"boot_command": [
" ",
"autoinstall ds=nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/",
""
],
The user-data file was:
#cloud-config
autoinstall:
version: 1
identity:
realname: mclibre
hostname: ubuntu
password:
'$6$mclibre$YiuRPSZM3ZXVe4UyIqv1dvy9rUjf5/LsGCkDyaex.WN45wzVTuRmW5QLuctuicGAFZIO2M3QR8NLdtQYatKTn1'
username: mclibre
locale: es_ES.UTF-8
keyboard:
layout: es
network:
network:
version: 2
ethernets:
ens33: {dhcp4: true, dhcp-identifier: mac}
ssh:
install-server: true
late-commands:
- sed -i 's/^#*\(send dhcp-client-identifier\).*$/\1 = hardware;/'
/target/etc/dhcp/dhclient.conf
- 'sed -i "s/dhcp4: true/&\n dhcp-identifier: mac/"
/target/etc/netplan/00-installer-config.yaml'
Now, I have tried to create a Virtualbox Ubuntu 20.04.4/.3/.2/.1 guest using
packer 1.5.6 but Packer can't create the image because once the installation is
done, after rebooting the SSH server does not answer (the packer log error
says: SSH handshake err: Timeout during SSH handshake).
I have tried with the last version of Packer, Packer 1.8.0, and the result is
the same. I can create a Ubuntu Server 20.4 image but not a Ubuntu Server
20.4.1, .2, .3 or .4 image.
I can provide as much aditional information as you want.
Thanking you in advance,
Bartolome Sintes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1964642/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971272] Re: Merge cyrus-sasl2 from Debian unstable for kinetic
It's currently blocked on this (real) bug, for which I'm testing a few fixes already: https://bugs.launchpad.net/ubuntu/+source/python- bonsai/+bug/1973756 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1971272 Title: Merge cyrus-sasl2 from Debian unstable for kinetic Status in cyrus-sasl2 package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.1.28+dfsg-4 Ubuntu: 2.1.27+dfsg2-3ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### cyrus-sasl2 (2.1.28+dfsg-4) unstable; urgency=medium * d/copyright: java/* files were removed upstream * d/copyright: Reformat the default license's margin * d/copyright: Add project's license to include/makemd5.c * Move SCRAM to libsasl2-modules (Closes: #977360) * Install additional GS2 module for Heimdal * Remove Roberto from the Uploaders * Drop 0005-Fixes-in-library-mutexes.patch * Drop 0021-Fix-keytab-option-for-MIT-Kerberos.patch * Remove former logcheck conffile (Closes: #1009851) * lintian: Fix excessive-priority-for-library-package * lintian: Fix package-contains-empty-directory -- Bastian Germann Wed, 20 Apr 2022 01:01:01 +0200 cyrus-sasl2 (2.1.28+dfsg-3) unstable; urgency=high * Set MIT/Heimdal CFLAGS instead of CPPFLAGS * Drop unnecessary 0027-properly-create-libsasl2.pc.patch * Prevent installing outdated ChangeLog (Closes: #1009681) * Remove debug log message and its logcheck rule (Closes: #805310) * Self-reference pluginviewer man as saslpluginviewer (Closes: #1009380) * Get rid of broken README.configure-options * Add sasldbconverter2.8 manpage * d/copyright: Add missing KTH license * Install libsasl.5 manpage [ Debian Janitor ] * Remove constraints unnecessary since buster -- Bastian Germann Fri, 15 Apr 2022 12:02:13 +0200 cyrus-sasl2 (2.1.28+dfsg-2) unstable; urgency=medium * Remove cruft -- Bastian Germann Fri, 25 Feb 2022 18:58:54 +0100 cyrus-sasl2 (2.1.28+dfsg-1) experimental; urgency=medium * Drop upstream patches * Import new release signing key * Reset repacksuffix * New upstream version 2.1.28+dfsg (CVE-2022-24407) * Rebase 0027-properly-create-libsasl2.pc.patch -- Bastian Germann Tue, 22 Feb 2022 23:40:47 +0100 cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium [ Andreas Hasenack ] * Fix configure.ac for autoconf 2.70 (Closes: #1003355, #1000152) -- Bastian Germann Tue, 11 Jan 2022 11:25:37 +0100 cyrus-sasl2 (2.1.27+dfsg2-2) unstable; urgency=medium [ Helmut Grohne ] * Fix FTCBFS: (Closes: #928512) + cross.patch: Support caching SPNEGO support test. + Provide SPNEGO support test result. [ Vagrant Cascadian ] * Set date in man pages (Closes: #995145) -- Bastian Germann Wed, 17 Nov 2021 01:23:49 +0100 cyrus-sasl2 (2.1.27+dfsg2-1) unstable; urgency=medium * Add bage to uploaders (Closes: #799864) * Use upstream patches where possible * Amend off-by-one in _sasl_add_string function * Replace some patches by upstream equivalents * Apply the patches in order of to their prefixes * Add missing caret (^) in logcheck rule (Closes: #830764) * Remove unnecessary GPL copy * Add missing copyright/licenses * Repack, getting rid of more problematic files * Build html documentation * Make the package rebuildable * Remove outdated README.Debian info * Disable autostart via debhelper * Drop unnecessary patch * Remove alternative, old build dep libmysqlclient-dev Annotate documentation Build-Depends with :native [ Frédéric Brière ] * Make logcheck snippet compatible with systemd journal -- Bastian Germann Sun, 14 Nov 2021 14:11:18 +0100 cyrus-sasl2 (2.1.27+dfsg-2.3) unstable; urgency=medium * Non-maintainer upload. * d/watch: Check the github releases page * Get rid of a patch's patch * Recover upstream-compatible patch license (Closes: #996866) + Relicense libobj patch * Fix lintian: unused-override ### Old Ubuntu Delta ### cyrus-sasl2 (2.1.27+dfsg2-3ubuntu1) jammy; urgency=medium * SECURITY UPDATE: SQL injection in SQL plugin - debian/patches/CVE-2022-24407.patch: escape password for SQL insert/update commands in plugins/sql.c. - CVE-2022-24407 -- Marc Deslauriers Tue, 22 Feb 2022 14:17:18 -0500 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1971272/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help :
[Touch-packages] [Bug 1948376] Re: race condition in apport lead to Local Privilege Escalation
This was published here:
https://ubuntu.com/security/notices/USN-5427-1
Thanks!
** Changed in: apport (Ubuntu)
Status: In Progress => Fix Released
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1948376
Title:
race condition in apport lead to Local Privilege Escalation
Status in apport package in Ubuntu:
Fix Released
Bug description:
Hello. I'm Muqing Liu @Singurlar Security Lab. I would like to report
a vulnerability that lead to Local Privilege Escalation. I found this
vurlnebiltiy together with neoni
An attacker can use this vulnerability to get a root shell, if one of the
following conditions is satisfied:
1. If an unprivilieged user ( e.g. nobody ) is allowed to run a command (e.g.
ping) as root via sudo.
2. Or `sendmail` package is installed on system (It's may possible but I have
not tested.)
Here is the detail:
Apport will check if pid is reused, by check if the start time of the process
is later than apport self:
# /usr/share/apport/apport
594 apport_start = get_apport_starttime()
595 process_start = get_process_starttime()
596 if process_start > apport_start:
597 error_log('process was replaced after Apport started, ignoring')
598 sys.exit(0)
But an attacker could reused pid just after apport launched. In such
case, get_apport_starttime() == get_process_starttime().
So, an attacker can get root shell under Condition 1, by following steps.
1. prepare a process X to crash, whose pid is A
2. repeating fork process, until current pid reaches A - 2
3. make process X crash, apport will be launched by kernel with pid A - 1.
Then attacker kill process X, so pid A is now available.
4. attacker run command `sudo ping 8.8.8.8` with current directory
/etc/logrotate.d/. a process running under root:root will re-occupy pid A.
5. Since the start time of sudo and apport are same, line 596 is by-passed.
Apport then drop a core file of process X in /etc/logrotate.d
For Condtion 2:
Sudo will execute sendmail to send incident report if sendmail is installed.
So arbitrary user can run sudo to trigger sendmail at /etc/logrotate.d. I have
not tested this case, but I think it's possible to win the race.
PoC of Condition 1 is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1641236] Re: Confined processes inside container cannot fully access host pty device passed in by lxc exec
Ahyes, that fixes things on Ubuntu/Jammy as well: mkdir -p /etc/apparmor.d/disable # (did not exist, over here) ln -s /etc/apparmor.d/usr.bin.tcpdump /etc/apparmor.d/disable # (note, no sbin, but bin) apparmor_parser -R /etc/apparmor.d # (this is indeed needed, instead of an apparmor restart) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1641236 Title: Confined processes inside container cannot fully access host pty device passed in by lxc exec Status in apparmor package in Ubuntu: Confirmed Status in lxd package in Ubuntu: Invalid Bug description: Now that AppArmor policy namespaces and profile stacking is in place, I noticed odd stdout buffering behavior when running confined processes via lxc exec. Much more data stdout data is buffered before getting flushed when the program is confined by an AppArmor profile inside of the container. I see that lxd is calling openpty(3) in the host environment, using the returned fd as stdout, and then executing the command inside of the container. This results in an AppArmor denial because the file descriptor returned by openpty(3) originates outside of the namespace used by the container. The denial is likely from glibc calling fstat(), from inside the container, on the file descriptor associated with stdout to make a decision on how much buffering to use. The fstat() is denied by AppArmor and glibc ends up handling the buffering differently than it would if the fstat() would have been successful. Steps to reproduce (using an up-to-date 16.04 amd64 VM): Create a 16.04 container $ lxc launch ubuntu-daily:16.04 x Run tcpdump in one terminal and generate traffic in another terminal (wget google.com) $ lxc exec x -- tcpdump -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 47 packets captured 48 packets received by filter 1 packet dropped by kernel Note that everything above was printed immediately because it was printed to stderr. , which is printed to stdout, was not printed until you pressed ctrl-c and the buffers were flushed thanks to the program terminating. Also, this AppArmor denial shows up in the logs: audit: type=1400 audit(1478902710.025:440): apparmor="DENIED" operation="getattr" info="Failed name lookup - disconnected path" error=-13 namespace="root//lxd-x_" profile="/usr/sbin/tcpdump" name="dev/pts/12" pid=15530 comm="tcpdump" requested_mask="r" denied_mask="r" fsuid=165536 ouid=165536 Now run tcpdump unconfined and take note that is printed immediately, before you terminate tcpdump. Also, there are no AppArmor denials. $ lxc exec x -- aa-exec -p unconfined -- tcpdump -i eth0 ... Now run tcpdump confined but in lxc exec's non-interactive mode and note that is printed immediately and no AppArmor denials are present. (Looking at the lxd code in lxd/container_exec.go, openpty(3) is only called in interactive mode) $ lxc exec x --mode=non-interactive -- tcpdump -i eth0 ... Applications that manually call fflush(stdout) are not affected by this as manually flushing stdout works fine. The problem seems to be caused by glibc not being able to fstat() the /dev/pts/12 fd from the host's namespace. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1641236/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974018] Re: dmesg
** Package changed: ubuntu => xorg (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1974018 Title: dmesg Status in xorg package in Ubuntu: New Bug description: $ lsb_release -rd Description:Ubuntu 22.04 LTS Release:22.04 [ 29.170087] [ 29.170097] UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21 [ 29.170102] load of value 255 is not a valid value for type '_Bool' [ 29.170105] CPU: 3 PID: 549 Comm: in:imuxsock Tainted: P OE 5.15.0-30-generic #31-Ubuntu [ 29.170110] Hardware name: ASUSTeK COMPUTER INC. X550CL/X550CL, BIOS X550CL.204 10/17/2013 [ 29.170113] Call Trace: [ 29.170116] [ 29.170119] show_stack+0x52/0x58 [ 29.170128] dump_stack_lvl+0x4a/0x5f [ 29.170136] dump_stack+0x10/0x12 [ 29.170140] ubsan_epilogue+0x9/0x45 [ 29.170144] __ubsan_handle_load_invalid_value.cold+0x44/0x49 [ 29.170149] ieee80211_tx_status_ext.cold+0x4e/0x5f [mac80211] [ 29.170251] ieee80211_tx_status+0x72/0xa0 [mac80211] [ 29.170320] ath_txq_unlock_complete+0x12d/0x160 [ath9k] [ 29.170336] ath_tx_edma_tasklet+0xef/0x4c0 [ath9k] [ 29.170349] ? del_timer_sync+0x6c/0xb0 [ 29.170355] ath9k_tasklet+0x14e/0x290 [ath9k] [ 29.170367] tasklet_action_common.constprop.0+0xc0/0xf0 [ 29.170373] tasklet_action+0x22/0x30 [ 29.170378] __do_softirq+0xd9/0x2e3 [ 29.170385] irq_exit_rcu+0x8c/0xb0 [ 29.170389] common_interrupt+0x8a/0xa0 [ 29.170396] [ 29.170398] [ 29.170400] asm_common_interrupt+0x1e/0x40 [ 29.170404] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 29.170411] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 29.170414] RSP: 0018:ae00c0b83c10 EFLAGS: 0202 [ 29.170419] RAX: 7f4885d52298 RBX: ae00c0b83c40 RCX: 0007 [ 29.170422] RDX: RSI: 7f4885d52260 RDI: ae00c0b83c40 [ 29.170424] RBP: ae00c0b83c30 R08: R09: 9a32e177e418 [ 29.170427] R10: R11: R12: 0038 [ 29.170429] R13: ae00c0b83cd8 R14: ae00c0b83ce0 R15: 0040 [ 29.170434] ? _copy_from_user+0x2e/0x60 [ 29.170440] __copy_msghdr_from_user+0x3d/0x130 [ 29.170446] ___sys_recvmsg+0x68/0x110 [ 29.170450] ? check_preempt_curr+0x5d/0x70 [ 29.170455] ? ttwu_do_wakeup+0x1c/0x160 [ 29.170460] ? rseq_get_rseq_cs.isra.0+0x1b/0x220 [ 29.170466] ? ttwu_do_activate+0x72/0xf0 [ 29.170470] ? __fget_files+0x86/0xc0 [ 29.170476] ? __fget_light+0x32/0x80 [ 29.170481] __sys_recvmsg+0x5f/0xb0 [ 29.170485] ? switch_fpu_return+0x4e/0xc0 [ 29.170491] ? exit_to_user_mode_prepare+0x92/0xb0 [ 29.170496] ? syscall_exit_to_user_mode+0x27/0x50 [ 29.170501] __x64_sys_recvmsg+0x1d/0x20 [ 29.170505] do_syscall_64+0x5c/0xc0 [ 29.170510] ? __x64_sys_futex+0x78/0x1e0 [ 29.170515] ? exit_to_user_mode_prepare+0x37/0xb0 [ 29.170520] ? syscall_exit_to_user_mode+0x27/0x50 [ 29.170524] ? do_syscall_64+0x69/0xc0 [ 29.170528] ? do_syscall_64+0x69/0xc0 [ 29.170533] ? do_syscall_64+0x69/0xc0 [ 29.170537] ? do_syscall_64+0x69/0xc0 [ 29.170541] ? asm_common_interrupt+0x8/0x40 [ 29.170546] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 29.170550] RIP: 0033:0x7f48864179ef [ 29.170554] Code: 44 00 00 89 54 24 0c 48 89 34 24 89 7c 24 08 e8 97 90 f6 ff 8b 54 24 0c 48 8b 34 24 41 89 c0 8b 7c 24 08 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 4c 63 e0 44 89 c7 e8 de 90 f6 ff 48 83 c4 [ 29.170557] RSP: 002b:7f4885d52140 EFLAGS: 0293 ORIG_RAX: 002f [ 29.170561] RAX: ffda RBX: RCX: 7f48864179ef [ 29.170564] RDX: 0040 RSI: 7f4885d52260 RDI: 0003 [ 29.170566] RBP: R08: R09: 7f4878000bb0 [ 29.170568] R10: 7f4878002b50 R11: 0293 R12: 55d6ce037580 [ 29.170570] R13: 55d6cc64e4cc R14: 1fa0 R15: 7f4878000bb0 [ 29.170575] [ 29.170585] ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CompositorRunning: None Date: Wed May 18 13:36:06 2022 DistUpgraded: 2022-05-16 13:44:28,450 DEBUG
[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information
** Tags added: bitesize -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Triaged Status in openssh source package in Hirsute: Triaged Status in openssh source package in Impish: Triaged Bug description: The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973733] Re: no change rebuild to get security update out on riscv64
Ah - is it that the same version is now built and published in Groovy and we can't safely copy the binary backwards? If so, then my second question of why this isn't going in via focal-security still stands. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1973733 Title: no change rebuild to get security update out on riscv64 Status in cups package in Ubuntu: Fix Released Status in cups source package in Focal: In Progress Bug description: no change rebuild to get riscv64 build out [Impact] * riscv64 build of cups security update failed, and then succeeded in groovy. See https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.1 * it means that focal-updates & focal-security are lacking a security update of cups on riscv64 * do a no change rebuild of cups as an SRU to get updated cups package out on focal [Test Plan] * autopkgtests pass * riscv64 build is successful [Where problems could occur] * As usual, no change rebuilds of packages may introduce miss builds. [Other Info] * currently snap review tooling reports that cups has CVEs on riscv64 when one builds base:core20 snaps for riscv64. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1973733/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974018] [NEW] dmesg
You have been subscribed to a public bug: $ lsb_release -rd Description:Ubuntu 22.04 LTS Release:22.04 [ 29.170087] [ 29.170097] UBSAN: invalid-load in /build/linux-WD899k/linux-5.15.0/net/mac80211/status.c:1164:21 [ 29.170102] load of value 255 is not a valid value for type '_Bool' [ 29.170105] CPU: 3 PID: 549 Comm: in:imuxsock Tainted: P OE 5.15.0-30-generic #31-Ubuntu [ 29.170110] Hardware name: ASUSTeK COMPUTER INC. X550CL/X550CL, BIOS X550CL.204 10/17/2013 [ 29.170113] Call Trace: [ 29.170116] [ 29.170119] show_stack+0x52/0x58 [ 29.170128] dump_stack_lvl+0x4a/0x5f [ 29.170136] dump_stack+0x10/0x12 [ 29.170140] ubsan_epilogue+0x9/0x45 [ 29.170144] __ubsan_handle_load_invalid_value.cold+0x44/0x49 [ 29.170149] ieee80211_tx_status_ext.cold+0x4e/0x5f [mac80211] [ 29.170251] ieee80211_tx_status+0x72/0xa0 [mac80211] [ 29.170320] ath_txq_unlock_complete+0x12d/0x160 [ath9k] [ 29.170336] ath_tx_edma_tasklet+0xef/0x4c0 [ath9k] [ 29.170349] ? del_timer_sync+0x6c/0xb0 [ 29.170355] ath9k_tasklet+0x14e/0x290 [ath9k] [ 29.170367] tasklet_action_common.constprop.0+0xc0/0xf0 [ 29.170373] tasklet_action+0x22/0x30 [ 29.170378] __do_softirq+0xd9/0x2e3 [ 29.170385] irq_exit_rcu+0x8c/0xb0 [ 29.170389] common_interrupt+0x8a/0xa0 [ 29.170396] [ 29.170398] [ 29.170400] asm_common_interrupt+0x1e/0x40 [ 29.170404] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 29.170411] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 29.170414] RSP: 0018:ae00c0b83c10 EFLAGS: 0202 [ 29.170419] RAX: 7f4885d52298 RBX: ae00c0b83c40 RCX: 0007 [ 29.170422] RDX: RSI: 7f4885d52260 RDI: ae00c0b83c40 [ 29.170424] RBP: ae00c0b83c30 R08: R09: 9a32e177e418 [ 29.170427] R10: R11: R12: 0038 [ 29.170429] R13: ae00c0b83cd8 R14: ae00c0b83ce0 R15: 0040 [ 29.170434] ? _copy_from_user+0x2e/0x60 [ 29.170440] __copy_msghdr_from_user+0x3d/0x130 [ 29.170446] ___sys_recvmsg+0x68/0x110 [ 29.170450] ? check_preempt_curr+0x5d/0x70 [ 29.170455] ? ttwu_do_wakeup+0x1c/0x160 [ 29.170460] ? rseq_get_rseq_cs.isra.0+0x1b/0x220 [ 29.170466] ? ttwu_do_activate+0x72/0xf0 [ 29.170470] ? __fget_files+0x86/0xc0 [ 29.170476] ? __fget_light+0x32/0x80 [ 29.170481] __sys_recvmsg+0x5f/0xb0 [ 29.170485] ? switch_fpu_return+0x4e/0xc0 [ 29.170491] ? exit_to_user_mode_prepare+0x92/0xb0 [ 29.170496] ? syscall_exit_to_user_mode+0x27/0x50 [ 29.170501] __x64_sys_recvmsg+0x1d/0x20 [ 29.170505] do_syscall_64+0x5c/0xc0 [ 29.170510] ? __x64_sys_futex+0x78/0x1e0 [ 29.170515] ? exit_to_user_mode_prepare+0x37/0xb0 [ 29.170520] ? syscall_exit_to_user_mode+0x27/0x50 [ 29.170524] ? do_syscall_64+0x69/0xc0 [ 29.170528] ? do_syscall_64+0x69/0xc0 [ 29.170533] ? do_syscall_64+0x69/0xc0 [ 29.170537] ? do_syscall_64+0x69/0xc0 [ 29.170541] ? asm_common_interrupt+0x8/0x40 [ 29.170546] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 29.170550] RIP: 0033:0x7f48864179ef [ 29.170554] Code: 44 00 00 89 54 24 0c 48 89 34 24 89 7c 24 08 e8 97 90 f6 ff 8b 54 24 0c 48 8b 34 24 41 89 c0 8b 7c 24 08 b8 2f 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 4c 63 e0 44 89 c7 e8 de 90 f6 ff 48 83 c4 [ 29.170557] RSP: 002b:7f4885d52140 EFLAGS: 0293 ORIG_RAX: 002f [ 29.170561] RAX: ffda RBX: RCX: 7f48864179ef [ 29.170564] RDX: 0040 RSI: 7f4885d52260 RDI: 0003 [ 29.170566] RBP: R08: R09: 7f4878000bb0 [ 29.170568] R10: 7f4878002b50 R11: 0293 R12: 55d6ce037580 [ 29.170570] R13: 55d6cc64e4cc R14: 1fa0 R15: 7f4878000bb0 [ 29.170575] [ 29.170585] ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: xorg 1:7.7+23ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-30.31-generic 5.15.30 Uname: Linux 5.15.0-30-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.1 Architecture: amd64 CasperMD5CheckResult: unknown CompositorRunning: None Date: Wed May 18 13:36:06 2022 DistUpgraded: 2022-05-16 13:44:28,450 DEBUG /openCache(), new cache size 71860 DistroCodename: jammy DistroVariant: ubuntu DkmsStatus: nvidia/470.129.06, 5.15.0-30-generic, x86_64: installed virtualbox/6.1.32, 5.15.0-27-generic, x86_64: installed virtualbox/6.1.32, 5.15.0-30-generic, x86_64: installed ExtraDebuggingInterest: No GraphicsCard: Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] (rev 09) (prog-if 00 [VGA controller]) Subsystem:
[Touch-packages] [Bug 1940141] Please test proposed package
Hello Nicolas, or anyone else affected, Accepted openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.18 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1940141 Title: OpenSSL servers can send a non-empty status_request in a CertificateRequest Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Bug description: [Impact] openssl does not conform to RFC8446, Sec. 4.4.2.1., by sending a CertificateRequest message to the client with a non-empty status_request extension. This issue was fixed in openssl-1.1.1d and is included in Focal onward. Upstream issue is tracked at https://github.com/openssl/openssl/issues/9767 Upstream patch review at https://github.com/openssl/openssl/pull/9780 The issue leads to various client failures with TLS 1.3 as described in, e.g. https://github.com/golang/go/issues/35722 https://github.com/golang/go/issues/34040 [Test Plan] The issue can be reproduced by building with `enable-ssl-trace` and then running `s_server` like this: ``` openssl s_server -key key.pem -cert cert.pem -status_file test/recipes/ocsp-response.der -Verify 5 ``` And running `s_client` like this: ``` openssl s_client -status -trace -cert cert.pem -key key.pem ``` The output shows a `status_request` extension in the `CertificateRequest` as follows: Received Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 1591 Inner Content Type = Handshake (22) CertificateRequest, Length=1570 request_context (len=0): extensions, length = 1567 extension_type=status_request(5), length=1521 - 01 00 05 ed 30 82 05 e9-0a 01 00 a0 82 05 e2 0.. 000f - 30 82 05 de 06 09 2b 06-01 05 05 07 30 01 01 0.+.0.. 001e - 04 82 05 cf 30 82 05 cb-30 82 01 1a a1 81 86 0...0.. 002d - 30 81 83 31 0b 30 09 06-03 55 04 06 13 02 47 0..1.0...UG ...more lines omitted... If the `status_request` extension is present in a `CertificateRequest` then it must be empty according to RFC8446, Sec. 4.4.2.1. [Where problems could occur] The patch disables the `status_request` extension inside a `CertificateRequest`. Applications expecting the incorrect, non-empty reply for the `status_request` extension will break with this patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1940141] Re: OpenSSL servers can send a non-empty status_request in a CertificateRequest
Thank you to all involved in the discussion and analysis for carefully considering the regression risk there. Regardless of the final decision, I think the thoughtful consideration makes this an exemplary SRU. I confirmed that the new upload is simply a straightforward review on top of the security update, so Łukasz's SRU review and decision stands and I'm accepting this into bionic-proposed. ** Changed in: openssl (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1940141 Title: OpenSSL servers can send a non-empty status_request in a CertificateRequest Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Bug description: [Impact] openssl does not conform to RFC8446, Sec. 4.4.2.1., by sending a CertificateRequest message to the client with a non-empty status_request extension. This issue was fixed in openssl-1.1.1d and is included in Focal onward. Upstream issue is tracked at https://github.com/openssl/openssl/issues/9767 Upstream patch review at https://github.com/openssl/openssl/pull/9780 The issue leads to various client failures with TLS 1.3 as described in, e.g. https://github.com/golang/go/issues/35722 https://github.com/golang/go/issues/34040 [Test Plan] The issue can be reproduced by building with `enable-ssl-trace` and then running `s_server` like this: ``` openssl s_server -key key.pem -cert cert.pem -status_file test/recipes/ocsp-response.der -Verify 5 ``` And running `s_client` like this: ``` openssl s_client -status -trace -cert cert.pem -key key.pem ``` The output shows a `status_request` extension in the `CertificateRequest` as follows: Received Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 1591 Inner Content Type = Handshake (22) CertificateRequest, Length=1570 request_context (len=0): extensions, length = 1567 extension_type=status_request(5), length=1521 - 01 00 05 ed 30 82 05 e9-0a 01 00 a0 82 05 e2 0.. 000f - 30 82 05 de 06 09 2b 06-01 05 05 07 30 01 01 0.+.0.. 001e - 04 82 05 cf 30 82 05 cb-30 82 01 1a a1 81 86 0...0.. 002d - 30 81 83 31 0b 30 09 06-03 55 04 06 13 02 47 0..1.0...UG ...more lines omitted... If the `status_request` extension is present in a `CertificateRequest` then it must be empty according to RFC8446, Sec. 4.4.2.1. [Where problems could occur] The patch disables the `status_request` extension inside a `CertificateRequest`. Applications expecting the incorrect, non-empty reply for the `status_request` extension will break with this patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1940141/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
On Wed, May 18, 2022 at 07:42:04 -, Simon Chopin wrote: > I'm guessing there are some SSL certificates involved? If so, this issue Tinc uses openssl's implementations of specific alogorithms, but does not use either TLS or SSL certificates. (So I don't think the Tinc situation is covered by the existing OpenSSL 3.0 section of the Release Notes document.) The Xenial version of Tinc uses the Blowfish algorithm for the metadata connection, which openssl3 does move to the legacy provider -- but even though enabling the legacy provider on the Jammy node allows the connenction setup to get further along, it's not sufficient to get a working connection -- the libssl3 transition seems to have affected some other aspect of the connection as well... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973137] Re: ldap_do_free_request: Assertion `lr->lr_refcnt == 1' failed
** Changed in: openldap (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1973137 Title: ldap_do_free_request: Assertion `lr->lr_refcnt == 1' failed Status in openldap package in Ubuntu: Triaged Bug description: I dont know it is openldap related: Operation System: Ubuntu 22.04 Packages: sssd-ldap 2.6.3-1ubuntu3 libldap-2.5-0:amd64 2.5.11+dfsg-1~exp1ubuntu3 libldap-common2.5.11+dfsg-1~exp1ubuntu3 I have configured sssd to use LDAPS over HAPROXY. With the latest Debian Version and Ubuntu 20.04 i have no error. But with Ubuntu 22.04 i randomly cant login. Syslog show this error: May 12 06:57:55 ingress2 sssd[870590]: sssd_be: ../../../../libraries/libldap/request.c:970: ldap_do_free_request: Assertion `lr->lr_refcnt == 1' failed. If i configured SSSD to use directly our LDAP Server, its working. Regards Sebastian To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1973137/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973733] Re: no change rebuild to get security update out on riscv64
I'm not sure I follow. I see a retry button for the failed riscv64 build. Can't we just hit that? If there's some reason that won't work, then why is this not going through the security sponsorship queue? If we do it as an SRU, then it'll hit focal-updates only, and focal-security will be left behind. What's the plan for that? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1973733 Title: no change rebuild to get security update out on riscv64 Status in cups package in Ubuntu: Fix Released Status in cups source package in Focal: In Progress Bug description: no change rebuild to get riscv64 build out [Impact] * riscv64 build of cups security update failed, and then succeeded in groovy. See https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.1 * it means that focal-updates & focal-security are lacking a security update of cups on riscv64 * do a no change rebuild of cups as an SRU to get updated cups package out on focal [Test Plan] * autopkgtests pass * riscv64 build is successful [Where problems could occur] * As usual, no change rebuilds of packages may introduce miss builds. [Other Info] * currently snap review tooling reports that cups has CVEs on riscv64 when one builds base:core20 snaps for riscv64. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1973733/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1974015] [NEW] apt.Cache(rootdir='/') causes PermissionError
Public bug reported: The apport test case test_run_report_bug_kernel_thread fails in my schroot environment. My schroot environment has only one /etc/apt/sources.list.d/ubuntu.sources file and no /etc/apt/sources.list file. Running following test script as non-root will fail: !/usr/bin/python3 import apt apt.Cache(rootdir='/') $ ./test Traceback (most recent call last): File "./test", line 3, in apt.Cache(rootdir='/') File "/usr/lib/python3/dist-packages/apt/cache.py", line 143, in __init__ self._check_and_create_required_dirs(rootdir) File "/usr/lib/python3/dist-packages/apt/cache.py", line 186, in _check_and_create_required_dirs open(rootdir + f, "w").close() PermissionError: [Errno 13] Permission denied: '//etc/apt/sources.list' ** Affects: python-apt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-apt in Ubuntu. https://bugs.launchpad.net/bugs/1974015 Title: apt.Cache(rootdir='/') causes PermissionError Status in python-apt package in Ubuntu: New Bug description: The apport test case test_run_report_bug_kernel_thread fails in my schroot environment. My schroot environment has only one /etc/apt/sources.list.d/ubuntu.sources file and no /etc/apt/sources.list file. Running following test script as non-root will fail: !/usr/bin/python3 import apt apt.Cache(rootdir='/') $ ./test Traceback (most recent call last): File "./test", line 3, in apt.Cache(rootdir='/') File "/usr/lib/python3/dist-packages/apt/cache.py", line 143, in __init__ self._check_and_create_required_dirs(rootdir) File "/usr/lib/python3/dist-packages/apt/cache.py", line 186, in _check_and_create_required_dirs open(rootdir + f, "w").close() PermissionError: [Errno 13] Permission denied: '//etc/apt/sources.list' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1974015/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1888347] Re: blk-availability unmounts filesystems before applications have finished using them
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lvm2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/1888347 Title: blk-availability unmounts filesystems before applications have finished using them Status in lvm2 package in Ubuntu: Confirmed Bug description: This bug is similar to the following: Red Hat - https://bugzilla.redhat.com/show_bug.cgi?id=1701234#c2 Debian - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946882 The blk-availability service is short-cutting RequiresMountsFor= dependencies during system shutdown and unmounting filesystems before those services have stopped, resulting in data file corruption and/or data loss. This can be worked around by adding "After=blk-availability.service" to the unit file for the service in question, but this is not self- evident and shouldn't be necessary. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: lvm2 2.03.07-1ubuntu1 ProcVersionSignature: Ubuntu 5.4.0-40.44-generic 5.4.44 Uname: Linux 5.4.0-40-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.4 Architecture: amd64 CasperMD5CheckResult: skip Date: Tue Jul 21 16:37:17 2020 InstallationDate: Installed on 2014-05-01 (2272 days ago) InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2) SourcePackage: lvm2 UpgradeStatus: Upgraded to focal on 2020-05-05 (77 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1888347/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973344] Re: Converting PKCS#8 into PKCS#1 fails with openssl 3.0
Hi! You want to add -traditional to your openssl rsa command to get the previous behaviour: ❯ openssl rsa -in key.pem | grep BEGIN writing RSA key -BEGIN PRIVATE KEY- ❯ openssl rsa -in key.pem -traditional | grep BEGIN writing RSA key -BEGIN RSA PRIVATE KEY- ** Changed in: openssl (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1973344 Title: Converting PKCS#8 into PKCS#1 fails with openssl 3.0 Status in openssl package in Ubuntu: Invalid Bug description: On Ubuntu jammy with OpenSSL 3.0.2: $ openssl rsa -in rsakey.pkcs8 -out rsakey.pkcs1 writing RSA key $ grep -- "-BEGIN" rsakey.pkcs1 -BEGIN PRIVATE KEY- With OpenSSL 1.1.1o or 1.1.1l $ openssl rsa -in rsakey.pkcs8 -out rsakey.pkcs1 writing RSA key $ grep -- "-BEGIN" rsakey.pkcs1 -BEGIN RSA PRIVATE KEY- Unfortunately, we still need to be able to generate PKCS #1 private keys as mysqld (8.0.29-0ubuntu0.22.04.2) despite using libssl3 is still not capable of loading PKCS #8 private keys. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1973344/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1973889] [NEW] unattended-upgrades report should reference USNs
Public bug reported: I'm rolling out a headless webapp server which does *only* unattended security updates. There are, unfortunately, a lot of security updates, and my immediate reaction on receiving the notification emails is "libtiff5?? Seriously? Why do I care?". I then have to search each update individually to find out what the issue is/was. Wishlist, pretty please: can you cross-reference the relevant USN in the email? Even Microsoft does this (but not unattended, obviously). ** Affects: unattended-upgrades (Ubuntu) Importance: Undecided Status: New ** Tags: wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1973889 Title: unattended-upgrades report should reference USNs Status in unattended-upgrades package in Ubuntu: New Bug description: I'm rolling out a headless webapp server which does *only* unattended security updates. There are, unfortunately, a lot of security updates, and my immediate reaction on receiving the notification emails is "libtiff5?? Seriously? Why do I care?". I then have to search each update individually to find out what the issue is/was. Wishlist, pretty please: can you cross-reference the relevant USN in the email? Even Microsoft does this (but not unattended, obviously). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1973889/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1972790] Re: Can't connect to hotspot created on ubuntu
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: wpa (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1972790 Title: Can't connect to hotspot created on ubuntu Status in wpa package in Ubuntu: Confirmed Bug description: We currently have older systems (18.04) with hotspot's and we will migrate to 22.04. Anything work's fine, expect the hotspot. The Hotspot will be created and is visible in the WLAN-List, but if the security is set to "WPA & WPA2 Personal" we get the error message "Failed to connect to the network". If we change the Security to "WPA3 Personal" we get the error message "Invalid Password", even if the password is correct. As soon we remove the security (change it to "none"), we can connect with out any problems. We can reproduce it with a fresh installtion of the Ubuntu Server 22.04 and the following two commands: apt install network-manager nmcli c add type wifi ifname wlp3s0 con-name Hotspot autoconnect yes ssid test-ap 802-11-wireless.mode ap 802-11-wireless.band bg 802-11-wireless.mac-address "80:45:dd:f0:27:ba" wifi-sec.group ccmp wifi-sec.key-mgmt wpa-psk wifi-sec.pairwise ccmp wifi-sec.proto rsn wifi-sec.psk "test12345" ipv4.addresses 192.168.60.1/24 ipv4.method shared && nmcli connection up Hotspot We thought it could be similar to this issue: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267 Because if we test it with 20.04 it worked fine, because 20.04 uses the Version 2:2.9.0-21build1 as described in the Ticket. As @Sebastian Bacher suggested (https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267/comments/58), i created a own report. In the attachment is the requested log file. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: wpasupplicant 2:2.10-6 [modified: lib/systemd/system/wpa_supplicant.service] ProcVersionSignature: Ubuntu 5.15.0-25.25-generic 5.15.30 Uname: Linux 5.15.0-25-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass Date: Tue May 10 07:24:15 2022 InstallationDate: Installed on 2022-05-10 (0 days ago) InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: wpa UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1972790/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1972939] Re: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes
I'm guessing there are some SSL certificates involved? If so, this issue is mentioned in the release notes: certificates that use e.g. SHA1 as the digest algorithm should be re-issued by your provider with a stronger hash algorithm. Would you be able to check that it is the correct diagnostic? If you have a PEM file, you can see mentions of the hash algorithms in the "Signature Algorithm" fields when using the following command: openssl x509 -in cert.pem -noout -text -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1972939 Title: Jammy tinc incompatibile with older (e.g. Xenial) tinc nodes Status in Release Notes for Ubuntu: New Status in openssl package in Ubuntu: New Status in tinc package in Ubuntu: New Bug description: The tinc included in Jammy (1.0.36-2build1 linked with libssl3) cannot connect to tinc nodes running e.g. tinc from Xenial (1.0.26-1). (Tinc from Impish, which is also v1.0.36-2 but is linked to libssl1.1, can connect to these nodes without problems.) The symptom is a log message (on the system running Jammy) during the metadata channel negotiation (with debug level set to 5): Error during initialisation of cipher from tinc_xenial [...] error:0308010C:digital envelope routines::unsupported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1972939/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1907878] Re: wrong var declaration in if-up.d/resolved (nm-dispatcher[54417]: /etc/network/if-up.d/resolved: 12: mystatedir: not found)
This bug was fixed in the package ifupdown - 0.8.36+nmu1ubuntu4 --- ifupdown (0.8.36+nmu1ubuntu4) kinetic; urgency=medium * Remove invalid lines from resolved integration scripts (LP: #1907878) -- Heinrich Schuchardt Sun, 15 May 2022 15:35:51 +0200 ** Changed in: ifupdown (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ifupdown in Ubuntu. https://bugs.launchpad.net/bugs/1907878 Title: wrong var declaration in if-up.d/resolved (nm-dispatcher[54417]: /etc/network/if-up.d/resolved: 12: mystatedir: not found) Status in ifupdown package in Ubuntu: Fix Released Bug description: Syslog error: nm-dispatcher[...]: /etc/network/if-up.d/resolved: 12: mystatedir: not found I think it's because of this line: if systemctl is-enabled systemd-resolved > /dev/null 2>&1; then mystatedir statedir ifindex interface <- this is interpreted as a 'mystatedir' command and fails interface=$IFACE if [ ! "$interface" ]; then Perhaps the intention was to 'export mystatedir statedir ...' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1907878/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
