Re: [Touch-packages] [Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy

2023-11-24 Thread Nathan Stratton Treadway 
On Fri, Nov 24, 2023 at 05:39:24PM -, Jeremy Sowden wrote:
> On 2023-11-24, at 17:25:11 -, Nathan Stratton Treadway wrote:
> > On Fri, Nov 24, 2023 at 12:04:59PM -, Adrien Nader wrote:
> > > FWIW, there's just been another report of the same issue with a
> > > different scenario but that's half-way between the "streaming" case and
> > > the "data at rest" one.
> > 
> > Is this report you mention an LP bug?  I look through the bug list for
> > the OpenSSL package but didn't immediately see a bug that seemed related
> > to this.
> 
> I created this report a couple of days ago:
> 
>   https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2044391
> 
> J.

Ah, thanks, got it.  (I see now that it's not included in the
default listing for OpenSSL bugs that I was looking through since
it's already been marked as a duplicate.)


(Am I correct in understanding that if you didn't implement a fixed
version of Blowfish on your Jammy systems, your application
would also have the same trouble migrating from Jammy to the next
generation of Linux distribution that you chose in the future?)

In any case, it sounds like it could help your site, too, if
Ubuntu somehow provided an alternative legacy.so file with the
Blowfish fix already included, thus saving you from having to
maintain your own such package?

Nathan

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1990216

Title:
  backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL
  1.1 with blowfish in OFB or CFB modes" to Jammy

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Jammy:
  In Progress
Status in openssl source package in Lunar:
  Fix Released

Bug description:
  === SRU information ===
  [Meta]
  This bug was the fourth in a series of bugs for a single SRU.
  The "central" bug with the global information and debdiff is 
http://pad.lv/2033422

  [Impact]
  Decryption for Blowfish with OFB and CFB modes fails due to using a key 
shorter than expected by default.
  Encryption will also use a key shorter than expected.
  Exchange of encrypted data from/to Jammy using BF OFB/CFB will therefore lead 
to decryption issues.

  [Test plan]
  On Focal, run the following and copy the output to your clipboard

  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do  echo "Test with ${cipher}" 
| openssl enc -${cipher} -k test -pbkdf2 -out "pouet.${cipher}"; done
  tar c pouet.bf-* | xz | base64 -w 60

  You can also run this on Lunar or Mantic if you add "-provider legacy
  -provider default" to the "openssl enc" invocation.

  On Jammy, run the following and paste your clipboard

  base64 -d | xz -d | tar x
  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do openssl enc -d -provider 
legacy -provider default -${cipher} -k test -pbkdf2 -d -in "pouet.${cipher}"; 
done

  Only "Test with bf-cbc" and "Test with bf-ecb" will be properly
  decrypted: the other two will result in garbage on screen.

  Here is the result of the enc + tar + xz + base64 on Focal (works with
  Lunar/Mantic too but you need to added ):

  /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARBdADgbyxDlZ/1Xd7bAmZw7
  8pbqQTu5j8StVybo1p1B2ydBc5VcodF6fu0hEp801tvirgSFNMSAHk5HMN/w
  hCgU1BIr/nK51g3A3Lkdv7QNbaUw2ux1AmO/MpCLKLffCB9ElFZH4tuOS5AR
  m9CJMzi6LQOw9wytGKm2IK3Ph7WpU6JQ/3HJilffQwHbFLnukiWGpLNO5v0O
  D/4AJikrU9iemfChT0jXDbIRZ8a8VpVhJqu0u6eYOheVTqmSRiHHpIC/p1VA
  ecFb0mACF/TQhjxcMUWGSGO/mtof+VaLiyg0KB87GKlChfwXTEvgbNuP9hmu
  GL64VhX568Oy9EakSxlcXiIRk14kJKv0MdHQqY1R22wAACzqSr/nzpwqAAGs
  AoBQAACjzq5WscRn+wIABFla

  Here is the same but from Jammy if you want to test encryption on
  Jammy and decryption on Lunar/Mantic:

  /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARFdADgbyxDlZ/1Xd7bAmZw7
  8pbqQTu5j8StVybo1p1B2ydBc1zK4HR2g3CiLJet+R++nZy/gph6RscQ6hI3
  HySjdDOFRfjIVttiNK3DvRsZb37r8SXkj/JCYWicZGjWPZxVE3OAZhEed5qe
  jrFv871QAbm4jVGD4oIc4cOb5V/xDN7KWgwEzpWQy6+tcfPm3KLPQvULx56N
  2qQf60hP//p5EXS3RpCitUsrGUoYzTynjOUIRy2yCmgZDh62RmchUshyWePa
  k0nEYlDbl5/dSHXbWEWESqW+QDj136MZRwQRY+QC4MvLXg2Bo8H+Dl/xvNDF
  /5J4layZdFlh76lWOtFRVoIbX6JtpAP34g4zx1422GSNAABRzyqPdCqX
  1AABrQKAUAAABh3ynbHEZ/sCAARZWg==

  The contents are expected to be different due to the use of
  randomness. Don't try to compare the base64 outputs: I'm only using
  them to ease testing across containers.

  [Where problems could occur]
  This patch makes openssl match the documented default (see "man openssl-enc" 
and search for "Blowfish" for instance) and fixes decryption from an up-to-date 
Jammy to pretty much everything else, but it also create an issue for data 
encrypted on Jammy without this patch and Jammy with this patch.

  There are two possible cases: encrypted data being streamed across
  this boundary or data at rest being transferred

[Touch-packages] [Bug 2034986] Re: some text became unreadable during a distribution upgrade

2023-11-24 Thread Gunnar Hjalmarsson 
On 2023-11-24 21:06, BloodyIron wrote:
> For me removing "fonts-wine" "solved" the problem,

Well, it solved *your* problem, which we now know is of another nature
() than the issue with the ubuntu-
release-upgrader UI dealt with in this bug report.

** Bug watch added: Debian Bug tracker #883973
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883973

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2034986

Title:
  some text became unreadable during a distribution upgrade

Status in Cinnamon:
  New
Status in Ubuntu MATE:
  New
Status in ubuntu-meta package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader source package in Jammy:
  Fix Committed
Status in ubuntu-release-upgrader source package in Lunar:
  Fix Released
Status in ubuntu-meta source package in Mantic:
  Fix Released
Status in ubuntu-release-upgrader source package in Mantic:
  Fix Committed

Bug description:
  [ Impact ]

   * On Ubuntu Mate with the Lunar series, when running
     ubuntu-release-upgrader, the displayed font of running
     applications (including the upgrader) becomes very corrupted.

   * This is not just a display problem, it is also a functional one.
     The release upgrader will have text corrupted to the point
     where a dialog asks a decision, and displays two buttons, but the
     text is unreadable and one has to guess which button is the one
     that carries out their desired action.

   * In the early parts of the upgrader tool, users are told in bold:
     "To prevent data loss close all open applications and documents."
     This is just before the "Start Upgrade" button is available.
     But they may not do so.  Many applications may have a corrupted
     font.

   * To address this, an additional environment variable is being
     passed along to pkexec, XDG_CURRENT_DESKTOP, as this is the
     critical criteria for making the Mate version of the fix work.

   * Also in the change are
     * an update to tests
 * from pre-build.sh
       * an update of the mirrors.cfg, adding and removing several
 mirrors
       * a refresh of the po files

  [ Test Plan ]

   * acquire an Ubuntu Mate environment running Ubuntu Lunar on amd64

   * as user, run "update-manager -d"

   * monitor the "Distribution Upgrade" screen.  During the "Installing
     the upgrades" step (and mind that this step will be long), observe
     the text of the "Distribution Upgrade" screen and verify that the
     font does not corrupt.

   * Repeat the above for Ubuntu Desktop

  [ Where problems could occur ]

   * We are changing, at release time, ubuntu-release upgrader.  If we
     are careless, we could regress upgrades for a wider group of users
     than just Ubuntu Mate.  That said, it is believed that passing the
     additional XDG_CURRENT_DESKTOP variable is relatively low risk.

  [ Other Info ]

   * TBD

  ---

  Original description:

  I was upgrading from Lunar to Mantic the other day and left a couple
  of applications open during the upgrade process. During the upgrade
  the text in audacious became unreadable (I'll attach a screenshot) and
  I seem to recall the title bar of Firefox being unreadable but the
  contents of web pages still being readable.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: ubuntu-release-upgrader-core 1:23.10.5
  ProcVersionSignature: Ubuntu 6.5.0-4.4-generic 6.5.0
  Uname: Linux 6.5.0-4-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia zfs
  ApportVersion: 2.27.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CrashDB: ubuntu
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Sep  8 15:39:27 2023
  InstallationDate: Installed on 2018-08-10 (1855 days ago)
  InstallationMedia: Ubuntu-Server 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  PackageArchitecture: all
  SourcePackage: ubuntu-release-upgrader
  Symptom: ubuntu-release-upgrader
  UpgradeStatus: Upgraded to mantic on 2023-09-06 (2 days ago)
  VarLogDistupgradeAptclonesystemstate.tar.gz: Error: command ['pkexec', 'cat', 
'/var/log/dist-upgrade/apt-clone_system_state.tar.gz'] failed with exit code 
126: Error executing command as another user: Request dismissed
  VarLogDistupgradeTermlog:

  mtime.conffile..etc.update-manager.meta-release:
  2021-05-27T16:30:16.970490

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinnamon-project/+bug/2034986/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2034986] Re: some text became unreadable during a distribution upgrade

2023-11-24 Thread BloodyIron 
For me removing "fonts-wine" "solved" the problem, but I don't know if
this is a proper fix, or just a temporary work-around in my case.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2034986

Title:
  some text became unreadable during a distribution upgrade

Status in Cinnamon:
  New
Status in Ubuntu MATE:
  New
Status in ubuntu-meta package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader source package in Jammy:
  Fix Committed
Status in ubuntu-release-upgrader source package in Lunar:
  Fix Released
Status in ubuntu-meta source package in Mantic:
  Fix Released
Status in ubuntu-release-upgrader source package in Mantic:
  Fix Committed

Bug description:
  [ Impact ]

   * On Ubuntu Mate with the Lunar series, when running
     ubuntu-release-upgrader, the displayed font of running
     applications (including the upgrader) becomes very corrupted.

   * This is not just a display problem, it is also a functional one.
     The release upgrader will have text corrupted to the point
     where a dialog asks a decision, and displays two buttons, but the
     text is unreadable and one has to guess which button is the one
     that carries out their desired action.

   * In the early parts of the upgrader tool, users are told in bold:
     "To prevent data loss close all open applications and documents."
     This is just before the "Start Upgrade" button is available.
     But they may not do so.  Many applications may have a corrupted
     font.

   * To address this, an additional environment variable is being
     passed along to pkexec, XDG_CURRENT_DESKTOP, as this is the
     critical criteria for making the Mate version of the fix work.

   * Also in the change are
     * an update to tests
 * from pre-build.sh
       * an update of the mirrors.cfg, adding and removing several
 mirrors
       * a refresh of the po files

  [ Test Plan ]

   * acquire an Ubuntu Mate environment running Ubuntu Lunar on amd64

   * as user, run "update-manager -d"

   * monitor the "Distribution Upgrade" screen.  During the "Installing
     the upgrades" step (and mind that this step will be long), observe
     the text of the "Distribution Upgrade" screen and verify that the
     font does not corrupt.

   * Repeat the above for Ubuntu Desktop

  [ Where problems could occur ]

   * We are changing, at release time, ubuntu-release upgrader.  If we
     are careless, we could regress upgrades for a wider group of users
     than just Ubuntu Mate.  That said, it is believed that passing the
     additional XDG_CURRENT_DESKTOP variable is relatively low risk.

  [ Other Info ]

   * TBD

  ---

  Original description:

  I was upgrading from Lunar to Mantic the other day and left a couple
  of applications open during the upgrade process. During the upgrade
  the text in audacious became unreadable (I'll attach a screenshot) and
  I seem to recall the title bar of Firefox being unreadable but the
  contents of web pages still being readable.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: ubuntu-release-upgrader-core 1:23.10.5
  ProcVersionSignature: Ubuntu 6.5.0-4.4-generic 6.5.0
  Uname: Linux 6.5.0-4-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia zfs
  ApportVersion: 2.27.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CrashDB: ubuntu
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Sep  8 15:39:27 2023
  InstallationDate: Installed on 2018-08-10 (1855 days ago)
  InstallationMedia: Ubuntu-Server 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  PackageArchitecture: all
  SourcePackage: ubuntu-release-upgrader
  Symptom: ubuntu-release-upgrader
  UpgradeStatus: Upgraded to mantic on 2023-09-06 (2 days ago)
  VarLogDistupgradeAptclonesystemstate.tar.gz: Error: command ['pkexec', 'cat', 
'/var/log/dist-upgrade/apt-clone_system_state.tar.gz'] failed with exit code 
126: Error executing command as another user: Request dismissed
  VarLogDistupgradeTermlog:

  mtime.conffile..etc.update-manager.meta-release:
  2021-05-27T16:30:16.970490

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinnamon-project/+bug/2034986/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2023545] Re: [UBUNTU 22.04] openssl with ibmca engine configured dumps core when creating a new certificate

2023-11-24 Thread Frank Heimes 
Excuse me for chiming in so late, but we can test (and even recreate)
the situation by ourselves on our system (and we have systems with
attached crypto hw to it).

I just tried it on a jammy z/VM guest:

$ lszcrypt -V
CARD.DOM TYPE  MODESTATUS REQUESTS  PENDING HWTYPE QDEPTH FUNCTIONS 
 DRIVER 

02   CEX5C CCA-Coproc  online10 11 08 S--D--N-- 
 cex4card   
02.0011  CEX5C CCA-Coproc  online10 11 08 S--D--N-- 
 cex4queue  
$ sudo apt-get install libica-utils libica? openssl-ibmca
$ sudo cp /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample 
/etc/ssl/openssl.cnf
$ openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
$ openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem 
-keyout __key.pem --subj '/CN=US'
..+++...+*.++...+.++.+..+..+*...+..+..+...+...++.+..++...+...+..+..+.+
...+..+.+.+*...+..+...++...+...++.+.+...+...+...+*+...+.+..++...+..+..+...+..+.+..+.+.+...++.+.+..+.+...+..+.+.++...+.++..+.+...+...+..+.+...++...+++.+.+..+..+...+..+.+.+.+.+.+..+..++...+..+...+...+..+++..+.+..+.+...+.+.+.+.+.+.+.+.+.+.+++..+..+..+..+.+..+...+..+..++.+..+..+..+...+.+.+...+...+.+.+..+...+..+..+.+
-
Segmentation fault (core dumped)
$

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2023545

Title:
  [UBUNTU 22.04] openssl with ibmca engine configured dumps core when
  creating a new certificate

Status in Ubuntu on IBM z Systems:
  In Progress
Status in openssl package in Ubuntu:
  In Progress
Status in openssl source package in Jammy:
  In Progress
Status in openssl source package in Lunar:
  Fix Released

Bug description:
  === SRU information ===
  [Meta]
  This bug is part of a series of three bugs for a single SRU.
  The "central" bug with the global information and debdiff is 
http://pad.lv/2033422

  [Impact]
  Openssl using an engine dumps core upon certificate creation; other 
operations are probably affected too. Overall, engines are likely mostly 
unusable.

  [Test plan]
  An engine is needed to test the fix and I don't think we have many in the 
archive. This complicates reproducing the issue. I have been relying on user 
reports which have been very detailled and helpful.
  The issue has also been reported independently and with another engine 
(devcrypto).
  The issue is fixed in openssl 3.0.8 which landed in lunar.

  [Where problems could occur]
  I don't pretend to understand the lifecycle of providers in openssl3 but the 
patch is simple and has been widely tested by now, including on ubuntu. Thus, I 
see little chance an unexpected problem would occur with it.

  [Patches]
  The patches come directly from upstream and apply cleanly.

  https://github.com/openssl/openssl/issues/18578

  *
  
https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-
  sru-0001-Release-the-drbg-in-the-global-default-context-
  befor.patch?h=jammy-sru=04ef023920ab08fba214817523fba897527dfff0

  === Original description ===

  openssl req -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem
  -keyout __key.pem --subj '/CN=US'

  ---Problem Description---
  OpenSSL with ibmca engine configured dumps core when creating a new 
certificate.

  # openssl engine
  (dynamic) Dynamic engine loading support
  (ibmca) Ibmca hardware engine support
  # openssl req  -new -newkey rsa:2048 -x509 -sha256 -nodes -out __cert.pem 
-keyout __key.pem --subj '/CN=US'
  Segmentation fault (core dumped)

  # journalctl
  Jun 07 13:06:08 SYSTEM kernel: User process fault: interruption code 003b 
ilc:2 in libc.so.6[3ffae08+1ca000]
  Jun 07 13:06:08 SYSTEM kernel: Failing address:  TEID: 
0800
  Jun 07 13:06:08 SYSTEM kernel: Fault in

Re: [Touch-packages] [Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy

2023-11-24 Thread Jeremy Sowden 
On 2023-11-24, at 17:25:11 -, Nathan Stratton Treadway wrote:
> On Fri, Nov 24, 2023 at 12:04:59PM -, Adrien Nader wrote:
> > FWIW, there's just been another report of the same issue with a
> > different scenario but that's half-way between the "streaming" case and
> > the "data at rest" one.
> 
> Is this report you mention an LP bug?  I look through the bug list for
> the OpenSSL package but didn't immediately see a bug that seemed related
> to this.

I created this report a couple of days ago:

  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2044391

J.

> > The reason this fix is difficult to integrate in a stable release is
> > because while we know we would introduce breakage, we do not and cannot
> 
> Yes, understood.
> 
> > I see two ways to improve this, tinc side. 
> > 
> > 1) Switch to another cipher. Blowfish uses a 64-bit block size which is
> > small and limits how much data can be safely encrypted with the same key
> > (
> > https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
> > ). I guess this requires cooperation from the server which you might not
> > control but it is the best long-term solution (and would also help
> [...]
> > 2) Modify tinc because there's apparently a portable work-around as I've
> 
> Blowfish is only needed for backward compatibility with now-obsolete
> versions of Tinc, so I don't think making changes on the Tinc side is
> feasible/helpful.  (More-recent versions of Tinc have switched to using
> a newer algorythm.)
> 
> What would be helpful from a Tinc-network-administrator standpoint is
> some easier way to install a fixed version of the libssl3 legacy.so
> file, though I am not sure what the best way to get there would be.  
> 
> (I would imagine having such an option could also be helpful to any
> users who have custom applications affected by this Blowfish bug as they
> prepare to upgrade from Jammy to later releases of Ubuntu.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1990216

Title:
  backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL
  1.1 with blowfish in OFB or CFB modes" to Jammy

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Jammy:
  In Progress
Status in openssl source package in Lunar:
  Fix Released

Bug description:
  === SRU information ===
  [Meta]
  This bug was the fourth in a series of bugs for a single SRU.
  The "central" bug with the global information and debdiff is 
http://pad.lv/2033422

  [Impact]
  Decryption for Blowfish with OFB and CFB modes fails due to using a key 
shorter than expected by default.
  Encryption will also use a key shorter than expected.
  Exchange of encrypted data from/to Jammy using BF OFB/CFB will therefore lead 
to decryption issues.

  [Test plan]
  On Focal, run the following and copy the output to your clipboard

  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do  echo "Test with ${cipher}" 
| openssl enc -${cipher} -k test -pbkdf2 -out "pouet.${cipher}"; done
  tar c pouet.bf-* | xz | base64 -w 60

  You can also run this on Lunar or Mantic if you add "-provider legacy
  -provider default" to the "openssl enc" invocation.

  On Jammy, run the following and paste your clipboard

  base64 -d | xz -d | tar x
  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do openssl enc -d -provider 
legacy -provider default -${cipher} -k test -pbkdf2 -d -in "pouet.${cipher}"; 
done

  Only "Test with bf-cbc" and "Test with bf-ecb" will be properly
  decrypted: the other two will result in garbage on screen.

  Here is the result of the enc + tar + xz + base64 on Focal (works with
  Lunar/Mantic too but you need to added ):

  /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARBdADgbyxDlZ/1Xd7bAmZw7
  8pbqQTu5j8StVybo1p1B2ydBc5VcodF6fu0hEp801tvirgSFNMSAHk5HMN/w
  hCgU1BIr/nK51g3A3Lkdv7QNbaUw2ux1AmO/MpCLKLffCB9ElFZH4tuOS5AR
  m9CJMzi6LQOw9wytGKm2IK3Ph7WpU6JQ/3HJilffQwHbFLnukiWGpLNO5v0O
  D/4AJikrU9iemfChT0jXDbIRZ8a8VpVhJqu0u6eYOheVTqmSRiHHpIC/p1VA
  ecFb0mACF/TQhjxcMUWGSGO/mtof+VaLiyg0KB87GKlChfwXTEvgbNuP9hmu
  GL64VhX568Oy9EakSxlcXiIRk14kJKv0MdHQqY1R22wAACzqSr/nzpwqAAGs
  AoBQAACjzq5WscRn+wIABFla

  Here is the same but from Jammy if you want to test encryption on
  Jammy and decryption on Lunar/Mantic:

  /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARFdADgbyxDlZ/1Xd7bAmZw7
  8pbqQTu5j8StVybo1p1B2ydBc1zK4HR2g3CiLJet+R++nZy/gph6RscQ6hI3
  HySjdDOFRfjIVttiNK3DvRsZb37r8SXkj/JCYWicZGjWPZxVE3OAZhEed5qe
  jrFv871QAbm4jVGD4oIc4cOb5V/xDN7KWgwEzpWQy6+tcfPm3KLPQvULx56N
  2qQf60hP//p5EXS3RpCitUsrGUoYzTynjOUIRy2yCmgZDh62RmchUshyWePa
  k0nEYlDbl5/dSHXbWEWESqW+QDj136MZRwQRY+QC4MvLXg2Bo8H+Dl/xvNDF
  /5J4layZdFlh76lWOtFRVoIbX6JtpAP34g4zx1422GSNAABRzyqPdCqX
  1AABrQKAUAAABh3ynbHEZ/sCAARZWg==

  The contents are expected to be different due to the use of

[Touch-packages] [Bug 2037906] Re: [Intel AX201] Bluetooth LE not working after upgrade from 22.04 to 23.10

2023-11-24 Thread Grzegorz - Thulium 
- played with linux-image-6.5.0-1003-intel-opt -bluetooth stopped working at all
- installed linux 6.5.0-13-generic
- installed linux-modules-extra-6.5.0-13-generic
- after reboot everything was fixed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/2037906

Title:
  [Intel AX201] Bluetooth LE not working after upgrade from 22.04 to
  23.10

Status in Linux Firmware:
  New
Status in bluez package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Confirmed

Bug description:
  syslog:
  2023-09-20T09:32:54.138852+02:00 zaionc kernel: [   13.539860] Bluetooth: 
hci0: Waiting for firmware download to complete
  2023-09-20T09:32:54.138857+02:00 zaionc kernel: [   13.540223] Bluetooth: 
hci0: Firmware loaded in 1706498 usecs
  2023-09-20T09:32:54.138858+02:00 zaionc kernel: [   13.540278] Bluetooth: 
hci0: Waiting for device to boot
  2023-09-20T09:32:54.154894+02:00 zaionc kernel: [   13.555430] Bluetooth: 
hci0: Malformed MSFT vendor event: 0x02
  2023-09-20T09:32:54.154908+02:00 zaionc kernel: [   13.555482] Bluetooth: 
hci0: Device booted in 14872 usecs
  2023-09-20T09:32:54.154910+02:00 zaionc kernel: [   13.555913] Bluetooth: 
hci0: Found Intel DDC parameters: intel/ibt-19-0-4.ddc
  2023-09-20T09:32:54.158856+02:00 zaionc kernel: [   13.558300] Bluetooth: 
hci0: Applying Intel DDC parameters completed
  2023-09-20T09:32:54.158859+02:00 zaionc kernel: [   13.559326] Bluetooth: 
hci0: Firmware revision 0.4 build 249 week 27 2023

  lshw:
    *-usb:5
     description: Bluetooth wireless interface
     product: AX201 Bluetooth
     vendor: Intel Corp.
     physical id: a
     bus info: usb@3:a
     version: 0.02
     capabilities: bluetooth usb-2.01
     configuration: driver=btusb maxpower=100mA speed=12Mbit/s

  root@zaionc:~# hcitool lescan
  Set scan parameters failed: Input/output error

  At first bluetooth stopped working at all due to Ubuntu bug = missing
  firmware. It was fixed recently and now the bluetooth module seems
  fine, but the whole BTLE part is not available. Particularly I cannot
  detect/pair Logitech M720 mouse.

  Platform: ThinkPad T14 Gen 2i
  --- 
  ProblemType: Bug
  ApportVersion: 2.27.0-0ubuntu4
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  DistroRelease: Ubuntu 23.10
  InstallationDate: Installed on 2022-05-28 (494 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220419)
  InterestingModules: rfcomm bnep btusb bluetooth
  MachineType: {report['dmi.sys.vendor']} {report['dmi.product.name']}
  Package: linux
  PackageArchitecture: amd64
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-6.5.0-5-generic 
root=UUID=d0002130-adf6-4f18-93b1-fda536d8b499 ro quiet splash vt.handoff=7
  ProcVersionSignature: Ubuntu 6.5.0-5.5-generic 6.5.0
  RebootRequiredPkgs: Error: path contained symlinks.
  Tags: mantic
  Uname: Linux 6.5.0-5-generic x86_64
  UpgradeStatus: Upgraded to mantic on 2023-09-03 (30 days ago)
  UserGroups: adm cdrom dialout dip docker lpadmin lxd plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 05/10/2023
  dmi.bios.release: 1.56
  dmi.bios.vendor: LENOVO
  dmi.bios.version: N34ET56W (1.56 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20W000AMPB
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40697 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.ec.firmware.release: 1.42
  dmi.modalias: 
dmi:bvnLENOVO:bvrN34ET56W(1.56):bd05/10/2023:br1.56:efr1.42:svnLENOVO:pn20W000AMPB:pvrThinkPadT14Gen2i:rvnLENOVO:rn20W000AMPB:rvrSDK0J40697WIN:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20W0_BU_Think_FM_ThinkPadT14Gen2i:
  dmi.product.family: ThinkPad T14 Gen 2i
  dmi.product.name: 20W000AMPB
  dmi.product.sku: LENOVO_MT_20W0_BU_Think_FM_ThinkPad T14 Gen 2i
  dmi.product.version: ThinkPad T14 Gen 2i
  dmi.sys.vendor: LENOVO
  hciconfig:
   hci0:Type: Primary  Bus: USB
BD Address: A0:E7:0B:23:70:E8  ACL MTU: 1021:4  SCO MTU: 96:6
UP RUNNING 
RX bytes:22183 acl:0 sco:0 events:3531 errors:0
TX bytes:821193 acl:0 sco:0 commands:3510 errors:0

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux-firmware/+bug/2037906/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Re: [Touch-packages] [Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy

2023-11-24 Thread Nathan Stratton Treadway 
On Fri, Nov 24, 2023 at 12:04:59PM -, Adrien Nader wrote:
> FWIW, there's just been another report of the same issue with a
> different scenario but that's half-way between the "streaming" case and
> the "data at rest" one.

Is this report you mention an LP bug?  I look through the bug list for
the OpenSSL package but didn't immediately see a bug that seemed related
to this.


> The reason this fix is difficult to integrate in a stable release is
> because while we know we would introduce breakage, we do not and cannot

Yes, understood.

> I see two ways to improve this, tinc side. 
> 
> 1) Switch to another cipher. Blowfish uses a 64-bit block size which is
> small and limits how much data can be safely encrypted with the same key
> (
> https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
> ). I guess this requires cooperation from the server which you might not
> control but it is the best long-term solution (and would also help
[...]
> 2) Modify tinc because there's apparently a portable work-around as I've

Blowfish is only needed for backward compatibility with now-obsolete
versions of Tinc, so I don't think making changes on the Tinc side is
feasible/helpful.  (More-recent versions of Tinc have switched to using
a newer algorythm.)

What would be helpful from a Tinc-network-administrator standpoint is
some easier way to install a fixed version of the libssl3 legacy.so
file, though I am not sure what the best way to get there would be.  

(I would imagine having such an option could also be helpful to any
users who have custom applications affected by this Blowfish bug as they
prepare to upgrade from Jammy to later releases of Ubuntu.)

Nathan

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1990216

Title:
  backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL
  1.1 with blowfish in OFB or CFB modes" to Jammy

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Jammy:
  In Progress
Status in openssl source package in Lunar:
  Fix Released

Bug description:
  === SRU information ===
  [Meta]
  This bug was the fourth in a series of bugs for a single SRU.
  The "central" bug with the global information and debdiff is 
http://pad.lv/2033422

  [Impact]
  Decryption for Blowfish with OFB and CFB modes fails due to using a key 
shorter than expected by default.
  Encryption will also use a key shorter than expected.
  Exchange of encrypted data from/to Jammy using BF OFB/CFB will therefore lead 
to decryption issues.

  [Test plan]
  On Focal, run the following and copy the output to your clipboard

  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do  echo "Test with ${cipher}" 
| openssl enc -${cipher} -k test -pbkdf2 -out "pouet.${cipher}"; done
  tar c pouet.bf-* | xz | base64 -w 60

  You can also run this on Lunar or Mantic if you add "-provider legacy
  -provider default" to the "openssl enc" invocation.

  On Jammy, run the following and paste your clipboard

  base64 -d | xz -d | tar x
  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do openssl enc -d -provider 
legacy -provider default -${cipher} -k test -pbkdf2 -d -in "pouet.${cipher}"; 
done

  Only "Test with bf-cbc" and "Test with bf-ecb" will be properly
  decrypted: the other two will result in garbage on screen.

  Here is the result of the enc + tar + xz + base64 on Focal (works with
  Lunar/Mantic too but you need to added ):

  /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARBdADgbyxDlZ/1Xd7bAmZw7
  8pbqQTu5j8StVybo1p1B2ydBc5VcodF6fu0hEp801tvirgSFNMSAHk5HMN/w
  hCgU1BIr/nK51g3A3Lkdv7QNbaUw2ux1AmO/MpCLKLffCB9ElFZH4tuOS5AR
  m9CJMzi6LQOw9wytGKm2IK3Ph7WpU6JQ/3HJilffQwHbFLnukiWGpLNO5v0O
  D/4AJikrU9iemfChT0jXDbIRZ8a8VpVhJqu0u6eYOheVTqmSRiHHpIC/p1VA
  ecFb0mACF/TQhjxcMUWGSGO/mtof+VaLiyg0KB87GKlChfwXTEvgbNuP9hmu
  GL64VhX568Oy9EakSxlcXiIRk14kJKv0MdHQqY1R22wAACzqSr/nzpwqAAGs
  AoBQAACjzq5WscRn+wIABFla

  Here is the same but from Jammy if you want to test encryption on
  Jammy and decryption on Lunar/Mantic:

  /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARFdADgbyxDlZ/1Xd7bAmZw7
  8pbqQTu5j8StVybo1p1B2ydBc1zK4HR2g3CiLJet+R++nZy/gph6RscQ6hI3
  HySjdDOFRfjIVttiNK3DvRsZb37r8SXkj/JCYWicZGjWPZxVE3OAZhEed5qe
  jrFv871QAbm4jVGD4oIc4cOb5V/xDN7KWgwEzpWQy6+tcfPm3KLPQvULx56N
  2qQf60hP//p5EXS3RpCitUsrGUoYzTynjOUIRy2yCmgZDh62RmchUshyWePa
  k0nEYlDbl5/dSHXbWEWESqW+QDj136MZRwQRY+QC4MvLXg2Bo8H+Dl/xvNDF
  /5J4layZdFlh76lWOtFRVoIbX6JtpAP34g4zx1422GSNAABRzyqPdCqX
  1AABrQKAUAAABh3ynbHEZ/sCAARZWg==

  The contents are expected to be different due to the use of
  randomness. Don't try to compare the base64 outputs: I'm only using
  them to ease testing across containers.

  [Where problems could occur]
  This patch makes openssl match the

[Touch-packages] [Bug 2044540] Re: Screen bugs on any GUI apps

2023-11-24 Thread George Masmeyer 
Screenshot of screen bugs. Running via WSL.

** Attachment added: "Screenshot 2023-11-25 003335.png"
   
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2044540/+attachment/5723056/+files/Screenshot%202023-11-25%20003335.png

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/2044540

Title:
  Screen bugs on any GUI apps

Status in xorg package in Ubuntu:
  New

Bug description:
  13th Gen Intel integrated graphics. Screen bugson anything using a
  GUI. Can come and go if the window is moved around or when clicking.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg (not installed)
  Uname: Linux 5.15.133.1-microsoft-standard-WSL2 x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Sat Nov 25 00:36:45 2023
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2044540/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2044540] [NEW] Screen bugs on any GUI apps

2023-11-24 Thread George Masmeyer 
Public bug reported:

13th Gen Intel integrated graphics. Screen bugson anything using a GUI.
Can come and go if the window is moved around or when clicking.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: xorg (not installed)
Uname: Linux 5.15.133.1-microsoft-standard-WSL2 x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Sat Nov 25 00:36:45 2023
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: xorg
Symptom: display
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: xorg (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug corruption jammy wayland-session

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to xorg in Ubuntu.
https://bugs.launchpad.net/bugs/2044540

Title:
  Screen bugs on any GUI apps

Status in xorg package in Ubuntu:
  New

Bug description:
  13th Gen Intel integrated graphics. Screen bugson anything using a
  GUI. Can come and go if the window is moved around or when clicking.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: xorg (not installed)
  Uname: Linux 5.15.133.1-microsoft-standard-WSL2 x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Sat Nov 25 00:36:45 2023
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: xorg
  Symptom: display
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/2044540/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy

2023-11-24 Thread Adrien Nader 
Apologies for not answering earlier; I wasn't available when I first saw
your message.

FWIW, there's just been another report of the same issue with a
different scenario but that's half-way between the "streaming" case and
the "data at rest" one.

The reason this fix is difficult to integrate in a stable release is
because while we know we would introduce breakage, we do not and cannot
know how much. Imagine even 100 Jammy machines which can talk together
today; that's quite expected because they're on the same release. This
change would break that unless every machine is upgraded at once which
is not the case by default due to phasing of updates (and we want to
phase openssl updates slowly because it's a very central component).

While I really sympathetize with your issue, this is the stance of the
Ubuntu project. Both including the fix and not including the fix are
problematic unfortunately.

One additional reason to not include the fix is that we're now close to
Ubuntu 24.04. I realize you've reported this over a year ago but
analysis, preparing a new verion, and the SRU process all take time.
This is especially true for openssl which is central and which updates
have caused issues several times.

Ultimately I'd like to be able to keep Ubuntu releases updated with the
latest openssl versions (no jump from 3.x to 3.x+1 though, merely 3.x.y
to 3.x.y+1). This is not done at the moment because incompatibilities
and issues in openssl are often found late but are also very painful. In
order to do these, I will have to apply the same analysis and criteria
to every change in the openssl releases to ensure package upgrades are
safe and uneventful. Had this been in place for 22.04, this change would
likely have been integrated when it was released in June because that
was very close to the initial 22.04 release. If we want this to happen,
we need to draw the line somewhere and stick to it. Unfortunately this
change is on the other side of the line

That's not to say that we cannot do anything for tinc or for others
affected packages but rather that it won't be done in openssl.

I see two ways to improve this, tinc side.

1) Switch to another cipher. Blowfish uses a 64-bit block size which is
small and limits how much data can be safely encrypted with the same key
(
https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors
). I guess this requires cooperation from the server which you might not
control but it is the best long-term solution (and would also help
performance because computing a MAC on top of BF is surprisingly
expensive, and re-keying every n GB stalls data transfers and incurs a
spike in latency).

2) Modify tinc because there's apparently a portable work-around as I've
mentioned in
https://github.com/gsliepen/tinc/issues/414#issuecomment-1741038601 . I
think there's more context on the github openssl bug tracker. My time is
scarce until the end of the year but I will gladly help with the
packaging if needed. I don't know if it could be uploaded because there
would be the same compatibility concern, this time with servers on
22.04. A PPA might be more appropriate and not too inconvenient since
tinc development has stalled while openssl gets security updates every
few months. It might also be possible to add a new ciphername/option
just for that but I don't know how much work that would be without
looking at tinc's code. Let me know if you are able to spend some time
on this.

By the way, even though a change in the C code just for tinc seems
annoying, the knowledge gained could be used for other packaes and
workloads too.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1990216

Title:
  backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL
  1.1 with blowfish in OFB or CFB modes" to Jammy

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Jammy:
  In Progress
Status in openssl source package in Lunar:
  Fix Released

Bug description:
  === SRU information ===
  [Meta]
  This bug was the fourth in a series of bugs for a single SRU.
  The "central" bug with the global information and debdiff is 
http://pad.lv/2033422

  [Impact]
  Decryption for Blowfish with OFB and CFB modes fails due to using a key 
shorter than expected by default.
  Encryption will also use a key shorter than expected.
  Exchange of encrypted data from/to Jammy using BF OFB/CFB will therefore lead 
to decryption issues.

  [Test plan]
  On Focal, run the following and copy the output to your clipboard

  for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do  echo "Test with ${cipher}" 
| openssl enc -${cipher} -k test -pbkdf2 -out "pouet.${cipher}"; done
  tar c pouet.bf-* | xz | base64 -w 60

  You can also run this on Lunar or Mantic if you add "-provider legacy
  -provider default" to the "openssl enc" invocation.

  On Jammy, run the

[Touch-packages] [Bug 2037569] Re: udev issues with mantic beta

2023-11-24 Thread bugproxy 
** Tags removed: targetmilestone-inin---
** Tags added: targetmilestone-inin2310

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2037569

Title:
  udev issues with mantic beta

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in libblockdev package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  Invalid
Status in udisks2 package in Ubuntu:
  Fix Released

Bug description:
  While installing mantic beta (on s390x, LPAR and z/VM - but this might not be 
architecture specific) I faced issues with udev.
  In my installation I've updated the installer to "edge/lp-2009141" (subiquity 
 22.02.2+git1762.1b1ee6f4  5164).

  During my installations I first noticed bad response times in case of
  dealing with devices (like enabling new devices with chzdev). chzdev
  is used during the installation, hence the installation procedure is
  also affected by this. (I mainly notice this issue in case of DASD
  ECKD disk enablements.)

  But even after after a successful (but due to this issue less snappier) 
installation, means after the post-install reboot, in the installed system I 
can find several udev related processes, like:
69448 root  20   0   31280  11944   2560 S  39.2   0.0   2:51.67 
(udev-worker)
  509 root  20   0   31276  13812   4600 S  20.6   0.0   2:07.76 
systemd-udevd
  893 root  20   0  469016  13544  10496 R  17.3   0.0   1:43.53 
udisksd  
1 root  20   0  168664  12748   8396 S  16.3   0.0   1:40.47 
systemd  
  which is not only unusual, but (as one can see) they consume quite some 
resources.
  Even the remote ssh into that system is impacted by this high load.

  So far I only see this in mantic.
  I tried 20.04.3 as well as lunar, but both do not seem to be affected by this 
udev problem.
  I neither face the bad response on device enablement, nor can see any udev 
related processes still running after post-install-reboot in the installed 
system.

  (Sometimes I could also see a growing log file 'syslog').

  I cannot say yet what is causing this, but since I see 'systemd-udevd'
  as prominent process in top, I'll first of all mark this as affecting
  systemd-udevd (or systemd).

  I've attached the outcome of some more investigations I did ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2037569/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2044391] Re: Blowfish decryption failure because of incorrect key length

2023-11-24 Thread Adrien Nader 
*** This bug is a duplicate of bug 1990216 ***
https://bugs.launchpad.net/bugs/1990216

** This bug has been marked a duplicate of bug 1990216
   backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 
with blowfish in OFB or CFB modes" to Jammy

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2044391

Title:
  Blowfish decryption failure because of incorrect key length

Status in openssl package in Ubuntu:
  New

Bug description:
  The version of OpenSSL in Jammy (3.0.2) is affected by this issue:
  https://github.com/openssl/openssl/issues/18359.  The upshot is that
  ciphertext created in Jammy cannot be decrypted by unaffected versions
  of OpenSSL and vice versa.  For example, here we encrypt a plaintext
  in Jammy:

  $ cat plaintext.txt 
  The quick brown fox jumps over the lazy dog
  $ openssl enc -provider legacy -bf-cfb -e -in plaintext.txt -out 
ciphertext.asc -a -K d5cca2db098c2ea2 -iv da5638ace83dcde1
  $ cat ciphertext.asc 
  tBL52uAegjMw+DQLL1ipaXQjDnX0KK72QyqMxU1MbuSIfchivPj/JOGWUOU=
  $ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K 
d5cca2db098c2ea2 -iv da5638ace83dcde1
  The quick brown fox jumps over the lazy dog

  If we then try to decrypt it in Debian Sid, we get:

  $ openssl enc -provider legacy -bf-cfb -d -in ciphertext.asc -a -K 
d5cca2db098c2ea2 -iv da5638ace83dcde1
  hex string is too short, padding with zero bytes to length
  �;S��\h<�Vɦyʄ(�g`Hrm^�[��u  �"f�S�-9�u

  This has been fixed upstream here:
  
https://github.com/openssl/openssl/commit/1b8ef23e68b273bb5e59f60df62251153f24768d

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2044391/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2044506] Re: issues on armhf with -fstack-clash-protection

2023-11-24 Thread Mate Kukri 
We were seeing various autopkgtest failures related to the packages
above.

Mostly stemming from the fact that valgrind throws errors when running
binaries compiled with the -fstack-clash-protection option.

There are earlier reports of this at:
https://bugzilla.redhat.com/show_bug.cgi?id=1522678

** Also affects: libxml2 (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: libarchive (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: gnutls28 (Ubuntu)
   Importance: Undecided
   Status: New

** Bug watch added: Red Hat Bugzilla #1522678
   https://bugzilla.redhat.com/show_bug.cgi?id=1522678

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libarchive in Ubuntu.
https://bugs.launchpad.net/bugs/2044506

Title:
  issues on armhf with -fstack-clash-protection

Status in gnutls28 package in Ubuntu:
  New
Status in libarchive package in Ubuntu:
  New
Status in libselinux package in Ubuntu:
  New
Status in libxml2 package in Ubuntu:
  New

Bug description:
  TBD

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/2044506/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2044506] [NEW] issues on armhf with -fstack-clash-protection

2023-11-24 Thread Matthias Klose 
Public bug reported:

TBD

** Affects: gnutls28 (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: libarchive (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: libselinux (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: libxml2 (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libselinux in Ubuntu.
https://bugs.launchpad.net/bugs/2044506

Title:
  issues on armhf with -fstack-clash-protection

Status in gnutls28 package in Ubuntu:
  New
Status in libarchive package in Ubuntu:
  New
Status in libselinux package in Ubuntu:
  New
Status in libxml2 package in Ubuntu:
  New

Bug description:
  TBD

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/2044506/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2043713] Re: TestApportValgrind.test_valgrind_min_installed fails on armhf: Invalid write of size 4

2023-11-24 Thread Benjamin Drung 
** Description changed:

  autopkgtests are pretty reliably failing[1] on armhf due to the
  following (single) test failure:
  
- 638s === FAILURES 
===
- 638s  TestApportValgrind.test_valgrind_min_installed 

- 638s 
- 638s self = 
- 638s 
- 638s def test_valgrind_min_installed(self):
- 638s """Valgrind is installed and recent enough."""
- 638s cmd = ["valgrind", "-q", "--extra-debuginfo-path=./", "ls"]
- 638s (ret, out, err) = self._call(cmd)
- 638s >   self.assertEqual(err, "")
- 638s E   AssertionError: "==2474== Invalid write of size 4\n==2474[1064 
chars]= \n" != ''
- 638s E   Diff is 1134 characters long. Set self.maxDiff to None to see it.
- 638s 
- 638s tests/integration/test_apport_valgrind.py:43: AssertionError
+ 517s === FAILURES 
===
+ 517s  TestApportValgrind.test_valgrind_min_installed 

+ 517s
+ 517s self = 
+ 517s
+ 517s def test_valgrind_min_installed(self):
+ 517s """Valgrind is installed and recent enough."""
+ 517s cmd = ["valgrind", "-q", "--extra-debuginfo-path=./", "ls"]
+ 517s (ret, out, err) = self._call(cmd)
+ 517s > self.assertEqual(err, "")
+ 517s E AssertionError: "==2567== Invalid write of size 4\n==2567[1064 chars]= 
\n" != ''
+ 517s E - ==2567== Invalid write of size 4
+ 517s E - ==2567== at 0x4843040: ??? (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
+ 517s E - ==2567== Address 0xfec9a7e4 is on thread 1's stack
+ 517s E - ==2567== 64 bytes below stack pointer
+ 517s E - ==2567==
+ 517s E - ==2567== Invalid write of size 4
+ 517s E - ==2567== at 0x4842F96: ??? (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
+ 517s E - ==2567== Address 0xfec9a758 is on thread 1's stack
+ 517s E - ==2567== 160 bytes below stack pointer
+ 517s E - ==2567==
+ 517s E - ==2567== Invalid write of size 4
+ 517s E - ==2567== at 0x484958C: selinuxfs_exists (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
+ 517s E - ==2567== Address 0xfec9a7bc is on thread 1's stack
+ 517s E - ==2567== 48 bytes below stack pointer
+ 517s E - ==2567==
+ 517s E - ==2567== Invalid write of size 4
+ 517s E - ==2567== at 0x4842F0E: ??? (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
+ 517s E - ==2567== Address 0xfec9a690 is on thread 1's stack
+ 517s E - ==2567== 16 bytes below stack pointer
+ 517s E - ==2567==
+ 517s E - ==2567== Invalid write of size 4
+ 517s E - ==2567== at 0x4842E62: ??? (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
+ 517s E - ==2567== Address 0xfec9a6a0 is on thread 1's stack
+ 517s E - ==2567== 8 bytes below stack pointer
+ 517s E - ==2567==
+ 517s
+ 517s tests/integration/test_apport_valgrind.py:45: AssertionError
+ 517s === warnings summary 
===
  
- This could be related to valgrind functionality being different on
- armhf, it could also be related to integer sizes internally on armhf. I
- haven't looked too deeply into it.
+ This is caused by -fstack-clash-protection.
  
+ Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1522678
  [1] https://autopkgtest.ubuntu.com/packages/a/apport/noble/armhf

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/2043713

Title:
  TestApportValgrind.test_valgrind_min_installed fails on armhf: Invalid
  write of size 4

Status in apport package in Ubuntu:
  New

Bug description:
  autopkgtests are pretty reliably failing[1] on armhf due to the
  following (single) test failure:

  517s === FAILURES 
===
  517s  TestApportValgrind.test_valgrind_min_installed 

  517s
  517s self = 
  517s
  517s def test_valgrind_min_installed(self):
  517s """Valgrind is installed and recent enough."""
  517s cmd = ["valgrind", "-q", "--extra-debuginfo-path=./", "ls"]
  517s (ret, out, err) = self._call(cmd)
  517s > self.assertEqual(err, "")
  517s E AssertionError: "==2567== Invalid write of size 4\n==2567[1064 chars]= 
\n" != ''
  517s E - ==2567== Invalid write of size 4
  517s E - ==2567== at 0x4843040: ??? (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
  517s E - ==2567== Address 0xfec9a7e4 is on thread 1's stack
  517s E - ==2567== 64 bytes below stack pointer
  517s E - ==2567==
  517s E - ==2567== Invalid write of size 4
  517s E - ==2567== at 0x4842F96: ??? (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
  517s E - ==2567== Address 0xfec9a758 is on thread 1's stack
  517s E - ==2567== 160 bytes below stack pointer
  517s E - ==2567==
  517s E - ==2567== Invalid write of size 4
  517s E - ==2567== at 0x484958C: selinuxfs_exists (in 
/usr/lib/arm-linux-gnueabihf/libselinux.so.1)
  517s E - ==2567== Address 0xfec9a7bc is on thread 1's stack
  517s

[Touch-packages] [Bug 2044420] Re: gtkpod segfaults when attempting to display songs

2023-11-24 Thread Sebastien Bacher 
** Changed in: glib2.0 (Ubuntu Noble)
   Importance: Undecided => High

** Changed in: glib2.0 (Ubuntu Noble)
   Status: New => Triaged

** Changed in: glib2.0 (Ubuntu Mantic)
   Importance: Undecided => High

** Changed in: glib2.0 (Ubuntu Mantic)
   Status: New => Triaged

** Also affects: glib via
   https://gitlab.gnome.org/GNOME/glib/-/issues/3185
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to glib2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2044420

Title:
  gtkpod segfaults when attempting to display songs

Status in GLib:
  Unknown
Status in glib2.0 package in Ubuntu:
  Triaged
Status in gtkpod package in Ubuntu:
  New
Status in glib2.0 source package in Mantic:
  Triaged
Status in gtkpod source package in Mantic:
  New
Status in glib2.0 source package in Noble:
  Triaged
Status in gtkpod source package in Noble:
  New

Bug description:
  Open gtkpod, and select your ipod from the list. If it has more than
  one screenfull of songs to display in the list, gtkpod will
  immediately segfault.

  I haven't found a workaround yet.

  Broken on Mantic, works on Lunar.

  Thread 1 "gtkpod" received signal SIGSEGV, Segmentation fault.
  __GI___wcsxfrm_l (dest=0x0, src=0x0, n=0, l=0x76fff5a0 
<_nl_global_locale>) at ../string/strxfrm_l.c:685
  685   ../string/strxfrm_l.c: No such file or directory.
  (gdb) bt
  #0  __GI___wcsxfrm_l (dest=0x0, src=0x0, n=0, l=0x76fff5a0 
<_nl_global_locale>) at ../string/strxfrm_l.c:685
  #1  0x770c5a5e in g_utf8_collate_key () at 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
  #2  0x77f852ec in fuzzy_skip_prefix () at 
/lib/x86_64-linux-gnu/libgtkpod.so.1
  #3  0x7fffa80980ca in ??? () at 
/usr/lib/x86_64-linux-gnu/gtkpod/libsorttab_display.so
  #4  0x7fffa80997fd in normal_sort_tab_page_add_track () at 
/usr/lib/x86_64-linux-gnu/gtkpod/libsorttab_display.so
  #5  0x7fffa8099526 in normal_sort_tab_page_add_track () at 
/usr/lib/x86_64-linux-gnu/gtkpod/libsorttab_display.so
  #6  0x7fffa809f196 in sorttab_display_select_playlist_cb () at 
/usr/lib/x86_64-linux-gnu/gtkpod/libsorttab_display.so
  #7  0x7718d130 in g_closure_invoke () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #8  0x771ba4ac in ??? () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #9  0x771ab9b1 in ??? () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #10 0x771abbd6 in g_signal_emit_valist () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #11 0x771abc93 in g_signal_emit () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #12 0x77f67e4b in gtkpod_set_current_playlist () at 
/lib/x86_64-linux-gnu/libgtkpod.so.1
  #13 0x7fffa807cce0 in ??? () at 
/usr/lib/x86_64-linux-gnu/gtkpod/libplaylist_display.so
  #14 0x7708ba11 in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
  #15 0x770e746f in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
  #16 0x7708c46f in g_main_loop_run () at 
/lib/x86_64-linux-gnu/libglib-2.0.so.0
  #17 0x777f61ed in gtk_main () at /lib/x86_64-linux-gnu/libgtk-3.so.0
  #18 0xea1f in main ()

To manage notifications about this bug go to:
https://bugs.launchpad.net/glib/+bug/2044420/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp