[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
Do we have an estimate for when this will go mainline? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Bug description: [Impact] When using the "Match" phrase in sshd_config.d files, the configuration does not apply. This leads to failures in user-specific configurations such as with PasswordAuthentication. The fix for this issue should be added to Focal to allow users to use Match as expected. The bug is fixed by backporting an upstream commit that includes custom config files then runs all matches provided. It updates the function for reading in config files with checks for matches, and, if the correct flags are marked, the match will then be handled accordingly. [Test Plan] $ lxc launch images:ubuntu/focal test-ssh-focal $ lxc exec test-ssh-focal bash # apt update && apt upgrade -y # apt install openssh-server # adduser user > ssh into container from another terminal to show pw auth is available by default. You can get the ip through 'ip addr' in the container or 'lxc list' outside. $ ssh user@ user@'s password: # cat Check again in other terminal $ ssh user@ > Before the fix, it will show: user@'s password: > After, it will show user@: Permission denied (publickey). [Where problems could occur] If problems were to occur, they would be in the interpretation of configuration files. All changes from this fix exist in servconf.c. The largest part of this change is a move from the inc_flags variable being an integer to an integer pointer, so problems could show up through changes to the flags in the pass by reference. Going over the change to pointer usage visually, all instances within the process_server_config_line_depth function are modified properly, along with the two calls to the function. [Other Info] This issue has already been fixed in Jammy and later, as it was fixed in upstream version 8.4. To use the PPA containing this fix, you can run: $ sudo apt install -y software-properties-common $ sudo add-apt-repository -y ppa:lvoytek/openssh-fix-passwordauthentication-config $ sudo apt update $ sudo apt upgrade -y $ sudo systemctl restart sshd [Original Description] The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
Tested openssh-server/focal-proposed,now 1:8.2p1-4ubuntu0.7 amd64 [installed] creating /etc/ssh/sshd_config.d/.conf: Match User PasswordAuthentication No worked as expected: prohibited password login while allow publickey authentication ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Bug description: [Impact] When using the "Match" phrase in sshd_config.d files, the configuration does not apply. This leads to failures in user-specific configurations such as with PasswordAuthentication. The fix for this issue should be added to Focal to allow users to use Match as expected. The bug is fixed by backporting an upstream commit that includes custom config files then runs all matches provided. It updates the function for reading in config files with checks for matches, and, if the correct flags are marked, the match will then be handled accordingly. [Test Plan] $ lxc launch images:ubuntu/focal test-ssh-focal $ lxc exec test-ssh-focal bash # apt update && apt upgrade -y # apt install openssh-server # adduser user > ssh into container from another terminal to show pw auth is available by default. You can get the ip through 'ip addr' in the container or 'lxc list' outside. $ ssh user@ user@'s password: # cat Check again in other terminal $ ssh user@ > Before the fix, it will show: user@'s password: > After, it will show user@: Permission denied (publickey). [Where problems could occur] If problems were to occur, they would be in the interpretation of configuration files. All changes from this fix exist in servconf.c. The largest part of this change is a move from the inc_flags variable being an integer to an integer pointer, so problems could show up through changes to the flags in the pass by reference. Going over the change to pointer usage visually, all instances within the process_server_config_line_depth function are modified properly, along with the two calls to the function. [Other Info] This issue has already been fixed in Jammy and later, as it was fixed in upstream version 8.4. To use the PPA containing this fix, you can run: $ sudo apt install -y software-properties-common $ sudo add-apt-repository -y ppa:lvoytek/openssh-fix-passwordauthentication-config $ sudo apt update $ sudo apt upgrade -y $ sudo systemctl restart sshd [Original Description] The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
I'm not familiar with the Ubuntu update timeline -- is there an ETA for when we will see this in the mainline repository? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: In Progress Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
@lvoytek PPA works as expected, thank you. For completeness, I'll note the affected packages appear to be: sudo apt-get install -y openssh-client openssh-server openssh-sftp- server (We manage our systems such that we don't apply non-security updates during system lifecycle so our users have a consistent environment). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: In Progress Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2013311] [NEW] pulseaudio recommends invalid package
Public bug reported: Installing pulseaudio/focal-updates,now 1:13.99.1-1ubuntu3.13 amd64 recommends packages pavumeter paman paprefs ubuntu-sounds Attempting to install paman gives error: Package paman is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'paman' has no installation candidate cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION="Ubuntu-Server 20.04.3 LTS amd64 (Cubic 2022-03-16 07:21)" ** Affects: pulseaudio (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2013311 Title: pulseaudio recommends invalid package Status in pulseaudio package in Ubuntu: New Bug description: Installing pulseaudio/focal-updates,now 1:13.99.1-1ubuntu3.13 amd64 recommends packages pavumeter paman paprefs ubuntu-sounds Attempting to install paman gives error: Package paman is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'paman' has no installation candidate cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=20.04 DISTRIB_CODENAME=focal DISTRIB_DESCRIPTION="Ubuntu-Server 20.04.3 LTS amd64 (Cubic 2022-03-16 07:21)" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2013311/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
I don't think it's a duplicate of 2002994. I tried moving the Include line in the main sshd_config to the end of the file and the behavior was unaffected. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Confirmed Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
Failing sshd_config ** Attachment added: "fail" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+attachment/5656819/+files/fail -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in openssh package in Ubuntu: Incomplete Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
working sshd_config with Match block inline. ** Attachment added: "work" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+attachment/5656821/+files/work -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in openssh package in Ubuntu: Incomplete Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d
sshd_config.d file that doesn't work ** Attachment added: "cweatherby.conf" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+attachment/5656820/+files/cweatherby.conf -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in openssh package in Ubuntu: Incomplete Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012298] [NEW] PasswordAuthenticaion in sshd_config.d
Public bug reported: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2012298 Title: PasswordAuthenticaion in sshd_config.d Status in openssh package in Ubuntu: New Bug description: The stanza Match User PasswordAuthentication no in /etc/ssh/sshd_config works as expected. The same stanza in /etc/ssh/sshd_config.d/username.conf does not work. The Include in /etc/ssh/sshd_config is not commented out, and /usr/sbin/sshd -D -ddd shows the username.config file being parsed. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.5 ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210 Uname: Linux 5.4.0-131-generic x86_64 NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713 ApportVersion: 2.20.11-0ubuntu27.25 Architecture: amd64 CasperMD5CheckResult: skip Date: Mon Mar 20 13:34:14 2023 InstallationDate: Installed on 2022-11-04 (136 days ago) InstallationMedia: SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root SourcePackage: openssh UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1001035] Re: lightdm uses a hardcoded path to .xsession-errors, please make it configurable
Upstream feature request: https://github.com/canonical/lightdm/issues/95
** Bug watch added: github.com/canonical/lightdm/issues #95
https://github.com/canonical/lightdm/issues/95
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1001035
Title:
lightdm uses a hardcoded path to .xsession-errors, please make it
configurable
Status in Light Display Manager:
Triaged
Status in lightdm package in Ubuntu:
Triaged
Bug description:
LightDM uses always $HOME/.xsession-errors as the log file because is
harcoded in xsession.c. But sometimes you want to use a logfile
outside your $HOME, suposse your $HOME is in an SSD and you want to
minimize writes, so you want to put it in /tmp/${USER}_xsession-errors
for example. If you try to make a $HOME/.xsession_errors ->
/tmp/{$USER}_xsession-errors symlink to cheat LightDM, then LightDM
will recreate the $HOME/.xsession_errors file and the hack will not
work.
LightDM _always_ recreates $HOME/.xsession_errors and you can't change
it without recompiling. So, I think this log file needs to be
configurable, or at least preserve the symlink if one is present.
Ubuntu 12.04 LTS
LightDM 1.2.1-0ubuntu1
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1001035/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1906627] Re: GSS-SPNEGO implementation in cyrus-sasl2 is incompatible with Active Directory, causing recent adcli regression
The proposed solution fixes the bug I filed when joining against older Windows Active Directory servers. (https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1906673) i.e. The domain join works without the --use-ldaps. We do not currently have the correct certificate set up to use --use- ldaps, so I am not currently able exercise that test case. (Thank you to the Ubuntu team for the rapid response.) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1906627 Title: GSS-SPNEGO implementation in cyrus-sasl2 is incompatible with Active Directory, causing recent adcli regression Status in adcli package in Ubuntu: Fix Released Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in adcli source package in Bionic: Fix Committed Status in cyrus-sasl2 source package in Bionic: Fix Committed Bug description: [Impact] A recent release of adcli 0.8.2-1ubuntu1 to bionic-updates caused a regression for some users when attempting to join a Active Directory realm. adcli introduced a default behaviour change, moving from GSS- API to GSS-SPNEGO as the default channel encryption algorithm. adcli uses the GSS-SPNEGO implementation from libsasl2-modules-gssapi- mit, a part of cyrus-sasl2. The implementation seems to have some compatibility issues with particular configurations of Active Directory on recent Windows Server systems. Particularly, adcli sends a ldap query to the domain controller, which responds with a tcp ack, but never returns a ldap response. The connection just hangs at this point and no more traffic is sent. You can see it on the packet trace below: https://paste.ubuntu.com/p/WRnnRMGBPm/ On Focal, where the implementation of GSS-SPNEGO is working, we see a full exchange, and adcli works as expected: https://paste.ubuntu.com/p/8668pJrr2m/ The fix is to not assume use of confidentiality and integrity modes, and instead use the flags negotiated by GSS-API during the initial handshake, as required by Microsoft's implementation. [Testcase] You will need to set up a Windows Server 2019 system, install and configure Active Directory and enable LDAP extensions and configure LDAPS and import the AD SSL certificate to the Ubuntu client. Create some users in Active Directory. On the Ubuntu client, set up /etc/hosts with the hostname of the Windows Server machine, if your system isn't configured for AD DNS. From there, install adcli 0.8.2-1 from -release. $ sudo apt install adcli Set up a packet trace with tcpdump: $ sudo tcpdump -i any port '(389 or 3268 or 636 or 3269)' Next, join the AD realm using the normal GSS-API: # adcli join --verbose -U Administrator --domain WIN- SB6JAS7PH22.testing.local --domain-controller WIN- SB6JAS7PH22.testing.local --domain-realm TESTING.LOCAL You will be prompted for Administrator's passowrd. The output should look like the below: https://paste.ubuntu.com/p/NWHGQn746D/ Next, enable -proposed, and install adcli 0.8.2-1ubuntu1 which caused the regression. Repeat the above steps. Now you should see the connection hang. https://paste.ubuntu.com/p/WRnnRMGBPm/ Finally, install the fixed cyrus-sasl2 package from -proposed https://launchpad.net/~mruffell/+archive/ubuntu/lp1906627-test $ sudo apt-get update $ sudo apt install libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-gssapi-mit Repeat the steps. GSS-SPNEGO should be working as intended, and you should get output like below: https://paste.ubuntu.com/p/W5cJNGvCsx/ [Where problems could occur] Since we are changing the implementation of GSS-SPNEGO, and cyrus- sasl2 is the library which provides it, we can potentially break any package which depends on libsasl2-modules-gssapi-mit for GSS-SPNEGO. $ apt rdepends libsasl2-modules-gssapi-mit libsasl2-modules-gssapi-mit Reverse Depends: |Suggests: ldap-utils Depends: adcli Conflicts: libsasl2-modules-gssapi-heimdal |Suggests: libsasl2-modules Conflicts: libsasl2-modules-gssapi-heimdal |Recommends: sssd-krb5-common |Suggests: slapd |Suggests: libsasl2-modules |Suggests: ldap-utils |Depends: msktutil Conflicts: libsasl2-modules-gssapi-heimdal |Depends: libapache2-mod-webauthldap Depends: freeipa-server Depends: freeipa-client Depends: adcli Depends: 389-ds-base |Recommends: sssd-krb5-common |Suggests: slapd |Suggests: libsasl2-modules While this SRU makes cyrus-sasl2 work with Microsoft implementations of GSS-SPNEGO, which will be the more common usecase, it may change the behaviour when connecting to a MIT krb5 server with the GSS- SPNEGO protocol, as krb5 assumes use of confidentiality and integrity modes. This shouldn't be a problem as the krb5 implementation signals its intentions by setting the correct flags durin
[Touch-packages] [Bug 1833415] [NEW] Version.sha256 throws SystemError
Public bug reported: Attempting to access the property raised the exception 'SystemError: error return without exception set' The error occurs when version._records.hashes.file_size == 0. The package occurred on (cups=2.2.7-1ubuntu2.5) on an Ubnuntu 18.04.2 LTS system ; attempting to download the source *deb file failed. Doing an apt-get clean / apt-get update / apt upgrade seemed to make the problem go away. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: python3-apt 1.6.4 ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18 Uname: Linux 4.15.0-43-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: XFCE Date: Wed Jun 19 08:20:32 2019 InstallationDate: Installed on 2019-06-05 (13 days ago) InstallationMedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: python-apt UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: python-apt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic ** Attachment added: "Screenshot showing object state in PyCharm debugger" https://bugs.launchpad.net/bugs/1833415/+attachment/5271571/+files/badhash.png -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-apt in Ubuntu. https://bugs.launchpad.net/bugs/1833415 Title: Version.sha256 throws SystemError Status in python-apt package in Ubuntu: New Bug description: Attempting to access the property raised the exception 'SystemError: error return without exception set' The error occurs when version._records.hashes.file_size == 0. The package occurred on (cups=2.2.7-1ubuntu2.5) on an Ubnuntu 18.04.2 LTS system ; attempting to download the source *deb file failed. Doing an apt-get clean / apt-get update / apt upgrade seemed to make the problem go away. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: python3-apt 1.6.4 ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18 Uname: Linux 4.15.0-43-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: XFCE Date: Wed Jun 19 08:20:32 2019 InstallationDate: Installed on 2019-06-05 (13 days ago) InstallationMedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: python-apt UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/1833415/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1476753] Re: When sshd exits because of a bad configuration, upstart claims the job is in "start/running" with no PID
Ran into this, too. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upstart in Ubuntu. https://bugs.launchpad.net/bugs/1476753 Title: When sshd exits because of a bad configuration, upstart claims the job is in "start/running" with no PID Status in upstart package in Ubuntu: New Bug description: Reproducible on 14.04 and 14.10 In ssh's upstart config file, "expect stop" is used to signal upstart when sshd is ready to accept connections. If the sshd config file is broken, sshd terminates before it sends SIGSTOP to itself and this seems to confuse upstart, such that it thinks the ssh job is still in start/running state (with no associated PID.) In addition, I have another upstart job set to trigger on "start on stopped ssh RESULT=failed" which does _not_ trigger in this situation. If I comment out the "expect stop" stanza from ssh.conf then the sshd process properly ends up in "stop/waiting" and my other job triggers properly. Here is the DEBUG output from init when I start ssh with purposely broken sshd_config file Jul 19 16:47:43 patrick-vm kernel: [956961.180770] init: ssh goal changed from stop to start Jul 19 16:47:43 patrick-vm kernel: [956961.181056] init: ssh state changed from waiting to starting Jul 19 16:47:43 patrick-vm kernel: [956961.181333] init: event_new: Pending starting event Jul 19 16:47:43 patrick-vm kernel: [956961.181373] init: Handling starting event Jul 19 16:47:43 patrick-vm kernel: [956961.181535] init: event_finished: Finished starting event Jul 19 16:47:43 patrick-vm kernel: [956961.181548] init: ssh state changed from starting to security-spawning Jul 19 16:47:43 patrick-vm kernel: [956961.181814] init: ssh state changed from security-spawning to security Jul 19 16:47:43 patrick-vm kernel: [956961.182570] init: ssh state changed from security to pre-starting Jul 19 16:47:43 patrick-vm kernel: [956961.183593] init: ssh pre-start process (43674) Jul 19 16:47:43 patrick-vm kernel: [956961.183915] init: ssh state changed from pre-starting to pre-start Jul 19 16:47:43 patrick-vm kernel: [956961.187572] init: ssh pre-start process (43674) exited normally Jul 19 16:47:43 patrick-vm kernel: [956961.187664] init: ssh state changed from pre-start to spawning Jul 19 16:47:43 patrick-vm kernel: [956961.188352] init: ssh main process (43676) Jul 19 16:47:43 patrick-vm kernel: [956961.188512] init: ssh state changed from spawning to spawned Jul 19 16:47:43 patrick-vm kernel: [956961.193436] init: ssh main process (43676) terminated with status 255 Jul 19 16:47:43 patrick-vm kernel: [956961.193467] init: ssh main process ended, respawning Jul 19 16:47:43 patrick-vm kernel: [956961.193531] init: ssh state changed from spawned to post-starting Jul 19 16:47:43 patrick-vm kernel: [956961.193896] init: ssh state changed from post-starting to post-start Jul 19 16:47:43 patrick-vm kernel: [956961.194419] init: ssh state changed from post-start to running Jul 19 16:47:43 patrick-vm kernel: [956961.194668] init: event_new: Pending started event Jul 19 16:47:43 patrick-vm kernel: [956961.194795] init: Handling started event Jul 19 16:47:43 patrick-vm kernel: [956961.194886] init: job_register: Registered instance /com/ubuntu/Upstart/jobs/startpar_2dbridge/ssh_2d_2dstarted Jul 19 16:47:43 patrick-vm kernel: [956961.194976] init: job_register: Registered instance /com/ubuntu/Upstart/jobs/startpar_2dbridge/ssh_2d_2dstarted Jul 19 16:47:43 patrick-vm kernel: [956961.195058] init: job_register: Registered instance /com/ubuntu/Upstart/jobs/startpar_2dbridge/ssh_2d_2dstarted Jul 19 16:47:43 patrick-vm kernel: [956961.195164] init: job_register: Registered instance /com/ubuntu/Upstart/jobs/startpar_2dbridge/ssh_2d_2dstarted Jul 19 16:47:43 patrick-vm kernel: [956961.195256] init: job_register: Registered instance /com/ubuntu/Upstart/jobs/startpar_2dbridge/ssh_2d_2dstarted Jul 19 16:47:43 patrick-vm kernel: [956961.195314] init: job_class_induct_job: New instance startpar-bridge (ssh--started) Jul 19 16:47:43 patrick-vm kernel: [956961.195333] init: startpar-bridge (ssh--started) goal changed from stop to start Jul 19 16:47:43 patrick-vm kernel: [956961.195634] init: startpar-bridge (ssh--started) state changed from waiting to starting Jul 19 16:47:43 patrick-vm kernel: [956961.195960] init: event_new: Pending starting event Jul 19 16:47:43 patrick-vm kernel: [956961.196154] init: Handling starting event Jul 19 16:47:43 patrick-vm kernel: [956961.196230] init: event_finished: Finished starting event Jul 19 16:47:43 patrick-vm kernel: [956961.196238] init: startpar-bridge (ssh--started) state changed from starting to security-spawning Jul 19 16:47:43 patrick-vm kernel: [956961.196459] init: startpar-bridge (ssh--started) state changed from security-spawning to security Jul 19 16:47:43 patrick-vm ker
[Touch-packages] [Bug 993298] Re: Please make NetworkManager-controlled dnsmasq respect /etc/hosts
Pointlessly aggravating to break something that long term linux users have relied on for years. At a minimum, a comment in the default /etc/hosts would be useful. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/993298 Title: Please make NetworkManager-controlled dnsmasq respect /etc/hosts Status in network-manager package in Ubuntu: Confirmed Bug description: Since 12.04 NetworkManager uses the dnsmasq plugin by default to resolve DNS requests. Unfortunately the dnsmasq plug-in has --no- hosts, etc. hard coded [1] which means (among other things) that after the upgrade to 12.04 /etc/hosts will no longer be used to resolve DNS requests. This changes the prior behavior of NetworkManager without any visible warning to the end user. AFAICS there's no other way to work around this problem as to manually revert the change and disable the dnsmasq plug-in in the NetworkManager config, see [2,3]: "To turn off dnsmasq in Network Manager, you need to edit /etc/NetworkManager/NetworkManager.conf and comment the 'dns=dnsmasq' line then do a 'sudo restart network-manager'." This is of course not a bug in the NetworkManager which just behaves as intended. The problem is in the change of the configuration of the Ubuntu packaging which will probably leave many wondering why their /etc/hosts suddenly no longer works. This cost me considerable time to debug and probably is a usability problem for others, too. Maybe you could provide a more visible documentation than that in [3]? E.g., *including a comment in /etc/hosts that explains the change* and how to work around it would have saved me a lot of time. It would have automatically alerted me on upgrade as manual changes to /etc/hosts would then have triggered a prompt while leaving those users with standard /etc/hosts in peace. Probably similar problems arise with other disabled config files and could be alerted to the users? Thinking of resolv.conf, etc. [1] http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dnsmasq-manager/nm-dnsmasq-manager.c, line 285 [2] i.e. http://ubuntuforums.org/showthread.php?t=1968061 [3] http://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/993298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
