[Touch-packages] [Bug 2051672] Re: [FFe] Merge iproute2 with the latest Debian version: 6.8.0-1 from testing/unstable (main)

[Utkarsh Gupta]

Hello,

After looking at it and discussing this with Dann Frazier yesterday (via
IRC on #ubuntu-release), we discussed that iproute2 is an important
package, it's in main, and has a huge bunch of reverse dependencies.
Bumping from 6.1.x to 6.8.x is a bit too much atm, especially given how
much is already happening and this being an LTS release.

So with that, I'm going to NACK it for FFe and ask this to be uploaded
via 0-day SRU or a regular SRU. :)

Sorry but I hope you understand.

** Changed in: iproute2 (Ubuntu)
   Status: Confirmed => Won't Fix

** Changed in: iproute2 (Ubuntu)
   Status: Won't Fix => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iproute2 in Ubuntu.
https://bugs.launchpad.net/bugs/2051672

Title:
  [FFe] Merge iproute2 with the latest Debian version: 6.8.0-1 from
  testing/unstable (main)

Status in iproute2 package in Ubuntu:
  Incomplete

Bug description:
  iproute2 upstream produces releases coinciding with upstream kernel
  releases to support the latest kernel features. Noble's iproute2 is
  still back at v6.1 even though it will use the v6.8 kernel. This means
  we provide no userspace interface for newer features - some of which
  are noted by a networking hardware partner in bug 2060969.

  Ubuntu's iproute2 has diverged from Debian's to add support for Ubuntu
  FAN. Noble has dropped kernel support for Ubuntu FAN, so those are no
  longer needed, and we could now just do a merge. We could also port
  the FAN patches forward if we can identify a need (see the original
  description of this bug to a link to such a port), but I have not done
  any testing with that.

  I have built Debian's iproute2 in a noble ppa at ppa:dannf/test and
  smoke tested it on an amd64 virtual machine:

  ubuntu@cortez-vm-0:~$ sudo dpkg -i iproute2_6.8.0-1~24.04.1_amd64.deb
  (Reading database ... 83134 files and directories currently installed.)
  Preparing to unpack iproute2_6.8.0-1~24.04.1_amd64.deb ...
  Unpacking iproute2 (6.8.0-1~24.04.1) over (6.1.0-1ubuntu6) ...
  dpkg: warning: unable to delete old directory '/etc/iproute2/rt_tables.d': 
Directory not empty
  dpkg: warning: unable to delete old directory '/etc/iproute2/rt_protos.d': 
Directory not empty
  dpkg: warning: unable to delete old directory '/etc/iproute2': Directory not 
empty
  Setting up iproute2 (6.8.0-1~24.04.1) ...
  Removing obsolete conffile /etc/iproute2/group ...
  Removing obsolete conffile /etc/iproute2/rt_realms ...
  Removing obsolete conffile /etc/iproute2/rt_scopes ...
  Removing obsolete conffile /etc/iproute2/rt_tables ...
  Removing obsolete conffile /etc/iproute2/rt_tables.d/README ...
  Removing obsolete conffile /etc/iproute2/rt_protos.d/README ...
  Removing obsolete conffile /etc/iproute2/rt_protos ...
  Removing obsolete conffile /etc/iproute2/rt_dsfield ...
  Removing obsolete conffile /etc/iproute2/nl_protos ...
  Removing obsolete conffile /etc/iproute2/ematch_map ...
  Removing obsolete conffile /etc/iproute2/bpf_pinning ...
  Processing triggers for man-db (2.12.0-4build1) ...

  The system rebooted fine. The ip command seems to behave normally.

  Since the upstream test suite only appears to run at autopkgtest time, I 
triggered a run in my PPA, and it passed:

https://autopkgtest.ubuntu.com/results/autopkgtest-noble-dannf-test/noble/amd64/i/iproute2/20240412_210819_97417@/log.gz

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/2051672/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2061857] Re: [FFe] enable the new GNOME OneDrive backend

[Utkarsh Gupta]

Hey there,

Thanks for filing an FFe. I think, as you mentioned, this is low risk
since it doesn't change the existing features. The builds looks OK,
please make sure to smoke test before uploading to the archive.

That said, consider this FFe approved. Thanks,

Utkarsh

** Changed in: gnome-online-accounts (Ubuntu)
   Status: Confirmed => Triaged

** Changed in: gvfs (Ubuntu)
   Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnome-online-accounts in
Ubuntu.
https://bugs.launchpad.net/bugs/2061857

Title:
  [FFe] enable the new GNOME OneDrive backend

Status in gnome-online-accounts package in Ubuntu:
  Triaged
Status in gvfs package in Ubuntu:
  Triaged

Bug description:
  One of the new features of the new GNOME 46 is the support of
  Microsoft OneDrive accounts. The code relies on a new library
  'msgraph'. The MIR bug #2060035 just got approved and such we would
  like to turn on the option now in Noble.

  The changes are in

  - gnome-online-accounts, adding a new provider for OneDrive

  The package with the change has been built in the desktop ppa
  
https://launchpad.net/~ubuntu-desktop/+archive/ubuntu/ppa/+sourcepub/15971851/+listing-archive-extra

  The change is basically adding the libmsgraph-dev Build-Depends in
  debian/control and changing the option to true in debian/rules

  - gvfs, adding a new backend to be able to browse those locations from
  nautilus

  The package is similar built in our ppa
  
https://launchpad.net/~ubuntu-desktop/+archive/ubuntu/ppa/+sourcepub/15972025/+listing-archive-extra

  And the change are similar Build-Depends/rules option

  
  The regression potential is low since those are new backends and not changing 
existing features.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-online-accounts/+bug/2061857/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2057671] Re: Rename the ubuntu-advantage-tools package

[Utkarsh Gupta]

Hi Calvin,

Thanks for filing the FFe but looking at it closely, this isn't really a
new feature but more of a packaging fix.

Given that status, please go ahead and upload. +1. :)


** Changed in: software-properties (Ubuntu Noble)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to software-properties in
Ubuntu.
https://bugs.launchpad.net/bugs/2057671

Title:
  Rename the ubuntu-advantage-tools package

Status in software-properties package in Ubuntu:
  Triaged
Status in software-properties source package in Noble:
  Triaged

Bug description:
  From ubuntu-advantage-tools v31, it has been renamed to ubuntu-pro-
  client. The current package is now a transitional package pointing to
  ubuntu-pro-client. software-properties depends on ubuntu-advantage-
  tool thus we should rename the dependency to ubuntu-pro-client to
  avoid having the transitional package as a dependency.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/2057671/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2044300] Re: Please merge zeitgeist 1.0.4-5 (universe) from Debian unstable (main)

[Utkarsh Gupta]

Here's a review I put on the MP but I'll put it here for posterity:


Hey there!

Thanks for raising this much, much appreciated. This is great as-is but
here are some points that'd make it EVEN better:

-
https://git.launchpad.net/~sudipmuk/ubuntu/+source/zeitgeist/commit/?id=95fd328c45f72fa0f3895900216ad0726e86139e
-> it misses the DEP-3 headers. I am aware that you're just rebasing the
new version and you're not really adding the patch itself. But whilst at
it, if you could really add DEP-3 headers to a patch, that'd be
EXCELLENT!

See:
https://git.launchpad.net/~sudipmuk/ubuntu/+source/zeitgeist/commit/?id=a6cff2e5ac675b90cc574a26dc953f452aa9a00c
for example. It has the DEP-3 headers and tells me why it's needed, some
bug history, et al.

I generally look at it because sometimes we shouldn't really be merging
stuff as-is and carry-forwarding the tech-debt but actively be looking
at drop the delta wherever and whenever possible.

Now, OTOH, look at
https://git.launchpad.net/~sudipmuk/ubuntu/+source/zeitgeist/commit/?id=e940d9763d0fba97dc8504ed382e01210a43f08d
-> it gives me a quick description but doesn't tell me if it's coming
from upstream or was it written by downstream, is there an upstream bug?
a downstream bug? or? and I spend my time looking at things, et al.
That's why DEP-3 headers are really useful.

-
https://git.launchpad.net/~sudipmuk/ubuntu/+source/zeitgeist/commit/?id=2ab99989a22d2e07bfc28e5eae942bd8283c1aa7
-> did you verify if that's still needed? why? :)

So except for the above question and a general pointer (first point), it
mostly looks good! :D

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to zeitgeist in Ubuntu.
https://bugs.launchpad.net/bugs/2044300

Title:
  Please merge zeitgeist 1.0.4-5 (universe) from Debian unstable (main)

Status in zeitgeist package in Ubuntu:
  Confirmed

Bug description:
  Please merge zeitgeist 1.0.4-5 (universe) from Debian unstable (main)

  Explanation of the Ubuntu delta:

  Carry forward three previous Ubuntu specific patch.
  1. add_datahub_autostart_delay.patch
  2. nodisplay_autostart.patch
  3. pre_populator.patch

  Extra change for this version:

  The monitor-test was skipped in the previous version as it was
  failing. That test has now been enabled in Debian but is still failing
  in Ubuntu. And, so the extra change for this version was to disable it
  for now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zeitgeist/+bug/2044300/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1951586] Re: Need option to specify wifi regulatory domain

[Utkarsh Gupta]

Is this fixed in Noble?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1951586

Title:
  Need option to specify wifi regulatory domain

Status in cloud-init:
  Invalid
Status in netplan:
  Fix Released
Status in NetworkManager:
  New
Status in netplan.io package in Ubuntu:
  Fix Released
Status in network-manager package in Ubuntu:
  Incomplete
Status in netplan.io source package in Jammy:
  Triaged
Status in network-manager source package in Jammy:
  Incomplete
Status in netplan.io source package in Kinetic:
  Fix Released
Status in network-manager source package in Kinetic:
  Incomplete

Bug description:
  It would be nice if netplan offered an option to specify the wifi
  regulatory domain (country code).

  
  For devices such as the Raspberry Pi you are currently advertising that users 
can simply setup Ubuntu Server headless by putting the wifi configuration 
details in cloudinit/netplan's "network-config" on the FAT partition of the SD 
card: 
https://ubuntu.com/tutorials/how-to-install-ubuntu-on-your-raspberry-pi#3-wifi-or-ethernet
  But an option to set the wifi country code there does not seem to exist, so 
may not work.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1951586/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2037642] Re: [FFe] Raspberry Pi 5 support

[Utkarsh Gupta]

** Also affects: mesa (Ubuntu Noble)
   Importance: Undecided
 Assignee: Juerg Haefliger (juergh)
   Status: Fix Released

** Also affects: ubuntu-settings (Ubuntu Noble)
   Importance: Undecided
 Assignee: Dave Jones (waveform)
   Status: Fix Released

** Also affects: pipewire (Ubuntu Noble)
   Importance: Undecided
 Assignee: Juerg Haefliger (juergh)
   Status: Invalid

** Also affects: linux-meta-raspi (Ubuntu Noble)
   Importance: Undecided
 Assignee: Juerg Haefliger (juergh)
   Status: Fix Released

** Also affects: linux-raspi (Ubuntu Noble)
   Importance: Undecided
 Assignee: Juerg Haefliger (juergh)
   Status: Fix Released

** Also affects: libcamera (Ubuntu Noble)
   Importance: Undecided
 Assignee: Juerg Haefliger (juergh)
   Status: Triaged

** Also affects: rpi-eeprom (Ubuntu Noble)
   Importance: Undecided
 Assignee: Dave Jones (waveform)
   Status: Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mesa in Ubuntu.
https://bugs.launchpad.net/bugs/2037642

Title:
  [FFe] Raspberry Pi 5 support

Status in Release Notes for Ubuntu:
  Fix Released
Status in libcamera package in Ubuntu:
  Triaged
Status in linux-meta-raspi package in Ubuntu:
  Fix Released
Status in linux-raspi package in Ubuntu:
  Fix Released
Status in mesa package in Ubuntu:
  Fix Released
Status in pipewire package in Ubuntu:
  Invalid
Status in rpi-eeprom package in Ubuntu:
  Fix Released
Status in ubuntu-settings package in Ubuntu:
  Fix Released
Status in libcamera source package in Noble:
  Triaged
Status in linux-meta-raspi source package in Noble:
  Fix Released
Status in linux-raspi source package in Noble:
  Fix Released
Status in mesa source package in Noble:
  Fix Released
Status in pipewire source package in Noble:
  Invalid
Status in rpi-eeprom source package in Noble:
  Fix Released
Status in ubuntu-settings source package in Noble:
  Fix Released

Bug description:
  [ Impact ]

   * HWE for Raspberry Pi 5 https://raspberrypi.com/5

  [ Test Plan ]

   * Private builds tested on all existing/supported Raspberry Pi SKUs
  in armhf & arm64 variants

   * No regressions on any existing SKUs

   * Test that Raspberry Pi 5 boards work

  [ Where problems could occur ]

   * Mesa is upgraded, and there are patches to mesa, the raspberry-pi
  specific provider this has been tested but not as extensively.
  Separately there is mesa FFe granted to upgrade to latest release,
  thus these changes piggy-back on top of it.

   * libcamera has new build-depends on new package libpisp for the
  raspberry-pi specific provider which also affects pipewire to provide
  full webcam support.

   * These dependencies, will need to make their way into gnome platform
  snaps to be usable by default in Firefox.

  [ Other Info ]

   * The proposed code changes have been tested in private, prior to
  public announcement

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/2037642/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2038894] Re: Ubuntu 23.10 cloud images unexpected UDP listening port 5353

[Utkarsh Gupta]

** Also affects: systemd (Ubuntu Noble)
   Importance: High
 Assignee: Nick Rosbrook (enr0n)
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2038894

Title:
  Ubuntu 23.10 cloud images unexpected UDP listening port  5353

Status in cloud-images:
  New
Status in systemd package in Ubuntu:
  New
Status in systemd source package in Mantic:
  Fix Committed
Status in systemd source package in Noble:
  New

Bug description:
  [Impact]

  In the latest Ubuntu 23.10 cloud images we are seeing unexpected UDP
  listening port 5353.

  By default and by policy, aside from port 22 there should be no other
  open ports on Ubuntu cloud images. Listening port 5353 is a
  regression.

  [Test Plan]

  Check that port 5353 is not open, and in particular that systemd-
  resolved is not listening on 5353. This is what it looks like when
  systemd-resolved *is* listening on 5353:

  ```
  $ ss --listening --no-header --tcp --udp --numeric
  udp   UNCONN  
 00 

   127.0.0.54:53
0.0.0.0:*
  udp   UNCONN  
 00 

127.0.0.53%lo:53
0.0.0.0:*
  udp   UNCONN  
 00 

 10.154.0.17%ens4:68
0.0.0.0:*
  udp   UNCONN  
 00 

127.0.0.1:323   
0.0.0.0:*
  udp   UNCONN  
 00 

  0.0.0.0:5353  
0.0.0.0:*
  udp   UNCONN  
 00 

[::1]:323   
   [::]:*
  udp   UNCONN  
 00 

 [::]:5353  
   [::]:*
  tcp   LISTEN  
 0
4096
  127.0.0.53%lo:53  
  0.0.0.0:*
  tcp   LISTEN  
 0
4096
 127.0.0.54:53  
  0.0.0.0:*
  tcp   LISTEN  
 0
4096
  *:22  
*:*
  ```

  ```
  $ sudo lsof -i -n -P
  COMMANDPID   

[Touch-packages] [Bug 1998001] Re: Missing tests from libdrm-tests

[Utkarsh Gupta]

Given that common-not-found is working in Lunar, I've marked this as
"Fix Release" and marked Kinetic as "Confirmed". Thanks.

** Also affects: libdrm (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Also affects: command-not-found (Ubuntu Kinetic)
   Importance: Undecided
   Status: New

** Changed in: command-not-found (Ubuntu Kinetic)
   Status: New => Confirmed

** Changed in: command-not-found (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libdrm in Ubuntu.
https://bugs.launchpad.net/bugs/1998001

Title:
  Missing tests from libdrm-tests

Status in command-not-found:
  New
Status in command-not-found package in Ubuntu:
  Fix Released
Status in libdrm package in Ubuntu:
  Invalid
Status in command-not-found source package in Kinetic:
  Confirmed
Status in libdrm source package in Kinetic:
  New

Bug description:
  It is advertised by the OS that kms-universal-planes can be installed
  via libdrm-tests but this is false:

  $ kms-universal-planes
  Command 'kms-universal-planes' not found, but can be installed with:
  sudo apt install libdrm-tests

  $ sudo apt install libdrm-tests
  [sudo] password for stolk: 
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  The following NEW packages will be installed:
libdrm-tests
  0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
  Need to get 47.5 kB of archives.
  After this operation, 193 kB of additional disk space will be used.
  Get:1 http://ca.archive.ubuntu.com/ubuntu kinetic/universe amd64 libdrm-tests 
amd64 2.4.113-2 [47.5 kB]
  Fetched 47.5 kB in 0s (142 kB/s)  
  Selecting previously unselected package libdrm-tests.
  (Reading database ... 308766 files and directories currently installed.)
  Preparing to unpack .../libdrm-tests_2.4.113-2_amd64.deb ...
  Unpacking libdrm-tests (2.4.113-2) ...
  Setting up libdrm-tests (2.4.113-2) ...

  $ kms-universal-planes
  Command 'kms-universal-planes' not found, but can be installed with:
  sudo apt install libdrm-tests

  OS: Ubuntu 22.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/command-not-found/+bug/1998001/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1964506] Re: Ping: checks payloads incorrectly, ignores all mismatch replies

[Utkarsh Gupta]

Re-triggered the failing autopkgtest on armhf.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iputils in Ubuntu.
https://bugs.launchpad.net/bugs/1964506

Title:
  Ping: checks payloads incorrectly, ignores all mismatch replies

Status in iputils package in Ubuntu:
  Fix Released
Status in iputils source package in Focal:
  Fix Committed

Bug description:
  = Impact =

  the ping statistics are incorrect when dealing with truncated packets

  = Test case =

  $ ping -c 1 -s 1200 8.8.8.8

  should list truncated replies and received packets

  = Regression potential =

  the changes are limited to the ping source any regression would impact
  that utility, check that responses are correctly handled and
  statistics reflecting what is expected

  --

  Problematic commit reverted upstream causing incorrect behavior in
  Ubuntu Focal.

  Discussion: https://github.com/iputils/iputils/issues/320
  Fix: https://github.com/iputils/iputils/pull/321
  Release: https://github.com/iputils/iputils/releases/tag/20210722

  Could this patch be added for a Focal update please?

  1) Ubuntu 20.04.3 LTS
  2) 3:20190709-3
  3)

  focal$ ping -c 1 -s 1200 8.8.8.8
  PING 8.8.8.8 (8.8.8.8) 1200(1228) bytes of data.

  --- 8.8.8.8 ping statistics ---
  1 packets transmitted, 0 received, 100% packet loss, time 0ms

  4)

  xenial$ ping -c 1 -s 1200 8.8.8.8
  PING 8.8.8.8 (8.8.8.8) 1200(1228) bytes of data.
  76 bytes from 8.8.8.8: icmp_seq=1 ttl=61 (truncated)

  --- 8.8.8.8 ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 0ms
  rtt min/avg/max/mdev = 0.284/0.284/0.284/0.000 ms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/1964506/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989309] Re: [FFe] new apparmor features for 3.0.7

[Utkarsh Gupta]

I've sponsored this package for Georgia:

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading apparmor_3.0.7-1ubuntu2.dsc: done.
  Uploading apparmor_3.0.7.orig.tar.gz: done.  
  Uploading apparmor_3.0.7.orig.tar.gz.asc: done.
  Uploading apparmor_3.0.7-1ubuntu2.debian.tar.xz: done.
  Uploading apparmor_3.0.7-1ubuntu2_source.buildinfo: done.
  Uploading apparmor_3.0.7-1ubuntu2_source.changes: done.
Successfully uploaded packages.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989309

Title:
  [FFe] new apparmor features for 3.0.7

Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  We propose two new features for 3.0.7 Apparmor:

  1. parser support for user namespace mediation.

  Since the last kernel update with commit 
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next=30bce26855c9171f8dee74d93308fd506730c914
  Ubuntu 22.10 mediates user namespaces which allows for confined applications 
to have unprivileged user namespace creation, instead of disabling it 
completely.
  If we want applications to have this ability, then we need to add support on 
the parser, which is a feature we are introducing. Bug 1990064 is an example 
caused by this.

  2. userspace support for posix message queue mediation

  Kernel also has POSIX message queue mediation with commit
  https://git.launchpad.net/~ubuntu-
  kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-
  next=44f28e2ccee2000c7da971876dd003d38a8232d8 which indicates that
  if admins want to allow legitimate use of POSIX message queues, then
  they will need the support of userspace tools.

  We are also adding a fix for Bug 1990692 which will make the AppArmor
  profiles for samba to be up to date with upstream.

  TESTING

  This has been extensively tested by the security team - this includes
  following the documented Ubuntu merges test plan[1] for AppArmor and the
  extensive QA Regression Tests[2] for AppArmor as well. This ensures that
  the various applications that make heavy use of AppArmor (LXD, docker,
  lxc, dbus, libvirt, snapd etc) have all been exercised and no regressions
  have been observed. All tests have passed and demonstrated both apparmor
  and the various applications that use it to be working as expected.

  BUILD LOGS

  This is currently uploaded to 
https://launchpad.net/~georgiag/+archive/ubuntu/apparmor-kinetic-ffe, build 
logs can be found on
  Launchpad at:
  https://launchpad.net/~georgiag/+archive/ubuntu/test2/+build/24518253 for 
amd64

  DEBDIFF

  The debdiff can be found in the PPA:
  
https://launchpadlibrarian.net/626954017/apparmor_3.0.7-1ubuntu1_3.0.7-1ubuntu2.diff.gz

  INSTALL / UPGRADE LOG

  The apt upgrade log is attached in:
  
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+attachment/5620824/+files/apparmor-3.0.7-1ubuntu2-apt-upgrade.log

  [1] https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
  [2] 
https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1760106] Re: FFe: Enable configuring resume offset via sysfs

[Utkarsh Gupta]

Since this is no longer an FFe thing, I am removing so from the title.
This should help fix our searches better. The ideal way would be to
unsubscribe ubuntu-release, though.

** Summary changed:

- FFe: Enable configuring resume offset via sysfs
+ Enable configuring resume offset via sysfs

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1760106

Title:
  Enable configuring resume offset via sysfs

Status in OEM Priority Project:
  Fix Released
Status in klibc package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in klibc source package in Bionic:
  New
Status in linux source package in Bionic:
  Fix Released
Status in systemd source package in Bionic:
  Fix Released
Status in klibc source package in Cosmic:
  New
Status in linux source package in Cosmic:
  Fix Released
Status in systemd source package in Cosmic:
  Fix Released

Bug description:
  [Impact]

   * Cannot hibernate & resume from a swapfile

  [Test Case]

   * Create or enlarge swapfile to be big enough for hibernation
   * Attempt to hibernate and resume

  [Regression Potential]

   * Hibernation is not reliable technology in itself, and multiple
  things may cause failure to resume. Thus it is sufficient to validate
  this bug after swapfile is attempted for hibernation and the disk
  offset kernel parameter is modified. Irrespective if actual suspending
  or resume were successful or not.

  [Other Info]
   
   * Original bug report

  In 4.17 a new attribute is introduced to configure the hibernation
  resume offset. Since Ubuntu enables a swapfile by default this
  attribute is important to be able to make hibernation work "out of the
  box".

  The patch in the kernel is here:
  
https://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git/commit/?h=linux-next=355064675f1c997cea017ea64c8f2c216e5425d9

  Systemd support for adopting this change is available here:
  https://github.com/systemd/systemd/pull/8406
  As of 3/30/18 it's not yet been merged however.

  Klibc support for adopting this change is available here:
  https://www.zytor.com/pipermail/klibc/2018-March/003986.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1760106/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989309] Re: [FFe] new apparmor features for 3.0.7

[Utkarsh Gupta]

Hi Georgia,

Thanks for working through this. Patches on top of 3.0.7 instead of a
new 3.1.1 release definitely sounds much better and nice. The debdiff
was not pasted correctly, I fixed that. :)

Looking through the diff - whilst it's long but the contents make sense
and are reasonable. So therefore, this looks good for FFe. However,
please wait for the official release team member's ACK before the
upload.

P.S: I hope you're going to take care if there's any fallout as a
consequence of the upload. :)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989309

Title:
  [FFe] new apparmor features for 3.0.7

Status in apparmor package in Ubuntu:
  Triaged

Bug description:
  We propose two new features for 3.0.7 Apparmor:

  1. parser support for user namespace mediation.

  Since the last kernel update with commit 
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next=30bce26855c9171f8dee74d93308fd506730c914
  Ubuntu 22.10 mediates user namespaces which allows for confined applications 
to have unprivileged user namespace creation, instead of disabling it 
completely.
  If we want applications to have this ability, then we need to add support on 
the parser, which is a feature we are introducing. Bug 1990064 is an example 
caused by this.

  2. userspace support for posix message queue mediation

  Kernel also has POSIX message queue mediation with commit
  https://git.launchpad.net/~ubuntu-
  kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-
  next=44f28e2ccee2000c7da971876dd003d38a8232d8 which indicates that
  if admins want to allow legitimate use of POSIX message queues, then
  they will need the support of userspace tools.

  We are also adding a fix for Bug 1990692 which will make the AppArmor
  profiles for samba to be up to date with upstream.

  TESTING

  This has been extensively tested by the security team - this includes
  following the documented Ubuntu merges test plan[1] for AppArmor and the
  extensive QA Regression Tests[2] for AppArmor as well. This ensures that
  the various applications that make heavy use of AppArmor (LXD, docker,
  lxc, dbus, libvirt, snapd etc) have all been exercised and no regressions
  have been observed. All tests have passed and demonstrated both apparmor
  and the various applications that use it to be working as expected.

  BUILD LOGS

  This is currently uploaded to 
https://launchpad.net/~georgiag/+archive/ubuntu/apparmor-kinetic-ffe, build 
logs can be found on
  Launchpad at:
  https://launchpad.net/~georgiag/+archive/ubuntu/test2/+build/24518253 for 
amd64

  DEBDIFF

  The debdiff can be found in the PPA:
  
https://launchpadlibrarian.net/626954017/apparmor_3.0.7-1ubuntu1_3.0.7-1ubuntu2.diff.gz

  INSTALL / UPGRADE LOG

  The apt upgrade log is attached in:
  
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+attachment/5620824/+files/apparmor-3.0.7-1ubuntu2-apt-upgrade.log

  [1] https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
  [2] 
https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989309] Re: [FFe] new apparmor features for 3.0.7

[Utkarsh Gupta]

** Description changed:

  We propose two new features for 3.0.7 Apparmor:
  
  1. parser support for user namespace mediation.
  
  Since the last kernel update with commit 
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next=30bce26855c9171f8dee74d93308fd506730c914
  Ubuntu 22.10 mediates user namespaces which allows for confined applications 
to have unprivileged user namespace creation, instead of disabling it 
completely.
  If we want applications to have this ability, then we need to add support on 
the parser, which is a feature we are introducing. Bug 1990064 is an example 
caused by this.
  
  2. userspace support for posix message queue mediation
  
  Kernel also has POSIX message queue mediation with commit
  https://git.launchpad.net/~ubuntu-
  kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-
  next=44f28e2ccee2000c7da971876dd003d38a8232d8 which indicates that if
  admins want to allow legitimate use of POSIX message queues, then they
  will need the support of userspace tools.
  
  We are also adding a fix for Bug 1990692 which will make the AppArmor
  profiles for samba to be up to date with upstream.
  
  TESTING
  
  This has been extensively tested by the security team - this includes
  following the documented Ubuntu merges test plan[1] for AppArmor and the
  extensive QA Regression Tests[2] for AppArmor as well. This ensures that
  the various applications that make heavy use of AppArmor (LXD, docker,
  lxc, dbus, libvirt, snapd etc) have all been exercised and no regressions
  have been observed. All tests have passed and demonstrated both apparmor
  and the various applications that use it to be working as expected.
  
  BUILD LOGS
  
  This is currently uploaded to 
https://launchpad.net/~georgiag/+archive/ubuntu/apparmor-kinetic-ffe, build 
logs can be found on
  Launchpad at:
  https://launchpad.net/~georgiag/+archive/ubuntu/test2/+build/24518253 for 
amd64
  
  DEBDIFF
  
- The debdiff can be found in the PPA: 
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+attachment/5620824/+files/apparmor-3.0.7-1ubuntu2-apt-upgrade.log
+ The debdiff can be found in the PPA:
+ 
https://launchpadlibrarian.net/626954017/apparmor_3.0.7-1ubuntu1_3.0.7-1ubuntu2.diff.gz
+ 
  INSTALL / UPGRADE LOG
  
- The apt upgrade log is attached in
+ The apt upgrade log is attached in:
+ 
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989309/+attachment/5620824/+files/apparmor-3.0.7-1ubuntu2-apt-upgrade.log
  
  [1] https://wiki.ubuntu.com/Process/Merges/TestPlans/AppArmor
  [2] 
https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989309

Title:
  [FFe] new apparmor features for 3.0.7

Status in apparmor package in Ubuntu:
  New

Bug description:
  We propose two new features for 3.0.7 Apparmor:

  1. parser support for user namespace mediation.

  Since the last kernel update with commit 
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-next=30bce26855c9171f8dee74d93308fd506730c914
  Ubuntu 22.10 mediates user namespaces which allows for confined applications 
to have unprivileged user namespace creation, instead of disabling it 
completely.
  If we want applications to have this ability, then we need to add support on 
the parser, which is a feature we are introducing. Bug 1990064 is an example 
caused by this.

  2. userspace support for posix message queue mediation

  Kernel also has POSIX message queue mediation with commit
  https://git.launchpad.net/~ubuntu-
  kernel/ubuntu/+source/linux/+git/kinetic/commit/?h=master-
  next=44f28e2ccee2000c7da971876dd003d38a8232d8 which indicates that
  if admins want to allow legitimate use of POSIX message queues, then
  they will need the support of userspace tools.

  We are also adding a fix for Bug 1990692 which will make the AppArmor
  profiles for samba to be up to date with upstream.

  TESTING

  This has been extensively tested by the security team - this includes
  following the documented Ubuntu merges test plan[1] for AppArmor and the
  extensive QA Regression Tests[2] for AppArmor as well. This ensures that
  the various applications that make heavy use of AppArmor (LXD, docker,
  lxc, dbus, libvirt, snapd etc) have all been exercised and no regressions
  have been observed. All tests have passed and demonstrated both apparmor
  and the various applications that use it to be working as expected.

  BUILD LOGS

  This is currently uploaded to 
https://launchpad.net/~georgiag/+archive/ubuntu/apparmor-kinetic-ffe, build 
logs can be found on
  Launchpad at:
  https://launchpad.net/~georgiag/+archive/ubuntu/test2/+build/24518253 for 
amd64

  DEBDIFF

  The debdiff can be found in the PPA:
  

[Touch-packages] [Bug 1915471] Re: FFe: base-files update MOTD help text formatting

[Utkarsh Gupta]

Hi Chad,

This was opened on 2021-02-12, I don't think it's still relevant? Should
we close it? Let me know what you think!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to base-files in Ubuntu.
https://bugs.launchpad.net/bugs/1915471

Title:
  FFe: base-files update MOTD help text formatting

Status in base-files package in Ubuntu:
  New

Bug description:
  [Description]
  Provide updated messaging text and formatting for MOTD 10-help-text related 
to text message organization, layout and verbiage.  Minor improvements for 
cleaner formatting of messages greeting ssh attaches to a machine.

  [Rationale]
  MOTD messaging is one of the primary means of communicating to Ubuntu server 
customers, we wish to improve the layout and messaging a bit to polish that 
experience a little bit for Hirsute and later.

  
  [Timeline]
  Current specs are in flight for base-files and update-notifier MOTD changes 
expect that we have final usability doc updates there by beginning of March.

  [Risks]
  Low risk as these changes are text-only formatting and potentially 
color-control characters. Potentially errors in any new partsdir files in 
/etc/update-motd.d/ are trapped and the offending text or invalid shell logic 
is geneally trapped and ignored without affecting other MOTD text

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1915471/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1805115] Re: problem with (ubuntu/cosmic)mawk /^[[:space:]]*

[Utkarsh Gupta]

** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mawk in Ubuntu.
https://bugs.launchpad.net/bugs/1805115

Title:
   problem with (ubuntu/cosmic)mawk /^[[:space:]]*http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
  100 /var/lib/dpkg/status
  ###

  more background @ 
  https://github.com/whiteinge/ok.sh/issues/66# problem with 
(ubuntu/cosmic)mawk /^[[:space:]]*https://api.github.com/repositories/3386088/issues?page=2>; 
rel="next", ; 
rel="last"' | awk '
  BEGIN { RS=", "; FS="; "; OFS=": " }
  {
  sub(/^rel="/, "", $2); sub(/"$/, "", $2)
  sub(/^ *$/, "", $1)
  print "Link_" $2, $1
  }'
  Link_next: https://api.github.com/repositories/3386088/issues?page=2
  Link_last: https://api.github.com/repositories/3386088/issues?page=33
  -

  fails using [[:space:]]
  eg
  -
  printf %s '; 
rel="next", ; 
rel="last"' | awk '
  BEGIN { RS=", "; FS="; "; OFS=": " }
  {
  sub(/^rel="/, "", $2); sub(/"$/, "", $2)
  sub(/^[[:space:]]*$/, "", $1)
  print "Link_" $2, $1
  }'
  Link_next: 

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

[Utkarsh Gupta]

Since Xenial has reached its end of standard support period, I'm marking
this as Won't Fix.

** Changed in: cyrus-sasl2 (Ubuntu Xenial)
   Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/827151

Title:
  Annoying log message "DIGEST-MD5 common mech free"

Status in Cyrus-sasl2:
  Fix Released
Status in cyrus-sasl2 package in Ubuntu:
  Fix Released
Status in cyrus-sasl2 source package in Trusty:
  Won't Fix
Status in cyrus-sasl2 source package in Xenial:
  Won't Fix
Status in cyrus-sasl2 source package in Yakkety:
  Fix Released
Status in cyrus-sasl2 source package in Focal:
  Triaged
Status in cyrus-sasl2 source package in Impish:
  Triaged
Status in cyrus-sasl2 source package in Jammy:
  Triaged
Status in cyrus-sasl2 package in Debian:
  Fix Released

Bug description:
  I recently updated the libsasl2-modules to 
2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu1 in oneiric.
  That triggered the bug also described in Debian here: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631932

  The annoying message is logged in auth.log. In my case, it is associated with 
svnserve:
  svnserve: DIGEST-MD5 common mech free

  I'm not exactly sure what action triggers the message, but I can
  investigate more if required.

  $ lsb_release -rd
  Description:Ubuntu oneiric (development branch)
  Release:11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/cyrus-sasl2/+bug/827151/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()

[Utkarsh Gupta]

Hi Shyam,

Thank you for testing this out. Marking the same.

** Tags removed: verification-needed-focal verification-needed-impish
** Tags added: verification-done-focal verification-done-impish

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to keyutils in Ubuntu.
https://bugs.launchpad.net/bugs/1962453

Title:
  Apply default TTL to records obtained from getaddrinfo()

Status in keyutils package in Ubuntu:
  Fix Released
Status in keyutils source package in Bionic:
  Fix Released
Status in keyutils source package in Focal:
  Fix Committed
Status in keyutils source package in Impish:
  Fix Committed
Status in keyutils source package in Jammy:
  Fix Released

Bug description:
  [Impact]
  

  There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for
  DNS resolution. The keyutils package contains the userspace utility to
  update the kernel keyring with the DNS mapping to IP address. Prior to
  1.6.2, this utility may erroneously set unlimited lifetime for this
  keyring in the kernel.

  [Test plan]
  ===

  1. Create a file share on an SMB server (can be a samba server) with
  two IP addresses. Make sure that FQDN of the server resolves to one of
  these addresses.

  2. mount the created share on the cifs client using the FQDN for the
  server. Make sure that the mount point is accessible.

  3. Using the ss command on the client, to kill the sockets that
  connect to the server: sudo ss -K dport :445

  4. Now update the DNS entry to make sure that the server FQDN now
  resolves to the second IP address of the server. Make sure that
  nslookup on the client now resolves to the new IP address.

  5. Repeat step 3 to kill the sockets that connect to server to force
  re-connection again.

  Without the fix, after step 5, with the "ss -t" command, you'll see
  that the client has reconnected to the old IP address, even when DNS
  lookups return the new IP.

  With the fix (after a reboot of the client machine to make sure that
  kernel keys are refreshed), you'll see that the client reconnects to
  the new IP address.

  The bug is due to unlimited lifetime set by key.dns_resolver (which is
  part of keyutils package). As a result, even if IP address for the DNS
  entries change, the kernel filesystems would continue to use old IP
  address, due to the cached keys. This issue causes clients to
  misbehave when Azure Files service endpoints move to a different
  cluster.

  [Where problems could occur]
  

  Address records obtained from getaddrinfo() don't come with any TTL
  information, even if they're obtained from the DNS, so if someone is
  relying on this particularly, might face some problem/regression but I
  don't think they would face that as it would still be highly
  configurable.

  [Other information]
  ===

  This request is essentially from one of our cloud partners and they're
  highly affected by this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()

[Utkarsh Gupta]

Hi Seb,

Fixed that. And yes, it's already fixed in Jammy. See the first comment.
:)

** Also affects: keyutils (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Changed in: keyutils (Ubuntu Jammy)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to keyutils in Ubuntu.
https://bugs.launchpad.net/bugs/1962453

Title:
  Apply default TTL to records obtained from getaddrinfo()

Status in keyutils package in Ubuntu:
  Fix Released
Status in keyutils source package in Bionic:
  Fix Released
Status in keyutils source package in Focal:
  Incomplete
Status in keyutils source package in Impish:
  Incomplete
Status in keyutils source package in Jammy:
  Fix Released

Bug description:
  [Impact]
  

  There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for
  DNS resolution. The keyutils package contains the userspace utility to
  update the kernel keyring with the DNS mapping to IP address. Prior to
  1.6.2, this utility may erroneously set unlimited lifetime for this
  keyring in the kernel.

  [Test plan]
  ===

  1. Create a file share on an SMB server (can be a samba server) with
  two IP addresses. Make sure that FQDN of the server resolves to one of
  these addresses.

  2. mount the created share on the cifs client using the FQDN for the
  server. Make sure that the mount point is accessible.

  3. Using the ss command on the client, to kill the sockets that
  connect to the server: sudo ss -K dport :445

  4. Now update the DNS entry to make sure that the server FQDN now
  resolves to the second IP address of the server. Make sure that
  nslookup on the client now resolves to the new IP address.

  5. Repeat step 3 to kill the sockets that connect to server to force
  re-connection again.

  Without the fix, after step 5, with the "ss -t" command, you'll see
  that the client has reconnected to the old IP address, even when DNS
  lookups return the new IP.

  With the fix (after a reboot of the client machine to make sure that
  kernel keys are refreshed), you'll see that the client reconnects to
  the new IP address.

  The bug is due to unlimited lifetime set by key.dns_resolver (which is
  part of keyutils package). As a result, even if IP address for the DNS
  entries change, the kernel filesystems would continue to use old IP
  address, due to the cached keys. This issue causes clients to
  misbehave when Azure Files service endpoints move to a different
  cluster.

  [Where problems could occur]
  

  Address records obtained from getaddrinfo() don't come with any TTL
  information, even if they're obtained from the DNS, so if someone is
  relying on this particularly, might face some problem/regression but I
  don't think they would face that as it would still be highly
  configurable.

  [Other information]
  ===

  This request is essentially from one of our cloud partners and they're
  highly affected by this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1971296] Re: Merge net-tools from Debian unstable for kinetic

[Utkarsh Gupta]

** Changed in: net-tools (Ubuntu)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to net-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1971296

Title:
  Merge net-tools from Debian unstable for kinetic

Status in net-tools package in Ubuntu:
  Incomplete

Bug description:
  Upstream: tbd
  Debian:   1.60+git20181103.0eebece-1
  Ubuntu:   1.60+git20181103.0eebece-1ubuntu5


  
  ### New Debian Changes ###

  net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium

* New upstream version 1.60+git20181103.0eebece
  - Fix nstrcmp() to prevent ifconfig from showing
duplicate interfaces. (Closes: #812886)
* Fix d/watch to point to upstream git repository
* Add patch to fix decoding of MII vendor ids. (Closes: #549397)
  - Thanks, Ben Hutchings, for the patch.
* Add patch to fix Japanese translation which uses a wrong
  Kanji character. (Closes: #621752)
  - Thanks, Takeshi Hamasaki, for the patch.
* Add patch to fix wrong indentation of 'collisions' in  the
  Japanese translation. (Closes: #653117)
  - Thanks, NODA, Kai, for the patch.
* Fix Uploaders' field.
  - Add myself as an uploader.
  - Fix Tina's details.

   -- Utkarsh Gupta   Fri, 02 Oct 2020 15:01:04
  +0530

  net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium

* New upstream snapshot
* Refresh patches.
* Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and
  Dr. Tobias Quathamer for the patch. Closes: #900962.

   -- Martín Ferrari   Mon, 24 Sep 2018 19:08:57
  +

  net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium

* Update maintainer email address. Closes: #899617.
* Update Standards-Version with no changes.

   -- Martín Ferrari   Mon, 24 Sep 2018 17:16:31
  +

  net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium

* debian/control: Update Vcs-* and Standards-Version.
* debian/control: remove references to ancient package ja-trans.
* debian/gbp.conf: Update repo layout.

   -- Martín Ferrari   Tue, 31 Jul 2018 19:09:00
  +

  net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium

* Fix typo in French manpage. Thanks to  Michel Grigaut for the patch.
* Add manpage for iptunnel, thanks to Sergio Durigan Junior.
  Closes: #88910
* Rename patches so CME does not choke on them.
* Automated cme fixes; packaging improvements.
* Remove unused and ancient patch.

   -- Martín Ferrari   Sun, 11 Feb 2018 17:29:24
  +

  net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium

* New upstream snapshot.
* Re-synced translations.patch.
* Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the
  fixes and uploads. Closes: 846509.
* Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561.
  + Really assign CC for cross compilation.
  + Use triplet prefixed pkg-config.
* Add debian/NEWS warning about changing output in net-tools commands.
  Closing bugs that reported problems in 3rd-party scripts arising from 
these
  changes.  Closes: #845153, #843892, #820212.
* Update Standards-Version, with no changes.

   -- Martín Ferrari   Mon, 26 Dec 2016 05:58:42
  +

  net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium

* Non-maintainer upload.
* Apply an additional fix for the previous FTBFS for some architectures.

   -- Andrey Rahmatullin   Thu, 01 Dec 2016 22:49:27
  +0500

  net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium

* Non-maintainer upload.
* Fix FTBFS by applying the upstream patch (Closes: #844073).

   -- Andrey Rahmatullin   Sun, 20 Nov 2016 15:23:12
  +0500

  net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium

[ Laurent Bigonville ]
* Enable SELinux support. Closes: #666204.

[ Martín Ferrari ]
* Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière
  . Closes: #752584.
* Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com.
  Closes: #805377.

   -- Martín Ferrari   Thu, 19 Nov 2015 14:48:47
  +

  net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium


  
  ### Old Ubuntu Delta ###

  net-tools (1.60+git20181103.0eebece-1ubuntu5) jammy; urgency=high

* No change rebuild for ppc64el baseline bump.

   -- Julian Andres Klode   Thu, 24 Mar 2022
  17:20:48 +0100

  net-tools (1.60+git20181103.0eebece-1ubuntu4) jammy; urgency=low

* Add new DEP8 tests for hostname and ifconfig (LP: #1679346):
  - d/t/control: add hostname-set-get and ifconfig-lo-info
  - d/t/hostname-set-get: new test
  - d/t/ifconfig-lo-info: new test

   -- Lena Voytek   Fri, 22 Oct 2021 07:49:06
  -0700

  net-tools (1.60+git20181103.0eebece-1ubuntu3) impish; urgency=medium

* No-change rebuild to build packages with z

[Touch-packages] [Bug 1971280] Re: Merge heimdal from Debian unstable for kinetic

[Utkarsh Gupta]

** Changed in: heimdal (Ubuntu)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/1971280

Title:
  Merge heimdal from Debian unstable for kinetic

Status in heimdal package in Ubuntu:
  Incomplete

Bug description:
  Upstream: tbd
  Debian:   7.7.0+dfsg-3
  Ubuntu:   7.7.0+dfsg-3ubuntu1


  
  ### New Debian Changes ###

  heimdal (7.7.0+dfsg-3) unstable; urgency=high

* Fix CVE-2021-3671: A null pointer de-reference was found in the way
  samba kerberos server handled missing sname in TGS-REQ. Closes: #996586.
* Fix autoconf 2.7 issues.

   -- Brian May   Wed, 17 Nov 2021 12:12:45 +1100

  heimdal (7.7.0+dfsg-2) unstable; urgency=medium

* Build using python3. Closes: #936695, #960032.

   -- Brian May   Tue, 12 May 2020 06:56:04 +1000

  heimdal (7.7.0+dfsg-1) unstable; urgency=medium

* New upstream version.
* Fix CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction
  was not being applied when processing protocol
  transition requests (S4U2Self), in the AD DC KDC. Closes: #946786.

   -- Brian May   Tue, 17 Dec 2019 20:23:41 +1100

  heimdal (7.5.0+dfsg-3) unstable; urgency=high

* CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum.
  Closes: #928966.
* CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT.
  Closes: #929064.
* Update test certificates to pre 2038 expiry. Closes: #923930.

   -- Brian May   Tue, 21 May 2019 18:04:35 +1000

  heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium

* Non-maintainer upload
* Add patch to create headers before building (Closes: 906623)

   -- Hilko Bengen   Sun, 28 Oct 2018 15:10:44 +0100

  heimdal (7.5.0+dfsg-2) unstable; urgency=medium

* Replace 'MAXHOSTNAMELEN' with 'MaxHostNameLen' in kdc/kx509.c for The
  Hurd. Closes: #900079.

   -- Brian May   Sat, 02 Jun 2018 10:01:46 +1000

  heimdal (7.5.0+dfsg-1) unstable; urgency=high

* New upstream version. (Closes: #850723)
  + CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.4
(Closes: #878144, #868157)
  + Refresh patches.
* Bump Standards-Version to 4.1.2 and compat level to 10.
  + Remove explicit reference to dh-autoreconf.
* Use uscan to get orig source.
  + Refrain from mangling some bundled RFC texts;
just exclude the mas they are not installed into any binary anyway.
  + Update d/copyright to DEP-5.
  + Can now use standard uscan/gbp/pristine-tar workflow.
* Fix some lintian errors/warnings.
  + Strip trailing whitespace from changelog.
  + Fix some duplicate long descriptions.
  + Use optional priority everywhere.
  + Update/remove some overrides.
  + Enforce set -e in maintainer scripts.
  + Enable hardening.
* Migrate to -dbgsym.
* Add myself to uploaders.

   -- Dominik George   Fri, 15 Dec 2017 01:13:04
  +0100

  heimdal (7.4.0.dfsg.1-2) unstable; urgency=medium

[ Jelmer Vernooij ]
* Remove myself from uploaders.

[ Brian May ]
* Be explicit with heimdal.mkey filename in postinst. Closes: #868638.
* Tests should respect DEB_BUILD_OPTIONS=nocheck.  Closes: #868842.

   -- Brian May   Sun, 23 Jul 2017 10:32:34 +1000

  heimdal (7.4.0.dfsg.1-1) unstable; urgency=high

* New upstream version.
* Update standards version to 4.0.0.
* CVE-2017-11103: Fix Orpheus' Lyre KDC-REP service name validation.
  (Closes: #868208).

   -- Brian May   Sat, 15 Jul 2017 19:47:32 +1000

  heimdal (7.1.0+dfsg-13) unstable; urgency=medium

* Add missing symbols base64_decode and base64_encode back into
  libroken. Closes: #848694.

   -- Brian May   Wed, 26 Apr 2017 19:38:20 +1000

  heimdal (7.1.0+dfsg-12) unstable; urgency=high


  ### Old Ubuntu Delta ###

  heimdal (7.7.0+dfsg-3ubuntu1) jammy; urgency=medium

* Merge with Debian unstable (LP: #1946860). Remaining changes:
  - Disable lto, to regain dep on roken, otherwise dependencies on amd64
are different to i386 resulting in different files on amd64 and
i386. LP #1934936
  - Remove symbol rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
(LP #1945787)

   -- Andreas Hasenack   Wed, 08 Dec 2021
  18:02:13 -0300

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1971280/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()

[Utkarsh Gupta]

Hi Shyam, I am closer to getting this to work on 22.04 (22.10 should be
easier once we've sorted out 22.04). I'll be off this week (tomorrow
onward!) and will definitely have something for you by the next week.
Let me know if you have any questions or concerns. TIA. \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to keyutils in Ubuntu.
https://bugs.launchpad.net/bugs/1962453

Title:
  Apply default TTL to records obtained from getaddrinfo()

Status in keyutils package in Ubuntu:
  Fix Released
Status in keyutils source package in Bionic:
  Fix Released
Status in keyutils source package in Focal:
  Incomplete
Status in keyutils source package in Impish:
  Incomplete

Bug description:
  [Impact]
  

  There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for
  DNS resolution. The keyutils package contains the userspace utility to
  update the kernel keyring with the DNS mapping to IP address. Prior to
  1.6.2, this utility may erroneously set unlimited lifetime for this
  keyring in the kernel.

  [Test plan]
  ===

  1. Create a file share on an SMB server (can be a samba server) with
  two IP addresses. Make sure that FQDN of the server resolves to one of
  these addresses.

  2. mount the created share on the cifs client using the FQDN for the
  server. Make sure that the mount point is accessible.

  3. Using the ss command on the client, to kill the sockets that
  connect to the server: sudo ss -K dport :445

  4. Now update the DNS entry to make sure that the server FQDN now
  resolves to the second IP address of the server. Make sure that
  nslookup on the client now resolves to the new IP address.

  5. Repeat step 3 to kill the sockets that connect to server to force
  re-connection again.

  Without the fix, after step 5, with the "ss -t" command, you'll see
  that the client has reconnected to the old IP address, even when DNS
  lookups return the new IP.

  With the fix (after a reboot of the client machine to make sure that
  kernel keys are refreshed), you'll see that the client reconnects to
  the new IP address.

  The bug is due to unlimited lifetime set by key.dns_resolver (which is
  part of keyutils package). As a result, even if IP address for the DNS
  entries change, the kernel filesystems would continue to use old IP
  address, due to the cached keys. This issue causes clients to
  misbehave when Azure Files service endpoints move to a different
  cluster.

  [Where problems could occur]
  

  Address records obtained from getaddrinfo() don't come with any TTL
  information, even if they're obtained from the DNS, so if someone is
  relying on this particularly, might face some problem/regression but I
  don't think they would face that as it would still be highly
  configurable.

  [Other information]
  ===

  This request is essentially from one of our cloud partners and they're
  highly affected by this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1955347] Re: rsync works bad with encfs now

[Utkarsh Gupta]

Hello,

> [...] I don't know why there is this new problem on my
> machine, but it is not because of the new version of
> rsync. So, I think we can close the report.

Indeed, this doesn't look like a bug in the package itself so marking
this as "Invalid". But that said, from your logs..

> rsync: readlink_stat("/home/toto/Directory_to_save/Crypt")
> failed: Permission denied (13)

This looks like you don't have the correct (write) permission to where
you're trying to do this. I suggest trying to look there and fix the
permission and re-try again?

** Changed in: rsync (Ubuntu)
   Status: Incomplete => Opinion

** Changed in: rsync (Ubuntu)
   Status: Opinion => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1955347

Title:
  rsync works bad with encfs now

Status in rsync package in Ubuntu:
  Invalid

Bug description:
  Hello,
  I think rsync works bad with encfs now.

  When root uses it, rsync cannot read a directory encrypted with encfs
  by a user. More precisely, it cannot read the mounted directory, the
  virtual one where the user can read the datas.

  Until now there was only a warning like this
  "rsync: readlink_stat("/home/claude/Documents_chiffres") failed:
  Permission denied (13)"
  and the software went on working (only ignoring the content of the mounted 
directory and of course without saving this content)

  But recently there is this more:
  "IO error encountered -- skipping file deletion"
  and because of this "skipping file deletion", the software can't work 
normally. The destination gets bigger more and more because the deleted files 
in the source are not deleted in the destination.

  Thanks for reading me.
  rsync 3.1.3-8ubuntu0.1
  Description:Ubuntu 20.04.3 LTS
  Release:20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1955347/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1962453] Re: Apply default TTL to records obtained from getaddrinfo()

[Utkarsh Gupta]

Hi Shyam,

Thank you for testing this out. I'll mark the same.

For 22.04 and 22.10, I was waiting on your tests as your comment #6 had
got me worried a bit. I'll start working on the backports now and I'll
have some news by the end of the week. TIA.

** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to keyutils in Ubuntu.
https://bugs.launchpad.net/bugs/1962453

Title:
  Apply default TTL to records obtained from getaddrinfo()

Status in keyutils package in Ubuntu:
  Fix Released
Status in keyutils source package in Bionic:
  Fix Committed
Status in keyutils source package in Focal:
  Incomplete
Status in keyutils source package in Impish:
  Incomplete

Bug description:
  [Impact]
  

  There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for
  DNS resolution. The keyutils package contains the userspace utility to
  update the kernel keyring with the DNS mapping to IP address. Prior to
  1.6.2, this utility may erroneously set unlimited lifetime for this
  keyring in the kernel.

  [Test plan]
  ===

  1. Create a file share on an SMB server (can be a samba server) with
  two IP addresses. Make sure that FQDN of the server resolves to one of
  these addresses.

  2. mount the created share on the cifs client using the FQDN for the
  server. Make sure that the mount point is accessible.

  3. Using the ss command on the client, to kill the sockets that
  connect to the server: sudo ss -K dport :445

  4. Now update the DNS entry to make sure that the server FQDN now
  resolves to the second IP address of the server. Make sure that
  nslookup on the client now resolves to the new IP address.

  5. Repeat step 3 to kill the sockets that connect to server to force
  re-connection again.

  Without the fix, after step 5, with the "ss -t" command, you'll see
  that the client has reconnected to the old IP address, even when DNS
  lookups return the new IP.

  With the fix (after a reboot of the client machine to make sure that
  kernel keys are refreshed), you'll see that the client reconnects to
  the new IP address.

  The bug is due to unlimited lifetime set by key.dns_resolver (which is
  part of keyutils package). As a result, even if IP address for the DNS
  entries change, the kernel filesystems would continue to use old IP
  address, due to the cached keys. This issue causes clients to
  misbehave when Azure Files service endpoints move to a different
  cluster.

  [Where problems could occur]
  

  Address records obtained from getaddrinfo() don't come with any TTL
  information, even if they're obtained from the DNS, so if someone is
  relying on this particularly, might face some problem/regression but I
  don't think they would face that as it would still be highly
  configurable.

  [Other information]
  ===

  This request is essentially from one of our cloud partners and they're
  highly affected by this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/keyutils/+bug/1962453/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1960736] Re: Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly ( NSS error code: -8018 )

[Utkarsh Gupta]

Hello,

Thanks for filing this bug and helping us get better. I tried to take a
look into this but I can't seem to be able to reproduce this. Do you
have a set of steps so that I can reproduce this, maybe?

Without being able to reproduce the above issue, I am not sure how much
I/we might be able to help but we try our best. :)

Let us know the same and please change the status of the bug to "New"
again once you do that and we'll be happy to take a look again! \o/

** Changed in: nss (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1960736

Title:
  Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly  ( NSS
  error code: -8018 )

Status in nss package in Ubuntu:
  Incomplete

Bug description:
  I've got the issue with Google Chrome not recognizing any of SSL/TSL 
certificates as trusted. When I look into certificate checksums it's renders 
all bytes of it as NULL bytes. I'm aware Google Chrome is proprietary but it 
depends on ubuntu provided libnss3-package. And libnss provides very nigmatic 
error code -8018:
  `/opt/google/chrome$ google-chrome
  [23391:23426:0213/133531.202486:ERROR:nss_util.cc(286)] After loading Root 
Certs, loaded==false: NSS error code: -8018
  [23434:23434:0213/133531.266711:ERROR:sandbox_linux.cc(377)] 
InitializeSandbox() called with multiple threads in process gpu-process.
  [23391:23427:0213/133531.313065:ERROR:cert_verify_proc_builtin.cc(681)] 
CertVerifyProcBuiltin for accounts.google.com failed:
  - Certificate i=3 (CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign 
nv-sa,C=BE) -
  ERROR: No matching issuer found

  '
  When trying to enter this particular error code into search engine nothing is 
found. So my suggestion with this bug is to make it more transparent by 
providing information to what happened - it seems other bug codes has better 
error messages. To get SEC_ERROR_UNKNOWN_PKCS11_ERROR string I was force to 
download source code and manually calculate offsets. Another issue is if 
failing to initialize PKCS11 token should make whole SSL/TLS crypto invalid ? 
I'm not sure if this is libnss or Google Chrome issue but it behaves 
differently in Chromium browser with same libnss so I assume either of two is 
doing better - it's worth to review this from security perspective.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: libnss3 2:3.35-2ubuntu2.13
  Uname: Linux 5.10.0-051000rc6-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.27
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Feb 13 13:33:51 2022
  Dependencies:
   gcc-8-base 8.4.0-1ubuntu1~18.04
   libc6 2.27-3ubuntu1.5 [origin: LP-PPA-ubuntu-security-proposed]
   libgcc1 1:8.4.0-1ubuntu1~18.04
   libnspr4 2:4.18-1ubuntu1
   libsqlite3-0 3.22.0-1ubuntu0.4
  InstallationDate: Installed on 2015-05-08 (2473 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=pl_PL.UTF-8
   SHELL=/bin/bash
  SourcePackage: nss
  UpgradeStatus: Upgraded to bionic on 2018-08-26 (1266 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1960736/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1962453] [NEW] Apply default TTL to records obtained from getaddrinfo()

[Utkarsh Gupta]

Public bug reported:

[Impact]


There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for DNS
resolution. The keyutils package contains the userspace utility to
update the kernel keyring with the DNS mapping to IP address. Prior to
1.6.2, this utility may erroneously set unlimited lifetime for this
keyring in the kernel.

[Test plan]
===

1. Create a file share on an SMB server (can be a samba server) with two
IP addresses. Make sure that FQDN of the server resolves to one of these
addresses.

2. mount the created share on the cifs client using the FQDN for the
server. Make sure that the mount point is accessible.

3. Using the ss command on the client, to kill the sockets that connect
to the server: sudo ss -K dport :445

4. Now update the DNS entry to make sure that the server FQDN now
resolves to the second IP address of the server. Make sure that nslookup
on the client now resolves to the new IP address.

5. Repeat step 3 to kill the sockets that connect to server to force re-
connection again.

Without the fix, after step 5, with the "ss -t" command, you'll see that
the client has reconnected to the old IP address, even when DNS lookups
return the new IP.

With the fix (after a reboot of the client machine to make sure that
kernel keys are refreshed), you'll see that the client reconnects to the
new IP address.

The bug is due to unlimited lifetime set by key.dns_resolver (which is
part of keyutils package). As a result, even if IP address for the DNS
entries change, the kernel filesystems would continue to use old IP
address, due to the cached keys. This issue causes clients to misbehave
when Azure Files service endpoints move to a different cluster.

[Where problems could occur]


Address records obtained from getaddrinfo() don't come with any TTL
information, even if they're obtained from the DNS, so if someone is
relying on this particularly, might face some problem/regression but I
don't think they would face that as it would still be highly
configurable.

[Other information]
===

This request is essentially from one of our cloud partners and they're
highly affected by this.

** Affects: keyutils (Ubuntu)
 Importance: Undecided
 Assignee: Utkarsh Gupta (utkarsh)
 Status: In Progress

** Affects: keyutils (Ubuntu Focal)
 Importance: Undecided
 Status: New

** Affects: keyutils (Ubuntu Impish)
 Importance: Undecided
 Status: New

** Also affects: keyutils (Ubuntu Impish)
   Importance: Undecided
   Status: New

** Also affects: keyutils (Ubuntu Focal)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to keyutils in Ubuntu.
https://bugs.launchpad.net/bugs/1962453

Title:
  Apply default TTL to records obtained from getaddrinfo()

Status in keyutils package in Ubuntu:
  In Progress
Status in keyutils source package in Focal:
  New
Status in keyutils source package in Impish:
  New

Bug description:
  [Impact]
  

  There's a strong dependency for cifs.ko (and nfs.ko) on keyutils for
  DNS resolution. The keyutils package contains the userspace utility to
  update the kernel keyring with the DNS mapping to IP address. Prior to
  1.6.2, this utility may erroneously set unlimited lifetime for this
  keyring in the kernel.

  [Test plan]
  ===

  1. Create a file share on an SMB server (can be a samba server) with
  two IP addresses. Make sure that FQDN of the server resolves to one of
  these addresses.

  2. mount the created share on the cifs client using the FQDN for the
  server. Make sure that the mount point is accessible.

  3. Using the ss command on the client, to kill the sockets that
  connect to the server: sudo ss -K dport :445

  4. Now update the DNS entry to make sure that the server FQDN now
  resolves to the second IP address of the server. Make sure that
  nslookup on the client now resolves to the new IP address.

  5. Repeat step 3 to kill the sockets that connect to server to force
  re-connection again.

  Without the fix, after step 5, with the "ss -t" command, you'll see
  that the client has reconnected to the old IP address, even when DNS
  lookups return the new IP.

  With the fix (after a reboot of the client machine to make sure that
  kernel keys are refreshed), you'll see that the client reconnects to
  the new IP address.

  The bug is due to unlimited lifetime set by key.dns_resolver (which is
  part of keyutils package). As a result, even if IP address for the DNS
  entries change, the kernel filesystems would continue to use old IP
  address, due to the cached keys. This issue causes clients to
  misbehave when Azure Files service endpoints move to a different
  cluster.

  [Where problems could occur]
  

  Address records obtained from getaddrinfo() don't come with any TTL

[Touch-packages] [Bug 1958720] Re: python3-yaml and python3-six are not co-installable with python-is-python2 in jammy

[Utkarsh Gupta]

Thank you, Rolf. On a quick look, what you reported appears to be
correct and hopefully the debdiff you added should just resolve the
issue at hand. I'm adding the `server-todo` tag so that someone from the
Server team can take a look at this and sponsor the debdiff for you if
that's all what's need to be done.

Thank you very much!

** Tags added: server-todo

** Changed in: pyyaml (Ubuntu)
   Status: In Progress => Confirmed

** Changed in: pyyaml (Ubuntu)
   Importance: Undecided => High

** Changed in: six (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to six in Ubuntu.
https://bugs.launchpad.net/bugs/1958720

Title:
  python3-yaml and python3-six are not co-installable with python-is-
  python2 in jammy

Status in pyyaml package in Ubuntu:
  Confirmed
Status in six package in Ubuntu:
  Invalid

Bug description:
  The packages python3-yaml and python-is-python2 are not co-installable
  in jammy and I believe they should be.  This currently prevents me
  from upgrading one of my machines from focal to jammy.

  Further analysis with the help of Stefano Rivera revealed that what-
  is-python no longer produces a python-is-python2 package and the
  changelog hints at that being intentional.  Jammy still has a python2
  package, though.

  python3-yaml in jammy breaks on python (<2.7.18).  The python-is-
  python2 package in focal is version 2.7.17-4 and in impish it is
  2.7.18-9 and thus will be forcefully removed when going to jammy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyyaml/+bug/1958720/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1955347] Re: rsync works bad with encfs now

[Utkarsh Gupta]

Hi Claude,

You could provide step-by-step reproducer by mentioning the exact steps
that one could follow to reproduce the bug in a clean environment.

If you could provide steps/commands that I can copy-paste in a Docker or
an LXD container, then that'd really help us and we can take it from
there. \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1955347

Title:
  rsync works bad with encfs now

Status in rsync package in Ubuntu:
  Incomplete

Bug description:
  Hello,
  I think rsync works bad with encfs now.

  When root uses it, rsync cannot read a directory encrypted with encfs
  by a user. More precisely, it cannot read the mounted directory, the
  virtual one where the user can read the datas.

  Until now there was only a warning like this
  "rsync: readlink_stat("/home/claude/Documents_chiffres") failed:
  Permission denied (13)"
  and the software went on working (only ignoring the content of the mounted 
directory and of course without saving this content)

  But recently there is this more:
  "IO error encountered -- skipping file deletion"
  and because of this "skipping file deletion", the software can't work 
normally. The destination gets bigger more and more because the deleted files 
in the source are not deleted in the destination.

  Thanks for reading me.
  rsync 3.1.3-8ubuntu0.1
  Description:Ubuntu 20.04.3 LTS
  Release:20.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1955347/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1946878] Re: Merge net-tools from Debian unstable for 22.04

[Utkarsh Gupta]

** Changed in: net-tools (Ubuntu)
Milestone: ubuntu-21.11 => ubuntu-22.02

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to net-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1946878

Title:
  Merge net-tools from Debian unstable for 22.04

Status in net-tools package in Ubuntu:
  New

Bug description:
  Upstream: 1.60+git20210422.dfc41e0
  Debian:   1.60+git20181103.0eebece-1
  Ubuntu:   1.60+git20181103.0eebece-1ubuntu2

  Debian updates this package infrequently, and last updated it 20.10.
  There is a new upstream version, however, so may be worth going ahead of 
debian and/or updating it in Debian and syncing it.

  ### New Debian Changes ###

  net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium

    * New upstream version 1.60+git20181103.0eebece
  - Fix nstrcmp() to prevent ifconfig from showing
    duplicate interfaces. (Closes: #812886)
    * Fix d/watch to point to upstream git repository
    * Add patch to fix decoding of MII vendor ids. (Closes: #549397)
  - Thanks, Ben Hutchings, for the patch.
    * Add patch to fix Japanese translation which uses a wrong
  Kanji character. (Closes: #621752)
  - Thanks, Takeshi Hamasaki, for the patch.
    * Add patch to fix wrong indentation of 'collisions' in  the
  Japanese translation. (Closes: #653117)
  - Thanks, NODA, Kai, for the patch.
    * Fix Uploaders' field.
  - Add myself as an uploader.
  - Fix Tina's details.

   -- Utkarsh Gupta   Fri, 02 Oct 2020 15:01:04
  +0530

  net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium

    * New upstream snapshot
    * Refresh patches.
    * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and
  Dr. Tobias Quathamer for the patch. Closes: #900962.

   -- Martín Ferrari   Mon, 24 Sep 2018 19:08:57
  +

  net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium

    * Update maintainer email address. Closes: #899617.
    * Update Standards-Version with no changes.

   -- Martín Ferrari   Mon, 24 Sep 2018 17:16:31
  +

  net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium

    * debian/control: Update Vcs-* and Standards-Version.
    * debian/control: remove references to ancient package ja-trans.
    * debian/gbp.conf: Update repo layout.

   -- Martín Ferrari   Tue, 31 Jul 2018 19:09:00
  +

  net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium

    * Fix typo in French manpage. Thanks to  Michel Grigaut for the patch.
    * Add manpage for iptunnel, thanks to Sergio Durigan Junior.
  Closes: #88910
    * Rename patches so CME does not choke on them.
    * Automated cme fixes; packaging improvements.
    * Remove unused and ancient patch.

   -- Martín Ferrari   Sun, 11 Feb 2018 17:29:24
  +

  net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium

    * New upstream snapshot.
    * Re-synced translations.patch.
    * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the
  fixes and uploads. Closes: 846509.
    * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561.
  + Really assign CC for cross compilation.
  + Use triplet prefixed pkg-config.
    * Add debian/NEWS warning about changing output in net-tools commands.
  Closing bugs that reported problems in 3rd-party scripts arising from 
these
  changes.  Closes: #845153, #843892, #820212.
    * Update Standards-Version, with no changes.

   -- Martín Ferrari   Mon, 26 Dec 2016 05:58:42
  +

  net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium

    * Non-maintainer upload.
    * Apply an additional fix for the previous FTBFS for some architectures.

   -- Andrey Rahmatullin   Thu, 01 Dec 2016 22:49:27
  +0500

  net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium

    * Non-maintainer upload.
    * Fix FTBFS by applying the upstream patch (Closes: #844073).

   -- Andrey Rahmatullin   Sun, 20 Nov 2016 15:23:12
  +0500

  net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium

    [ Laurent Bigonville ]
    * Enable SELinux support. Closes: #666204.

    [ Martín Ferrari ]
    * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière
  . Closes: #752584.
    * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com.
  Closes: #805377.

   -- Martín Ferrari   Thu, 19 Nov 2015 14:48:47
  +

  net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium

  ### Old Ubuntu Delta ###

  net-tools (1.60+git20181103.0eebece-1ubuntu2) hirsute; urgency=medium

    * No change rebuild with fixed ownership.

   -- Dimitri John Ledkov   Tue, 16 Feb 2021 15:18:30
  +

  net-tools (1.60+git20181103.0eebece-1ubuntu1) hirsute; urgency=low

    * Merge from Debian unstable.  Remaining changes:
  - Ubuntu_unit_conversion.patch:
    + Ubuntu Policy: output using standard SI unit multiples:
  KB (10^3), MB (10^6), GB (1

[Touch-packages] [Bug 1951454] Re: package openssh-server 1:8.2p1-4ubuntu0.3 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status

[Utkarsh Gupta]

Hi Niranjana,

Thank you for taking the time to file a bug report.

> When I connect a headphone and a speaker via bluetooth and
> select headphone as the output device, the sound is still
> putout from the speaker

Since it seems likely to me that this is a local configuration problem,
rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'.

However, if you believe that this is really a bug in Ubuntu, then we would
be grateful if you would provide a more complete description of the problem
with steps to reproduce, explain why you believe this is a bug in Ubuntu
rather than a problem specific to your system, and then change the bug
status back to "New".

For local configuration issues, you can find assistance here:
http://www.ubuntu.com/support/community

Thank you, once again. \o/

** Changed in: openssh (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1951454

Title:
  package openssh-server 1:8.2p1-4ubuntu0.3 failed to install/upgrade:
  installed openssh-server package post-installation script subprocess
  returned error exit status 1

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  When I connect a headphone and a speaker via bluetooth and select
  headphone as the output device, the sound is still putout from the
  speaker

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.3
  ProcVersionSignature: Ubuntu 5.11.0-40.44~20.04.2-generic 5.11.22
  Uname: Linux 5.11.0-40-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.21
  AptOrdering:
   gir1.2-accountsservice-1.0:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Nov 18 10:16:05 2021
  ErrorMessage: installed openssh-server package post-installation script 
subprocess returned error exit status 1
  InstallationDate: Installed on 2020-05-01 (566 days ago)
  InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
  Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3
   apt  2.0.6
  SSHDConfig:
   Error: command ['/usr/sbin/sshd', '-T'] failed with exit code 255: 
/etc/ssh/sshd_config: line 98: Bad configuration option: ServerAliveInterval
   /etc/ssh/sshd_config: line 99: Bad configuration option: ServerAliveCountMax
   /etc/ssh/sshd_config: terminating, 2 bad configuration options
  SourcePackage: openssh
  Title: package openssh-server 1:8.2p1-4ubuntu0.3 failed to install/upgrade: 
installed openssh-server package post-installation script subprocess returned 
error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1951454/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1950473] Re: SSH keygen, Key enrollment failed: requested feature not supported

[Utkarsh Gupta]

Hi Hveem,

Thanks for letting us know. I am, therefore, closing this bug. \o/

** Changed in: openssh (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1950473

Title:
  SSH keygen, Key enrollment failed: requested feature not supported

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  Bug report:
  lsb_release -a
  No LSB modules are available.
  Distributor ID:   Ubuntu
  Description:  Ubuntu 21.10
  Release:  21.10
  Codename: impish

  uname -r
  5.13.0-21-generic

  Yubikey device: yubikey 5 NFC

  ssh -V
  OpenSSH_8.4p1 Ubuntu-6ubuntu2, OpenSSL 1.1.1l  24 Aug 2021

  Dmesg output:
  21.960057] usb 1-3: new full-speed USB device number 4 using xhci_hcd
  [   22.296859] usb 1-3: New USB device found, idVendor=1050, idProduct=0407, 
bcdDevice= 5.12
  [   22.296869] usb 1-3: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
  [   22.296873] usb 1-3: Product: YubiKey OTP+FIDO+CCID
  [   22.296876] usb 1-3: Manufacturer: Yubico
  [   22.296879] usb 1-3: SerialNumber: 0009031500
  [   22.331164] input: Yubico YubiKey OTP+FIDO+CCID as 
/devices/pci:00/:00:01.3/:02:00.0/usb1/1-3/1-3:1.0/0003:1050:0407.0004/input/input19
  [   22.388838] hid-generic 0003:1050:0407.0004: input,hidraw3: USB HID v1.10 
Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-:02:00.0-3/input0
  [   22.396252] hid-generic 0003:1050:0407.0005: hiddev2,hidraw4: USB HID 
v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-:02:00.0-3/input1

  lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '{print $2}'
  5.12 ( Yubikey firmware )

  Tried with the key pin:
  ssh-keygen -t ed25519-sk -O resident -vvv
  Generating public/private ed25519-sk key pair.
  You may need to touch your authenticator to authorize key generation.
  Enter PIN for authenticator:
  debug3: start_helper: started pid=2678
  debug3: ssh_msg_send: type 5
  debug3: ssh_msg_recv entering
  debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
  debug1: sshsk_enroll: provider "internal", device "(null)", application 
"ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
  debug1: sshsk_enroll: using random challenge
  debug1: sk_probe: 1 device(s) detected
  debug1: sk_probe: selecting sk by touch
  debug1: ssh_sk_enroll: using device /dev/hidraw4
  debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
  debug1: sshsk_enroll: provider "internal" returned failure -2
  debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
  debug1: ssh-sk-helper: reply len 8
  debug3: ssh_msg_send: type 5
  debug1: client_converse: helper returned error -59
  debug3: reap_helper: pid=2678
  Key enrollment failed: requested feature not supported

  Tried with touching the key:
  $ ssh-keygen -t ed25519-sk -O resident -vvv
  Generating public/private ed25519-sk key pair.
  You may need to touch your authenticator to authorize key generation.
  Enter PIN for authenticator:
  debug3: start_helper: started pid=2681
  debug3: ssh_msg_send: type 5
  debug3: ssh_msg_recv entering
  debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
  debug1: sshsk_enroll: provider "internal", device "(null)", application 
"ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
  debug1: sshsk_enroll: using random challenge
  debug1: sk_probe: 1 device(s) detected
  debug1: sk_probe: selecting sk by touch
  debug1: ssh_sk_enroll: using device /dev/hidraw4
  debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
  debug1: sshsk_enroll: provider "internal" returned failure -2
  debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
  debug1: ssh-sk-helper: reply len 8
  debug3: ssh_msg_send: type 5
  debug1: client_converse: helper returned error -59
  debug3: reap_helper: pid=2681
  Key enrollment failed: requested feature not supported

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1950473/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent

[Utkarsh Gupta]

Hello,

All the 2 (for Focal) and 5 (for Hirsute) tests were re-triggered and
are passing now, so there's no real regression. We'll proceed with the
verification from our end shortly. TIA! \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1952421

Title:
  Issue on sshd finds correct private key for a certificate when using
  ssh-agent

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Fix Committed
Status in openssh source package in Hirsute:
  Fix Committed
Status in openssh source package in Impish:
  Fix Committed

Bug description:
  Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254 upstream

  [Impact]

   * HostCertificate and HostKeyAgent are not working together in sshd due 
 to a mismatched certificate's public key and private key. The function `  
`sshkey_equal_public()`` incorrectly compares the certificate's public 
key with a private key, never finding a match. The impact is that sshd 
cannot use said certificate *even though* its private key is indeed in 
ssh-agent.

  * What it should do is compare the certificate's public key with a
  public key in `sensitive_data`.

  * Having this SRU-ed is a direct ask from one of the major cloud partners. 
They are currently using a customised version of the package to work 
around this issue, and we would like them to use a package directly from 
our own archive.

   * Looping through sensitive_data.host_pubkeys[j] *instead* of 
 sensitive_data.host_keys[j] fixes the issue

  [https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936]

  /* Find matching private key */
   for (j = 0; j < options.num_host_key_files; j++) {
    if (sshkey_equal_public(key,
     sensitive_data.host_keys[j])) {
     sensitive_data.host_certificates[j] = key;
  break;
     }
   }

  vs.

  /* Find matching private key */
   for (j = 0; j < options.num_host_key_files; j++) {
    if (sshkey_equal_public(key,
     sensitive_data.host_pubkeys[j])) {
     sensitive_data.host_certificates[j] = key;
  break;
     }
   }
   

  [Test Plan]

   * Due to the empirical nature of this bug, the test is quite straight 
 forward. *Without* the fix, one cannot use certificates to authenticate 
 successfully (e.g. ``sshd -c /path/to/certificate.pem``)
 whereas with the fix (assuming the certificate matches a host key) you 
 can create a channel.
 
  [Where problems could occur]

   * This has already been fixed both upstream and in Jammy without issue. 
 However, if a regression where to happen it would probably be in one of 
 two ways:
   
   * A dependency/reverse-dependency issue stemming from the version 
 bump that will happen if this fix is ported. We mitigate this risk 
 by testing for these exact types of regression, 
 and by selecting carefully what to label this new version.
 
   * Accidentally breaking a set up that was made to work around this 
 bug in the first place. The risk of this is lower, as the most 
 likely fix is the one being implemented here anyway.  Though
 to mitigate this more we can describe exactly what is happening 
 with the fix in the changelog.

  
  This affects every version of openssh back until Focal, at least.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent

[Utkarsh Gupta]

** Changed in: openssh (Ubuntu Impish)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

** Changed in: openssh (Ubuntu Hirsute)
 Assignee: (unassigned) => Chloé Smith (kajiya)

** Changed in: openssh (Ubuntu Focal)
 Assignee: (unassigned) => Chloé Smith (kajiya)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1952421

Title:
  Issue on sshd finds correct private key for a certificate when using
  ssh-agent

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  New
Status in openssh source package in Hirsute:
  New
Status in openssh source package in Impish:
  New

Bug description:
  Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254 upstream

  [Impact]

   * HostCertificate and HostKeyAgent are not working together in sshd due 
 to a mismatched certificate's public key and private key. The function `  
`sshkey_equal_public()`` incorrectly compares the certificate's public 
key with a private key, never finding a match. The impact is that sshd 
cannot use said certificate *even though* its private key is indeed in 
ssh-agent.

  * What it should do is compare the certificate's public key with a
  public key in `sensitive_data`.

  * Having this SRU-ed is a direct ask from one of the major cloud partners. 
They are currently using a customised version of the package to work 
around this issue, and we would like them to use a package directly from 
our own archive.

   * Looping through sensitive_data.host_pubkeys[j] *instead* of 
 sensitive_data.host_keys[j] fixes the issue

  [https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936]

  /* Find matching private key */
   for (j = 0; j < options.num_host_key_files; j++) {
    if (sshkey_equal_public(key,
     sensitive_data.host_keys[j])) {
     sensitive_data.host_certificates[j] = key;
  break;
     }
   }

  vs.

  /* Find matching private key */
   for (j = 0; j < options.num_host_key_files; j++) {
    if (sshkey_equal_public(key,
     sensitive_data.host_pubkeys[j])) {
     sensitive_data.host_certificates[j] = key;
  break;
     }
   }
   

  [Test Plan]

   * Due to the empirical nature of this bug, the test is quite straight 
 forward. *Without* the fix, one cannot use certificates to authenticate 
 successfully (e.g. ``sshd -c /path/to/certificate.pem``)
 whereas with the fix (assuming the certificate matches a host key) you 
 can create a channel.
 
  [Where problems could occur]

   * This has already been fixed both upstream and in Jammy without issue. 
 However, if a regression where to happen it would probably be in one of 
 two ways:
   
   * A dependency/reverse-dependency issue stemming from the version 
 bump that will happen if this fix is ported. We mitigate this risk 
 by testing for these exact types of regression, 
 and by selecting carefully what to label this new version.
 
   * Accidentally breaking a set up that was made to work around this 
 bug in the first place. The risk of this is lower, as the most 
 likely fix is the one being implemented here anyway.  Though
 to mitigate this more we can describe exactly what is happening 
 with the fix in the changelog.

  
  This affects every version of openssh back until Focal, at least.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent

[Utkarsh Gupta]

** Also affects: openssh (Ubuntu Impish)
   Importance: Undecided
   Status: New

** Also affects: openssh (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: openssh (Ubuntu Hirsute)
   Importance: Undecided
   Status: New

** Changed in: openssh (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1952421

Title:
  Issue on sshd finds correct private key for a certificate when using
  ssh-agent

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  New
Status in openssh source package in Hirsute:
  New
Status in openssh source package in Impish:
  New

Bug description:
  Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254
  upstream:

  Please take a look at line 1936 in main() function in sshd.c.

  /* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key,
sensitive_data.host_keys[j])) {
sensitive_data.host_certificates[j] = key;
break;
}
}

  the sshkey_equal_public() is trying to compare a cert's pub with a private 
key, and it never find a match which makes sshd cannot use this certificate 
even though its private key is in ssh-agent.
  I believe it should be comparing a cert's public key with a public key in 
sensitive_data as follow.

  /* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key,
sensitive_data.host_pubkeys[j])) {
sensitive_data.host_certificates[j] = key;
break;
}
}

  https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936

  Due to this HostCertificate and HostKeyAgent not working together in
  sshd and this affects every version of openssh back till Focal, at
  least.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1952421] [NEW] Issue on sshd finds correct private key for a certificate when using ssh-agent

[Utkarsh Gupta]

Public bug reported:

Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254 upstream:

Please take a look at line 1936 in main() function in sshd.c.

/* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key,
sensitive_data.host_keys[j])) {
sensitive_data.host_certificates[j] = key;
break;
}
}

the sshkey_equal_public() is trying to compare a cert's pub with a private key, 
and it never find a match which makes sshd cannot use this certificate even 
though its private key is in ssh-agent.
I believe it should be comparing a cert's public key with a public key in 
sensitive_data as follow.

/* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key,
sensitive_data.host_pubkeys[j])) {
sensitive_data.host_certificates[j] = key;
break;
}
}

https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936

Due to this HostCertificate and HostKeyAgent not working together in
sshd and this affects every version of openssh back till Focal, at
least.

** Affects: openssh (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1952421

Title:
  Issue on sshd finds correct private key for a certificate when using
  ssh-agent

Status in openssh package in Ubuntu:
  New

Bug description:
  Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254
  upstream:

  Please take a look at line 1936 in main() function in sshd.c.

  /* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key,
sensitive_data.host_keys[j])) {
sensitive_data.host_certificates[j] = key;
break;
}
}

  the sshkey_equal_public() is trying to compare a cert's pub with a private 
key, and it never find a match which makes sshd cannot use this certificate 
even though its private key is in ssh-agent.
  I believe it should be comparing a cert's public key with a public key in 
sensitive_data as follow.

  /* Find matching private key */
for (j = 0; j < options.num_host_key_files; j++) {
if (sshkey_equal_public(key,
sensitive_data.host_pubkeys[j])) {
sensitive_data.host_certificates[j] = key;
break;
}
}

  https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936

  Due to this HostCertificate and HostKeyAgent not working together in
  sshd and this affects every version of openssh back till Focal, at
  least.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1948357] Re: sshd have no USER_LOGOUT audit event

[Utkarsh Gupta]

Hello,

Thank you for taking the time to file out this bug. As I see, the report
is correct and we could indeed use the same patch that Fedora/RH uses.
Maybe, while at it also forward this bug report to Debian (and if
possible, attach the fixing patch that fixes this)?

That said, I'm marking this as server-next so someone can TAL at this
and get this fixed for 22.04 release, at least. We can later see if it's
worth SRU'ing back to older releases or not.

Let me know if you have any questions or concerns. TIA!

** Changed in: openssh (Ubuntu)
   Status: Confirmed => Triaged

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Medium

** Tags added: server-next server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1948357

Title:
  sshd have no USER_LOGOUT audit event

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  ubuntu 18.04

  lizj@FNSTPC:~$ sudo aureport -e -i --summary | grep USER
  43241  USER_END
  16946  USER_START
  16718  USER_ACCT
  658  USER_AUTH
  543  USER_CMD
  255  USER_LOGIN
  9  USER_ROLE_CHANGE
  5  USER_ERR
  2  USER_CHAUTHTOK
  1  ADD_USER
  lizj@FNSTPC:~/.local/bin$ dpkg -l | grep openssh
  ii  openssh-client1:7.6p1-4ubuntu0.5  
amd64secure shell (SSH) client, for secure 
access to remote machines
  ii  openssh-server1:7.6p1-4ubuntu0.5  
amd64secure shell (SSH) server, for secure 
access from remote machines
  ii  openssh-sftp-server   1:7.6p1-4ubuntu0.5  
amd64secure shell (SSH) sftp server module, for 
SFTP access from remote machines
  lizj@FNSTPC:~/.local/bin$ lsb_release -a
  No LSB modules are available.
  Distributor ID:   Ubuntu
  Description:  Ubuntu 18.04.6 LTS
  Release:  18.04
  Codename: bionic

  
  while in my fedora 33 host, it includes USER_LOGOUT as below

  fedora 33
  [root@iaas-rpma linux]# aureport -e -i --summary | grep USER
  7356  CRYPTO_KEY_USER
  2103  USER_START
  1649  USER_END
  1268  USER_ACCT
  1108  USER_ROLE_CHANGE
  1029  USER_AUTH
  895  USER_LOGIN
  789  USER_LOGOUT
  60  USER_CMD
  14  USER_ERR
  3  USER_MGMT
  3  USER_CHAUTHTOK
  1  ADD_USER
  [root@iaas-rpma ~]# rpm -qa | grep openssh
  openssh-8.4p1-1.1.fc33.x86_64
  openssh-clients-8.4p1-1.1.fc33.x86_64
  openssh-server-8.4p1-1.1.fc33.x86_64

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1948357/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1934501] Re: CVE-2018-15473 patch introduce user enumeration vulnerability

[Utkarsh Gupta]

Thanks, Kazza. That certainly helped. I also had a word with Marc and we
reached to the conclusion that Stretch isn't affected with this
backporting problem.

Thanks, again! \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1934501

Title:
  CVE-2018-15473 patch introduce user enumeration vulnerability

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  I was recently using a 18.04 machine and noticed that the result of
  connecting to ssh with an arbitrary public key varied depending if the
  user was valid.

  After some investigation, it appears to only be present when
  CVE-2018-15473.patch has been applied.

  Directly pulling a 18.04 docker image and installing openssh server
  (currently 1:7.6p1-4ubuntu0.3) results in a trivial user enumeration
  vulnerability in the default config.

  Below shows the setup of environment:

  $ docker pull ubuntu:18.04
  18.04: Pulling from library/ubuntu
  Digest: 
sha256:139b3846cee2e63de9ced83cee7023a2d95763ee2573e5b0ab6dea9dfbd4db8f
  Status: Image is up to date for ubuntu:18.04
  docker.io/library/ubuntu:18.04
  $ docker run -t -i --rm  -e TERM=${TERM}  ubuntu:18.04
  root@75569fbf0b03:/# apt update
  ...snip...
  root@75569fbf0b03:/# apt install openssh-server
  ...snip...
  root@75569fbf0b03:/# dpkg-query -l openssh\*
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name Version   
Architecture  Description
  
+++--=-=-=
  ii  openssh-client   1:7.6p1-4ubuntu0.3amd64  
   secure shell (SSH) client, for secure access to remote 
machines
  ii  openssh-server   1:7.6p1-4ubuntu0.3amd64  
   secure shell (SSH) server, for secure access from remote 
machines
  ii  openssh-sftp-server  1:7.6p1-4ubuntu0.3amd64  
   secure shell (SSH) sftp server module, for SFTP access from 
remote machines
  root@75569fbf0b03:/# mkdir /run/sshd
  root@75569fbf0b03:/# /usr/sbin/sshd -D

  Then to perform user enumeration, connecting with a public key results in 
user enumeration:
  * in the following id_rsa-dummy.pub is removed as it slightly changes message 
flow
  * I have not checked different versions of the ssh client

  $ ssh -V
  OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020

  $ ssh-keygen -t rsa -C dummy -P '' -f id_rsa-dummy
  $ rm id_rsa-dummy.pub

  $ ssh -i id_rsa-dummy invalid@172.17.0.2
  Connection closed by 172.17.0.2 port 22

  $ ssh -i id_rsa-dummy root@172.17.0.2
  root@172.17.0.2's password: 

  That is, when invalid users are provided to public key auth the
  connection is closed by the server. Otherwise, it will move onto the
  next auth method. This can be improved by adding "ssh -o
  PasswordAuthentication=no" when connecting to avoid password prompt
  and get an easy to script error message.


  I have verified that this behaviour is present after starting with
  original source and only applying CVE-2018-15473.patch from the
  openssh_7.6p1-4ubuntu0.3.debian.tar.xz archive. Without this patch
  this behaviour is not present.

  $ md5sum openssh-7.6p1.tar.gz debian/patches/CVE-2018-15473.patch 
  06a88699018e5fef13d4655abfed1f63  openssh-7.6p1.tar.gz
  6101d47f542690b0c5e354ec8b8a70a1  debian/patches/CVE-2018-15473.patch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1934501/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1946878] Re: Merge net-tools from Debian unstable for 22.04

[Utkarsh Gupta]

** Changed in: net-tools (Ubuntu)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to net-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1946878

Title:
  Merge net-tools from Debian unstable for 22.04

Status in net-tools package in Ubuntu:
  New

Bug description:
  Scheduled-For: 22.11
  Upstream: tbd
  Debian:   1.60+git20181103.0eebece-1
  Ubuntu:   1.60+git20181103.0eebece-1ubuntu2


  
  ### New Debian Changes ###

  net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium

* New upstream version 1.60+git20181103.0eebece
  - Fix nstrcmp() to prevent ifconfig from showing
duplicate interfaces. (Closes: #812886)
* Fix d/watch to point to upstream git repository
* Add patch to fix decoding of MII vendor ids. (Closes: #549397)
  - Thanks, Ben Hutchings, for the patch.
* Add patch to fix Japanese translation which uses a wrong
  Kanji character. (Closes: #621752)
  - Thanks, Takeshi Hamasaki, for the patch.
* Add patch to fix wrong indentation of 'collisions' in  the
  Japanese translation. (Closes: #653117)
  - Thanks, NODA, Kai, for the patch.
* Fix Uploaders' field.
  - Add myself as an uploader.
  - Fix Tina's details.

   -- Utkarsh Gupta   Fri, 02 Oct 2020 15:01:04
  +0530

  net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium

* New upstream snapshot
* Refresh patches.
* Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and
  Dr. Tobias Quathamer for the patch. Closes: #900962.

   -- Martín Ferrari   Mon, 24 Sep 2018 19:08:57
  +

  net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium

* Update maintainer email address. Closes: #899617.
* Update Standards-Version with no changes.

   -- Martín Ferrari   Mon, 24 Sep 2018 17:16:31
  +

  net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium

* debian/control: Update Vcs-* and Standards-Version.
* debian/control: remove references to ancient package ja-trans.
* debian/gbp.conf: Update repo layout.

   -- Martín Ferrari   Tue, 31 Jul 2018 19:09:00
  +

  net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium

* Fix typo in French manpage. Thanks to  Michel Grigaut for the patch.
* Add manpage for iptunnel, thanks to Sergio Durigan Junior.
  Closes: #88910
* Rename patches so CME does not choke on them.
* Automated cme fixes; packaging improvements.
* Remove unused and ancient patch.

   -- Martín Ferrari   Sun, 11 Feb 2018 17:29:24
  +

  net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium

* New upstream snapshot.
* Re-synced translations.patch.
* Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the
  fixes and uploads. Closes: 846509.
* Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561.
  + Really assign CC for cross compilation.
  + Use triplet prefixed pkg-config.
* Add debian/NEWS warning about changing output in net-tools commands.
  Closing bugs that reported problems in 3rd-party scripts arising from 
these
  changes.  Closes: #845153, #843892, #820212.
* Update Standards-Version, with no changes.

   -- Martín Ferrari   Mon, 26 Dec 2016 05:58:42
  +

  net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium

* Non-maintainer upload.
* Apply an additional fix for the previous FTBFS for some architectures.

   -- Andrey Rahmatullin   Thu, 01 Dec 2016 22:49:27
  +0500

  net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium

* Non-maintainer upload.
* Fix FTBFS by applying the upstream patch (Closes: #844073).

   -- Andrey Rahmatullin   Sun, 20 Nov 2016 15:23:12
  +0500

  net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium

[ Laurent Bigonville ]
* Enable SELinux support. Closes: #666204.

[ Martín Ferrari ]
* Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière
  . Closes: #752584.
* Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com.
  Closes: #805377.

   -- Martín Ferrari   Thu, 19 Nov 2015 14:48:47
  +

  net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium


  
  ### Old Ubuntu Delta ###

  net-tools (1.60+git20181103.0eebece-1ubuntu2) hirsute; urgency=medium

* No change rebuild with fixed ownership.

   -- Dimitri John Ledkov   Tue, 16 Feb 2021 15:18:30
  +

  net-tools (1.60+git20181103.0eebece-1ubuntu1) hirsute; urgency=low

* Merge from Debian unstable.  Remaining changes:
  - Ubuntu_unit_conversion.patch:
+ Ubuntu Policy: output using standard SI unit multiples:
  KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15).
  Includes manpage update to remove comment about IEC units.

   -- Dimitri John Ledkov   Mon, 15 Feb 2021 12:36:42
  +

To man

[Touch-packages] [Bug 1945787] Re: heimdal: fails to build, symbols don't match

[Utkarsh Gupta]

Hello Heinrich, Paride,

I've sponsored your (Heinrich's) upload to Impish so it should be
available in the archive soon.

** Changed in: heimdal (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/1945787

Title:
  heimdal: fails to build, symbols don't match

Status in heimdal package in Ubuntu:
  Fix Committed

Bug description:
  heimdal 7.7.0+dfsg-2ubuntu1 fails to build with

  dpkg-gensymbols: warning: debian/libroken18-heimdal/DEBIAN/symbols doesn't 
match completely debian/libroken18-heimdal.symbols
  --- debian/libroken18-heimdal.symbols 
(libroken18-heimdal_7.7.0+dfsg-2ubuntu1_riscv64)
  +++ dpkg-gensymbolsYtlvSr   2021-10-01 12:31:59.102451503 +
  @@ -42,7 +42,7 @@
rk_cloexec_dir@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
rk_cloexec_file@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
rk_cloexec_socket@HEIMDAL_ROKEN_1.0 1.6~git20131117
  - rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
  +#MISSING: 7.7.0+dfsg-2ubuntu1# rk_closefrom@HEIMDAL_ROKEN_1.0 
1.4.0+git20110226
rk_copyhostent@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
rk_dns_free_data@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
rk_dns_lookup@HEIMDAL_ROKEN_1.0 1.4.0+git20110226
  dh_makeshlibs: error: failing due to earlier errors

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1945787/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1934501] Re: CVE-2018-15473 patch introduce user enumeration vulnerability

[Utkarsh Gupta]

Hi Kazza, Marc,

I was wondering if you can repro the same bug in Debian Stretch? Do you
have the capacity to test that as well, please? :)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1934501

Title:
  CVE-2018-15473 patch introduce user enumeration vulnerability

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  I was recently using a 18.04 machine and noticed that the result of
  connecting to ssh with an arbitrary public key varied depending if the
  user was valid.

  After some investigation, it appears to only be present when
  CVE-2018-15473.patch has been applied.

  Directly pulling a 18.04 docker image and installing openssh server
  (currently 1:7.6p1-4ubuntu0.3) results in a trivial user enumeration
  vulnerability in the default config.

  Below shows the setup of environment:

  $ docker pull ubuntu:18.04
  18.04: Pulling from library/ubuntu
  Digest: 
sha256:139b3846cee2e63de9ced83cee7023a2d95763ee2573e5b0ab6dea9dfbd4db8f
  Status: Image is up to date for ubuntu:18.04
  docker.io/library/ubuntu:18.04
  $ docker run -t -i --rm  -e TERM=${TERM}  ubuntu:18.04
  root@75569fbf0b03:/# apt update
  ...snip...
  root@75569fbf0b03:/# apt install openssh-server
  ...snip...
  root@75569fbf0b03:/# dpkg-query -l openssh\*
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name Version   
Architecture  Description
  
+++--=-=-=
  ii  openssh-client   1:7.6p1-4ubuntu0.3amd64  
   secure shell (SSH) client, for secure access to remote 
machines
  ii  openssh-server   1:7.6p1-4ubuntu0.3amd64  
   secure shell (SSH) server, for secure access from remote 
machines
  ii  openssh-sftp-server  1:7.6p1-4ubuntu0.3amd64  
   secure shell (SSH) sftp server module, for SFTP access from 
remote machines
  root@75569fbf0b03:/# mkdir /run/sshd
  root@75569fbf0b03:/# /usr/sbin/sshd -D

  Then to perform user enumeration, connecting with a public key results in 
user enumeration:
  * in the following id_rsa-dummy.pub is removed as it slightly changes message 
flow
  * I have not checked different versions of the ssh client

  $ ssh -V
  OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020

  $ ssh-keygen -t rsa -C dummy -P '' -f id_rsa-dummy
  $ rm id_rsa-dummy.pub

  $ ssh -i id_rsa-dummy invalid@172.17.0.2
  Connection closed by 172.17.0.2 port 22

  $ ssh -i id_rsa-dummy root@172.17.0.2
  root@172.17.0.2's password: 

  That is, when invalid users are provided to public key auth the
  connection is closed by the server. Otherwise, it will move onto the
  next auth method. This can be improved by adding "ssh -o
  PasswordAuthentication=no" when connecting to avoid password prompt
  and get an easy to script error message.


  I have verified that this behaviour is present after starting with
  original source and only applying CVE-2018-15473.patch from the
  openssh_7.6p1-4ubuntu0.3.debian.tar.xz archive. Without this patch
  this behaviour is not present.

  $ md5sum openssh-7.6p1.tar.gz debian/patches/CVE-2018-15473.patch 
  06a88699018e5fef13d4655abfed1f63  openssh-7.6p1.tar.gz
  6101d47f542690b0c5e354ec8b8a70a1  debian/patches/CVE-2018-15473.patch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1934501/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1375821] Re: ifupdown doesn't bring loopback to state up

[Utkarsh Gupta]

Hello, Trusty reached "End of Standard Support" a while ago and so I am
marking this as "Won't Fix". Thank you.

** Changed in: ifupdown (Ubuntu Trusty)
   Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1375821

Title:
  ifupdown doesn't bring loopback to state up

Status in ifupdown package in Ubuntu:
  Fix Released
Status in mailman package in Ubuntu:
  Invalid
Status in ifupdown source package in Trusty:
  Won't Fix
Status in mailman source package in Trusty:
  Invalid

Bug description:
  Upon booting a machine with the following setup on a relatively
  slimmed down netboot machine the loopback interface isn't brought up
  properly:

  cat /etc/network/interfaces
  auto lo
  iface lo inet loopback
  iface lo inet6 loopback

  auto eth0
  iface eth0 inet6 auto
  dhcp 1
  #iface eth0 inet ipv4ll

  auto eth1
  iface eth1 inet6 auto
  dhcp 1
  #iface eth1 inet ipv4ll

  Upon boot Loopback is unconfigured:
  root@:~# ip addr show dev lo
  1: lo:  mtu 65536 qdisc noop state DOWN group default 
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

  Try to bring the interface up:
  root@:~# ifup -v lo
  ifup: interface lo already configured

  Bring it down and up:
  root@:~# ifdown -v lo
  Configuring interface lo=lo (inet)
  run-parts --verbose /etc/network/if-down.d
  run-parts: executing /etc/network/if-down.d/avahi-autoipd
  run-parts: executing /etc/network/if-down.d/upstart
  run-parts --verbose /etc/network/if-post-down.d
  Configuring interface lo=lo (inet)
  run-parts --verbose /etc/network/if-down.d
  run-parts: executing /etc/network/if-down.d/avahi-autoipd
  run-parts: executing /etc/network/if-down.d/upstart
  run-parts --verbose /etc/network/if-post-down.d
  Configuring interface lo=lo (inet6)
  run-parts --verbose /etc/network/if-down.d
  run-parts: executing /etc/network/if-down.d/avahi-autoipd
  run-parts: executing /etc/network/if-down.d/upstart
  run-parts --verbose /etc/network/if-post-down.d

  root@:~# ifup -v lo
  Configuring interface lo=lo (inet)
  run-parts --verbose /etc/network/if-pre-up.d
  run-parts --verbose /etc/network/if-up.d
  run-parts: executing /etc/network/if-up.d/avahi-autoipd
  run-parts: executing /etc/network/if-up.d/openssh-server
  run-parts: executing /etc/network/if-up.d/upstart
  Configuring interface lo=lo (inet)
  run-parts --verbose /etc/network/if-pre-up.d
  run-parts --verbose /etc/network/if-up.d
  run-parts: executing /etc/network/if-up.d/avahi-autoipd
  run-parts: executing /etc/network/if-up.d/openssh-server
  run-parts: executing /etc/network/if-up.d/upstart
  Configuring interface lo=lo (inet6)
  run-parts --verbose /etc/network/if-pre-up.d
  run-parts --verbose /etc/network/if-up.d
  run-parts: executing /etc/network/if-up.d/avahi-autoipd
  run-parts: executing /etc/network/if-up.d/openssh-server
  run-parts: executing /etc/network/if-up.d/upstart

  no change:
  root@:~# ip addr show dev lo
  1: lo:  mtu 65536 qdisc noop state DOWN group default 
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

  bring it down again:
  root@:~# ifdown lo

  And up, but this time with --no-loopback:
  root@:~# ifup -v --no-loopback lo
  Configuring interface lo=lo (inet)
  run-parts --verbose /etc/network/if-pre-up.d
  ip link set dev lo up
  run-parts --verbose /etc/network/if-up.d
  run-parts: executing /etc/network/if-up.d/avahi-autoipd
  run-parts: executing /etc/network/if-up.d/openssh-server
  run-parts: executing /etc/network/if-up.d/upstart
  Configuring interface lo=lo (inet6)
  run-parts --verbose /etc/network/if-pre-up.d
  ip link set dev lo up 2>/dev/null
  ip addr add dev lo ::1 2>/dev/null
  run-parts --verbose /etc/network/if-up.d
  run-parts: executing /etc/network/if-up.d/avahi-autoipd
  run-parts: executing /etc/network/if-up.d/openssh-server
  run-parts: executing /etc/network/if-up.d/upstart

  now it seems like something actually happened!

  check:
  root@:~# ip addr show dev lo
  1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default 
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever

  All seems fine, everything is working from here on.

  My expectation is that ifup should configure the interface and set
  state to up, and ifdown should set state to down, even though it's a
  loopback that may or may not be magically autoconfigured somewhere
  else.

  And a question:
  If the case is that ifup shouldn't configure the loopback, what should 
configure it?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1375821/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net

[Touch-packages] [Bug 1938144] Re: monitor_read: unpermitted request 48 on server while attempting GSSAPI key exchange

[Utkarsh Gupta]

Wt, thanks for confirming Niklas. Athos, would you mind prepping
an MP for this, et al? TIA, good sir! \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1938144

Title:
  monitor_read: unpermitted request 48 on server while attempting GSSAPI
  key exchange

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Triaged
Status in openssh source package in Focal:
  Triaged
Status in openssh source package in Hirsute:
  Triaged

Bug description:
  I'm using openssh 1:8.2p1-4ubuntu0.2 on Ubuntu 20.04.2 LTS (client and
  server) with the option "GSSAPIKeyExchange=yes", and this causes the
  connection to fail. The server has GSSAPI (Kerberos authentication)
  enabled, but is is only used for non-root users (root uses SSH keys).

  Client command:

  ssh -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex
  root@server -v -p  -o GSSAPIKeyExchange=yes

  Client log:

  OpenSSH_8.2p1 Ubuntu-4ubuntu0.2, OpenSSL 1.1.1f  31 Mar 2020
  debug1: Reading configuration data /home/user/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf 
matched no files
  debug1: /etc/ssh/ssh_config line 21: Applying options for *
  debug1: Connecting to compute-test [130.75.80.46] port .
  debug1: Connection established.
  debug1: identity file /home/rother/.ssh/id_rsa type 0
  debug1: identity file /home/rother/.ssh/id_rsa-cert type -1
  debug1: identity file /home/rother/.ssh/id_dsa type -1
  debug1: identity file /home/rother/.ssh/id_dsa-cert type -1
  debug1: identity file /home/rother/.ssh/id_ecdsa type -1
  debug1: identity file /home/rother/.ssh/id_ecdsa-cert type -1
  debug1: identity file /home/rother/.ssh/id_ecdsa_sk type -1
  debug1: identity file /home/rother/.ssh/id_ecdsa_sk-cert type -1
  debug1: identity file /home/rother/.ssh/id_ed25519 type -1
  debug1: identity file /home/rother/.ssh/id_ed25519-cert type -1
  debug1: identity file /home/rother/.ssh/id_ed25519_sk type -1
  debug1: identity file /home/rother/.ssh/id_ed25519_sk-cert type -1
  debug1: identity file /home/rother/.ssh/id_xmss type -1
  debug1: identity file /home/rother/.ssh/id_xmss-cert type -1
  debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
  debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 
Ubuntu-4ubuntu0.2
  debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.2 pat OpenSSH* compat 0x0400
  debug1: Authenticating to server: as 'root'
  debug1: Offering GSSAPI proposal: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: algorithm: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
  debug1: kex: host key algorithm: ecdsa-sha2-nistp256
  debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: 
 compression: none
  debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: 
 compression: none
  debug1: Doing group exchange
  debug1: Calling gss_init_sec_context
  debug1: Delegating credentials
  debug1: Received GSSAPI_COMPLETE
  debug1: Calling gss_init_sec_context
  debug1: Delegating credentials
  debug1: Rekey has happened - updating saved versions
  debug1: rekey out after 134217728 blocks
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: rekey in after 134217728 blocks
  debug1: Will attempt key: /home/rother/.ssh/id_rsa RSA 
SHA256:n/EY/cGjgd/r+7JpuqODxIotHHLsYptGXYx9GlKCWSM agent
  debug1: Will attempt key: /home/rother/.ssh/root_id_rsa RSA 
SHA256:yCLAID9FMILharHmDpCB8wW8eiA+iHa4oQKLODbbzKw agent
  debug1: Will attempt key: /home/user/.ssh/id_dsa 
  debug1: Will attempt key: /home/user/.ssh/id_ecdsa 
  debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk 
  debug1: Will attempt key: /home/user/.ssh/id_ed25519 
  debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk 
  debug1: Will attempt key: /home/user/.ssh/id_xmss 
  debug1: SSH2_MSG_EXT_INFO received
  debug1: kex_input_ext_info: 
server-sig-algs=
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
  debug1: Next authentication method: gssapi-with-mic
  debug1: Delegating credentials
  debug1: Delegating credentials
  debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
  debug1: Authentications that can continue: 
publickey,gssapi-keyex,gssapi-with-mic,password
  debug1: Next authentication method: gssapi-keyex
  Connection closed by 1.2.3.4 port 

  Server log:

  debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1f  31 Mar 2020
  debug1: private host key #0: ssh-rsa SHA256:REDACTED
  debug1: 

[Touch-packages] [Bug 1785383] Re: missing EDNS0 record confuses systemd-resolved

[Utkarsh Gupta]

[commenting so the bug doesn't get expired as we still need to look at
the Bionic fix for dnsmasq]

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1785383

Title:
  missing EDNS0 record confuses systemd-resolved

Status in systemd:
  Fix Released
Status in dnsmasq package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Bionic:
  Triaged
Status in systemd source package in Bionic:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Released
Status in systemd source package in Focal:
  Fix Released
Status in dnsmasq source package in Groovy:
  Fix Released
Status in systemd source package in Groovy:
  Fix Released
Status in dnsmasq source package in Hirsute:
  Fix Released
Status in systemd source package in Hirsute:
  Fix Released
Status in dnsmasq source package in Impish:
  Fix Released
Status in systemd source package in Impish:
  Fix Released

Bug description:
  [Impact]
  dnsmasq 2.79 and below omits EDNS0 OPT records when returning an empty answer 
for a domain it is authoritative for. systemd-resolved seems to get confused by 
this in certain circumstances; when using the stub resolver and requesting an 
address for which there are no  records, there can sometimes be a five 
second hang in resolution.

  [Fix]
  This is fixed by upstream commit 
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1682d15a744880b0398af75eadf68fe66128af78

  Not sure if it is worth cherry picking? I imagine the most likely
  trigger will be dnsmasq on routers which are not likely to be running
  Ubuntu, but maybe just in case.

  I also think there are some logic issues in systemd-resolved, upstream
  bug filed:

  https://github.com/systemd/systemd/issues/9785

  [Test Case]
  Simple-ish test case for bionic:

  ---
  IFACE=dummy0
  SUBNET=10.0.0

  ip link add $IFACE type dummy
  ifconfig $IFACE ${SUBNET}.1/24
  dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo 
--host-record=test.test,${SUBNET}.1 --server=/test/ &

  dig -t a test.test @10.0.0.1 | grep EDNS
  # should return "; EDNS ..."
  dig -t  test.test @10.0.0.1 | grep EDNS
  # again, should return "; EDNS ..." but doesn't
  ---

  To reproduce the systemd-resolved side of the problem

  ---
  # as above, but
  # now configure systemd-resolved to look at only 10.0.0.1, then

  systemd-resolve --reset-server-features
  # should exhibit five second delay then connect, assuming sshd is running :)
  ssh test.test
  ---

  
  More detailed test case for focal and later:

  install dnsmasq on a bionic system and start it, listening to an
  interface that is externally reachable, e.g. for a normal libvirt vm
  with interface name 'ens3':

  IFACE=ens3
  dnsmasq -h -R -d -C /dev/null -2 $IFACE -z -i $IFACE -I lo 
--host-record=test.test,1.2.3.4 --server=/test/

  note that the '1.2.3.4' address doesn't matter, any addr is ok.

  then setup a test system that can reach the dnsmasq system, and
  configure networkd to use the dnsmasq server, e.g. using config like:

  [Match]
  Name=ens3

  [Network]
  DHCP=yes
  DNS=DNSMASQ_IP_ADDRESS
  Domains=test

  [DHCPv4]
  UseDNS=no
  UseDomains=no

  replace 'DNSMASQ_IP_ADDRESS' with the addr of the bionic system where
  dnsmasq is running, and replace 'ens3' with whatever the test system
  interface name is. Then restart systemd-networkd, and test:

  systemd-resolve --reset-server-features
  systemd-resolve --flush-caches
  host test.test

  The lookup using 'host' should complete immediately;.

  [Discussion]
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: dnsmasq-base 2.79-1
  ProcVersionSignature: Ubuntu 4.15.0-23.25-generic 4.15.18
  Uname: Linux 4.15.0-23-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.2
  Architecture: amd64
  Date: Sat Aug  4 11:33:56 2018
  InstallationDate: Installed on 2018-05-31 (64 days ago)
  InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1785383/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1933979] Re: [MIR] busybox package

[Utkarsh Gupta]

Hello,

Thank you for the review, comments, and suggestions, Seth. We'll
investigate other options and see what can be worked out. Closing this
until then. Thanks, again.

** Changed in: busybox (Ubuntu)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1933979

Title:
   [MIR] busybox package

Status in busybox package in Ubuntu:
  Invalid

Bug description:
  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.

  [Rationale]
  ===
  This package is to be included in our partner's cloud images, going back to 
Bionic. As cloud images are to ship only packages from main this request is to 
see that happen.

  [Security]
  ==
  The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.

  [Dependencies]
  ==
  libc6, which is in main already.

  [Maintenance]
  =
  Server team.

  [Background information]
  
  Tiny utilities for small and embedded systems.

  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1933979/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1934992] Re: rsync 3.2.x in Groovy depends on broken libxxhash 0.7.x

[Utkarsh Gupta]

Hello Walter,

Thanks for filling the bug and helping in making the Ubuntu server
better.

However, if I get everything right, I think you're mistaken about how it
works and I am sorry but what you're trying to do is not correct! You
cannot just decide to take one of the package from another release and
the other from another release. That is not how it works, I am afraid :/

If you do a fresh installation of rsync on Groovy, everything works
fine! See here:

$ lxc launch images:ubuntu/groovy groovy-rsync
$ lxc shell groovy-rsync
# apt update && apt install rsync
  ### here you'll see that the right version of libxxhash gets installed.
  (cf: `Setting up libxxhash0:amd64 (0.8.0-1ubuntu1.20.10.1) ...)
# ls -lah /usr/lib/x86_64-linux-gnu/libxxhash.so.0
lrwxrwxrwx 1 root root 18 Jan 12 11:17 /usr/lib/x86_64-linux-gnu/libxxhash.so.0 
-> libxxhash.so.0.8.0

...which is linked against the right version. Further libxxhash-
dev/0.8.0-1 is not in Focal but in Groovy, so the patch will not be
right to apply in Focal. That said, I agree that it'd have been nice to
have that version constraints but I don't see this as something that'd
cause problems unless somebody tries to do some sort of manual
intervention. :)

Given this, I am inclined towards believing that this is not really a
bug in rsync but a "local" issue (that is, manually installing a version
of rsync from Groovy to Focal and expecting it to work w/ libxxhash-
dev). So I am setting this to "Incomplete" for now, leaving some space
for discussion - in case I wrongly interpreted your problem and thus
this report.

But should you feel that it's still a bug, please set the status back to
"New" along with some reasoning (and hopefully a reproducer!) as to why
you think that it's indeed a bug rather than a local issue. Thank you,
again! \o/

** Changed in: rsync (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1934992

Title:
  rsync 3.2.x in Groovy depends on broken libxxhash 0.7.x

Status in rsync package in Ubuntu:
  Incomplete

Bug description:
  **Problem**

$ rsync root@focal-system:/etc/.pwd.lock . 
ERROR: .pwd.lock failed verification -- update discarded.
rsync error: some files/attrs were not transferred (see previous errors)
  (code 23) at main.c(1816) [generator=3.2.3]

  
$ rsync root@focal-system:/etc/.pwd.lock . --debug=all
opening connection using: ssh -l root focal-system rsync --server --sender \
  -e.LsfxCIvu . /etc/.pwd.lock  (10 args)
(Client) Protocol versions: remote=31, negotiated=31
Client negotiated checksum: xxh128
...

  
  **Cause**

focal-system# dpkg -l | grep -E 'libxxhash|rsync'
ii  libxxhash0:amd64  0.7.3-1 amd64
ii  rsync 3.2.3-2ubuntu1  amd64

  
  **Why this affects only us and not more people?**

  On Ubuntu/Focal, there is no rsync 3.2.3, only 3.1.3-8. But because we
  need the lz4 compression support we've fetched a newer rsync (from
  Groovy).

  However: the rsync 3.2.3 depends on libxxhash0 0.7.1+, while in fact
  it needs 0.8+.

  
  **Details**

  On a Ubuntu/Focal system we have installed a rsync 3.2.3 package from 
Ubuntu/Groovy because we need the lz4 compression support.

  
  focal-system# apt-cache show rsync
  Package: rsync
  ...
  Version: 3.2.3-2ubuntu1
  Depends: lsb-base, libacl1 (>= 2.2.23), libc6 (>= 2.15),
liblz4-1 (>= 0.0~r130), libpopt0 (>= 1.14), libssl1.1 (>= 1.1.0),
libxxhash0 (>= 0.7.1), libzstd1 (>= 1.3.8), zlib1g (>= 1:1.1.4)
  ...

  
  Alongside this we had libxxhash0 0.7.3-1 from Focal:

  focal-system# apt-cache policy libxxhash0
  libxxhash0:
Installed: 0.7.3-1
Candidate: 0.7.3-1
Version table:
   *** 0.7.3-1 500
  500 http://ARCHIVE/ubuntu focal/universe amd64 Packages
  100 /var/lib/dpkg/status

  
  According to the dependencies, this should work. But the combination does 
not, as this quote from the rsync maintainer would tell you:
  https://github.com/WayneD/rsync/issues/122#issuecomment-737690913
  > Yeah, Cyan4973 could have told you that the 128-bit xxhash only
  > just stabilized in its 0.8.0 release, so anything older than
  > that isn't compatible.

  
  **The fix**

  As the maintainer points out, version 0.7 is not stable (= broken for
  our intents and purposes) and thus not fit for use with rsync 3.2.

  I would argue that it's a good idea to bump the dependency of rsync
  3.2.3 on Groovy to libxxhash0>=0.8

  After all, in Groovy there is a libxxhash0 0.8.0-1ubuntu1.20.10.1, so
  that would not be a problem. And it would fix issues for those mixing
  and matching packages.

  
  Thanks!

  Walter Doekes
  OSSO B.V.

  
  (*) possible patch:

  $ diff -pu debian/control{.orig,}
  --- debian/control.orig   2021-07-08 09:56:57.646861644 +0200
  +++ debian/control2021-07-08 09:57:38.499029903 +0200

[Touch-packages] [Bug 1933979] Re: [MIR] busybox package

[Utkarsh Gupta]

** Description changed:

  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.
  
  [Rationale]
  ===
- This package is to be included in IBM cloud images, going back to Bionic. As 
cloud images are to ship only packages from main this request is to see that 
happen.
+ This package is to be included in our partner's cloud images, going back to 
Bionic. As cloud images are to ship only packages from main this request is to 
see that happen.
  
  [Security]
  ==
  The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.
  
  [Dependencies]
  ==
  libc6, which is in main already.
  
  [Maintenance]
  =
  Server team.
  
  [Background information]
  
  Tiny utilities for small and embedded systems.
  
  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

** Changed in: busybox (Ubuntu)
 Assignee: MIR approval team (ubuntu-mir) => Utkarsh Gupta (utkarsh)

** Changed in: busybox (Ubuntu)
 Assignee: Utkarsh Gupta (utkarsh) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1933979

Title:
   [MIR] busybox package

Status in busybox package in Ubuntu:
  New

Bug description:
  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.

  [Rationale]
  ===
  This package is to be included in our partner's cloud images, going back to 
Bionic. As cloud images are to ship only packages from main this request is to 
see that happen.

  [Security]
  ==
  The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.

  [Dependencies]
  ==
  libc6, which is in main already.

  [Maintenance]
  =
  Server team.

  [Background information]
  
  Tiny utilities for small and embedded systems.

  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1933979/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1933979] Re: [MIR] busybox package

[Utkarsh Gupta]

** Description changed:

  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.
  
  [Rationale]
  ===
  This package is to be included in IBM cloud images, going back to Bionic. As 
cloud images are to ship only packages from main this request is to see that 
happen.
+ 
+ [Security]
+ ==
+ The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.
  
  [Dependencies]
  ==
  libc6, which is in main already.
  
  [Maintenance]
  =
  Server team.
  
  [Background information]
  
  Tiny utilities for small and embedded systems.
  
  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1933979

Title:
   [MIR] busybox package

Status in busybox package in Ubuntu:
  New

Bug description:
  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.

  [Rationale]
  ===
  This package is to be included in our partner's cloud images, going back to 
Bionic. As cloud images are to ship only packages from main this request is to 
see that happen.

  [Security]
  ==
  The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.

  [Dependencies]
  ==
  libc6, which is in main already.

  [Maintenance]
  =
  Server team.

  [Background information]
  
  Tiny utilities for small and embedded systems.

  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1933979/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1933979] Re: [MIR] busybox package

[Utkarsh Gupta]

Commenting here to be explicit:
We want to promote bin:busybox until Bionic. So I/H/G/F/B seed changes are 
expected.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1933979

Title:
   [MIR] busybox package

Status in busybox package in Ubuntu:
  New

Bug description:
  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.

  [Rationale]
  ===
  This package is to be included in IBM cloud images, going back to Bionic. As 
cloud images are to ship only packages from main this request is to see that 
happen.

  [Security]
  ==
  The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.

  [Dependencies]
  ==
  libc6, which is in main already.

  [Maintenance]
  =
  Server team.

  [Background information]
  
  Tiny utilities for small and embedded systems.

  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1933979/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1933979] [NEW] [MIR] busybox package

[Utkarsh Gupta]

Public bug reported:

[Availability]
==
src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.

[Rationale]
===
This package is to be included in IBM cloud images, going back to Bionic. As 
cloud images are to ship only packages from main this request is to see that 
happen.

[Security]
==
The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.

[Dependencies]
==
libc6, which is in main already.

[Maintenance]
=
Server team.

[Background information]

Tiny utilities for small and embedded systems.

---
Upstream: https://git.busybox.net/busybox/
Launchpad page: https://launchpad.net/ubuntu/+source/busybox
Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
Debian Package Tracker: https://tracker.debian.org/pkg/busybox
Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

** Affects: busybox (Ubuntu)
 Importance: Undecided
 Assignee: MIR approval team (ubuntu-mir)
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1933979

Title:
   [MIR] busybox package

Status in busybox package in Ubuntu:
  New

Bug description:
  [Availability]
  ==
  src:busybox was introduced in Dapper (2006) and has been in main since then. 
src:busybox & bin:busybox-static are in main, to be more precise. And this 
request is to promote bin:busybox from src:busybox in main, too. It only 
depends on the libc6 package, which is in main already. The package builds on 
all the architectures; is Arch:any.

  [Rationale]
  ===
  This package is to be included in IBM cloud images, going back to Bionic. As 
cloud images are to ship only packages from main this request is to see that 
happen.

  [Security]
  ==
  The binary doesn't install services / daemons (/etc/init.d/*, /etc/init/*, 
/lib/systemd/system/*). Just ships the "busybox" binary, its docs, and a man 
page.

  [Dependencies]
  ==
  libc6, which is in main already.

  [Maintenance]
  =
  Server team.

  [Background information]
  
  Tiny utilities for small and embedded systems.

  ---
  Upstream: https://git.busybox.net/busybox/
  Launchpad page: https://launchpad.net/ubuntu/+source/busybox
  Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/busybox
  Debian Package Tracker: https://tracker.debian.org/pkg/busybox
  Debian bugs: 
https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=busybox

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1933979/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1152187] Re: [MIR] systemd

[Utkarsh Gupta]

** Changed in: systemd (Ubuntu Bionic)
   Status: Incomplete => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1152187

Title:
  [MIR] systemd

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Bionic:
  Fix Committed

Bug description:
  * The package is in universe and built on all archs:
  https://launchpad.net/ubuntu/+source/systemd/44-10ubuntu1

  * Rationale:

  - in a first step we want systemd-services promoted to replace ubuntu-
  system-services

  -  We will also want to move from consolekit to logind soon
  (https://blueprints.launchpad.net/ubuntu/+spec/foundations-1303
  -consolekit-logind-migration)

  - udev has been merged in the systemd source upstream so we will want
  to build it from there at some point as well

  we don't plan to use the systemd init system at this point

  * Security:

  there has been some security issues in the past
  http://secunia.com/advisories/search/?search=systemd
  http://secunia.com/advisories/48220/
  http://secunia.com/advisories/48208/
  http://secunia.com/advisories/48331/

  Those are mostly logind issue and have been fixed upstream.

  Our current package is outdated but we do plan to update it before
  starting using logind. There should be no issue with the services

  * Quality:
  - there is no RC bug in debian: 
http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=systemd
  - there is no bug open in launchpad: 
https://launchpad.net/ubuntu/+source/systemd/+bugs
  - upstream is active and responsive to issues

  The desktop bugs team is subscribed to the package in launchpad,
  foundations/desktop will maintain the package and look to the bug
  reports regularly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1900008] Re: Sessions of screen does not keep running in background

[Utkarsh Gupta]

Hi Gustavo,

Thanks. Let us know when you've found sometime to do that. No rush,
absolutely. Meanwhile I am working this bug as "Incomplete". Please set
it back to "New" once you've reported your findings. Thanks!

** Changed in: screen (Ubuntu)
   Status: New => Incomplete

** Changed in: systemd (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/198

Title:
  Sessions of screen does not keep running in background

Status in screen package in Ubuntu:
  Incomplete
Status in systemd package in Ubuntu:
  Incomplete

Bug description:
  In a new fresh installed 20.04, when I use screen command and close
  the terminal (not closing screen sesion), then I can't recover it with
  screen -x, since does not exist. I can only recover screen sesion if
  the original terminal running screen is not being closed.

  For some reason, this is closing screen session of that user:

  Oct 15 13:32:45 pc-caja2 systemd[1]: session-66.scope: Succeeded.
  Oct 15 13:32:45 pc-caja2 systemd[1]: Stopped Session 66 of user usuario.

  This does not happen in an upgraded system from 18.04 to 20.04.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/screen/+bug/198/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1152187] Re: [MIR] systemd

[Utkarsh Gupta]

Hello,

> For the record, ack from the Ubuntu Security Team on promoting the
> systemd-container binary from universe to main in bionic.

Thank you, Steve! I'll work on doing the next steps.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1152187

Title:
  [MIR] systemd

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Bionic:
  Incomplete

Bug description:
  * The package is in universe and built on all archs:
  https://launchpad.net/ubuntu/+source/systemd/44-10ubuntu1

  * Rationale:

  - in a first step we want systemd-services promoted to replace ubuntu-
  system-services

  -  We will also want to move from consolekit to logind soon
  (https://blueprints.launchpad.net/ubuntu/+spec/foundations-1303
  -consolekit-logind-migration)

  - udev has been merged in the systemd source upstream so we will want
  to build it from there at some point as well

  we don't plan to use the systemd init system at this point

  * Security:

  there has been some security issues in the past
  http://secunia.com/advisories/search/?search=systemd
  http://secunia.com/advisories/48220/
  http://secunia.com/advisories/48208/
  http://secunia.com/advisories/48331/

  Those are mostly logind issue and have been fixed upstream.

  Our current package is outdated but we do plan to update it before
  starting using logind. There should be no issue with the services

  * Quality:
  - there is no RC bug in debian: 
http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=systemd
  - there is no bug open in launchpad: 
https://launchpad.net/ubuntu/+source/systemd/+bugs
  - upstream is active and responsive to issues

  The desktop bugs team is subscribed to the package in launchpad,
  foundations/desktop will maintain the package and look to the bug
  reports regularly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1778073] Re: dnsmasq and resolvconf hangs on start

[Utkarsh Gupta]

Hello Ciaby,

Thanks for your debugging, I am sure that'd be helpful!
I've forwarded this to the Debian bug: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871958.

Simon should hopefully have some time to take a look at this. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1778073

Title:
  dnsmasq and resolvconf hangs on start

Status in dnsmasq package in Ubuntu:
  Incomplete
Status in dnsmasq package in Debian:
  New

Bug description:
  I installed today dnsmasq and I use resolvconf in background.

  Problem is, that systemd takes 1 minute or so after service start and
  than reports:

  root@proxy:~# service dnsmasq status

   dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor 
preset: enabled)
    Drop-In: /run/systemd/generator/dnsmasq.service.d
     50-dnsmasq-$named.conf, 50-insserv.conf-$named.conf
     Active: failed (Result: timeout) since Do 2018-06-21 15:58:13 CEST; 2min 
10s ago
    Process: 3295 ExecStop=/etc/init.d/dnsmasq systemd-stop-resolvconf 
(code=killed, signal=TERM)
    Process: 3865 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf 
(code=killed, signal=TERM)
    Process: 3837 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, 
status=0/SUCCESS)
    Process: 3825 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, 
status=0/SUCCESS)
   Main PID: 3862 (code=exited, status=0/SUCCESS)

  Jun 21 15:56:43 proxy dnsmasq[3862]: Benutze Namensserver 192.168.23.1#53
  Jun 21 15:56:43 proxy dnsmasq[3865]:  * Awakening mail retriever agent:
  Jun 21 15:56:43 proxy dnsmasq[3865]:...done.
  Jun 21 15:56:43 proxy postfix[3951]: Postfix is running with 
backwards-compatible default settings
  Jun 21 15:56:43 proxy postfix[3951]: See 
http://www.postfix.org/COMPATIBILITY_README.html for details
  Jun 21 15:56:43 proxy postfix[3951]: To disable backwards compatibility use 
"postconf compatibility_level=2" and "postfix reload"
  Jun 21 15:58:13 proxy systemd[1]: dnsmasq.service: Start-post operation timed 
out. Stopping.
  Jun 21 15:58:13 proxy systemd[1]: Failed to start dnsmasq - A lightweight 
DHCP and caching DNS server.
  Jun 21 15:58:13 proxy systemd[1]: dnsmasq.service: Unit entered failed state.
  Jun 21 15:58:13 proxy systemd[1]: dnsmasq.service: Failed with result 
'timeout'.

  when I look into the start script /etc/init.d/dnsmasq there is a func
  systemd-start-resolvconf which points to start-resolvconf.

  There is this part:

  for interface in $DNSMASQ_EXCEPT
  do
  [ $interface = lo ] && return
  done

  Before I had not defined DNSMASQ_EXCEPT in /etc/defaults/dnsmasq.
  Problem is, that this part MUST be faulty! When I commend it out, I
  can start dnsmasq! It looks like it loops forever there?!

  Also if I define DNSMASQ_EXCEPT to my listen interface, it works - but
  is is really needed?

  I found a other user which had the same problem:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871958

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: dnsmasq 2.75-1ubuntu0.16.04.4 [modified: etc/default/dnsmasq]
  ProcVersionSignature: Ubuntu 4.15.0-23.25~16.04.1-generic 4.15.18
  Uname: Linux 4.15.0-23-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  Date: Thu Jun 21 16:12:14 2018
  InstallationDate: Installed on 2017-02-27 (479 days ago)
  InstallationMedia: Ubuntu-Server 16.04.2 LTS "Xenial Xerus" - Release amd64 
(20170215.8)
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=de_DE.UTF-8
  SourcePackage: dnsmasq
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.dnsmasq: 2018-06-21T16:07:24.818774

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1778073/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1898593] Re: Fix sphinx doc building

[Utkarsh Gupta]

Hello,

Thanks, Athos. I've removed G/H tasks atm and Impish is marked as "Fix
Released", which appropriately represents the current situation.

Yeah, I agree that it might not be worth SRU'ing and at least, adding to
the already-long team backlog. As for lintian errors, I think it's worth
forwarding the bug to Debian instead since this is a sync now.

In case you feel differently, please let me know. Thanks.

** No longer affects: cyrus-sasl2 (Ubuntu Groovy)

** No longer affects: cyrus-sasl2 (Ubuntu Hirsute)

** No longer affects: cyrus-sasl2 (Ubuntu Impish)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1898593

Title:
  Fix sphinx doc building

Status in cyrus-sasl2 package in Ubuntu:
  Fix Released

Bug description:
  This basically the same bug as #1894907, but there I decided to
  disable docs rebuilding, after checking that none of the patches were
  against the docs source.

  Furthermore, we should probably fix these lintian issues:

  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/developer.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/download.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/genindex.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/getsasl.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/index.html You may use the libjs-mathjax package. 
(https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/operations.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/packager.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/search.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/setup.html You may use the libjs-mathjax package. 
(https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/support.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2 source: source-is-missing doc/html/_static/jquery.js line 
length is 32014 characters (>512)
  E: cyrus-sasl2 source: source-is-missing doc/html/_static/js/modernizr.min.js 
  
  E: cyrus-sasl2 source: source-is-missing doc/html/_static/underscore.js line 
length is 519 characters (>512)
  E: cyrus-sasl2 source: source-is-missing 
docsrc/exts/themes/cyrus/static/js/modernizr.min.js
  E: cyrus-sasl2 source: source-is-missing 
docsrc/exts/themes/sphinx_rtd_theme/static/js/modernizr.min.js

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1898593/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1898593] Re: Fix sphinx doc building

[Utkarsh Gupta]

Hi Athos,

Do you happen to know fix and is it worth backporting? Also, are those
lintian errors fixed, too? Given you recently worked on this, so
probably you'd know. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1898593

Title:
  Fix sphinx doc building

Status in cyrus-sasl2 package in Ubuntu:
  Fix Released
Status in cyrus-sasl2 source package in Groovy:
  New
Status in cyrus-sasl2 source package in Hirsute:
  New
Status in cyrus-sasl2 source package in Impish:
  Fix Released

Bug description:
  This basically the same bug as #1894907, but there I decided to
  disable docs rebuilding, after checking that none of the patches were
  against the docs source.

  Furthermore, we should probably fix these lintian issues:

  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/developer.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/download.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/genindex.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/getsasl.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/index.html You may use the libjs-mathjax package. 
(https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/operations.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/packager.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/search.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/setup.html You may use the libjs-mathjax package. 
(https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2-doc: privacy-breach-uses-embedded-file 
usr/share/doc/cyrus-sasl2-doc/support.html You may use the libjs-mathjax 
package. (https://cdn.mathjax.org/mathjax/latest/mathjax.js)
  E: cyrus-sasl2 source: source-is-missing doc/html/_static/jquery.js line 
length is 32014 characters (>512)
  E: cyrus-sasl2 source: source-is-missing doc/html/_static/js/modernizr.min.js 
  
  E: cyrus-sasl2 source: source-is-missing doc/html/_static/underscore.js line 
length is 519 characters (>512)
  E: cyrus-sasl2 source: source-is-missing 
docsrc/exts/themes/cyrus/static/js/modernizr.min.js
  E: cyrus-sasl2 source: source-is-missing 
docsrc/exts/themes/sphinx_rtd_theme/static/js/modernizr.min.js

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1898593/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1152187] Re: [MIR] systemd

[Utkarsh Gupta]

Hello,

Revisiting this MIR since we (now) want to have systemd-container (from
src:systemd) from Bionic/universe in Bionic/main.

This package is to be included in the Google cloud images the public
cloud team builds, going back to Bionic. As cloud images are to ship
only packages from main, this request is to see that happen.

src:systemd is in main in Bionic but bin:systemd-container isn't. Adding
a task for Bionic for the same. Please let me know if there's anything
else needed? TIA!

** Also affects: systemd (Ubuntu Bionic)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1152187

Title:
  [MIR] systemd

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Bionic:
  New

Bug description:
  * The package is in universe and built on all archs:
  https://launchpad.net/ubuntu/+source/systemd/44-10ubuntu1

  * Rationale:

  - in a first step we want systemd-services promoted to replace ubuntu-
  system-services

  -  We will also want to move from consolekit to logind soon
  (https://blueprints.launchpad.net/ubuntu/+spec/foundations-1303
  -consolekit-logind-migration)

  - udev has been merged in the systemd source upstream so we will want
  to build it from there at some point as well

  we don't plan to use the systemd init system at this point

  * Security:

  there has been some security issues in the past
  http://secunia.com/advisories/search/?search=systemd
  http://secunia.com/advisories/48220/
  http://secunia.com/advisories/48208/
  http://secunia.com/advisories/48331/

  Those are mostly logind issue and have been fixed upstream.

  Our current package is outdated but we do plan to update it before
  starting using logind. There should be no issue with the services

  * Quality:
  - there is no RC bug in debian: 
http://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no=systemd
  - there is no bug open in launchpad: 
https://launchpad.net/ubuntu/+source/systemd/+bugs
  - upstream is active and responsive to issues

  The desktop bugs team is subscribed to the package in launchpad,
  foundations/desktop will maintain the package and look to the bug
  reports regularly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1928338] Re: package openssh-client 1:8.4p1-5ubuntu1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configurat

[Utkarsh Gupta]

Hi jitmanyu,

Thanks for taking the time to report the bug. However, I can't seem to
reproduce this in a Focal container. I tried to install openssh-client
(and openssh-server) as well, tried to play with it for a while, removed
it, re-installed; then purged it, re-installed again, but can't seem to
reproduce the issue that you're quite facing?

I wonder if this is an issue because of some local config issue or
something? If so, you can find assistance here:
http://www.ubuntu.com/support/community.

And I also wonder if simply reinstalling the openssh-client will fix the
problem you're facing? cf: apt reinstall openssh-client or equivalent?

However, if you believe that this is really a bug in Ubuntu, then we
would be grateful if you would provide a more complete description of
the problem with steps to reproduce, explain why you believe this is a
bug in Ubuntu rather than a problem specific to your system, and then
change the bug status back to "New" again.

Thanks, again!

** Changed in: openssh (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1928338

Title:
  package openssh-client 1:8.4p1-5ubuntu1 failed to install/upgrade:
  package is in a very bad inconsistent state; you should  reinstall it
  before attempting configuration

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  ef

  ProblemType: Package
  DistroRelease: Ubuntu 21.04
  Package: openssh-client 1:8.4p1-5ubuntu1
  ProcVersionSignature: Ubuntu 5.8.0-53.60-generic 5.8.18
  Uname: Linux 5.8.0-53-generic x86_64
  ApportVersion: 2.20.11-0ubuntu65
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Thu May 13 18:03:15 2021
  DuplicateSignature:
   package:openssh-client:1:8.4p1-5ubuntu1
   Setting up gnome-shell-extension-desktop-icons (20.04.0+git20200908-5build1) 
...
   dpkg: error processing package openssh-client (--configure):
package is in a very bad inconsistent state; you should
  ErrorMessage: package is in a very bad inconsistent state; you should  
reinstall it before attempting configuration
  InstallationDate: Installed on 2020-12-30 (134 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  Python3Details: /usr/bin/python3.9, Python 3.9.4, python3-minimal, 3.9.4-1
  PythonDetails: N/A
  RelatedPackageVersions:
   ssh-askpass   N/A
   libpam-sshN/A
   keychain  N/A
   ssh-askpass-gnome N/A
  SSHClientVersion: OpenSSH_8.4p1 Ubuntu-5ubuntu1, OpenSSL 1.1.1j  16 Feb 2021
  SourcePackage: openssh
  Title: package openssh-client 1:8.4p1-5ubuntu1 failed to install/upgrade: 
package is in a very bad inconsistent state; you should  reinstall it before 
attempting configuration
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1928338/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled

[Utkarsh Gupta]

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Focal:
  Fix Committed
Status in openldap source package in Groovy:
  Fix Released

Bug description:
  [Impact]
  

  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit.

  
  [Test Plan]
  ===

  When using openldap on 20.04, this bug causes failures in the SSSD
  LDAP backend, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  With the patched version, this should no longer be a problem.

  
  [Where Problems Could Occur]
  

  With this patch applied, there may be few edge cases in (and varying
  b/w) different versions of GnuTLS. And also some bits that are
  discussed in https://bugs.openldap.org/show_bug.cgi?id=8650.

  But that said, the patched version is already being run in production
  for over two weeks time (at the time of writing - 07/04/21). So I
  believe the SRU will clearly benefit from this and has lower risk of
  regression.

  
  [More Info]
  ===

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1925381] Re: rsync conceals file deletions from reporting when --dry-run --remove-source-files are used together

[Utkarsh Gupta]

s/Invalid/Won't Fix/g.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1925381

Title:
  rsync conceals file deletions from reporting when --dry-run --remove-
  source-files are used together

Status in rsync package in Ubuntu:
  Won't Fix

Bug description:
  Rsync has an astonishing and dangerous bug:

  The dry run feature (-n / --dry-run) inhibits reporting of file
  deletions when --remove-source-files is used. This is quite serious.
  People use --dry-run to see if an outcome will work as expected before
  a live run. When the simulated run shows *less* destruction than the
  live run, the consequences can be serious because rsync may
  unexpectedly destroy the only copy(*) of a file.

  Users rely on --dry-run. Although users probably expect --dry-run to
  have limitations, we don't expect destructive operations to be under
  reported. If it were reversed, such that the live run were less
  destructive than the dry run, this wouldn't be as serious.

  Reproducer:

  $ mkdir -p /tmp/src /tmp/dest
  $ printf '%s\n' 'yada yada' > /tmp/src/foo.txt
  $ printf '%s\n' 'yada yada' > /tmp/src/bar.txt
  $ cp /tmp/src/foo.txt /tmp/dest
  $ ls /tmp/src/ /tmp/dest/
  /tmp/dest/:
  foo.txt

  /tmp/src/:
  bar.txt  foo.txt

  $ rsync -na --info=remove1 --remove-source-files --existing src/* dest/
  (no output)

  $ rsync -a --info=remove1 --remove-source-files --existing src/* dest/
  sender removed foo.txt

  $ ls /tmp/src/ /tmp/dest/
  /tmp/dest/:
  foo.txt

  /tmp/src/:
  bar.txt

  (*) note when I say it can destroy the only copy of a file, another
  circumstance is needed: that is, rsync does not do a checksum by
  default.  It checks for identical files based on superficial
  parameters like name and date.  So it's possible that two files match
  in the default superficial comparison but differ in the actual
  content.  Losing a unique file in this scenario is perhaps a rare
  corner case, but this bug should be fixed nonetheless.  In the typical
  case of losing files at the source, there is still a significant
  inconvenience of trying to identify what files to copy back.

  Note this bug is similar but differs in a few ways:
  https://bugzilla.samba.org/show_bug.cgi?id=3844

  I've marked this as a security vulnerability because it causes
  unexpected data loss due to --dry-run creating a false expectation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1925381/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1925381] Re: rsync conceals file deletions from reporting when --dry-run --remove-source-files are used together

[Utkarsh Gupta]

Hi Bill,

Such bugs are worth reporting upstream and once they're fixed there, we
can pick it from there and provide it via the packages we ship, as
exactly what Paride mentioned.

Since you don't want to open an issue upstream, maybe you'd like to use their 
mailing lists?
cf: https://rsync.samba.org/lists.html

That said, I am marking this as "Invalid" here because of the above
reasons. Thanks!

** Changed in: rsync (Ubuntu)
   Status: Triaged => Invalid

** Changed in: rsync (Ubuntu)
   Status: Invalid => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1925381

Title:
  rsync conceals file deletions from reporting when --dry-run --remove-
  source-files are used together

Status in rsync package in Ubuntu:
  Won't Fix

Bug description:
  Rsync has an astonishing and dangerous bug:

  The dry run feature (-n / --dry-run) inhibits reporting of file
  deletions when --remove-source-files is used. This is quite serious.
  People use --dry-run to see if an outcome will work as expected before
  a live run. When the simulated run shows *less* destruction than the
  live run, the consequences can be serious because rsync may
  unexpectedly destroy the only copy(*) of a file.

  Users rely on --dry-run. Although users probably expect --dry-run to
  have limitations, we don't expect destructive operations to be under
  reported. If it were reversed, such that the live run were less
  destructive than the dry run, this wouldn't be as serious.

  Reproducer:

  $ mkdir -p /tmp/src /tmp/dest
  $ printf '%s\n' 'yada yada' > /tmp/src/foo.txt
  $ printf '%s\n' 'yada yada' > /tmp/src/bar.txt
  $ cp /tmp/src/foo.txt /tmp/dest
  $ ls /tmp/src/ /tmp/dest/
  /tmp/dest/:
  foo.txt

  /tmp/src/:
  bar.txt  foo.txt

  $ rsync -na --info=remove1 --remove-source-files --existing src/* dest/
  (no output)

  $ rsync -a --info=remove1 --remove-source-files --existing src/* dest/
  sender removed foo.txt

  $ ls /tmp/src/ /tmp/dest/
  /tmp/dest/:
  foo.txt

  /tmp/src/:
  bar.txt

  (*) note when I say it can destroy the only copy of a file, another
  circumstance is needed: that is, rsync does not do a checksum by
  default.  It checks for identical files based on superficial
  parameters like name and date.  So it's possible that two files match
  in the default superficial comparison but differ in the actual
  content.  Losing a unique file in this scenario is perhaps a rare
  corner case, but this bug should be fixed nonetheless.  In the typical
  case of losing files at the source, there is still a significant
  inconvenience of trying to identify what files to copy back.

  Note this bug is similar but differs in a few ways:
  https://bugzilla.samba.org/show_bug.cgi?id=3844

  I've marked this as a security vulnerability because it causes
  unexpected data loss due to --dry-run creating a false expectation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1925381/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1522675] Re: Warning messages about unsandboxed downloads

[Utkarsh Gupta]

Hey, still hitting this in a Hirsute VM :/

** Also affects: apt (Ubuntu Hirsute)
   Importance: Low
   Status: Fix Released

** Also affects: aptitude (Ubuntu Hirsute)
   Importance: Low
   Status: Fix Released

** Also affects: synaptic (Ubuntu Hirsute)
   Importance: Low
   Status: Triaged

** Also affects: update-notifier (Ubuntu Hirsute)
   Importance: Medium
 Assignee: Julian Andres Klode (juliank)
   Status: Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1522675

Title:
  Warning messages about unsandboxed downloads

Status in apt package in Ubuntu:
  Fix Released
Status in aptitude package in Ubuntu:
  Fix Released
Status in synaptic package in Ubuntu:
  Triaged
Status in update-notifier package in Ubuntu:
  Fix Released
Status in aptitude source package in Xenial:
  Confirmed
Status in synaptic source package in Xenial:
  Confirmed
Status in update-notifier source package in Xenial:
  Fix Released
Status in apt source package in Hirsute:
  Fix Released
Status in aptitude source package in Hirsute:
  Fix Released
Status in synaptic source package in Hirsute:
  Triaged
Status in update-notifier source package in Hirsute:
  Fix Released
Status in apt package in Debian:
  Fix Released
Status in aptitude package in Debian:
  Fix Released
Status in synaptic package in Debian:
  New

Bug description:
  READ ME FIRST
  =
  This is only a regression on a cosmetic level. Previous versions of apt did 
not have any sandboxing whatsoever, so this means apt reverted back to that old 
behavior.

  update-notifier SRU
  ---
  [Impact]
  Cosmetic. Warnings when installing packages using update-notifier downloading 
stuff

  [Test case]

  Install flashplugin-installer with apt and check that the output does
  not contain a message like this:

  W: Can't drop privileges for downloading as file '...' couldn't be
  accessed by user '_apt'

  [Regression Potential]

  It just chowns /var/lib/update-notifier/package-data-
  downloads/partial/ to _apt:root, there should not be any regression.

  Original report
  ---

  Recently we got new versions for synaptic 0.82+build1 & apt 1.1.3, but
  now get that error when installing/upgrading some packages:

  Setting up libc6-dbg:amd64 (2.21-0ubuntu5) ...
  Processing triggers for libc-bin (2.21-0ubuntu5) ...
  W: Can't drop privileges for downloading as file 
'/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - 
pkgAcquire::Run (13: Permission denied)

  From nautilus, i'm seeing a /root/ folder locked (x on its icon) and
  the folder is empty (no /.synaptic/ sub-folder or file), so the above
  error.

  oem@u64:~$ ls -l .synaptic
  total 4
  -rw-rw-r-- 1 oem oem   0 Aug 25 11:19 options
  -rw-rw-r-- 1 oem oem 236 Aug 25 11:19 synaptic.conf

  oem@u64:~$ ls -l /var/lib/apt/lists/
  
  -rw-r- 1 root root0 Sep 20 06:36 lock
  drwx-- 2 _apt root16384 Sep 24 15:25 partial
  ..

  oem@u64:~$ sudo ls -l /var/lib/update-notifier/package-data-downloads/
  .
  drwxr-xr-x 2 _apt root 4096 Sep 22 23:33 partial

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: synaptic 0.82+build1
  ProcVersionSignature: Ubuntu 4.3.0-1.10-generic 4.3.0
  Uname: Linux 4.3.0-1-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.19.2-0ubuntu8
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Fri Dec  4 05:23:25 2015
  SourcePackage: synaptic
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1924597] Re: package openssh-server 1:8.3p1-1ubuntu0.1 failed to install/upgrade: podproces zainstalowany pakiet openssh-server skrypt post-installation zwrócił kod błędu 1

[Utkarsh Gupta]

Hello jerryd,

Thanks for taking the time to file the bug and making Ubuntu server
better.

Seeing from the logs that you posted, I can see:
"Not replacing deleted config file /etc/ssh/sshd_config"
...which essentially means that you might have tried to remove the 
/etc/ssh/sshd_config manually and thus it fails to re-install properly.

For this issue you can do the following to fix this back:
$ apt purge openssh-server
$ apt install openssh-server

This should fix everything and the installation should go fine.

Furthermore, I also tried to install openssh-server in a Groovy
container and the installation went fine! Since this is not really a bug
in the package and more of a local issue, I am marking this as
"Invalid", but should you feel that it's really a bug in the package,
please let us know why and provide more details and set the status to
"New" again. Once you do, we'll pick this up again and we can work out
something together.

Thanks, again!

** Changed in: openssh (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1924597

Title:
  package openssh-server 1:8.3p1-1ubuntu0.1 failed to install/upgrade:
  podproces zainstalowany pakiet openssh-server skrypt post-installation
  zwrócił kod błędu 1

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  that happen when i try to install ssh

  ProblemType: Package
  DistroRelease: Ubuntu 20.10
  Package: openssh-server 1:8.3p1-1ubuntu0.1
  ProcVersionSignature: Ubuntu 5.8.0-49.55-generic 5.8.18
  Uname: Linux 5.8.0-49-generic x86_64
  ApportVersion: 2.20.11-0ubuntu50.5
  AptOrdering:
   ncurses-term:amd64: Install
   openssh-sftp-server:amd64: Install
   openssh-server:amd64: Install
   ssh-import-id:amd64: Install
   NULL: ConfigurePending
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Thu Apr 15 19:12:21 2021
  ErrorMessage: podproces zainstalowany pakiet openssh-server skrypt 
post-installation zwrócił kod błędu 1
  InstallationDate: Installed on 2021-04-15 (0 days ago)
  InstallationMedia: Ubuntu 20.10 "Groovy Gorilla" - Release amd64 (20201022)
  Python3Details: /usr/bin/python3.8, Python 3.8.6, python3-minimal, 
3.8.6-0ubuntu1
  PythonDetails: N/A
  RebootRequiredPkgs: gnome-shell
  RelatedPackageVersions:
   dpkg 1.20.5ubuntu2
   apt  2.1.10ubuntu0.3
  SSHDConfig: Error: command ['/usr/sbin/sshd', '-T'] failed with exit code 1: 
/etc/ssh/sshd_config: No such file or directory
  SourcePackage: openssh
  Title: package openssh-server 1:8.3p1-1ubuntu0.1 failed to install/upgrade: 
podproces zainstalowany pakiet openssh-server skrypt post-installation zwrócił 
kod błędu 1
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.ssh.moduli: [deleted]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1924597/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled

[Utkarsh Gupta]

Hi Vincent,

> The bug hasn't returned since I installed the fixed package and no
> new issues have cropped up.

Awesome, thank you for your confirmation! \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Focal:
  In Progress
Status in openldap source package in Groovy:
  Fix Released

Bug description:
  [Impact]
  

  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit.

  
  [Test Plan]
  ===

  When using openldap on 20.04, this bug causes failures in the SSSD
  LDAP backend, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  With the patched version, this should no longer be a problem.

  
  [Where Problems Could Occur]
  

  With this patch applied, there may be few edge cases in (and varying
  b/w) different versions of GnuTLS. And also some bits that are
  discussed in https://bugs.openldap.org/show_bug.cgi?id=8650.

  But that said, the patched version is already being run in production
  for over two weeks time (at the time of writing - 07/04/21). So I
  believe the SRU will clearly benefit from this and has lower risk of
  regression.

  
  [More Info]
  ===

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled

[Utkarsh Gupta]

** Merge proposal linked:
   
https://code.launchpad.net/~utkarsh/ubuntu/+source/openldap/+git/openldap/+merge/400754

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Focal:
  In Progress

Bug description:
  [Impact]
  

  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit.

  
  [Test Plan]
  ===

  When using openldap on 20.04, this bug causes failures in the SSSD
  LDAP backend, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  With the patched version, this should no longer be a problem.

  
  [Where Problems Could Occur]
  

  With this patch applied, there may be few edge cases in (and varying
  b/w) different versions of GnuTLS. And also some bits that are
  discussed in https://bugs.openldap.org/show_bug.cgi?id=8650.

  But that said, the patched version is already being run in production
  for over two weeks time (at the time of writing - 07/04/21). So I
  believe the SRU will clearly benefit from this and has lower risk of
  regression.

  
  [More Info]
  ===

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled

[Utkarsh Gupta]

** Description changed:

+ [Impact]
+ 
+ 
  When connecting to an LDAP server with TLS, ldap_search_ext can hang if
  during the initial TLS handshake a signal is received by the process.
  The cause of this bug is the same as
- https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in
- https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was
- released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS
- and potentially earlier Ubuntu releases. Later Ubuntu releases use an
- openldap version that is at least 2.4.50 and are therefore not affected.
+ https://bugs.openldap.org/show_bug.cgi?id=8650.
  
  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
+ restart after a timeout has been hit.
+ 
+ 
+ [Test Plan]
+ ===
+ 
+ When using openldap on 20.04, this bug causes failures in the SSSD LDAP
+ backend, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:
  
  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up
+ 
+ With the patched version, this should no longer be a problem.
+ 
+ 
+ [Where Problems Could Occur]
+ 
+ 
+ With this patch applied, there may be few edge cases in (and varying
+ b/w) different versions of GnuTLS. And also some bits that are discussed
+ in https://bugs.openldap.org/show_bug.cgi?id=8650.
+ 
+ But that said, the patched version is already being run in production
+ for over two weeks time (at the time of writing - 07/04/21). So I
+ believe the SRU will clearly benefit from this and has lower risk of
+ regression.
+ 
+ 
+ [More Info]
+ ===
  
  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.
- 
- As this bug affects all systems using LDAP with TLS, I suggest that the
- fix for this bug is ported to Ubuntu 20.04 LTS and potentially earlier
- versions.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Focal:
  In Progress

Bug description:
  [Impact]
  

  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit.

  
  [Test Plan]
  ===

  When using openldap on 20.04, this bug causes failures in the SSSD
  LDAP backend, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  With the patched version, this should no longer be a problem.

  
  [Where Problems Could Occur]
  

  With this patch applied, there may be few edge cases in (and varying
  b/w) different versions of GnuTLS. And also some bits that are
  discussed in https://bugs.openldap.org/show_bug.cgi?id=8650.

  But that said, the patched version is already being run in production
  for over two weeks time (at the time of writing - 07/04/21). So I
  believe the SRU will clearly benefit from this and has lower risk of
  regression.

  
  [More Info]
  ===

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled

[Utkarsh Gupta]

Hello Vincent,

I've uploaded a fixed package in my PPA:
https://launchpad.net/~utkarsh/+archive/ubuntu/experimental-dump. Could
you please test this if it work alright for you before I push this to
the official archive?

Thanks!

** Changed in: openldap (Ubuntu Focal)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

** Changed in: openldap (Ubuntu Focal)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Focal:
  In Progress

Bug description:
  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in
  https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was
  released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS
  and potentially earlier Ubuntu releases. Later Ubuntu releases use an
  openldap version that is at least 2.4.50 and are therefore not
  affected.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

  As this bug affects all systems using LDAP with TLS, I suggest that
  the fix for this bug is ported to Ubuntu 20.04 LTS and potentially
  earlier versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled

[Utkarsh Gupta]

Hello Vincent,

Since the Debian version has these fixes incorporated, this would be
fixed in Hirsute already (as it's in sync (with a minor delta)). For
Focal, it will need somebody affected to commit to doing the necessary
QA after the update is prepared (without that QA, we won't be able to
land the update).

The process is documented at
https://wiki.ubuntu.com/StableReleaseUpdates#Procedure. I'll add this
task to the server team's backlog. If you'd like to do it sooner, you
are welcome to prepare the update yourself following the documented
process.

Thanks!

** Also affects: openldap (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: openldap (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: openldap (Ubuntu Focal)
   Status: New => Triaged

** Tags added: bitesize server-next

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1921562

Title:
  Intermittent hangs during ldap_search_ext when TLS enabled

Status in openldap:
  Fix Released
Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Focal:
  Triaged

Bug description:
  When connecting to an LDAP server with TLS, ldap_search_ext can hang
  if during the initial TLS handshake a signal is received by the
  process. The cause of this bug is the same as
  https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in
  https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was
  released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS
  and potentially earlier Ubuntu releases. Later Ubuntu releases use an
  openldap version that is at least 2.4.50 and are therefore not
  affected.

  In our case this bug cause failures in the SSSD LDAP backend at least
  once per day, resulting in authentication errors followed by a sssd_be
  restart after a timeout has been hit:

  Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user 
redacted: 4 (System error)
  Mar 19 19:05:32 mail sssd_be[867455]: Starting up

  A reduced version of the patch linked above can be found attached to
  this bug report. This patch has been applied to version 2.4.49+dfsg-
  2ubuntu1.7 and has been running in production for approximately a week
  and the issue has no longer occurred. No other issues have appeared
  during this period.

  As this bug affects all systems using LDAP with TLS, I suggest that
  the fix for this bug is ported to Ubuntu 20.04 LTS and potentially
  earlier versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1922212] Re: SSHD does not honor configuration files

[Utkarsh Gupta]

Hello Jerrey,

Thank you for taking out time to file a bug and making the Ubuntu server
better.

It's a bit upsetting that you're hitting this bug. Can you share your
entire conf, please? This would help me better analyze the problem and
help me reproduce it.

While at it, could you also help me provide steps to reproduce this
easily? I can make out the issue but having straightforward steps
written will help me debug this fast enough.

That said, I found a link to stack exchange that might help: 
https://unix.stackexchange.com/questions/218034/disabling-ssh-password-authentication-does-not-work-on-my-debian-vps
Let me know if it helps? Also, does restarting sshd help?

I am marking this bug as "Incomplete" for now. Once you provide the
necessary details, please mark it back to "New" and then we can take a
look and help debug further. Thanks! :)

** Changed in: openssh (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1922212

Title:
  SSHD does not honor configuration files

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  I'm working on Ubuntu 20, x86_64, fully patched.

 # lsb_release -a
 Distributor ID:Ubuntu
 Description:   Ubuntu 20.04.2 LTS
 ...

  We are seeing reports of failed password-based logins using root:

 jounralctl -xe
 ...
 Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 
49.88.112.77 port 36206 ssh2
 Apr 01 09:08:21 localhost sshd[239302]: Failed password for root from 
49.88.112.77 port 36206 ssh2
 ...

  There are three attempts every second or two (literally):

 # journalctl -xe | grep -i -c 'Failed password for root'
 324

  Our OpenSSH server is configured with both no-password based logins
  and no-root logins.

 # ls /etc/ssh/sshd_config.d/
 10_pubkey_auth.conf  20_disable_root_login.conf

 # cat /etc/ssh/sshd_config.d/10_pubkey_auth.conf 
 # Disable passwords
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM no
 # Enable public key
 PubkeyAuthentication yes

 # cat /etc/ssh/sshd_config.d/20_disable_root_login.conf 
 PermitRootLogin no

  The config files are included last in our /etc/ssh/sshd_config file:

 # tail -n 3 /etc/ssh/sshd_config

 # For some reason OpenSSH does not include additional conf files by 
default.
 Include /etc/ssh/sshd_config.d/*.conf

  I dislike modifying /etc/ssh/sshd_config since it will be overwritten
  by the distro. With that said, I modified it without success.

  It really annoys me that we can't secure this service. Something looks
  very broken here.

  -

  # apt-cache show openssh-server
  Package: openssh-server
  Architecture: amd64
  Version: 1:8.2p1-4ubuntu0.2
  Multi-Arch: foreign
  Priority: optional
  Section: net
  Source: openssh
  Origin: Ubuntu
  Maintainer: Ubuntu Developers 
  Original-Maintainer: Debian OpenSSH Maintainers 
  Bugs: https://bugs.launchpad.net/ubuntu/+filebug

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1922212/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

Hello,

I just did the verification and the upgrade seems to be working as
intended for me. I went ahead and added the verficiation-done tag (and
the release-specific tags as well!).

** Tags removed: verification-needed verification-needed-bionic 
verification-needed-focal verification-needed-groovy
** Tags added: verification-done verification-done-bionic 
verification-done-focal verification-done-groovy

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in isc-dhcp source package in Bionic:
  Fix Committed
Status in isc-dhcp source package in Focal:
  Fix Committed
Status in isc-dhcp source package in Groovy:
  Fix Committed

Bug description:
  [Impact]

  When checking isc-dhcp-server unit file it was seen that isc-dhcp-
  server is being started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This causes the service to listen on all interfaces, which is what the
  user might not want. In case the user wants to use *only* IPv6 and not
  IPv4, this could maybe lead to problems as what the user intended to
  do could be really different from what the outcome turns out to be
  (because of this bug).

  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so
  long.

  The SRU would split the variables into respective names, thereby
  making sure that what /etc/default/isc-dhcp-serve sets, is available
  in the respective service file.

  [Test Plan]

  To reproduce this bug, simply do the following:

  $ lxc launch ubuntu-daily:focal isc-dhcp-lp1894172-focal

  $ lxc shell isc-dhcp-lp1894172-focal

  # apt update && apt install isc-dhcp-server -y

  # grep "INTERFACES" /etc/default/isc-dhcp-server
  INTERFACESv4=""
  INTERFACESv6=""

  grep "INTERFACES" /lib/systemd/system/isc-dhcp-server.service
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  # grep "INTERFACES" /lib/systemd/system/isc-dhcp-server6.service
  exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid 
-cf $CONFIG_FILE $INTERFACES'

  With this, it is clearly visible that even though /lib/systemd/system
  /isc-dhcp-server{,6}.service file uses the INTERFACES variable but the
  /etc/default/isc-dhcp-server defines 2 different variables,
  INTERFACESv4 and INTERFACESv6.

  After the SRU is performed, the respective services files should use
  INTERFACESv4 and INTERFACESv6 variable, instead of just INTERFACES.

  To ensure smooth upgrade of this package, we'd check if the user
  hasn't manually set a INTERFACESv{4,6} variable to workaround this
  bug. If they have, then we simply check and make sure, we use the
  correct variable.

  [Where problems could occur]

  The problem could occur if the user has manually set some different
  workaround for this bug and so the usual upgrade could break some of
  their old configuration(s).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

Hey,

The above regression was a false-positive; there were several retries,
all of them passed (cf:
https://autopkgtest.ubuntu.com/packages/c/chrony/bionic/armhf).

So this should be good to go (regression-wise)! \o/

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in isc-dhcp source package in Bionic:
  Fix Committed
Status in isc-dhcp source package in Focal:
  Fix Committed
Status in isc-dhcp source package in Groovy:
  Fix Committed

Bug description:
  [Impact]

  When checking isc-dhcp-server unit file it was seen that isc-dhcp-
  server is being started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This causes the service to listen on all interfaces, which is what the
  user might not want. In case the user wants to use *only* IPv6 and not
  IPv4, this could maybe lead to problems as what the user intended to
  do could be really different from what the outcome turns out to be
  (because of this bug).

  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so
  long.

  The SRU would split the variables into respective names, thereby
  making sure that what /etc/default/isc-dhcp-serve sets, is available
  in the respective service file.

  [Test Plan]

  To reproduce this bug, simply do the following:

  $ lxc launch ubuntu-daily:focal isc-dhcp-lp1894172-focal

  $ lxc shell isc-dhcp-lp1894172-focal

  # apt update && apt install isc-dhcp-server -y

  # grep "INTERFACES" /etc/default/isc-dhcp-server
  INTERFACESv4=""
  INTERFACESv6=""

  grep "INTERFACES" /lib/systemd/system/isc-dhcp-server.service
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  # grep "INTERFACES" /lib/systemd/system/isc-dhcp-server6.service
  exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid 
-cf $CONFIG_FILE $INTERFACES'

  With this, it is clearly visible that even though /lib/systemd/system
  /isc-dhcp-server{,6}.service file uses the INTERFACES variable but the
  /etc/default/isc-dhcp-server defines 2 different variables,
  INTERFACESv4 and INTERFACESv6.

  After the SRU is performed, the respective services files should use
  INTERFACESv4 and INTERFACESv6 variable, instead of just INTERFACES.

  To ensure smooth upgrade of this package, we'd check if the user
  hasn't manually set a INTERFACESv{4,6} variable to workaround this
  bug. If they have, then we simply check and make sure, we use the
  correct variable.

  [Where problems could occur]

  The problem could occur if the user has manually set some different
  workaround for this bug and so the usual upgrade could break some of
  their old configuration(s).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Description changed:

  [Impact]
  
  When checking isc-dhcp-server unit file it was seen that isc-dhcp-server
  is being started by:
  
  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf
  
  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
  
  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.
  
  This causes the service to listen on all interfaces, which is what the
  user might not want. In case the user wants to use *only* IPv6 and not
  IPv4, this could maybe lead to problems as what the user intended to do
  could be really different from what the outcome turns out to be (because
  of this bug).
  
  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so long.
  
  The SRU would split the variables into respective names, thereby making
  sure that what /etc/default/isc-dhcp-serve sets, is available in the
  respective service file.
  
  [Test Plan]
  
- To reproduce, simply install isc-dhcp-server via apt.
- Now, if you see the /etc/default/isc-dhcp-server file, it sets 2 variables, 
namely, INTERFACESv4 and INTERFACESv6. However, if you check the respective 
services file, that is, /lib/systemd/system/isc-dhcp-server.service and 
/lib/systemd/system/isc-dhcp-server6.service, it is still using the INTERFACES 
variable.
+ To reproduce this bug, simply do the following:
+ 
+ $ lxc launch ubuntu-daily:focal isc-dhcp-lp1894172-focal
+ 
+ $ lxc shell isc-dhcp-lp1894172-focal
+ 
+ # apt update && apt install isc-dhcp-server -y
+ 
+ # grep "INTERFACES" /etc/default/isc-dhcp-server 
+ INTERFACESv4=""
+ INTERFACESv6=""
+ 
+ grep "INTERFACES" /lib/systemd/system/isc-dhcp-server.service
+ exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
+ 
+ # grep "INTERFACES" /lib/systemd/system/isc-dhcp-server6.service
+ exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid 
-cf $CONFIG_FILE $INTERFACES'
+ 
+ 
+ With this, it is clearly visible that even though 
/lib/systemd/system/isc-dhcp-server{,6}.service file uses $INTERFACES variable 
but the /etc/default/isc-dhcp-server defines 2 different variables, 
INTERFACESv4 and INTERFACESv6.
  
  After the SRU is performed, the respective services files should use
  INTERFACESv4 and INTERFACESv6 variable, instead of just INTERFACES.
  
  To ensure smooth upgrade of this package, we'd check if the user hasn't
  manually set a INTERFACESv{4,6} variable to workaround this bug. If they
  have, then we simply check and make sure, we use the correct variable.
  
  [Where problems could occur]
  
  The problem could occur if the user has manually set some different
  workaround for this bug and so the usual upgrade could break some of
  their old configuration(s).

** Description changed:

  [Impact]
  
  When checking isc-dhcp-server unit file it was seen that isc-dhcp-server
  is being started by:
  
  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf
  
  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
  
  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.
  
  This causes the service to listen on all interfaces, which is what the
  user might not want. In case the user wants to use *only* IPv6 and not
  IPv4, this could maybe lead to problems as what the user intended to do
  could be really different from what the outcome turns out to be (because
  of this bug).
  
  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so long.
  
  

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Description changed:

  [Impact]
  
  When checking isc-dhcp-server unit file it was seen that isc-dhcp-server
  is being started by:
  
  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf
  
  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
- CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
- if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
- [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
- chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
- chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
- exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
+ CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
+ if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
+ [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
+ chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
+ chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
+ exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
  
  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.
+ 
+ This causes the service to listen on all interfaces, which is what the
+ user might not want. In case the user wants to use *only* IPv6 and not
+ IPv4, this could maybe lead to problems as what the user intended to do
+ and what the outcome turns out because of this bug could be really
+ different.
  
  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so long.
  
  The SRU would split the variables into respective names, thereby making
  sure that what /etc/default/isc-dhcp-serve sets, is available in the
  respective service file.
  
- 
  [Test Plan]
  
  To reproduce, simply install isc-dhcp-server via apt.
- Now, if you see the /etc/default/isc-dhcp-server file, it sets 2 variables, 
namely, INTERFACESv4 and INTERFACESv6. However, if you check the respective 
services file, that is, /lib/systemd/system/isc-dhcp-server.service and 
/lib/systemd/system/isc-dhcp-server6.service, it is still using the INTERFACES 
variable. 
+ Now, if you see the /etc/default/isc-dhcp-server file, it sets 2 variables, 
namely, INTERFACESv4 and INTERFACESv6. However, if you check the respective 
services file, that is, /lib/systemd/system/isc-dhcp-server.service and 
/lib/systemd/system/isc-dhcp-server6.service, it is still using the INTERFACES 
variable.
  
  After the SRU is performed, the respective services files should use
  INTERFACESv4 and INTERFACESv6 variable, instead of just INTERFACES.
  
  To ensure smooth upgrade of this package, we'd check if the user hasn't
  manually set a INTERFACESv{4,6} variable to workaround this bug. If they
  have, then we simply check and make sure, we use the correct variable.
  
- 
  [Where problems could occur]
  
  The problem could occur if the user has manually set some different
  workaround this bug and so the usual upgrade could break some of their
  old configuration.

** Description changed:

  [Impact]
  
  When checking isc-dhcp-server unit file it was seen that isc-dhcp-server
  is being started by:
  
  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf
  
  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
  
  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.
  
  This causes the service to listen on all interfaces, which is what the
  user might not want. In case the user wants to use *only* IPv6 and not
  IPv4, this could maybe lead to problems as what the user intended to do
- and what the outcome turns out because of this bug could be really
- different.
+ could be really different from what the outcome turns out to be (because
+ of this bug).
  
  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so long.
  
  The SRU would split the variables into 

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Description changed:

- When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
- started by:
+ [Impact]
+ 
+ When checking isc-dhcp-server unit file it was seen that isc-dhcp-server
+ is being started by:
  
  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf
  
  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'
  
  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.
  
- This has only been working because cmdline sets -4 and subnet
- declaration in dhcpd.conf file makes dhcp-server to bind to the correct
- interfaces, as it looks like.
+ The previous upload(er) forgot to mention (and split) the INTERFACES
+ variable to v4 and v6 and as a result, it has been this way for so long.
+ 
+ The SRU would split the variables into respective names, thereby making
+ sure that what /etc/default/isc-dhcp-serve sets, is available in the
+ respective service file.
+ 
+ 
+ [Test Plan]
+ 
+ To reproduce, simply install isc-dhcp-server via apt.
+ Now, if you see the /etc/default/isc-dhcp-server file, it sets 2 variables, 
namely, INTERFACESv4 and INTERFACESv6. However, if you check the respective 
services file, that is, /lib/systemd/system/isc-dhcp-server.service and 
/lib/systemd/system/isc-dhcp-server6.service, it is still using the INTERFACES 
variable. 
+ 
+ After the SRU is performed, the respective services files should use
+ INTERFACESv4 and INTERFACESv6 variable, instead of just INTERFACES.
+ 
+ To ensure smooth upgrade of this package, we'd check if the user hasn't
+ manually set a INTERFACESv{4,6} variable to workaround this bug. If they
+ have, then we simply check and make sure, we use the correct variable.
+ 
+ 
+ [Where problems could occur]
+ 
+ The problem could occur if the user has manually set some different
+ workaround this bug and so the usual upgrade could break some of their
+ old configuration.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in isc-dhcp source package in Bionic:
  Confirmed
Status in isc-dhcp source package in Focal:
  Confirmed
Status in isc-dhcp source package in Groovy:
  Confirmed

Bug description:
  [Impact]

  When checking isc-dhcp-server unit file it was seen that isc-dhcp-
  server is being started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  The previous upload(er) forgot to mention (and split) the INTERFACES
  variable to v4 and v6 and as a result, it has been this way for so
  long.

  The SRU would split the variables into respective names, thereby
  making sure that what /etc/default/isc-dhcp-serve sets, is available
  in the respective service file.

  
  [Test Plan]

  To reproduce, simply install isc-dhcp-server via apt.
  Now, if you see the /etc/default/isc-dhcp-server file, it sets 2 variables, 
namely, INTERFACESv4 and INTERFACESv6. However, if you check the respective 
services file, that is, /lib/systemd/system/isc-dhcp-server.service and 
/lib/systemd/system/isc-dhcp-server6.service, it is still using the INTERFACES 
variable. 

  After the SRU is performed, the respective services files should use
  INTERFACESv4 and INTERFACESv6 variable, instead of just INTERFACES.

  To ensure smooth upgrade of this package, we'd check if the user
  hasn't manually set a 

[Touch-packages] [Bug 1891548] Re: autofs-ldap's /etc/ldap/schema/autofs.schema crashes slapd

[Utkarsh Gupta]

Hiya,

This was fixed in Debian via 5.1.6-4, which is merged in Hirsute release
(5.1.6-4ubuntu1). Therefore, I am marking this as "Fix Released" for
Hirsute. Should you have any questions or problems wrt this, let me
know!

Thanks.

** Changed in: autofs (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1891548

Title:
  autofs-ldap's /etc/ldap/schema/autofs.schema crashes slapd

Status in autofs package in Ubuntu:
  Fix Released
Status in openldap package in Ubuntu:
  New
Status in autofs package in Debian:
  Fix Released

Bug description:
  Ubuntu Release:
  # lsb_release -rd
  Description:  Ubuntu 20.04.1 LTS
  Release:  20.04

  Version of packages in use:
  # dpkg -l autofs autofs-ldap slapd | grep '^ii'
  ii  autofs 5.1.6-2ubuntu0.1   amd64kernel-based 
automounter for Linux
  ii  autofs-ldap5.1.6-2ubuntu0.1   amd64LDAP map support for 
autofs
  ii  slapd  2.4.49+dfsg-2ubuntu1.3 amd64OpenLDAP server (slapd)

  Expected:
  No errors from slaptest

  Actual Output:
  5f359370 /etc/ldap/schema/autofs.schema: line 14 attributetype: AttributeType 
inappropriate matching rule: "caseExactMatch"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autofs/+bug/1891548/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Changed in: isc-dhcp (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in isc-dhcp source package in Bionic:
  Confirmed
Status in isc-dhcp source package in Focal:
  Confirmed
Status in isc-dhcp source package in Groovy:
  Confirmed

Bug description:
  When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
  started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This has only been working because cmdline sets -4 and subnet
  declaration in dhcpd.conf file makes dhcp-server to bind to the
  correct interfaces, as it looks like.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Changed in: isc-dhcp (Ubuntu Groovy)
   Status: Fix Released => Confirmed

** Changed in: isc-dhcp (Ubuntu)
   Status: Confirmed => In Progress

** Changed in: isc-dhcp (Ubuntu)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

** Changed in: isc-dhcp (Ubuntu Bionic)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

** Changed in: isc-dhcp (Ubuntu Focal)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

** Changed in: isc-dhcp (Ubuntu Groovy)
 Assignee: (unassigned) => Utkarsh Gupta (utkarsh)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  In Progress
Status in isc-dhcp source package in Bionic:
  Confirmed
Status in isc-dhcp source package in Focal:
  Confirmed
Status in isc-dhcp source package in Groovy:
  Confirmed

Bug description:
  When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
  started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This has only been working because cmdline sets -4 and subnet
  declaration in dhcpd.conf file makes dhcp-server to bind to the
  correct interfaces, as it looks like.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1774342] Re: /lib/systemd/system/isc-dhcp-server.service $INTERFACES variable

[Utkarsh Gupta]

*** This bug is a duplicate of bug 1894172 ***
https://bugs.launchpad.net/bugs/1894172

** Also affects: isc-dhcp (Ubuntu Groovy)
   Importance: Undecided
   Status: New

** Also affects: isc-dhcp (Ubuntu Hirsute)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1774342

Title:
  /lib/systemd/system/isc-dhcp-server.service $INTERFACES variable

Status in isc-dhcp package in Ubuntu:
  New
Status in isc-dhcp source package in Bionic:
  New
Status in isc-dhcp source package in Focal:
  New
Status in isc-dhcp source package in Groovy:
  New
Status in isc-dhcp source package in Hirsute:
  New

Bug description:
  package: isc-dhcp-server

  /etc/default/isc-dhcp-server define the variables INTERFACESv4 and
  INTERFACESv6 for define listening network interface, but
  /lib/systemd/system/isc-dhcp-server.service and /lib/systemd/system
  /isc-dhcp-server6.service use the variable INTERFACES (exec dhcpd
  -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf
  $CONFIG_FILE $INTERFACES'). This causes the service to listen on all
  interfaces.

  The correct way would be for /lib/systemd/system/isc-dhcp-server.service:
  ..
   exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf 
$CONFIG_FILE $INTERFACESv4'
  ..

  for /lib/systemd/system/isc-dhcp-server.service:
  ..
  exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf 
$CONFIG_FILE $INTERFACESv6'
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1774342/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Changed in: isc-dhcp (Ubuntu Bionic)
   Status: Triaged => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Confirmed
Status in isc-dhcp source package in Bionic:
  Confirmed
Status in isc-dhcp source package in Focal:
  Confirmed
Status in isc-dhcp source package in Groovy:
  Fix Released

Bug description:
  When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
  started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This has only been working because cmdline sets -4 and subnet
  declaration in dhcpd.conf file makes dhcp-server to bind to the
  correct interfaces, as it looks like.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Changed in: isc-dhcp (Ubuntu)
   Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Confirmed
Status in isc-dhcp source package in Bionic:
  Triaged
Status in isc-dhcp source package in Focal:
  Confirmed
Status in isc-dhcp source package in Groovy:
  Fix Released

Bug description:
  When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
  started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This has only been working because cmdline sets -4 and subnet
  declaration in dhcpd.conf file makes dhcp-server to bind to the
  correct interfaces, as it looks like.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1774342] Re: /lib/systemd/system/isc-dhcp-server.service $INTERFACES variable

[Utkarsh Gupta]

*** This bug is a duplicate of bug 1894172 ***
https://bugs.launchpad.net/bugs/1894172

** No longer affects: isc-dhcp (Ubuntu Groovy)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1774342

Title:
  /lib/systemd/system/isc-dhcp-server.service $INTERFACES variable

Status in isc-dhcp package in Ubuntu:
  New
Status in isc-dhcp source package in Bionic:
  New
Status in isc-dhcp source package in Focal:
  New

Bug description:
  package: isc-dhcp-server

  /etc/default/isc-dhcp-server define the variables INTERFACESv4 and
  INTERFACESv6 for define listening network interface, but
  /lib/systemd/system/isc-dhcp-server.service and /lib/systemd/system
  /isc-dhcp-server6.service use the variable INTERFACES (exec dhcpd
  -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf
  $CONFIG_FILE $INTERFACES'). This causes the service to listen on all
  interfaces.

  The correct way would be for /lib/systemd/system/isc-dhcp-server.service:
  ..
   exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf 
$CONFIG_FILE $INTERFACESv4'
  ..

  for /lib/systemd/system/isc-dhcp-server.service:
  ..
  exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf 
$CONFIG_FILE $INTERFACESv6'
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1774342/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1774342] Re: /lib/systemd/system/isc-dhcp-server.service $INTERFACES variable

[Utkarsh Gupta]

*** This bug is a duplicate of bug 1894172 ***
https://bugs.launchpad.net/bugs/1894172

** Also affects: isc-dhcp (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: isc-dhcp (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: isc-dhcp (Ubuntu Groovy)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1774342

Title:
  /lib/systemd/system/isc-dhcp-server.service $INTERFACES variable

Status in isc-dhcp package in Ubuntu:
  New
Status in isc-dhcp source package in Bionic:
  New
Status in isc-dhcp source package in Focal:
  New

Bug description:
  package: isc-dhcp-server

  /etc/default/isc-dhcp-server define the variables INTERFACESv4 and
  INTERFACESv6 for define listening network interface, but
  /lib/systemd/system/isc-dhcp-server.service and /lib/systemd/system
  /isc-dhcp-server6.service use the variable INTERFACES (exec dhcpd
  -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf
  $CONFIG_FILE $INTERFACES'). This causes the service to listen on all
  interfaces.

  The correct way would be for /lib/systemd/system/isc-dhcp-server.service:
  ..
   exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf 
$CONFIG_FILE $INTERFACESv4'
  ..

  for /lib/systemd/system/isc-dhcp-server.service:
  ..
  exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf 
$CONFIG_FILE $INTERFACESv6'
  .

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1774342/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1894172] Re: isc-dhcp-server using wrong env variable for INTERFACES

[Utkarsh Gupta]

** Changed in: isc-dhcp (Ubuntu)
   Status: Triaged => Fix Released

** Also affects: isc-dhcp (Ubuntu Groovy)
   Importance: Undecided
   Status: New

** Changed in: isc-dhcp (Ubuntu Groovy)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1894172

Title:
  isc-dhcp-server using wrong env variable for INTERFACES

Status in isc-dhcp package in Ubuntu:
  Fix Released
Status in isc-dhcp source package in Bionic:
  Triaged
Status in isc-dhcp source package in Focal:
  Confirmed
Status in isc-dhcp source package in Groovy:
  Fix Released

Bug description:
  When checking isc-dhcp-server unit file I saw isc-dhcp-server is being
  started by:

  ConditionPathExists=/etc/default/isc-dhcp-server
  ConditionPathExists=|/etc/ltsp/dhcpd.conf
  ConditionPathExists=|/etc/dhcp/dhcpd.conf

  [Service]
  EnvironmentFile=/etc/default/isc-dhcp-server
  RuntimeDirectory=dhcp-server
  # The leases files need to be root:dhcpd even when dropping privileges
  ExecStart=/bin/sh -ec '\
  CONFIG_FILE=/etc/dhcp/dhcpd.conf; \
  if [ -f /etc/ltsp/dhcpd.conf ]; then CONFIG_FILE=/etc/ltsp/dhcpd.conf; 
fi; \
  [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases; \
  chown root:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases; \
  chmod 775 /var/lib/dhcp ; chmod 664 /var/lib/dhcp/dhcpd.leases; \
  exec dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid 
-cf $CONFIG_FILE $INTERFACES'

  But the /etc/default/isc-dhcp-server file sets $INTERFACESv4 and
  $INTERFACESv6.

  This has only been working because cmdline sets -4 and subnet
  declaration in dhcpd.conf file makes dhcp-server to bind to the
  correct interfaces, as it looks like.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1894172/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp