[Bug 1864689] Re: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox
This bug affects me too, with a client certificate that now "magically" does not match the requirements. Ironically, the error message says only: OpenSSL error error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak, (no key found, wrong pass phrase, or wrong file format?) although there was no MD5 signature involved at all. So, even when you know that with OpenSSL 1.1, an "SSL security level" has been introduced, and that Ubuntu has set that level to 2, it is hard to find that it deprecates SHA1 now (see https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level.html). Thus, even for more knowledgable people than me this is a major hassle to find and/or fix. I wonder why Ubuntu has chosen to raise the level that high considering that the documentation page contains a clear warning indication: "WARNING at this time setting the security level higher than 1 for general internet use is likely to cause considerable interoperability issues and is not recommended. This is because the SHA1 algorithm is very widely used in certificates and will be rejected at levels higher than 1 because it only offers 80 bits of security." I think that this is an extremely unwise choice for an OS to make. That being said, here is the fix (also hard to find): In /etc/ssl/openssl.cnf, add this line before the start of the file: openssl_conf = default_conf At the end of the file, add these lines: [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] CipherString = DEFAULT:@SECLEVEL=1 This will bring down the SSL security level to the former level of 1. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864689 Title: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1864689/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872443] Re: /etc/securetty missing: dovecot not working
I cannot tell if this is a problem in whatever version of Debian, since I do not use it. Even with Ubuntu being derived from Debian at some point between 18.04 where /etc/securetty was delivered with package login and 20.04 where the whole package is unavailable. I think that is an interdependence between multiple packages, but I am not quite in the position to point at where (or even if) the problem could be fixed in Debian. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872443 Title: /etc/securetty missing: dovecot not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1872443/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872550] Re: dovecot snarfing does not work on 20.04
Not a bug in Ubuntu ** Changed in: dovecot (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872550 Title: dovecot snarfing does not work on 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1872550/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872550] Re: dovecot snarfing does not work on 20.04
My bad: It does not work with the current dovecot 2.3.10 from the official
repos, either.
Thus, it is an upstream bug.
I have found how to solve the problem:
mail_location = mbox:/home/%u/mail/:INBOX=/home/%u/mail/mbox:INDEX=MEMORY
mail_plugins = snarf notify zlib
namespace Snarf {
prefix = ~~Snarfbox/
separator = /
location = mbox:/run/dovecot/empty:INBOX=/var/mail/%u:INDEX=MEMORY
list = no
hidden = yes
}
plugin {
mbox_snarf = /home/%u/mail/mbox
snarf = ~~Snarfbox/INBOX
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872550
Title:
dovecot snarfing does not work on 20.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1872550/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872550] [NEW] dovecot snarfing does not work on 20.04
Public bug reported:
Description:Ubuntu Focal Fossa (development branch)
Release:20.04
Package:dovecot (2.3.7.2-1ubuntu3)
Problem:
When using "snarf", the dovecot version delivered with 20.04 (Focal
Fossa) does not work correctly. Snarfing is used to get new mail from
/var/mail/%u to ~/mail/mbox (INBOX).
Mail content from the incoming mail directory does not get snarfed into
the INBOX. Thus, no new incoming mail is ever detected.
This works fine with 18.04 which employs dovecot 2.2.32.2, but there
seems to be no indication that something changed upstream, so I am at a
loss at what causes this. When I enable debug output, I can even see
that the snarf plugin is active.
When I install older dovecot-core, dovecot-popd3d and dovecot-imapd from
18.04 into 20.04, everything works as usual.
The relevant portion of my configuration is:
mail_location = mbox:~/mail/:INBOX=~/mail/mbox:INDEX=MEMORY
mail_plugins = snarf notify zlib
namespace snarf {
prefix = ~~snarf/
separator = /
location = mbox:/run/dovecot/empty:INBOX=/var/mail/%u:INDEX=MEMORY
list = no
hidden = yes
}
plugin {
snarf = ~~snarf/INBOX
}
** Affects: dovecot (Ubuntu)
Importance: Undecided
Status: New
** Tags: dovecot snarf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1872550
Title:
dovecot snarfing does not work on 20.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1872550/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872443] Re: /etc/securetty missing: dovecot not working
At least, in 18.04, the file /etc/securetty was in package login... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872443 Title: /etc/securetty missing: dovecot not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1872443/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872443] [NEW] /etc/securetty missing: dovecot not working
Public bug reported: With Ubuntu 20.04 Focal Fossa, /etc/securetty is missing from the "login" package (4.8.1-1ubuntu4). This leads to errors such as in /var/log/mail.log when a dovecot auth is tried: Apr 13 13:08:17 venus dovecot[10588]: imap-login: Login: user=, method=PLAIN, rip=192.168.123.1, lip=192.168.123.188, mpid=12200, TLS, TLSv1.2 with cipher ECDHE-E CDSA-AES256-GCM-SHA384 (256/256 bits) Apr 13 13:08:18 venus auth[12195]: pam_unix(dovecot:auth): Couldn't open /etc/secure tty: No such file or directory Apr 13 13:08:18 venus auth[12195]: pam_unix(dovecot:auth): Couldn't open /etc/secure tty: No such file or directory Apr 13 13:08:18 venus dovecot[10588]: imap-login: Login: user=, method=PLAIN, rip=192.168.123.1, lip=192.168.123.188, mpid=12202, TLS, TLSv1.2 with cipher ECDHE-E CDSA-AES256-GCM-SHA384 (256/256 bits) It seems that pam_unix still needs /etc/securetty, but login no longer provides it. There was a similar bug in debian that seems to be related: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931899 To my understanding, this is a problem between pam and login packages in 20.04. ** Affects: shadow (Ubuntu) Importance: Undecided Status: New ** Tags: dovecot login pam securetty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872443 Title: /etc/securetty missing: dovecot not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1872443/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872288] Re: Focal Fossa: postfix configure-instance script typos
I hope that the upstream patch will be in time for Focal Fossa finalisation. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872288 Title: Focal Fossa: postfix configure-instance script typos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1872288/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1872288] [NEW] Focal Fossa: postfix configure-instance script typos
Public bug reported: Description:Ubuntu Focal Fossa (development branch) Release:20.04 Postfix 3.4.10-1 There are some typos that have crept into /usr/lib/postfix/configure-instance.sh which keep the postfix chroot environment from working. In the script, there are two sections that copy the SSL certificate paths (often /etc/ssl/certs) into the chroot environment (/var/spool/postscript). This is needed for any chrooted postfix daemon to find the CA certificates. If "smtp_tls_CApath" is not copied to /var/spool/postfix, you will experience errors like: Apr 12 12:27:44 venus postfix/smtp[23477]: certificate verification failed for mx.xyz.de[8.8.8.8]:587: untrusted issuer /O=Digital Signature Trust Co./CN=DST Root CA X3 Apr 12 12:27:44 venus postfix/smtp[23477]: 529761C123E: to=, relay=mx.xyz.de[8.8.8.8]:587, delay=4024, delays=4024/0.02/0.11/0, dsn=4.7.5, status=deferred (Server certificate not trusted) This is rendering TLS essentially unusable. At the start of each section, a variable named "ca_path" ist defined and should be used thereafter. Alas, the variable is misspelled "sca_path" throughout the first section (starting at line 47) and "dca_path" throughout the second section (starting at line 79). This results in the certificates not being copied. ** Affects: postfix (Ubuntu) Importance: Undecided Status: New ** Tags: chroot postfix tls ** Patch added: "Patch for /usr/lib/postfix/configure-instance.sh (Focal Fossa 20.04)" https://bugs.launchpad.net/bugs/1872288/+attachment/5352447/+files/configure-instance.sh.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1872288 Title: Focal Fossa: postfix configure-instance script typos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1872288/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1867784] Re: "systemctl status ..." in Focal does not show any process output
Never mind. My fault. The journal was gone, so nothing could be shown. ** Changed in: systemd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1867784 Title: "systemctl status ..." in Focal does not show any process output To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867784/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1867784] [NEW] "systemctl status ..." in Focal does not show any process output
Public bug reported: Software versions: # lsb_release -rd Description:Ubuntu Focal Fossa (development branch) Release:20.04 # apt-cache policy systemd systemd: Installed: 244.3-1ubuntu1 Candidate: 244.3-1ubuntu1 Version table: *** 244.3-1ubuntu1 500 500 http://de.archive.ubuntu.com/ubuntu focal/main amd64 Packages 100 /var/lib/dpkg/status When I issue "systemctl status apache2" (or for any other service for that matter) in Focal, the last few lines of output are not shown any more: # systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor prese> Drop-In: /etc/systemd/system/apache2.service.d └─override.conf Active: active (running) since Tue 2020-03-17 13:34:42 CET; 1h 43min ago Docs: https://httpd.apache.org/docs/2.4/ Main PID: 283994 (apache2) Tasks: 55 (limit: 9451) Memory: 27.3M CGroup: /system.slice/apache2.service ├─283994 /usr/sbin/apache2 -k start ├─283997 /usr/sbin/apache2 -k start └─283998 /usr/sbin/apache2 -k start # With Bionic (18.04), the last few log lines were shown as described in the systemctl man page: #systemctl status apache2 ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enab Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf /etc/systemd/system/apache2.service.d └─override.conf Active: active (running) since Tue 2020-03-03 23:01:13 CET; 1 weeks 6 days ago Process: 1255 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCE Main PID: 11522 (/usr/sbin/apach) Tasks: 15 (limit: 4915) CGroup: /system.slice/apache2.service ├─ 1280 /usr/sbin/apache2 -k start ├─ 6459 /usr/sbin/apache2 -k start └─11522 /usr/sbin/apache2 -k start Mar 13 06:25:27 fatty.xy.de systemd[1]: Reloading The Apache HTTP Server. Mar 13 06:25:27 fatty.xy.de systemd[1]: Reloaded The Apache HTTP Server. Mar 14 06:25:27 fatty.xy.de systemd[1]: Reloading The Apache HTTP Server. Mar 14 06:25:27 fatty.xy.de systemd[1]: Reloaded The Apache HTTP Server. Mar 15 06:25:27 fatty.xy.de systemd[1]: Reloading The Apache HTTP Server. Mar 15 06:25:27 fatty.xy.de systemd[1]: Reloaded The Apache HTTP Server. Mar 16 06:25:28 fatty.xy.de systemd[1]: Reloading The Apache HTTP Server. Mar 16 06:25:28 fatty.xy.de systemd[1]: Reloaded The Apache HTTP Server. Mar 17 06:25:27 fatty.xy.de systemd[1]: Reloading The Apache HTTP Server. Mar 17 06:25:27 fatty.xy.de systemd[1]: Reloaded The Apache HTTP Server. # I do not know if this was an upstream systemd change, however it seems wrong. ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: focal status systemd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1867784 Title: "systemctl status ..." in Focal does not show any process output To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867784/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865204] Re: Multiple packages broke with openssl 1.1.1 upgrade
** Description changed: While I welcome the adding of security features by upgrading vital packages like openssl, there are at least two packages that I know of which ran fine with libssl 1.1.0 and do not with libssl 1.1.1. This bug has been introduced with the migration from openssl 1.1.0 to 1.1.1 in one of the last point releases. - 1. stunnel4 3:5.44-1ubuntu3 stunnel4 breaks with openssl 1.1.1 (which supports TLS 1.3). I get errors when a Windows stunnel client connects to the stunnel4 daemon: Feb 20 14:10:03 peterpan.neverland stunnel[24427]: LOG3[0]: s_connect: connect ::1:3128 : Connection refused (111) This can be fixed when I manually add "MaxProtocol = TLSv1.2" to /etc/ssl/openssl.conf, showing that TLS 1.3 introduced by openssl 1.1.1 is the culprit. stunnel4 needs an update. At least for stunnel4, another fix would be to specify "sslVersion = TLSv1.2" in its config file. - 2. pure-ftpd 1.0.46-1build1 Same thing here. You cannot connect once you use "tls=2" or higher if openssl 1.1.1 with TLS 1.3 is active. Only fix here I found is to limit - the max protocol. pure-ftpd itself has no means of solving that problem, - at least not in the bionic version. + the max protocol in openssl for all applications. pure-ftpd itself has + no means of controlling the TLS version, at least not in the bionic + version of it. + + I use Ubuntu Server 18.04.04 LTS, BTW and openssl was + 1.1.1-1ubuntu2.1~18.04.5. - I use Ubuntu Server 18.04.04 LTS, BTW and openssl was 1.1.1-1ubuntu2.1~18.04.5. + Both problems could be fixed by backporting stunnel4 and pure-ftpd packages from Focal Fossa. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865204 Title: Multiple packages broke with openssl 1.1.1 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1865204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1865204] [NEW] Multiple packages broke with openssl 1.1.1 upgrade
Public bug reported: While I welcome the adding of security features by upgrading vital packages like openssl, there are at least two packages that I know of which ran fine with libssl 1.1.0 and do not with libssl 1.1.1. This bug has been introduced with the migration from openssl 1.1.0 to 1.1.1 in one of the last point releases. 1. stunnel4 3:5.44-1ubuntu3 stunnel4 breaks with openssl 1.1.1 (which supports TLS 1.3). I get errors when a Windows stunnel client connects to the stunnel4 daemon: Feb 20 14:10:03 peterpan.neverland stunnel[24427]: LOG3[0]: s_connect: connect ::1:3128 : Connection refused (111) This can be fixed when I manually add "MaxProtocol = TLSv1.2" to /etc/ssl/openssl.conf, showing that TLS 1.3 introduced by openssl 1.1.1 is the culprit. stunnel4 needs an update. At least for stunnel4, another fix would be to specify "sslVersion = TLSv1.2" in its config file. 2. pure-ftpd 1.0.46-1build1 Same thing here. You cannot connect once you use "tls=2" or higher if openssl 1.1.1 with TLS 1.3 is active. Only fix here I found is to limit the max protocol. pure-ftpd itself has no means of solving that problem, at least not in the bionic version. I use Ubuntu Server 18.04.04 LTS, BTW and openssl was 1.1.1-1ubuntu2.1~18.04.5. ** Affects: openssl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865204 Title: Multiple packages broke with openssl 1.1.1 upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1865204/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1864035] [NEW] stunnel4 breaks with openssl 1.1.1
Public bug reported: stunnel4 breaks with openssl 1.1.1 which supports TLS 1.3. This bug has been introduced with the migration from openssl 1.1.0 in one of the last point releases. I get errors when a Windows stunnel client connects to the stunnel4 daemon: Feb 20 14:10:03 peterpan.neverland stunnel[24427]: LOG3[0]: s_connect: connect ::1:3128 : Connection refused (111) This can be fixed when I manually add "MaxProtocol = TLSv1.2" to /etc/ssl/openssl.conf, showing that TLS 1.3 introduced by openssl 1.1.1 is the culprit. Probably stunnel4 needs an update. ** Affects: stunnel4 (Ubuntu) Importance: Undecided Status: New ** Project changed: launchpad => stunnel4 (Ubuntu) ** Summary changed: - stunnel breaks with openssl 1.1.1 + stunnel4 breaks with openssl 1.1.1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864035 Title: stunnel4 breaks with openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1864035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] PciMultimedia.txt
apport information ** Attachment added: "PciMultimedia.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303083/+files/PciMultimedia.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] UdevDb.txt
apport information ** Attachment added: "UdevDb.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303088/+files/UdevDb.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] CurrentDmesg.txt
apport information ** Attachment added: "CurrentDmesg.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303081/+files/CurrentDmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] WifiSyslog.txt
apport information ** Attachment added: "WifiSyslog.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303089/+files/WifiSyslog.txt ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] ProcInterrupts.txt
apport information ** Attachment added: "ProcInterrupts.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303086/+files/ProcInterrupts.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] Lspci.txt
apport information ** Attachment added: "Lspci.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303082/+files/Lspci.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] ProcEnviron.txt
apport information ** Attachment added: "ProcEnviron.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303085/+files/ProcEnviron.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] ProcCpuinfoMinimal.txt
apport information ** Attachment added: "ProcCpuinfoMinimal.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303084/+files/ProcCpuinfoMinimal.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] Re: Missing modules for cryptography and NFSv4
apport information ** Tags added: apport-collected bionic ** Description changed: There are two essential kernel modules that are missing from some linux kernel packages under Ubuntu Server 18.04 LTS: nfsv4.ko and aes-x86_64.ko (matter-of-fact any crypto module) I found them both missing in linux-kvm and nfsv4.ko missing in linux- generic - both are present in linux-generic-hwe-18.04. The use cases for these are not far-fetched: In an Ubuntu KVM guest, I often need virtual disks that I can encrypt via LUKS in order to protect them (somewhat). Obviously, this is not possible without the crypto modules, which are not present in the KVM- specialised kernel package 'linux-kvm'. On the other hand, when I want to mount NFS storage, I cannot use NFSv4, which is the preferred way of doing it when you need firewalling. Why this fails is not at all obvious, since the use-level "mount.nfs4" is present, but only gives cryptic messages, not showing that a kernel module is missing. And even with the default kernel (linux-generic), which has some more modules, NFSv4 client support is missing. - Do I really have to use linux-generic-hwe-18.04 for that? It seems a bit - much. + Do I really have to use linux-generic-hwe-18.04 for that? It seems a bit much. + --- + ProblemType: Bug + AlsaDevices: Error: command ['ls', '-l', '/dev/snd/'] failed with exit code 2: ls: cannot access '/dev/snd/': No such file or directory + AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay' + ApportVersion: 2.20.9-0ubuntu7.9 + Architecture: amd64 + ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord' + CRDA: N/A + DistroRelease: Ubuntu 18.04 + HibernationDevice: RESUME=/dev/mapper/unifi--vg-swap_1 + InstallationDate: Installed on 2017-02-11 (996 days ago) + InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719) + IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' + Lsusb: Error: command ['lsusb'] failed with exit code 1: + MachineType: QEMU Standard PC (i440FX + PIIX, 1996) + Package: linux (not installed) + ProcFB: Error: [Errno 2] No such file or directory: '/proc/fb' + ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-1048-kvm root=/dev/mapper/hostname--vg-root ro net.ifnames=0 biosdevname=0 + ProcVersionSignature: Ubuntu 4.15.0-1048.48-kvm 4.15.18 + RelatedPackageVersions: + linux-restricted-modules-4.15.0-1048-kvm N/A + linux-backports-modules-4.15.0-1048-kvm N/A + linux-firmware 1.173.9 + RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill' + Tags: bionic + Uname: Linux 4.15.0-1048-kvm x86_64 + UnreportableReason: This report is about a package that is not installed. + UpgradeStatus: Upgraded to bionic on 2019-06-22 (136 days ago) + UserGroups: + + _MarkForUpload: False + dmi.bios.date: 04/01/2014 + dmi.bios.vendor: SeaBIOS + dmi.bios.version: 1.10.2-1ubuntu1 + dmi.chassis.type: 1 + dmi.chassis.vendor: QEMU + dmi.chassis.version: pc-i440fx-xenial + dmi.modalias: dmi:bvnSeaBIOS:bvr1.10.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-xenial:cvnQEMU:ct1:cvrpc-i440fx-xenial: + dmi.product.name: Standard PC (i440FX + PIIX, 1996) + dmi.product.version: pc-i440fx-xenial + dmi.sys.vendor: QEMU ** Attachment added: "AudioDevicesInUse.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303080/+files/AudioDevicesInUse.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] ProcModules.txt
apport information ** Attachment added: "ProcModules.txt" https://bugs.launchpad.net/bugs/1851382/+attachment/5303087/+files/ProcModules.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1851382] [NEW] Missing modules for cryptography and NFSv4
Public bug reported: There are two essential kernel modules that are missing from some linux kernel packages under Ubuntu Server 18.04 LTS: nfsv4.ko and aes-x86_64.ko (matter-of-fact any crypto module) I found them both missing in linux-kvm and nfsv4.ko missing in linux- generic - both are present in linux-generic-hwe-18.04. The use cases for these are not far-fetched: In an Ubuntu KVM guest, I often need virtual disks that I can encrypt via LUKS in order to protect them (somewhat). Obviously, this is not possible without the crypto modules, which are not present in the KVM- specialised kernel package 'linux-kvm'. On the other hand, when I want to mount NFS storage, I cannot use NFSv4, which is the preferred way of doing it when you need firewalling. Why this fails is not at all obvious, since the use-level "mount.nfs4" is present, but only gives cryptic messages, not showing that a kernel module is missing. And even with the default kernel (linux-generic), which has some more modules, NFSv4 client support is missing. Do I really have to use linux-generic-hwe-18.04 for that? It seems a bit much. ** Affects: linux-meta (Ubuntu) Importance: Undecided Status: New ** Tags: crypto nfsv4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851382 Title: Missing modules for cryptography and NFSv4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1851382/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1797386] Re: [SRU] OpenSSL 1.1.1 to 18.04 LTS
Hi, good idea in theory, but I want to add my 2cents: Please coordinate this update with ALL affected packages, like apache2 and nginx. My reason is: I just tried the PPA and found that nginx works with TLS 1.3 after that right out of the box. HOWEVER, there is a problem: openssl 1.1.1 has changed the way the cipher suites are configured - the ones for TLS 1.3 are configured separately, see here: https://github.com/openssl/openssl/commit/f865b08143b453962ad4afccd69e698d13c60f77 Nginx on the other hand has chosen to not support that new configuration at all, see: https://trac.nginx.org/nginx/ticket/1529 That means that the predefined order of TLS 1.3 is: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 and cannot be changed - it took me hours to find that out since the Nginx 1.15 documentation does not tell you that the TLS 1.3 ciphers cannot be changed by ssl_ciphers, but are silently ignored. The default set and order of ciphersuites may suit your needs or not - matter-of-fact it makes my SSLLabs score worse because of the AES128 cipher used. I have tried to apply othe defaults in /etc/ssl/openssl.conf but they do not seem to work for nginx. Neither could I just disable TLS 1.3 in order to restore the old behaviour other than to restore OpenSSL 1.1.0 by using "ppa-purge ppa:ci-train-ppa- service/3473". King regards, Uwe ** Bug watch added: trac.nginx.org/nginx/ #1529 http://trac.nginx.org/nginx/ticket/1529 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797386 Title: [SRU] OpenSSL 1.1.1 to 18.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1774141] [NEW] (In)compatibility library libcurl3
Public bug reported: With Bionic (18.04), libcurl4 is the standard, libcurl3 seems to be a compatibility library. However, libcurl3 and libcurl4 can not be installed together, presumably because of some obscure dependencies in the packages. These dependencies are, however, unneccessary, because the shared libraries have different names. Alas, since the package curl itself relies on libcurl4, installing libcurl3 removes curl. For example, installing Domoticz and other external tools need libcurl3 and thus remove curl support. If the dependencies between libcurl3 and 4 were corrected in Bionic, this could easily be fixed. ** Affects: curl3 (Ubuntu) Importance: Undecided Status: New ** Tags: 18.04 bionic dependency -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1774141 Title: (In)compatibility library libcurl3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl3/+bug/1774141/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1566542] Re: [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy
There is an even better fix, however, something like this should be included in the Ubuntu documentation for x11vnc as it is far from obvious... One can put something like this into /usr/share/sddm/scripts/Xsetup: /usr/bin/x11vnc -rfbauth /etc/vncpasswd -rfbport 5943 -reopen -forever & Explanation: $XAUTHORITY and $DISPLAY are set with Xsetup script. The reason being given for the unpredictable xauth name is that sddm should be able to handle multi-seat. I sets $XAUTHORITY and $DISPLAY for all dependend children, such as /usr/share/sddm/scripts/Xsetup. In order to start x11vnc, one should include it in Xsetup instead of establishing an independend service in systemd (since x11vnc depends on the real X server, anyway, which in turn is started/controlled by sddm). ** Bug watch added: github.com/sddm/sddm/issues #622 https://github.com/sddm/sddm/issues/622 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1566542 Title: [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sddm/+bug/1566542/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1566542] Re: [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy
Oh, and BTW: There will be no upstream fix for this, see: https://github.com/sddm/sddm/issues/622 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1566542 Title: [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sddm/+bug/1566542/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1566542] Re: [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy
The versions are correct. I doubt that the update of x11vnc would change anything with regard to the interoperability issue. As a workaround for that, I resorted to use: ExecStart=/bin/sh -c '/usr/bin/x11vnc -auth /var/run/sddm/* -display :0 -rfbauth /etc/vncpasswd -rfbport 5943 -reopen -forever' in /etc/systemd/system/x11vnc. It would not work if more than one X display is in use. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1566542 Title: [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sddm/+bug/1566542/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1566542] [NEW] Two sddm bugs with 16.04
Public bug reported:
SDDM with 16.04 LTS introduces two new problems that did not exist with
15.10 or 14.04:
1. The option HideShells in /etc/sddm.conf does not work correctly. When
more than one shell is specified, the filter does not work and the
matching users are listed in the greeting screen notwithstanding.
2. The xauthority (or MIT-MAGIC-COOKIE) file is no longer at
/var/run/sddm/:0 but at an unpredictable location like
/var/run/sddm/{ca7d6d45-9b4d-4a92-997e-c9c11081dea1} which is build by
including a random UUID in the path. When trying to start x11vnc, for
example, that file cannot be found. With 15.10, one could start x11vnc
with '/usr/bin/x11vnc -auth /var/run/sddm/:0 -display :0 -rfbauth
/etc/vncpasswd -rfbport 5943 -reopen -forever', this is no longer
possible.
Especially the second bug is uncool with Ubuntu server for remote root
servers.
** Affects: sddm (Ubuntu)
Importance: Undecided
Status: New
** Tags: sddm x11vnc xauth
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1566542
Title:
Two sddm bugs with 16.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sddm/+bug/1566542/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
