[Bug 1849346] Re: [snap] kerberos GSSAPI no longer works after deb->snap transition

2021-11-09 Thread frigo 
if the goal is to have a single snap making use of the kerberos ticket,
as a workaround you can put something like this in /etc/krb5.conf


[libdefaults]
default_ccache_name = 
DIR:/home/%{username}/snap/firefox/common/.cache/.k5_ccache


the default connections for the firefox snap prevent it to read hidden files 
under $HOME, so we help it a little. Seems to work so far

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1849346

Title:
  [snap] kerberos GSSAPI no longer works after deb->snap transition

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1849346/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1913570] Re: Firefox not opening file chooser dialog for importing certificates

2021-11-09 Thread frigo 
I hit this bug too with firefox 94.0.1-1 / Ubuntu 20.04.3 LTS (Focal
Fossa)

when trying to import my certificate from /etc/ssl/certs/toto.crt, that
has previously been installed with update-ca-certificates, "nothing
happens" as you describe

when opening the Browser Console, and repeating the action, I get an
error:

message: "Component returned failure code: 0x80520012
(NS_ERROR_FILE_NOT_FOUND) [nsIX509CertDB.importCertsFromFile]"

we can see what happens by looking in the snap:
snap run --shell firefox
cat /etc/ssl/certs/toto.crt
: No such file or directory

this is a symlink that points to a folder under /usr/local/share/ca-
certificates which is not accessible by the snap.

Fix it: copy the file under $HOME where it can be imported... hth

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1913570

Title:
  Firefox not opening file chooser dialog for importing certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1913570/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1950000] [NEW] landscape-client leaking the private URL of the server

2021-11-05 Thread frigo 
Public bug reported:

landscape-client 19.12-0ubuntu4.2

my client.conf contains

[client]
url = https://my.super.secret.company.com/message-system

that allows to reach a private landscape-server whenever I am on the
company's network.

When I am not connected on my company's network, I expect no traffic to be 
attempted to the private landscape-server. In practice though, the client will 
keep trying to connect and send DNS queries to resolve 
my.super.secret.company.com (they all fail).
This is unencrypted traffic to a public DNS server, so my laptop is leaking the 
private URL of the landscape server. I would like to prevent this traffic, 
basically:

"my.super.secret.company.com" name should never be sent to a DNS server
not owned by my company.

(of course I would love a generic solution as landscape-client is not
the only one doing this :) but it is the worst offender on my laptop)

** Affects: landscape-client (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/195

Title:
  landscape-client leaking the private URL of the server

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/195/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1949723] [NEW] systemd-resolved segfault in hashmap_iterate_entry

2021-11-04 Thread frigo 
Public bug reported:

installed libnss-resolve that put "resolve" in nsswitch.conf.

$ lsb_release -rd
Description:Ubuntu 20.04.3 LTS
Release:20.04
$ dpkg -l systemd | grep systemd
ii  systemd245.4-4ubuntu3.13 amd64system and service manager
$ grep ^hosts /etc/nsswitch.conf 
hosts:  files libvirt mdns4_minimal resolve [NOTFOUND=return] dns 
mymachines

systemd-resolved crashed once with segmentation fault.


(gdb) bt
#0  0x7f119c67693a in hashmap_iterate_entry (h=h@entry=0x706f746b73656465, 
i=i@entry=0x7ffc4ef515d0) at ../src/basic/hashmap.c:705
#1  0x7f119c6789d6 in internal_hashmap_iterate (h=0x706f746b73656465, 
i=i@entry=0x7ffc4ef515d0, value=value@entry=0x7ffc4ef515c8, key=key@entry=0x0)
at ../src/basic/hashmap.c:714
#2  0x7f119c678a8b in set_iterate (s=, 
i=i@entry=0x7ffc4ef515d0, value=value@entry=0x7ffc4ef515c8) at 
../src/basic/hashmap.c:735
#3  0x55ba5e0ea917 in dns_query_candidate_go (c=c@entry=0x55ba5f353180) at 
../src/resolve/resolved-dns-query.c:152
#4  0x55ba5e0e9f0c in dns_query_candidate_notify (c=c@entry=0x55ba5f353180) 
at ../src/resolve/resolved-dns-query.c:312
#5  0x55ba5e0ea178 in dns_transaction_complete (t=0x55ba5f37a9d0, 
state=) at ../src/resolve/resolved-dns-transaction.c:351
#6  0x55ba5e0e27cd in dns_transaction_process_dnssec 
(t=t@entry=0x55ba5f37a9d0) at ../src/resolve/resolved-dns-transaction.c:838
#7  0x55ba5e0e3649 in dns_transaction_process_reply 
(t=t@entry=0x55ba5f37a9d0, p=p@entry=0x55ba5f39dce0)
at ../src/resolve/resolved-dns-transaction.c:1210
#8  0x55ba5e0e40ab in on_dns_packet (s=, fd=, 
revents=, userdata=0x55ba5f37a9d0)
at ../src/resolve/resolved-dns-transaction.c:1264
#9  0x7f119c5e6c77 in source_dispatch (s=s@entry=0x55ba5f346780) at 
../src/libsystemd/sd-event/sd-event.c:3193
#10 0x7f119c5e6f11 in sd_event_dispatch (e=e@entry=0x55ba5f320430) at 
../src/libsystemd/sd-event/sd-event.c:3634
#11 0x7f119c5e8948 in sd_event_run (e=e@entry=0x55ba5f320430, 
timeout=timeout@entry=18446744073709551615) at 
../src/libsystemd/sd-event/sd-event.c:3692
#12 0x7f119c5e8b6f in sd_event_loop (e=0x55ba5f320430) at 
../src/libsystemd/sd-event/sd-event.c:3714
#13 0x55ba5e0c326a in run (argv=, argc=) at 
../src/resolve/resolved.c:84
#14 main (argc=, argv=) at 
../src/resolve/resolved.c:91

This seems to have been reported upstream
https://github.com/systemd/systemd/issues/16168

** Affects: systemd (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1949723

Title:
  systemd-resolved segfault in hashmap_iterate_entry

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1949723/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1674273] Re: Resolver ignores ndots option

2021-11-03 Thread frigo 
This still occurs in Focal. 
nslookup "respects the dots" as it calls the systemd resolver, and as per man 
resolved.conf(5)

Domains=
   A space-separated list of domains. These domains are used as search 
suffixes when resolving single-label host names (domain names which contain no 
dot)


to get this behavior on ping you need ping to switch to the systemd resolver 
("resolve" in nsswitch) which is achieved with apt install libnss-resolve

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1674273

Title:
  Resolver ignores ndots option

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1674273/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs