[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
This bug was fixed in the package postfix - 3.3.0-1ubuntu0.3 --- postfix (3.3.0-1ubuntu0.3) bionic; urgency=medium * d/p/fix_tls_deploy-server-cert.patch: handle missing opt arg (LP: #1881196) -- Lucas Kanashiro Fri, 10 Jul 2020 17:08:22 -0300 ** Changed in: postfix (Ubuntu Bionic) Status: Fix Committed => Fix Released ** Changed in: postfix (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
This bug was fixed in the package postfix - 3.1.0-3ubuntu0.4 --- postfix (3.1.0-3ubuntu0.4) xenial; urgency=medium * d/p/fix_tls_deploy-server-cert.patch: handle missing opt arg (LP: #1881196) -- Lucas Kanashiro Fri, 10 Jul 2020 18:14:41 -0300 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
Bionic verification: $ lxc launch ubuntu-daily:bionic postfix-cert $ lxc shell postfix-cert # apt-get update && apt-get upgrade -y # cat
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
Xenial verification: $ lxc launch ubuntu-daily:xenial postfix-cert-xenial $ lxc shell postfix-cert-xenial # apt-get update && apt-get upgrade -y # cat
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
sbuild dep8 tests are failing in xenial and bionic in all architectures even before the postfix update, so this is not a regression introduced by postfix. I retried all the tests in the hope of this been a flaky test but they failed again. The architectures not reported by the SRU bot are hinted as badtest, we might consider doing the same for the other architectures. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
Hello robert, or anyone else affected, Accepted postfix into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/postfix/3.3.0-1ubuntu0.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: postfix (Ubuntu Bionic) Status: In Progress => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed verification-needed-bionic ** Changed in: postfix (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Description changed: [Impact] "postfix tls deploy-server-cert" did not handle a missing optional argument which makes users get a "can't shift that many..." error. - In this SRU we are proposing a microrelease update in Focal from version - 3.4.10 to 3.4.13 since the changes are self contained. Moreover, there - is a Postfix SRU exception which allows microreleases if the bug is - fixed in the current development series: - - https://wiki.ubuntu.com/StableReleaseUpdates#Postfix - - And according to the described process there is no need to define a Test - Case and a Regression Potential sections. Upstream has been doing a good - work regarding those stable version bug fixes. - - Here is the upstream changelog change between 3.4.10 and 3.4.13: - - 20200416 - - Workaround for broken builds after an incompatible change - in GCC 10. Files: makedefs, Makefile.in. - - Workaround for broken DANE support after an incompatible - change in GLIBC 2.31. This avoids the need for new options - in /etc/resolv.conf. Files: dns/dns.h, dns/dns_lookup.c. - - 20200419 - - Bugfix: segfault in the tlsproxy client role when the server - role was disabled. This typically happens on systems that - do not receive mail, after configuring connection reuse for - outbound TLS. Found during program maintenance. File: - tlsproxy/tlsproxy.c. - - 20200420 - - Noise suppression: shut up a compiler that special-cases - string literals. Viktor Dukhovni. File milter/milter.c. - - 20200422 - - Security: disable DANE support on Alpine Linux because - libc-musl provides no indication whether DNS responses are - authentic. This broke DANE support without a clear explanation. - File: makedefs. - - 20200505 - - Noise suppression: shut up a compiler that special-cases - string literals. Viktor Dukhovni. File smtpd/smtpd_check.c. - - 20200509 - - Bugfix (introduced: Postfix 3.5): maillog_file_rotate_suffix - default value used the minute instead of the month. Reported - by Larry Stone. Files: conf/postfix-tls-script, - proto/MAILLOG_README.html, proto/postconf.proto. - global/mail_params.h, postfix/postfix.c. - - 20200510 - - Bitrot: avoid U_FILE_ACCESS_ERROR after chroot(), by - initializing the ICU library before making the chroot() - call. Files: util/midna_domain.[hc], global/mail_params.c. - - 20200511 - - Noise suppression: avoid "SSL_Shutdown:shutdown while in - init" warnings. File: tls/tls_session.c. - - 20200515 - - Bugfix (introduced: Postfix 2.2): a TLS error for a PostgreSQL - client caused a false 'lost connection' error for an SMTP - over TLS session in the same Postfix process. Reported by - Alexander Vasarab, diagnosed by Viktor Dukhovni. File: - tls/tls_bio_ops.c. - - Bugfix (introduced: Postfix 2.8): a TLS error for one TLS - session may cause a false 'lost connection' error for a - concurrent TLS session in the same tlsproxy process. File: - tlsproxy/tlsproxy.c. + In order to fix the issue the following upstream patch is going to be + backported to Bionic and Xenial: 20200530 - Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert" - did not handle a missing optional argument. File: - conf/postfix-tls-script. + Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert" + did not handle a missing optional argument. File: + conf/postfix-tls-script. - 20200610 + [Test Case] - Bugfix (introduced: Postfix 3.4): in the Postfix SMTP server, - the SNI callback reported an error when it was called a - second time. This happened after the server-side TLS engine - sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP - client. Reported by Ján Máté, fixed by Viktor Dukhovni. - File: tls/tls_misc.c. + Install postfix and try to deploy a server certificate: - This new microrelease fixes the dane issue and the build against GCC 10 - which makes us drop a patch applied in version 3.4.7-1 - (80_glibc2.30-ftbfs.diff). + $ lxc launch ubuntu-daily:bionic postfix-cert + $ lxc shell postfix-cert + # apt-get update && apt-get upgrade -y + # apt install postfix ssl-cert + # postfix tls deploy-server-cert /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key + /usr/lib/postfix/sbin/postfix-tls-script: 780: shift: can't shift that many + + If you try the commands above in a Xenial container you'll get the same + error. + + [Regression Potential] + + The proposed change is one line and self contained, so no regression is + expected. But if a regression is going to happen it will be in the + "postfix tls deploy-server-cert" command. [Original Description] lsb_release -rd Description:Ubuntu 18.04.4 LTS Release:18.04 postfix: Installed: 3.3.0-1ubuntu0.2 Candidate: 3.3.0-1ubuntu0.2 Version table: *** 3.3.0-1ubuntu0.2 500 500 http://us-west-2.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 100 /var/lib/dpkg/status 3.3.0-1 50
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Changed in: postfix (Ubuntu Xenial) Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro) ** Changed in: postfix (Ubuntu Bionic) Assignee: (unassigned) => Lucas Kanashiro (lucaskanashiro) ** Changed in: postfix (Ubuntu Xenial) Status: Triaged => In Progress ** Changed in: postfix (Ubuntu Bionic) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Merge proposal linked: https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/postfix/+git/postfix/+merge/387249 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Merge proposal linked: https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/postfix/+git/postfix/+merge/387247 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Changed in: postfix (Ubuntu Eoan) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
This bug was fixed in the package postfix - 3.4.13-0ubuntu1 --- postfix (3.4.13-0ubuntu1) focal; urgency=medium * New upstream release: 3.4.13 - Workaround for broken DANE support after an incompatible change in GLIBC 2.31 (LP: #1868955) - Fix "postfix tls deploy-server-cert", now it handles a missing optional argument (LP: #1881196) * Drop patch 80_glibc2.30-ftbfs.diff. This patch is not needed anymore and it does not cleanly apply to this new upstream release. -- Lucas Kanashiro Fri, 19 Jun 2020 14:11:03 -0300 ** Changed in: postfix (Ubuntu Focal) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
Fix verified for focal. $ lsb_release -rd Description:Ubuntu 20.04 LTS Release:20.04 Did a fresh, vanilla install of focal. installed postfix, ssl-cert - accepted all defaults # sudo apt install postfix ssl-cert Tested to ensure that fault existed # postfix tls deploy-server-cert /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key applied patch from http://launchpadlibrarian.net/485381331/postfix_3.4.10-1ubuntu1_3.4.13-0ubuntu1.diff.gz # patch -d/ --ignore-whitespace -p0 /usr/lib/postfix/sbin/postfix-tls-script <<'EOF' diff -Nru postfix-3.4.10/conf/postfix-tls-script postfix-3.4.13/conf/postfix-tls-script --- postfix-3.4.10/conf/postfix-tls-script 2017-02-19 01:58:20.0 + +++ postfix-3.4.13/conf/postfix-tls-script 2020-05-30 14:37:04.0 + @@ -777,7 +777,7 @@ deploy_server_cert() { certfile=$1; shift keyfile=$1; shift -deploy=$1; shift +case $# in 0) deploy=;; *) deploy=$1; shift;; esac # Sets key_algo, key_param and cert_param check_key "$keyfile" || return 1 EOF Verified fix. - focal. -- Did a fresh, vanilla install of focal. installed ssl-cert $ sudo apt install ssl-cert Installed postfix/focal-proposed from postfix_3.4.13-0ubuntu1_amd64.deb $ sudo dpkg -i postfix_3.4.13-0ubuntu1_amd64.deb Tested script $ postfix tls deploy-server-cert /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key Verified fix - focal -- Did a fresh , vanilla install of bionic installed postfix, ssl-cert - accepted all defaults # sudo apt install postfix ssl-cert Tested to ensure that fault existed # postfix tls deploy-server-cert /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key applied patch from http://launchpadlibrarian.net/485381331/postfix_3.4.10-1ubuntu1_3.4.13-0ubuntu1.diff.gz # patch -d/ --ignore-whitespace -p0 /usr/lib/postfix/sbin/postfix-tls-script <<'EOF' diff -Nru postfix-3.4.10/conf/postfix-tls-script postfix-3.4.13/conf/postfix-tls-script --- postfix-3.4.10/conf/postfix-tls-script 2017-02-19 01:58:20.0 + +++ postfix-3.4.13/conf/postfix-tls-script 2020-05-30 14:37:04.0 + @@ -777,7 +777,7 @@ deploy_server_cert() { certfile=$1; shift keyfile=$1; shift -deploy=$1; shift +case $# in 0) deploy=;; *) deploy=$1; shift;; esac # Sets key_algo, key_param and cert_param check_key "$keyfile" || return 1 EOF Verified fix - Bionic ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
Hello robert, or anyone else affected, Accepted postfix into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/postfix/3.4.13-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: postfix (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1881196] Re: [SRU] postfix tls deploy-server-cert fails with "can't shift that many"
** Summary changed: - postfix tls deploy-server-cert fails with "can't shift that many" + [SRU] postfix tls deploy-server-cert fails with "can't shift that many" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881196 Title: [SRU] postfix tls deploy-server-cert fails with "can't shift that many" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1881196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs