[Touch-packages] [Bug 1832822] [NEW] functionality stopped working (extra new_oids policy)
Public bug reported: Unable to generate certificate request targeting new_oids policy. It used to work on this machine, looks like openssl got updated just few days ago: 12-06-2019 The command and exit result: gge@itstools-04:~/ssl_ownca/direct_1$ openssl req -new -key direct_1.key -out direct_1.csr -subj '/2.5.4.97=direct_1/O=Sample Direct 1/C=NL/ST=NorthHolland/L=Amsterdam/CN=direct_1.sample.net'problem creating object psd2=2.5.4.97 140648544747968:error:08064066:object identifier routines:OBJ_create:oid exists:../crypto/objects/obj_dat.c:709: gge@itstools-04:~/ssl_ownca/direct_1$ echo $? 1 No CSR file is produced (openssl1.1.1-1ubuntu2.1~18.04.1) re-playing this on different machines provides correct results: fresh unupdated ubuntu-18.04.1-live-server-amd64.iso install: openssl 1.1.0g-2ubuntu4.1 old unupdated CentOS release 6.10 (Final): openssl-1.0.1e-57.el6.x86_64 ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Fri Jun 14 10:00:10 2019 ProcEnviron: LANG=en_US.UTF-8 SHELL=/bin/bash TERM=xterm PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.ssl.openssl.cnf: 2019-06-14T09:29:39.313665 ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic uec-images -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832822 Title: functionality stopped working (extra new_oids policy) Status in openssl package in Ubuntu: New Bug description: Unable to generate certificate request targeting new_oids policy. It used to work on this machine, looks like openssl got updated just few days ago: 12-06-2019 The command and exit result: gge@itstools-04:~/ssl_ownca/direct_1$ openssl req -new -key direct_1.key -out direct_1.csr -subj '/2.5.4.97=direct_1/O=Sample Direct 1/C=NL/ST=NorthHolland/L=Amsterdam/CN=direct_1.sample.net'problem creating object psd2=2.5.4.97 140648544747968:error:08064066:object identifier routines:OBJ_create:oid exists:../crypto/objects/obj_dat.c:709: gge@itstools-04:~/ssl_ownca/direct_1$ echo $? 1 No CSR file is produced (openssl1.1.1-1ubuntu2.1~18.04.1) re-playing this on different machines provides correct results: fresh unupdated ubuntu-18.04.1-live-server-amd64.iso install: openssl 1.1.0g-2ubuntu4.1 old unupdated CentOS release 6.10 (Final): openssl-1.0.1e-57.el6.x86_64 ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Fri Jun 14 10:00:10 2019 ProcEnviron: LANG=en_US.UTF-8 SHELL=/bin/bash TERM=xterm PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.ssl.openssl.cnf: 2019-06-14T09:29:39.313665 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832822/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
** Patch added: "cap-to-tls1.2.patch" https://bugs.launchpad.net/ubuntu/bionic/+source/openssl/+bug/1832370/+attachment/5270755/+files/cap-to-tls1.2.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
I have started bionic lxd container with nginx and snakeoil certificates. # patch /etc/ssl/openssl.cnf cap-to-tls1.2.patch patching file /etc/ssl/openssl.cnf Hunk #1 succeeded at 16 (offset 1 line). Hunk #2 succeeded at 353 (offset 2 lines). # systemctl restart nginx And connect from the host system which has stock openssl.cnf $ openssl s_client [fd42:3fcc:8a27:4e69:216:3eff:fe4c:5b9e]:443 | grep -e Protocol -e Cipher Can't use SSL_get_servername depth=0 CN = nearby-osprey.lxd verify error:num=18:self signed certificate verify return:1 depth=0 CN = nearby-osprey.lxd verify return:1 New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 ^C Back in the container # patch -R /etc/ssl/openssl.cnf cap-to-tls1.2.patch patching file /etc/ssl/openssl.cnf Hunk #1 succeeded at 16 (offset 1 line). Hunk #2 succeeded at 350 (offset 2 lines). # patch /etc/ssl/openssl.cnf reorder-tls1.3-ciphersuites.patch patching file /etc/ssl/openssl.cnf Hunk #1 succeeded at 16 (offset 1 line). Hunk #2 succeeded at 353 (offset 2 lines). # systemctl restart nginx Connecting to the container again externally: $ openssl s_client [fd42:3fcc:8a27:4e69:216:3eff:fe4c:5b9e]:443 | grep -e Protocol -e Cipher Can't use SSL_get_servername depth=0 CN = nearby-osprey.lxd verify error:num=18:self signed certificate verify return:1 depth=0 CN = nearby-osprey.lxd verify return:1 New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256 ^C # patch -R /etc/ssl/openssl.cnf reorder-tls1.3-ciphersuites.patch patching file /etc/ssl/openssl.cnf Hunk #1 succeeded at 16 (offset 1 line). Hunk #2 succeeded at 350 (offset 2 lines). # systemctl restart nginx So using the above patches to openssl.cnf I was able to reorder chipersuites of stock bionic nginx, and cap to TLSv1.2. So with attached ** Changed in: openssl (Ubuntu Bionic) Status: New => Incomplete ** Changed in: openssl (Ubuntu Disco) Status: New => Incomplete ** Changed in: openssl (Ubuntu Cosmic) Status: New => Incomplete ** Changed in: openssl (Ubuntu Eoan) Assignee: Dimitri John Ledkov (xnox) => (unassigned) ** Changed in: openssl (Ubuntu Eoan) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GN
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
** Patch added: "reorder-tls1.3-ciphersuites.patch" https://bugs.launchpad.net/ubuntu/bionic/+source/openssl/+bug/1832370/+attachment/5270754/+files/reorder-tls1.3-ciphersuites.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1829566] Re: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns
I have some extra information that might lead you into the right direction. I used the following extra line in my openvpn connection config file (/etc/NetworkManager/system-connections/vpn_connection_name): [ipv4] dns-priority=-1 After the update DNS received from OpenVPN connection was not respected anymore. Today I replaced that line with the following: [ipv4] dns-search=~ with following versions: network-manager: 1.10.14-0ubuntu2 systemd: 237-3ubuntu10.22 Now my DNS is correctly updated after connecting to OpenVPN. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1829566 Title: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns Status in network-manager package in Ubuntu: Triaged Status in network-manager source package in Bionic: Triaged Bug description: On 18.04.2 the `upgrade network-manager:amd64 1.10.6-2ubuntu1.1 1.10.14-0ubuntu2` lead to scoped DNS servers defined in `/etc/systemd/resolved.conf.d/*.conf` being ignored. Downgrading with `sudo apt-get install network- manager=1.10.6-2ubuntu1.1` has resolved the issue for now. Example systemd-resolved conf: [Resolve] Cache=no DNS=127.0.0.54 Domains=~.local.org.com Where 127.0.0.54:53 is bound to a dnsmasq server capable of resolving queries in that subdomain. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1829566/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1829566] Re: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns
Some clarification: 1. dns-priority=-1 used to work (openvpn had highest DNS priority over other connections) before the regression happend. 2. I rebooted my system after changing config to dns-search=~ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1829566 Title: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns Status in network-manager package in Ubuntu: Triaged Status in network-manager source package in Bionic: Triaged Bug description: On 18.04.2 the `upgrade network-manager:amd64 1.10.6-2ubuntu1.1 1.10.14-0ubuntu2` lead to scoped DNS servers defined in `/etc/systemd/resolved.conf.d/*.conf` being ignored. Downgrading with `sudo apt-get install network- manager=1.10.6-2ubuntu1.1` has resolved the issue for now. Example systemd-resolved conf: [Resolve] Cache=no DNS=127.0.0.54 Domains=~.local.org.com Where 127.0.0.54:53 is bound to a dnsmasq server capable of resolving queries in that subdomain. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1829566/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832834] [NEW] Irregular system freezes after updating to 1.1.1b-1ubuntu2.2
Public bug reported: Yesterday, I've updated openssl on my Raspberry Pi 3B+ running disco arm64 from 1.1.1b-1ubuntu2.1 to 1.1.1b-1ubuntu2.2 . That was at 10:41 CEST. About 12:36 the system froze. I was able to reset the system at around 17:17. It froze again at around 17:55. Reset it again 19:09, froze again 00:15. Freeze = solid green "busy" light and doesn't answer to anything. Since it's a headless system, I only have the logfiles but they don't show anything obvious. At 01:06, I've downgraded back to 1.1.1b-1ubuntu2.1 and didn't have ANY freeze at all since then (13:13 now here). The system is running ejabberd, SyncThing and a few more programs, that make heavy use of OpenSSL. ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Description changed: Yesterday, I've updated openssl on my Raspberry Pi 3B+ running disco arm64 from 1.1.1b-1ubuntu2.1 to 1.1.1b-1ubuntu2.2 . That was at 10:41 CEST. About 12:36 the system froze. I was able to reset the system at around 17:17. It froze again at around 17:55. Reset it again 19:09, froze again 00:15. Freeze = solid green "busy" light and doesn't answer to anything. Since it's a headless system, I only have the logfiles but they don't show anything obvious. At 01:06, I've downgraded back to 1.1.1b-1ubuntu2.1 and didn't have ANY - freeze at all since then. + freeze at all since then (13:13 now here). The system is running ejabberd, SyncThing and a few more programs, that make heavy use of OpenSSL. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832834 Title: Irregular system freezes after updating to 1.1.1b-1ubuntu2.2 Status in openssl package in Ubuntu: New Bug description: Yesterday, I've updated openssl on my Raspberry Pi 3B+ running disco arm64 from 1.1.1b-1ubuntu2.1 to 1.1.1b-1ubuntu2.2 . That was at 10:41 CEST. About 12:36 the system froze. I was able to reset the system at around 17:17. It froze again at around 17:55. Reset it again 19:09, froze again 00:15. Freeze = solid green "busy" light and doesn't answer to anything. Since it's a headless system, I only have the logfiles but they don't show anything obvious. At 01:06, I've downgraded back to 1.1.1b-1ubuntu2.1 and didn't have ANY freeze at all since then (13:13 now here). The system is running ejabberd, SyncThing and a few more programs, that make heavy use of OpenSSL. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832834/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server
** Description changed: + [Impact] + + * On desktop, upgrading libssl1.1 does not show reboot required + notification + + [Test Case] + + * Boot ubuntu desktop + * Upgrade libssl1.1 + * Observe reboot notification pop-up from update-notifier + + [Regression Potential] + + * Tweaking postinst only to correct for the Xorg path. Current code is + innert, but is well excercised in prior releases. + + [Other Info] + + * Original bug report: + Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: - # Only issue the reboot notification for servers; we proxy this by - # testing that the X server is not running (LP: #244250) - if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then - /usr/share/update-notifier/notify-reboot-required - fi - + # Only issue the reboot notification for servers; we proxy this by + # testing that the X server is not running (LP: #244250) + if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then + /usr/share/update-notifier/notify-reboot-required + fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: - TERM=rxvt-unicode-256color - PATH=(custom, no user) - XDG_RUNTIME_DIR= - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=rxvt-unicode-256color + PATH=(custom, no user) + XDG_RUNTIME_DIR= + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832421 Title: openssl reboot needed message using incorrect path to X server Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: New Status in openssl source package in Disco: New Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] * Boot ubuntu desktop * Upgrade libssl1.1 * Observe reboot notification pop-up from update-notifier [Regression Potential] * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launch
[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server
** Description changed: [Impact] - * On desktop, upgrading libssl1.1 does not show reboot required + * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] - * Boot ubuntu desktop - * Upgrade libssl1.1 - * Observe reboot notification pop-up from update-notifier + * Boot ubuntu desktop + * Upgrade libssl1.1 + * Observe reboot notification pop-up from update-notifier is _not_ shown [Regression Potential] - * Tweaking postinst only to correct for the Xorg path. Current code is + * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] - - * Original bug report: + + * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832421 Title: openssl reboot needed message using incorrect path to X server Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: New Status in openssl source package in Disco: New Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] * Boot ubuntu desktop * Upgrade libssl1.1 * Observe reboot notification pop-up from update-notifier is _not_ shown [Regression Potential] * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
** Tags added: id-5d0269c526b1af4a5c615490 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832802] Re: disco: curl error while loading shared libraries: libssl.so.1.0.0
*** This bug is a duplicate of bug 1832801 *** https://bugs.launchpad.net/bugs/1832801 ** This bug has been marked a duplicate of bug 1832801 disco: curl error while loading shared libraries: libssl.so.1.0.0 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/1832802 Title: disco: curl error while loading shared libraries: libssl.so.1.0.0 Status in curl package in Ubuntu: New Bug description: Linux 5.0.0-16-generic #17-Ubuntu SMP Wed May 15 10:52:21 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux DISTRIB_RELEASE=19.04 DISTRIB_DESCRIPTION="Ubuntu 19.04" curl: Installed: 7.64.0-2ubuntu1.1 Candidate: 7.64.0-2ubuntu1.1 Version table: *** 7.64.0-2ubuntu1.1 1001 1001 http://security.ubuntu.com/ubuntu disco-security/main amd64 Packages 1001 http://mirror.aarnet.edu.au/pub/ubuntu/archive disco-updates/main amd64 Packages 100 /var/lib/dpkg/status 7.64.0-2ubuntu1 1001 1001 http://mirror.aarnet.edu.au/pub/ubuntu/archive disco/main amd64 Packages When I run curl, I get the following error: curl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory On other disco machines I'm not experiencing this issue. I apt purged openssl/libssl/curl and re-installed, but the error persists. I'm sure my system has some issue, but I'm unable to figure it out, and this felt like a bug as curl was working before upgrade to disco. I tried proposed packages to see if openssl 1.1.1b-1ubuntu2.2 instead of 1.1.1b-1ubuntu2 would make any difference, but the error persists. me@mbp:/usr/lib/x86_64-linux-gnu$ curl curl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory me@mbp:/usr/lib/x86_64-linux-gnu$ which curl /usr/bin/curl me@mbp:/usr/lib/x86_64-linux-gnu$ sudo dpkg -l | grep curl ii curl 7.64.0-2ubuntu1.1 amd64command line tool for transferring data with URL syntax ii libcurl3-gnutls:amd64 7.64.0-2ubuntu1.1 amd64easy-to-use client-side URL transfer library (GnuTLS flavour) ii libcurl4:amd64 7.64.0-2ubuntu1.1 amd64easy-to-use client-side URL transfer library (OpenSSL flavour) ii python3-pycurl 7.43.0.2-0.1 amd64Python bindings to libcurl (Python 3) me@mbp:/usr/lib/x86_64-linux-gnu$ sudo dpkg -l | grep ssl ii android-libboringssl8.1.0+r23-2 amd64Google's internal fork of OpenSSL for the Android SDK rc docbook-dsssl 1.79-9.1 all modular DocBook DSSSL stylesheets, for print and HTML ii libflac++6v5:amd64 1.3.2-3 amd64Free Lossless Audio Codec - C++ runtime library ii libflac8:amd64 1.3.2-3 amd64Free Lossless Audio Codec - runtime C library ii libflac8:i386 1.3.2-3 i386 Free Lossless Audio Codec - runtime C library ii libio-socket-ssl-perl 2.060-3 all Perl module implementing object oriented interface to SSL sockets ii libnet-smtp-ssl-perl1.04-1 all Perl module providing SSL support to Net::SMTP ii libnet-ssleay-perl 1.85-2ubuntu3 amd64Perl module for Secure Sockets Layer (SSL) ii libssl-dev:amd64 1.1.1b-1ubuntu2.2 amd64Secure Sockets Layer toolkit - development files ii libssl1.1:amd64 1.1.1b-1ubuntu2.2 amd64Secure Sockets Layer toolkit - shared libraries ii libssl1.1:i386 1.1.1b-1ubuntu2.2 i386 Secure Sockets Layer toolkit - shared libraries ii libwavpack1:amd64 5.1.0-5ubuntu0.1amd64audio codec (lossy and lossless) - library ii libwavpack1:i386 5.1.0-5ubuntu0.1
[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
** Attachment added: "test_multiple_libssl_libcrypto_init.py" https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832659 Title: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350 Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: New Status in openssl source package in Disco: Fix Released Status in openssl source package in Eoan: Fix Released Bug description: [Impact] * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] * wget https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
** Description changed: + [Impact] + + * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. + * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. + + [Test Case] + + * wget + https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py + + * python3 ./test_multiple_libssl_libcrypto_init.py + + test_multiple_init (__main__.TestMultipleInit) ... ok + + -- + Ran 1 test in 0.014s + + OK + + [Regression Potential] + + * This is a cherrypick from upstream, and is backwards compatible with + existing code. Simply init succeeds under more conditions now, than it + did previously in 1.1.1. Also with this fix, OpenSSL is back to how + things used to work with 1.1.0 and prior releases. + + [Original Bug report] + After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: - TERM=xterm-256color - PATH=(custom, no user) - LANG=en_US.UTF-8 - SHELL=/bin/bash + TERM=xterm-256color + PATH=(custom, no user) + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832659 Title: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350 Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: New Status in openssl source package in Disco: Fix Released Status in openssl source package in Eoan: Fix Released Bug description: [Impact] * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] * wget https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1827396] Re: package rsyslog 8.16.0-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Secure boot
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: rsyslog (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/1827396 Title: package rsyslog 8.16.0-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Secure boot Status in rsyslog package in Ubuntu: Confirmed Bug description: The Log said something about this system not supporting Secure Boot. The hardware is a iMac model A1224. ProblemType: Package DistroRelease: Ubuntu 16.04 Package: rsyslog 8.16.0-1ubuntu3.1 ProcVersionSignature: Ubuntu 4.4.0-145.171-generic 4.4.176 Uname: Linux 4.4.0-145-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 Date: Thu May 2 11:52:55 2019 ErrorMessage: subprocess installed post-installation script returned error exit status 1 InstallationDate: Installed on 2016-11-05 (907 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) RelatedPackageVersions: dpkg 1.18.4ubuntu1.5 apt 1.2.31 SourcePackage: rsyslog Title: package rsyslog 8.16.0-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1827396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1829718] Re: Network printers (cups-browsed) disappear after each CUPS update on client side
Just a few more information about this issue. This is the cups-browsed's state just after a cups update... is dead... root@foo-ubuntu:/home/foo# service cups-browsed status ● cups-browsed.service - Make remote CUPS printers available locally Loaded: loaded (/lib/systemd/system/cups-browsed.service; enabled; vendor preset: enabled) Active: inactive (dead) since ven 2019-06-14 14:51:38 CEST; 2min 27s ago Main PID: 927 (code=exited, status=0/SUCCESS) jun 14 14:35:02 foo-ubuntu systemd[1]: Started Make remote CUPS printers available locally. jun 14 14:51:38 foo-ubuntu systemd[1]: Stopping Make remote CUPS printers available locally... jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped Make remote CUPS printers available locally. And here the syslog just when update is applied... Jun 14 14:51:32 foo-ubuntu systemd[1]: Stopped Daily apt upgrade and clean activities. Jun 14 14:51:32 foo-ubuntu systemd[1]: Stopped Daily apt download activities. Jun 14 14:51:32 foo-ubuntu systemd[1]: Reloading. Jun 14 14:51:32 foo-ubuntu systemd[1]: Started CUPS Scheduler. Jun 14 14:51:32 foo-ubuntu systemd[1]: Started ACPI event daemon. Jun 14 14:51:34 foo-ubuntu systemd[1]: Reloading. Jun 14 14:51:34 foo-ubuntu systemd[1]: Started CUPS Scheduler. Jun 14 14:51:34 foo-ubuntu systemd[1]: Started ACPI event daemon. Jun 14 14:51:34 foo-ubuntu systemd[1]: Started Daily apt upgrade and clean activities. Jun 14 14:51:34 foo-ubuntu systemd[1]: Started Daily apt download activities. Jun 14 14:51:37 foo-ubuntu gnome-session[1647]: debconf: DbDriver "passwords" warning: could not open /var/cache/debconf/passwords.dat: Permission denied Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped CUPS Scheduler. Jun 14 14:51:38 foo-ubuntu systemd[1]: Reloading. Jun 14 14:51:38 foo-ubuntu systemd[1]: Started ACPI event daemon. Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopping Make remote CUPS printers available locally... Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped Make remote CUPS printers available locally. Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopping CUPS Scheduler... Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped CUPS Scheduler. Jun 14 14:51:38 foo-ubuntu systemd[1]: Reloading. Jun 14 14:51:38 foo-ubuntu systemd[1]: Started ACPI event daemon. Jun 14 14:51:38 foo-ubuntu systemd[1]: Reloading. Jun 14 14:51:39 foo-ubuntu systemd[1]: Started ACPI event daemon. Jun 14 14:51:41 foo-ubuntu systemd[1]: Reloading. Jun 14 14:51:42 foo-ubuntu systemd[1]: Started ACPI event daemon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1829718 Title: Network printers (cups-browsed) disappear after each CUPS update on client side Status in cups package in Ubuntu: New Bug description: Hi, We have a cups server (ubuntu) that centralize all our network printers. Each desktop users on Ubuntu (16.04, 18.04) are looking in that print server to retrieve those printers. It works fine but... # /etc/cups/cups-browsed.conf in a desktop user ... BrowseRemoteProtocols cups dnssd BrowsePoll 192.168.10.80:631 # CUPS server ... Each time that an CUPS update is applied on the client side all printers disappear from the listing and users are unable to print. So i have to connect to xxx computers in our company to restart the cups- browsed service... This problem exist from some years.. but still not resolved and i didn't found a way to fix it. Workaround: - sudo service cups-browsed restart OR reboot the computer Thanks! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1829718/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
** Attachment removed: "test_multiple_libssl_libcrypto_init.py" https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py ** Attachment added: "test_multiple_libssl_libcrypto_init.py" https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py ** Description changed: [Impact] - * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. - * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. + * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. + * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] - * wget - https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py + * wget + https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py - * python3 ./test_multiple_libssl_libcrypto_init.py + * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] - * This is a cherrypick from upstream, and is backwards compatible with + * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832659 Title: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350 Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: New Status in openssl source package in Disco: Fix Released Status in openssl source package in Eoan: Fix Released Bug description: [Impact] * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] * wget https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname:
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
@xnox, thanks it was indeed an error on my part. The key was to have openssl_conf in the default/unnamed section and then not introduce bogus values: Ciphers is not recognized and causes the config section to be ignored. I believe this bug could be marked as Invalid for all the releases but I'll let you do that as I only tested on Bionic and I don't want to overrule the statuses you set. Thanks again! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1382054] Re: Add support for configuring VLAN interfaces in the initrd
** Changed in: initramfs-tools (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1382054 Title: Add support for configuring VLAN interfaces in the initrd Status in initramfs-tools package in Ubuntu: Fix Committed Bug description: It would be helpful to be able to create VLAN network interfaces in initrd images provided by Ubuntu, based on kernel command line parameters. (i.e. VLAN=eth0.100, ) Some use cases for this feature addition are MAAS users trying to boot machines using a specific VLAN interface. On a specific case we have 2 physical network interfaces, one is plugged into a specific VLAN interface, Since we can specify the network interface on BIOS, the initial PXE boot occurs, but then the installation fails when using the fast-path installer because the specific VLAN is not configured on the ram disk. While we can use the other network interface because is a trunk interface that allows us to use several VLANs, this is not supported on all the network architectures and some security limitations doesn't allows this method. Reference Redhat implementation can be found here: - http://marc.info/?l=initramfs&m=133767307516594 Reference Suse implementation can be found here: - https://gitorious.org/opensuse/agrafs- mkinitrd/commit/6124f87f3132b6369c0335c319832619a49d0bf7 The command line syntax for this could be something like, similar to Redhat implementation vlan=: For an example: vlan=eth0.2:eth0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1382054/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832865] Re: gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user
Not a gnome-shell issue, but an accountsservice one. ** Summary changed: - /usr/bin/gnome-shell:11:g_str_hash:g_hash_table_hash_to_index:g_hash_table_lookup_node:g_hash_table_lookup:update_user + gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user ** Changed in: gnome-shell (Ubuntu) Status: New => Won't Fix ** Also affects: accountsservice (Ubuntu) Importance: Undecided Status: New ** Changed in: accountsservice (Ubuntu) Status: New => In Progress ** Changed in: accountsservice (Ubuntu) Status: In Progress => Triaged ** Bug watch added: gitlab.freedesktop.org/accountsservice/accountsservice/issues #55 https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55 ** Also affects: accountsservice via https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to accountsservice in Ubuntu. https://bugs.launchpad.net/bugs/1832865 Title: gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user Status in accountsservice: Unknown Status in accountsservice package in Ubuntu: Triaged Status in gnome-shell package in Ubuntu: Won't Fix Bug description: The Ubuntu Error Tracker has been receiving reports about a problem regarding gnome-shell. This problem was most recently seen with package version 3.32.1-1ubuntu1~19.04.1, the problem page at https://errors.ubuntu.com/problem/1a63c83d1c90f48036a2f839bf608738eefde4c8 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports. If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/. To manage notifications about this bug go to: https://bugs.launchpad.net/accountsservice/+bug/1832865/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1798369] Re: Reinstall Ubuntu (with preserving existing data) shows error message due to "Could not get lock /target/var/cache/apt/archives/lock"
** Tags removed: rls-ee-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1798369 Title: Reinstall Ubuntu (with preserving existing data) shows error message due to "Could not get lock /target/var/cache/apt/archives/lock" Status in APT: New Status in ubiquity: New Status in apt package in Ubuntu: Invalid Status in ubiquity package in Ubuntu: Confirmed Status in apt source package in Eoan: Invalid Status in ubiquity source package in Eoan: Confirmed Bug description: When trying to reinstall an existing Ubuntu cosmic installation using latest 18.10 desktop images, the install shows an error dialog around the end of the installation with an "Error restoring installed applications". Looking at the syslog such a traceback can be seen: apt_pkg.Error: E:Could not get lock /target/var/cache/apt/archives/lock - open (11: Resource temporarily unavailable), E:Unable to lock directory /target/var/cache/apt/archives/ After reproducing this on a live session, after chrooting into /target indeed any apt-get install operations result in the same lock-file error. The whole syslog of the reinstall attached to the bug. Test case: * Download latest cosmic image * Install cosmic on the whole disk (can be on a VM) * (optional) Boot into the system and leave a file in the home directory (to leave a trace, just in case) * Reboot and install cosmic using the first option in ubiquity: Reinstall Ubuntu * Finish configuration The install itself doesn't fail, but around the end of the installation process the error dialog appears. System is still bootable but left with old packages. To manage notifications about this bug go to: https://bugs.launchpad.net/apt/+bug/1798369/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services
This is a proposed patch of "disco-proposed" of the sshd.c file. I have uploaded the original and the diff version. ** Attachment added: "The proposed changed sshd.c file in its entirety." https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+attachment/5270820/+files/sshd.c -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services Status in openssh package in Ubuntu: Won't Fix Bug description: Ubuntu: 18.04.2 LTS OpenSSH: 7.6p1 I am having a problem starting multiple sshd processes. The default location of the sshd privilege separation directory is hard-coded to /run/sshd (see man page). If I want to have 2 sshd services using systemd, I need to write 2 service files, let's call them sshd_wan.service ans sshd_lan.service. Both of these services need to have their own "RuntimeDirectory=sshd_wan" and "RuntimeDirectory=sshd_lan". If you do not have separate RuntimeDirectory definitions for the 2 services, then when one service is killed/faults/restarts/stops/etc. the systemd (or init) process deletes the RuntimeDirectory and causes the other service to crash since a RuntimeDirectory does not exist. The problem is the hard-coding of the sshd Privilege Separation Directory. We need to modify the OpenBSD/OpenSSH sshd code to provision command line assignment of the privilege separation directory. I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and they say it is a Ubuntu problem. I reported this in Ubuntu bug #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT) rejected it because I described the problem using the init.d example. I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is getting Ubuntu and OpenSSH to admit there is a problem and it needs to be fixed. The problem is still there regardless if you are using Upstart (i.e. init.d) or systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
** Tags removed: rls-ee-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services
This is the git diff of sshd.c ** Patch added: "sshd.c.diff" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+attachment/5270821/+files/sshd.c.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services Status in openssh package in Ubuntu: Won't Fix Bug description: Ubuntu: 18.04.2 LTS OpenSSH: 7.6p1 I am having a problem starting multiple sshd processes. The default location of the sshd privilege separation directory is hard-coded to /run/sshd (see man page). If I want to have 2 sshd services using systemd, I need to write 2 service files, let's call them sshd_wan.service ans sshd_lan.service. Both of these services need to have their own "RuntimeDirectory=sshd_wan" and "RuntimeDirectory=sshd_lan". If you do not have separate RuntimeDirectory definitions for the 2 services, then when one service is killed/faults/restarts/stops/etc. the systemd (or init) process deletes the RuntimeDirectory and causes the other service to crash since a RuntimeDirectory does not exist. The problem is the hard-coding of the sshd Privilege Separation Directory. We need to modify the OpenBSD/OpenSSH sshd code to provision command line assignment of the privilege separation directory. I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and they say it is a Ubuntu problem. I reported this in Ubuntu bug #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT) rejected it because I described the problem using the init.d example. I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is getting Ubuntu and OpenSSH to admit there is a problem and it needs to be fixed. The problem is still there regardless if you are using Upstart (i.e. init.d) or systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1829566] Re: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns
Here you are, Till. Three sections, one for each NM version containing the two dig requests during the tests, plus one for a dig to contact the local DNS explicitly. nm-1.10.6: $ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER' # first attempt always fails ;; ANSWER SECTION: dnsmasq.local.org.com. 600 IN A 127.0.0.1 $ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER' # second onwards always works ;; ANSWER SECTION: dnsmasq.local.org.com. 600 IN A 172.22.0.2 nm-1.10.14: $ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER' ;; ANSWER SECTION: dnsmasq.local.org.com. 600 IN A 127.0.0.1 # first attempt always fails $ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER' ;; ANSWER SECTION: dnsmasq.local.org.com. 600 IN A 127.0.0.1 # all subsequent attempts fail too :( Direct dig example: $ dig dnsmasq.local.org.com @127.0.0.54 | grep -FA1 ';; ANSWER' # direct query to local dns specified in config (see main issue body) ;; ANSWER SECTION: dnsmasq.local.org.com. 600 IN A 172.22.0.2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1829566 Title: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns Status in network-manager package in Ubuntu: Triaged Status in network-manager source package in Bionic: Triaged Bug description: On 18.04.2 the `upgrade network-manager:amd64 1.10.6-2ubuntu1.1 1.10.14-0ubuntu2` lead to scoped DNS servers defined in `/etc/systemd/resolved.conf.d/*.conf` being ignored. Downgrading with `sudo apt-get install network- manager=1.10.6-2ubuntu1.1` has resolved the issue for now. Example systemd-resolved conf: [Resolve] Cache=no DNS=127.0.0.54 Domains=~.local.org.com Where 127.0.0.54:53 is bound to a dnsmasq server capable of resolving queries in that subdomain. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1829566/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services
> Does that somehow mean that your problem doesn't occur if you use only the upstream source code and no distribution patches? If so, how? Good question. I have cloned the git version of OpenSSH for disco- proposed. When I compile this version of the code, the privilege separation directory is defined as "/var/empty" which would solve the problem. However, the installed version 18.04.2 LTS (bionic), has it defined as /run/sshd. The man pages for disco-proposed indicate that the privilege separation directory is at /run/sshd. So, which git repository should I use to get the Ubuntu 18.04.2 (LTS) / OpenSSH 7.6p1 should I use? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services Status in openssh package in Ubuntu: Won't Fix Bug description: Ubuntu: 18.04.2 LTS OpenSSH: 7.6p1 I am having a problem starting multiple sshd processes. The default location of the sshd privilege separation directory is hard-coded to /run/sshd (see man page). If I want to have 2 sshd services using systemd, I need to write 2 service files, let's call them sshd_wan.service ans sshd_lan.service. Both of these services need to have their own "RuntimeDirectory=sshd_wan" and "RuntimeDirectory=sshd_lan". If you do not have separate RuntimeDirectory definitions for the 2 services, then when one service is killed/faults/restarts/stops/etc. the systemd (or init) process deletes the RuntimeDirectory and causes the other service to crash since a RuntimeDirectory does not exist. The problem is the hard-coding of the sshd Privilege Separation Directory. We need to modify the OpenBSD/OpenSSH sshd code to provision command line assignment of the privilege separation directory. I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and they say it is a Ubuntu problem. I reported this in Ubuntu bug #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT) rejected it because I described the problem using the init.d example. I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is getting Ubuntu and OpenSSH to admit there is a problem and it needs to be fixed. The problem is still there regardless if you are using Upstart (i.e. init.d) or systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Incomplete Status in openssl source package in Bionic: Incomplete Status in openssl source package in Cosmic: Incomplete Status in openssl source package in Disco: Incomplete Status in openssl source package in Eoan: Incomplete Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1750051] Re: cron doesn't support MAILFROM
CentOS 8 is not out yet so Ubuntu 18.04 is the best LTS for servers at the moment ... except for bugs like this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cron in Ubuntu. https://bugs.launchpad.net/bugs/1750051 Title: cron doesn't support MAILFROM Status in cron package in Ubuntu: Triaged Status in cron package in Debian: New Bug description: Ubuntu's cron version doesn't support setting MAILFROM to set the "From:" header of cron generated emails. This feature would be nice to have and bring parity with RHEL/CentOS which has it since RHEL 6: $ cat /etc/redhat-release CentOS release 6.6 (Final) $ man 5 crontab | grep -1 FROM doesn´t do aliasing, and UUCP usually doesn´t read its mail. If MAIL- FROM is defined (and non-empty), it will be used as the envelope sender address, otherwise, ‘‘root’’ will be used. $ apt-cache policy cron cron: Installed: 3.0pl1-128ubuntu2 Candidate: 3.0pl1-128ubuntu2 Version table: *** 3.0pl1-128ubuntu2 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: cron 3.0pl1-128ubuntu2 ProcVersionSignature: Ubuntu 4.4.0-116.140-generic 4.4.98 Uname: Linux 4.4.0-116-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 CurrentDesktop: Unity Date: Fri Feb 16 15:52:54 2018 InstallationDate: Installed on 2016-12-06 (436 days ago) InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Beta amd64 (20161206) SourcePackage: cron UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1750051/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1781746] Re: [SRU] Slow startup with zram-config installed (/dev/zram0) or encrypted swap
** Also affects: initramfs-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: initramfs-tools (Ubuntu) Status: Confirmed => Fix Released ** Changed in: initramfs-tools (Ubuntu Bionic) Status: New => Triaged ** Tags removed: rls-ee-incoming ** Tags added: rls-bb-notfixing -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1781746 Title: [SRU] Slow startup with zram-config installed (/dev/zram0) or encrypted swap Status in Default settings and artwork for Baltix OS: Confirmed Status in initramfs-tools package in Ubuntu: Fix Released Status in initramfs-tools source package in Bionic: Triaged Status in initramfs-tools package in Debian: Fix Released Bug description: [Impact] Ubuntu 18.04 startup slowdowns for 30-120 seconds when zram swap is enabled (for example zram-config installed) or swap is encrypted. Today lots of users have SSD instead of HDD disk drives and use zram swap instead of swap partition or swap file, but if initrd is generated when zram swap is enabled then system can become "unbootable" from the user's perspective (Users with SSD storage doesn't wait 2 or more minutes...) This bug is already fixed in Debian initramfs-tools ver 0.132, please accept this simple 3 lines patch from Debian into Ubuntu 18.04 LTS https://salsa.debian.org/kernel-team/initramfs-tools/commit/312393b0cf1231125eeff3d1a2b6b778a935c21d [Test Case] Install zram-config package and regenerate and initrd, for example with sudo update-initramfs -u When generating initrd I get this message in terminal: I: The initramfs will attempt to resume from /dev/zram0 I: (UUID=e380356c-767e-4265-98da-8be62ad28569) I: Set the RESUME variable to override this.###.] So the local-premount script in initramfs was waiting for a swap device that was not available, until it timed out. The relevant message was gave up waiting for suspend/resume device. [Regression Potential] None, patch simply adds case for /dev/zram*: 60case "$resume_auto" in 61/dev/zram*) 62ephemeral=true 63;; 64esac [Other Info] Manual method to disable this (as resuming from swap is not possible with an encrypted or zram swap): modify file /etc/initramfs-tools/conf.d/resume - add (or change) line RESUME=none (instead of the UUID that was here) will disable waiting for a resume device. and run sudo update-initramfs -u to apply the changes. To manage notifications about this bug go to: https://bugs.launchpad.net/baltix-default-settings/+bug/1781746/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1759008] Re: Revert automatic suspend by default for bionic?
Still broken with MATE desktop on Ubuntu 18.04.2 LTS. If I run mate- power-preferences and select ON AC Power - Put computer to sleep when inactive for: [never] the computer still automatically sleeps (enters S3) after 20 minutes. $ grep -C1 sleep-inactive-ac-timeout /usr/share/glib-2.0/schemas/10_ubuntu-settings.gschema.override [org.gnome.settings-daemon.plugins.power] sleep-inactive-ac-timeout = 0 I've tried to manually run $ systemd-inhibit --mode=block sleep 2h but the system still enters S3 after 20 minutes unless I disable screen saver using mate-inhibit-applet. $ apt policy mate-desktop mate-desktop: Installed: 1.20.1-2ubuntu1 Candidate: 1.20.1-2ubuntu1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ubuntu-settings in Ubuntu. https://bugs.launchpad.net/bugs/1759008 Title: Revert automatic suspend by default for bionic? Status in ubuntu-settings package in Ubuntu: Fix Released Status in ubuntu-settings source package in Bionic: Fix Released Bug description: GNOME 3.28 has turned Automatic Suspend on by default and set it to 20 minutes: https://gitlab.gnome.org/GNOME/gnome-settings-daemon/commit/2fdb48fa I generally think this is a good thing. There are a few issues though. 1. The computer will still suspend even if there are remote users logged in or the computer is being used as a server for files, printers, etc. 2. Some software doesn't set inhibit correctly. ~ahasenack mentioned he was using the Spotify Snap and the computer suspend after 20 minutes. (Maybe Spotify needs to use the screen-inhibit-control snap interface.) 3. Even if it does set inhibit, there is a report that the computer will suspend as soon as the inhibit is removed if there is no other activity. (Imagine a movie playing. At the end of the movie, the computer goes to sleep immediately.) More details and proposed fix at https://bugzilla.gnome.org/show_bug.cgi?id=705942#c21 4. There is no GUI way to change this setting for the login screen yet. https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22 5. Some users think that desktop computers should be always running unless told otherwise. Personally, I don't give this argument much weight at all. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-settings/+bug/1759008/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services
My recommmendation moving forward. 1) If Ubuntu wants to move the privilege separation directory from /var/empty to /run/sshd, then there needs to be a command-line option for the sshd to adjust the location of the privilege separation directory. 2) If Ubuntu keeps the privilege separation directory at /var/empty, then the man pages would need to be updated in the released openssh and no code changes would be required. My $0.02 worth. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services Status in openssh package in Ubuntu: Won't Fix Bug description: Ubuntu: 18.04.2 LTS OpenSSH: 7.6p1 I am having a problem starting multiple sshd processes. The default location of the sshd privilege separation directory is hard-coded to /run/sshd (see man page). If I want to have 2 sshd services using systemd, I need to write 2 service files, let's call them sshd_wan.service ans sshd_lan.service. Both of these services need to have their own "RuntimeDirectory=sshd_wan" and "RuntimeDirectory=sshd_lan". If you do not have separate RuntimeDirectory definitions for the 2 services, then when one service is killed/faults/restarts/stops/etc. the systemd (or init) process deletes the RuntimeDirectory and causes the other service to crash since a RuntimeDirectory does not exist. The problem is the hard-coding of the sshd Privilege Separation Directory. We need to modify the OpenBSD/OpenSSH sshd code to provision command line assignment of the privilege separation directory. I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and they say it is a Ubuntu problem. I reported this in Ubuntu bug #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT) rejected it because I described the problem using the init.d example. I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is getting Ubuntu and OpenSSH to admit there is a problem and it needs to be fixed. The problem is still there regardless if you are using Upstart (i.e. init.d) or systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services
On Fri, Jun 14, 2019 at 04:02:10PM -, Luke A. Perkins wrote: > When I compile this version of the code, the privilege > separation directory is defined as "/var/empty" which would solve the > problem. Why/how would this solve the problem? > So, which git repository should I use to get the Ubuntu 18.04.2 (LTS) / > OpenSSH 7.6p1 should I use? You can use https://code.launchpad.net/ubuntu/+source/openssh to see the sources used in Ubuntu's packaging. The applied/ubuntu/bionic-devel branch will give you the current tree for 18.04 in Ubuntu with distribution patches already applied. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services Status in openssh package in Ubuntu: Won't Fix Bug description: Ubuntu: 18.04.2 LTS OpenSSH: 7.6p1 I am having a problem starting multiple sshd processes. The default location of the sshd privilege separation directory is hard-coded to /run/sshd (see man page). If I want to have 2 sshd services using systemd, I need to write 2 service files, let's call them sshd_wan.service ans sshd_lan.service. Both of these services need to have their own "RuntimeDirectory=sshd_wan" and "RuntimeDirectory=sshd_lan". If you do not have separate RuntimeDirectory definitions for the 2 services, then when one service is killed/faults/restarts/stops/etc. the systemd (or init) process deletes the RuntimeDirectory and causes the other service to crash since a RuntimeDirectory does not exist. The problem is the hard-coding of the sshd Privilege Separation Directory. We need to modify the OpenBSD/OpenSSH sshd code to provision command line assignment of the privilege separation directory. I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and they say it is a Ubuntu problem. I reported this in Ubuntu bug #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT) rejected it because I described the problem using the init.d example. I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is getting Ubuntu and OpenSSH to admit there is a problem and it needs to be fixed. The problem is still there regardless if you are using Upstart (i.e. init.d) or systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1756595] Re: disk space info inadvertently provides all installed snaps
** Also affects: apt (Ubuntu Eoan) Importance: Medium Status: Fix Committed ** Also affects: apport (Ubuntu Eoan) Importance: Undecided Status: Invalid ** Tags removed: rls-ee-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1756595 Title: disk space info inadvertently provides all installed snaps Status in apport package in Ubuntu: Invalid Status in apt package in Ubuntu: Fix Committed Status in apport source package in Bionic: Invalid Status in apt source package in Bionic: Triaged Status in apport source package in Disco: New Status in apt source package in Disco: Triaged Status in apport source package in Eoan: Invalid Status in apt source package in Eoan: Fix Committed Bug description: When apport is reporting a crash, it includes the output of the "df" utility, to list the free disk space information per mount point. That output nowadays will inadvertently include all snaps that the user may have installed, including their revision numbers. Here is a simple df output: andreas@nsn7:~$ df Filesystem 1K-blocksUsed Available Use% Mounted on udev 8119680 0 8119680 0% /dev tmpfs 16301561828 1628328 1% /run nsn7/ROOT/ubuntu433084288 2500608 430583680 1% / tmpfs 8150776 1 8131888 1% /dev/shm tmpfs5120 4 5116 1% /run/lock tmpfs 8150776 0 8150776 0% /sys/fs/cgroup nsn7/var/log430763136 179456 430583680 1% /var/log nsn7/var/tmp430583808 128 430583680 1% /var/tmp /dev/sda2 1032088 160336871752 16% /boot /dev/sda1 5232482720520528 1% /boot/efi nsn7/home 430651264 67584 430583680 1% /home nsn7/var/cache 430653312 69632 430583680 1% /var/cache nsn7/var/mail 430583808 128 430583680 1% /var/mail nsn7/var/spool 430583808 128 430583680 1% /var/spool tmpfs 1630152 16 1630136 1% /run/user/120 tmpfs 100 0 100 0% /var/lib/lxd/shmounts tmpfs 100 0 100 0% /var/lib/lxd/devlxd tmpfs 1630152 36 1630116 1% /run/user/1000 nsn7/lxd/containers/squid-ds216 431444096 860416 430583680 1% /var/lib/lxd/storage-pools/default/containers/squid-ds216 /dev/loop0 83712 83712 0 100% /snap/core/4206 /dev/loop1 102144 102144 0 100% /snap/git-ubuntu/402 You can see I have the core snap at revision 4206, and git-ubuntu at revision 402. There are already many bug reports in launchpad where one can see this information. Granted, the user can review it, refuse to send this data, etc. This bug is about the unexpectedness of having that information in the disk space data. If the user sees a prompt like "Would you like to include disk free space information in your report?", or "Would you like to include the output of the df(1) command in your report?", that doesn't immediately translate to "Would you like to include disk free space information and a list of all installed snaps and their revision numbers in your report?". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1756595/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services
You're going round in circles. Let's take a step back. Please assume that Ubuntu does not want to make any change right now because no change is currently considered justified. An open question here is if Ubuntu's patches on upstream are creating any problem that you're reporting. That's why I'm asking. If they are, then please explain how and why. If they are not, then I see no reason to make any change. There's no point discussing this any further unless you can demonstrate how Ubuntu is introducing any kind of problem that is unique to the packaging and not upstream. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services Status in openssh package in Ubuntu: Won't Fix Bug description: Ubuntu: 18.04.2 LTS OpenSSH: 7.6p1 I am having a problem starting multiple sshd processes. The default location of the sshd privilege separation directory is hard-coded to /run/sshd (see man page). If I want to have 2 sshd services using systemd, I need to write 2 service files, let's call them sshd_wan.service ans sshd_lan.service. Both of these services need to have their own "RuntimeDirectory=sshd_wan" and "RuntimeDirectory=sshd_lan". If you do not have separate RuntimeDirectory definitions for the 2 services, then when one service is killed/faults/restarts/stops/etc. the systemd (or init) process deletes the RuntimeDirectory and causes the other service to crash since a RuntimeDirectory does not exist. The problem is the hard-coding of the sshd Privilege Separation Directory. We need to modify the OpenBSD/OpenSSH sshd code to provision command line assignment of the privilege separation directory. I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and they say it is a Ubuntu problem. I reported this in Ubuntu bug #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT) rejected it because I described the problem using the init.d example. I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is getting Ubuntu and OpenSSH to admit there is a problem and it needs to be fixed. The problem is still there regardless if you are using Upstart (i.e. init.d) or systemd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf
** Changed in: openssl (Ubuntu Bionic) Status: Incomplete => Invalid ** Changed in: openssl (Ubuntu Cosmic) Status: Incomplete => Invalid ** Changed in: openssl (Ubuntu Disco) Status: Incomplete => Invalid ** Changed in: openssl (Ubuntu Eoan) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832370 Title: Unable to configure or disable TLS 1.3 via openssl.cnf Status in openssl package in Ubuntu: Invalid Status in openssl source package in Bionic: Invalid Status in openssl source package in Cosmic: Invalid Status in openssl source package in Disco: Invalid Status in openssl source package in Eoan: Invalid Bug description: [Description] Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications gained access to TLS 1.3 by default. The applications that were not rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings (protocol, ciphersuites selection, ciphersuites order) like it's possible with 1.2 and below. As such, one should turn to configuring /etc/ssl/openssl.cnf to alter TLS 1.3 settings. Here is how I'd expect to be able to turn off TLS 1.3: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:15:23.805113804 -0400 @@ -12,6 +12,16 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +MaxProtocol = TLSv1.2 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids This doesn't work as 'openssl s_client -connect rproxy.sdeziel.info:443' negotiates TLS 1.3 with TLS_AES_256_GCM_SHA384. Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with: # diff -Naur /etc/ssl/openssl.cnf{.orig,} --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400 +++ /etc/ssl/openssl.cnf 2019-06-11 11:37:23.362889367 -0400 @@ -12,6 +12,17 @@ HOME = . RANDFILE = $ENV::HOME/.rnd +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] + +Ciphers = TLS_AES_128_GCM_SHA256 +Ciphersuites = TLS_AES_128_GCM_SHA256 + # Extra OBJECT IDENTIFIER info: #oid_file= $ENV::HOME/.oid oid_section = new_oids Doesn't work as s_client keeps negotiating TLS 1.3 with TLS_AES_256_GCM_SHA384 (!= 128) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Jun 11 11:22:47 2019 InstallationDate: Installed on 2018-07-15 (331 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714) ProcEnviron: LANG=en_CA.UTF-8 TERM=xterm-256color SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server
Hello Seth, or anyone else affected, Accepted openssl into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1b- 1ubuntu2.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Disco) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-disco ** Changed in: openssl (Ubuntu Cosmic) Status: New => Fix Committed ** Tags added: verification-needed-cosmic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832421 Title: openssl reboot needed message using incorrect path to X server Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] * Boot ubuntu desktop * Upgrade libssl1.1 * Observe reboot notification pop-up from update-notifier is _not_ shown [Regression Potential] * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
Hello Steve, or anyone else affected, Accepted openssl into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Cosmic) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-cosmic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832659 Title: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350 Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Released Status in openssl source package in Eoan: Fix Released Bug description: [Impact] * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] * wget https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832522] Re: openssl maintainer scripts do not trigger services restart
Hello Dimitri, or anyone else affected, Accepted openssl into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1b- 1ubuntu2.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Disco) Status: New => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed verification-needed-disco ** Changed in: openssl (Ubuntu Cosmic) Status: New => Fix Committed ** Tags added: verification-needed-cosmic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832522 Title: openssl maintainer scripts do not trigger services restart Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: Fix Released Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Bug description: [Impact] * Major libssl ugprades require services to be restarted, for them to continue to function correctly at runtime. * The maintainer scripts were not adjusted to trigger. [Test Case] * Install bionic from release pocket and install ssl using daemon e.g. openssh-server libapache-mod-ssl * Upgrade libssl1.1 * Ensure that services that use openssl are offered to be restarted. [Regression Potential] * We are rebuilding libssl1.1 and changing maintainer scripts. Given that we have missed upgrade trigger, we will ask users to restart services again even if they may have restarted them already. [Other Info] * Previous major libssl upgrade issue of similar nature was https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743889 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832421] Please test proposed package
Hello Seth, or anyone else affected, Accepted openssl into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832421 Title: openssl reboot needed message using incorrect path to X server Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: New Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] * Boot ubuntu desktop * Upgrade libssl1.1 * Observe reboot notification pop-up from update-notifier is _not_ shown [Regression Potential] * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832522] Please test proposed package
Hello Dimitri, or anyone else affected, Accepted openssl into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832522 Title: openssl maintainer scripts do not trigger services restart Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: Fix Released Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Bug description: [Impact] * Major libssl ugprades require services to be restarted, for them to continue to function correctly at runtime. * The maintainer scripts were not adjusted to trigger. [Test Case] * Install bionic from release pocket and install ssl using daemon e.g. openssh-server libapache-mod-ssl * Upgrade libssl1.1 * Ensure that services that use openssl are offered to be restarted. [Regression Potential] * We are rebuilding libssl1.1 and changing maintainer scripts. Given that we have missed upgrade trigger, we will ask users to restart services again even if they may have restarted them already. [Other Info] * Previous major libssl upgrade issue of similar nature was https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743889 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832882] [NEW] libcurl-gnutls segfaults spotify client
Public bug reported: The latest release of Spotify client segfaults in libcurl-gnutls as can be read in this thread on spotify support forum: https://community.spotify.com/t5/Desktop-Linux/Ubuntu-19-04-deb-package-segfault/td-p/4761479 According to one participant the work-around is to install debian packages libgnutls30_3.6.8-1_amd64.deb and libcurl3-gnutls_7.64.0-3_amd64.deb Ubuntu 19.04 version of the packages: libgnutls30 3.6.5-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 As the bug can be resolved by installing debian packages, I assume Ubuntu's version of the packages is at fault and should be upgraded to match debian's level as soon as possible. ** Affects: curl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/1832882 Title: libcurl-gnutls segfaults spotify client Status in curl package in Ubuntu: New Bug description: The latest release of Spotify client segfaults in libcurl-gnutls as can be read in this thread on spotify support forum: https://community.spotify.com/t5/Desktop-Linux/Ubuntu-19-04-deb-package-segfault/td-p/4761479 According to one participant the work-around is to install debian packages libgnutls30_3.6.8-1_amd64.deb and libcurl3-gnutls_7.64.0-3_amd64.deb Ubuntu 19.04 version of the packages: libgnutls30 3.6.5-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 As the bug can be resolved by installing debian packages, I assume Ubuntu's version of the packages is at fault and should be upgraded to match debian's level as soon as possible. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1832882/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832865] Re: gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user
** Changed in: accountsservice Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to accountsservice in Ubuntu. https://bugs.launchpad.net/bugs/1832865 Title: gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user Status in accountsservice: New Status in accountsservice package in Ubuntu: Triaged Status in gnome-shell package in Ubuntu: Won't Fix Bug description: The Ubuntu Error Tracker has been receiving reports about a problem regarding gnome-shell. This problem was most recently seen with package version 3.32.1-1ubuntu1~19.04.1, the problem page at https://errors.ubuntu.com/problem/1a63c83d1c90f48036a2f839bf608738eefde4c8 contains more details, including versions of packages affected, stacktrace or traceback, and individual crash reports. If you do not have access to the Ubuntu Error Tracker and are a software developer, you can request it at http://forms.canonical.com/reports/. To manage notifications about this bug go to: https://bugs.launchpad.net/accountsservice/+bug/1832865/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832886] [NEW] 50-motd-news always called with --force
Public bug reported: I was looking at the motd-news.service file and 50-motd-news recently and discovered that 50-motd-news is always called with --force. bdmurray@clean-disco-amd64:~$ systemctl cat motd-news.service # /lib/systemd/system/motd-news.service [Unit] Description=Message of the Day After=network-online.target Documentation=man:update-motd(8) [Service] Type=oneshot ExecStart=/etc/update-motd.d/50-motd-news --force However, 50-motd-news leads one to believe that it would be faster if it were not called with --force. " # If we're not forcing an update, and we have a cached motd-news file, # then just print it and exit as quickly as possible, for login performance. # Note that systemd should keep this cache file up to date, asynchronously if [ "$FORCED" != "1" ]; then if [ -r $CACHE ]; then echo safe_print $CACHE else : > $CACHE fi exit 0 fi " So is login performance being degraded since 50-motd-news is always called with --force? ** Affects: base-files (Ubuntu) Importance: Undecided Status: New ** Tags: disco eoan rls-ee-incoming -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1832886 Title: 50-motd-news always called with --force Status in base-files package in Ubuntu: New Bug description: I was looking at the motd-news.service file and 50-motd-news recently and discovered that 50-motd-news is always called with --force. bdmurray@clean-disco-amd64:~$ systemctl cat motd-news.service # /lib/systemd/system/motd-news.service [Unit] Description=Message of the Day After=network-online.target Documentation=man:update-motd(8) [Service] Type=oneshot ExecStart=/etc/update-motd.d/50-motd-news --force However, 50-motd-news leads one to believe that it would be faster if it were not called with --force. " # If we're not forcing an update, and we have a cached motd-news file, # then just print it and exit as quickly as possible, for login performance. # Note that systemd should keep this cache file up to date, asynchronously if [ "$FORCED" != "1" ]; then if [ -r $CACHE ]; then echo safe_print $CACHE else : > $CACHE fi exit 0 fi " So is login performance being degraded since 50-motd-news is always called with --force? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1832886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832886] Re: 50-motd-news always called with --force
No. The --force option is passed when called from the service. It is NOT passed when the script is called via update-motd during login. ** Changed in: base-files (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1832886 Title: 50-motd-news always called with --force Status in base-files package in Ubuntu: Invalid Bug description: I was looking at the motd-news.service file and 50-motd-news recently and discovered that 50-motd-news is always called with --force. bdmurray@clean-disco-amd64:~$ systemctl cat motd-news.service # /lib/systemd/system/motd-news.service [Unit] Description=Message of the Day After=network-online.target Documentation=man:update-motd(8) [Service] Type=oneshot ExecStart=/etc/update-motd.d/50-motd-news --force However, 50-motd-news leads one to believe that it would be faster if it were not called with --force. " # If we're not forcing an update, and we have a cached motd-news file, # then just print it and exit as quickly as possible, for login performance. # Note that systemd should keep this cache file up to date, asynchronously if [ "$FORCED" != "1" ]; then if [ -r $CACHE ]; then echo safe_print $CACHE else : > $CACHE fi exit 0 fi " So is login performance being degraded since 50-motd-news is always called with --force? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1832886/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1803601] Re: motd-news.service scheduled even when /etc/update-motd.d/50-motd-news is not executable
** Tags added: bionic bitsize eoan ** Tags removed: bitsize ** Tags added: bitesize ** Changed in: base-files (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1803601 Title: motd-news.service scheduled even when /etc/update-motd.d/50-motd-news is not executable Status in base-files package in Ubuntu: New Bug description: update-motd(5) says: Executable scripts in /etc/update-motd.d/* are executed by pam_motd(8) as the root user at each login, and this information is concatenated in /run/motd.dynamic. The order of script execu‐ tion is determined by the run-parts(8) --lsbsysinit option (basically alphabetical order, with a few caveats). So sysadmins are used to "chmod -x" motd fragments from /etc/update- motd.d/ to prevent their execution. When doing so for /etc/update- motd.d/50-motd-news, I noticed that motd-news.timer was still trying to execute the motd-news.service unit which then logged a failure: systemd[3704]: motd-news.service: Failed to execute command: Permission denied systemd[3704]: motd-news.service: Failed at step EXEC spawning /etc/update-motd.d/50-motd-news: Permission denied systemd[1]: motd-news.service: Main process exited, code=exited, status=203/EXEC systemd[1]: motd-news.service: Failed with result 'exit-code'. systemd[1]: Failed to start Message of the Day. The motd-news.service unit looks like this: $ systemctl cat motd-news.service # /lib/systemd/system/motd-news.service [Unit] Description=Message of the Day After=network-online.target Documentation=man:update-motd(8) [Service] Type=oneshot ExecStart=/etc/update-motd.d/50-motd-news --force This problem was observed on a Bionic system: $ lsb_release -rd Description: Ubuntu 18.04.1 LTS Release: 18.04 $ apt-cache policy base-files base-files: Installed: 10.1ubuntu2.3 Candidate: 10.1ubuntu2.3 Version table: *** 10.1ubuntu2.3 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 100 /var/lib/dpkg/status 10.1ubuntu2.2 500 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 10.1ubuntu2 500 500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages But the problem also exist in Disco. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1803601/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
Hello Steve, or anyone else affected, Accepted openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832659 Title: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350 Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Released Status in openssl source package in Eoan: Fix Released Bug description: [Impact] * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] * wget https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server
Hello Seth, or anyone else affected, Accepted openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: openssl (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832421 Title: openssl reboot needed message using incorrect path to X server Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] * Boot ubuntu desktop * Upgrade libssl1.1 * Observe reboot notification pop-up from update-notifier is _not_ shown [Regression Potential] * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/notify-reboot-required fi On my 18.04 LTS laptop: $ ps auxw | grep Xorg root 2440 0.5 0.4 495932 78996 tty7 Rsl+ May10 264:45 /usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l Thanks ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18 Uname: Linux 4.15.0-50-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Tue Jun 11 18:06:51 2019 InstallationDate: Installed on 2012-10-18 (2427 days ago) InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1) ProcEnviron: TERM=rxvt-unicode-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1818527] Re: Stub resolver cache is corrupted
Verified for Bionic: ubuntu@bionic:~$ dpkg -l | grep systemd ii systemd 237-3ubuntu10.23 amd64system and service manager ubuntu@bionic:~$ systemd-resolve --flush-caches ubuntu@bionic:~$ dig +noall +answer github.com CNAME ubuntu@bionic:~$ dig +noall +answer github.com A github.com. 18 IN A 140.82.118.4 ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1818527 Title: Stub resolver cache is corrupted Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Xenial: Invalid Status in systemd source package in Bionic: Fix Committed Bug description: [Impact] systemd-resolved fails to resolve A records [Description] When systemd-resolve caches a non-existent CNAME record for a specific domain, further attempts at resolving A records for that same domain fail. This has been fixed upstream in v240. Upstream commit: https://github.com/systemd/systemd/commit/3740146a4cbd $ git describe --contains 3740146a4cbd v240~839 $ rmadison systemd --arch amd64 systemd | 229-4ubuntu4 | xenial | source, ... systemd | 229-4ubuntu21.21 | xenial-security | source, ... systemd | 229-4ubuntu21.21 | xenial-updates | source, ... systemd | 237-3ubuntu10| bionic | source, ... systemd | 237-3ubuntu10.19 | bionic-security | source, ... systemd | 237-3ubuntu10.21 | bionic-updates | source, ... systemd | 237-3ubuntu10.22 | bionic-proposed | source, ... systemd | 239-7ubuntu10| cosmic | source, ... systemd | 239-7ubuntu10.12 | cosmic-security | source, ... systemd | 239-7ubuntu10.13 | cosmic-updates | source, ... systemd | 239-7ubuntu10.14 | cosmic-proposed | source, ... systemd | 240-6ubuntu5 | disco | source, ... systemd | 240-6ubuntu5.1 | disco-proposed | source, ... systemd | 240-6ubuntu9 | eoan| source, ... Despite the package versions above, only Bionic is affected. Cosmic already includes a backported fix, and Xenial doesn't seem affected due to resolvconf handling DNS resolution. [Test Case] Flush resolved's caches and try resolving a non-existent CNAME record. Further resolution attempts for the corresponding A record will fail: #1 On a Bionic host: $ systemd-resolve --flush-caches $ dig github.com CNAME ;; QUESTION SECTION: ;github.com. IN CNAME ;; Query time: 47 msec . $ dig github.com A ;; QUESTION SECTION: ;github.com. IN A ;; Query time: 0 msec While in reality, if no non-existent CNAME result query has been made first: $ systemd-resolve --flush-caches $ dig github.com ; QUESTION SECTION: ;github.com. IN A ;; ANSWER SECTION: github.com. 59 IN A 192.30.253.112 ;; Query time: 51 msec #2 On a Bionic host: $ systemd-resolve --flush-caches $ dig github.com CNAME $ dig github.com A Build a lxd container with Cosmic/Disco/Eoan (systemd-240): $ lxc launch ubuntu:cosmic cosmiclxd $ lxd exec cosmiclxd bash $ dig github.com A ;; QUESTION SECTION: ;github.com. IN A ;; Query time: 0 msec Despite the fact that Cosmic and late has the proper systemd fix, Cosmic/Disco/Eoan container can suffer from the bug too if the host is Bionic (container uses the host as a DNS resolver). So you may face the problem inside Cosmic/Disco/Eoan container, but it's still the same Bionic systemd bug. [Regression Potential] The regression potential for this fix should be very low, as it's a direct cherry-pick from upstream systemd. It has seen extensive testing in both upstream and other Ubuntu releases, and was verified for Bionic through autopkgtests. [Original Description] It seems that when systemd-resolve cache an non-existent CNAME record for a domain, any attempt to resolve A record for the same domain fail. systemd version the issue has been seen with Installed: 237-3ubuntu10.13 Used distribution Distributor ID: Ubuntu Description: Ubuntu 18.04.2 LTS Release: 18.04 Codename: bionic Expected behaviour you didn't see Return A record for a domain when it exists. Unexpected behaviour you saw Resolution failed. Steps to reproduce the problem Whait for 1 minutes (github.com TTL for A record) Try to resolv github.com CNAME record dig CNAME github.com This will return an empty result. Then try to resolve github.com A record dig A github.com. This will now return empty result unless you restart systemd-resolved or wait for cache e
[Touch-packages] [Bug 1832903] [NEW] 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver
Public bug reported: After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login screen doesn't work if 'Wayland' is in use (default) and if video kernel driver is 'vgwfx'. It looks like the login screen got stuck, doesn't exit, and doesn't fallback to 'x11' by itself in case of failure. Workaround: - Access the machine via ssh or any other recovery approaches. - Force the login screen to use x11: File: /etc/gdm3/custom.conf [daemon] # Uncoment the line below to force the login screen to use Xorg WaylandEnable=false I tried to reproduce the behaviour on my personal laptop, KVM guest, ... without success. So far it is only reproducible when the 'vgwfx' driver is in use in combination with Wayland. lspci -nnvvv 00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] (prog-if 00 [VGA controller]) Subsystem: VMware SVGA II Adapter [15ad:0405] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- Capabilities: [44] PCI Advanced Features AFCap: TP+ FLR+ AFCtrl: FLR- AFStatus: TP- Kernel driver in use: vmwgfx Kernel modules: vmwgfx ** Affects: gdm3 (Ubuntu) Importance: Undecided Status: New ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: wayland (Ubuntu) Importance: Undecided Status: New ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Also affects: wayland (Ubuntu) Importance: Undecided Status: New ** Description changed: After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login - screen doesn't work if it 'wayland' is in use (default) and if video - kernel driver inside is 'vgwfx'. + screen doesn't work if 'Wayland' is in use (default) and if video kernel + driver is 'vgwfx'. It looks like the login screen got stuck, doesn't exit, and doesn't fallback to 'x11' by itself in case of failure. Workaround: - Force the login screen to use x11: + - Access the machine via ssh or any other recovery approaches. + - Force the login screen to use x11: - File: /etc/gdm3/custom.conf + File: /etc/gdm3/custom.conf [daemon] # Uncoment the line below to force the login screen to use Xorg WaylandEnable=false - I tried to reproduce the behaviour on my personal laptop, KVM guest, ... without success. - So far it is only reproducible when the 'vgwfx' driver is in use in combination with Wayland. + I tried to reproduce the behaviour on my personal laptop, KVM guest, ... + without success. + So far it is only reproducible when the 'vgwfx' driver is in use in + combination with Wayland. + + lspci -nnvvv 00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] (prog-if 00 [VGA controller]) - Subsystem: VMware SVGA II Adapter [15ad:0405] - Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- - Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- - Capabilities: [44] PCI Advanced Features - AFCap: TP+ FLR+ - AFCtrl: FLR- - AFStatus: TP- - Kernel driver in use: vmwgfx - Kernel modules: vmwgfx + Subsystem: VMware SVGA II Adapter [15ad:0405] + Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- + Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- + Capabilities: [44] PCI Advanced Features + AFCap: TP+ FLR+ + AFCtrl: FLR- + AFStatus: TP- + Kernel driver in use: vmwgfx + Kernel modules: vmwgfx -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wayland in Ubuntu. https://bugs.launchpad.net/bugs/1832903 Title: 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver Status in gdm3 package in Ubuntu: New Status in linux package in Ubuntu: New Status in wayland package in Ubuntu: New Bug description: After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login screen doesn't work if 'Wayland' is in use (default) and if video kernel driver is 'vgwfx'. It looks like the login screen got stuck, doesn't exit, and doesn't fallback to 'x11' by itself in case of failure. Workaround: - Access the machine via ssh or any other recovery approaches. - Force the login screen to use x11: File: /etc/gdm3/custom.conf [daemon] # Uncoment the line below to force the login screen to use Xorg WaylandEnable=false I tried to reproduce the behaviour on my personal laptop, KVM guest, ... without success. So far it is only reproducible when the 'vgwfx' driver is in use in combination with Wayland. lspci -nnvvv 00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15
[Touch-packages] [Bug 1832903] Missing required logs.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window: apport-collect 1832903 and then change the status of the bug to 'Confirmed'. If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'. This change has been made by an automated script, maintained by the Ubuntu Kernel Team. ** Changed in: linux (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wayland in Ubuntu. https://bugs.launchpad.net/bugs/1832903 Title: 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver Status in gdm3 package in Ubuntu: New Status in linux package in Ubuntu: Incomplete Status in wayland package in Ubuntu: New Bug description: After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login screen doesn't work if 'Wayland' is in use (default) and if video kernel driver is 'vgwfx'. It looks like the login screen got stuck, doesn't exit, and doesn't fallback to 'x11' by itself in case of failure. Workaround: - Access the machine via ssh or any other recovery approaches. - Force the login screen to use x11: File: /etc/gdm3/custom.conf [daemon] # Uncoment the line below to force the login screen to use Xorg WaylandEnable=false I tried to reproduce the behaviour on my personal laptop, KVM guest, ... without success. So far it is only reproducible when the 'vgwfx' driver is in use in combination with Wayland. lspci -nnvvv 00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] (prog-if 00 [VGA controller]) Subsystem: VMware SVGA II Adapter [15ad:0405] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- Capabilities: [44] PCI Advanced Features AFCap: TP+ FLR+ AFCtrl: FLR- AFStatus: TP- Kernel driver in use: vmwgfx Kernel modules: vmwgfx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1832903/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350
Hi, The package version 1.1.1-1ubuntu2.1~18.04.3 does fix it for me, thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832659 Title: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350 Status in OpenSSL: Fix Released Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Released Status in openssl source package in Eoan: Fix Released Bug description: [Impact] * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that prevents initialising libcrypto/libssl multiple times, and/or with different options. * This breaks existing applications that correctly use init API, ie. initialise libcrypto before/separately from libssl and/or with different options. [Test Case] * wget https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py * python3 ./test_multiple_libssl_libcrypto_init.py test_multiple_init (__main__.TestMultipleInit) ... ok -- Ran 1 test in 0.014s OK [Regression Potential] * This is a cherrypick from upstream, and is backwards compatible with existing code. Simply init succeeds under more conditions now, than it did previously in 1.1.1. Also with this fix, OpenSSL is back to how things used to work with 1.1.0 and prior releases. [Original Bug report] After the update of openssl in bionic, I started having an issue and after troubleshooting found this issue: https://github.com/openssl/openssl/issues/7350 Applying the patch linked in that issue and rebuilding the openssl package avoided the issue. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: openssl 1.1.1-1ubuntu2.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18 Uname: Linux 4.15.0-51-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 Date: Thu Jun 13 00:21:16 2019 InstallationDate: Installed on 2019-06-12 (0 days ago) InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1825856] Proposed package upload rejected
An upload of gnupg to xenial-proposed has been rejected from the upload queue for the following reason: "fixing tests only does not fit the SRU policy". -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1825856 Title: gnupg package 'gpgv-udeb' conflicts with gnupg2 (xenial) Status in gnupg package in Ubuntu: Fix Released Status in gnupg source package in Xenial: New Bug description: [impact] both the 'gnupg' and 'gnupg2' sources build 'gpgv-udeb' for xenial. therefore, gnupg FTUFS since its version is < gnupg2 version. [test case] attempt to upload 'gnupg' and 'gnupg2' into a PPA. for example see this ppa: https://launchpad.net/~ddstreet/+archive/ubuntu/lp1825186/+packages?field.name_filter=&field.status_filter=superseded&field.series_filter= version 1.4.20-1ubuntu3.3+bug1825186v20190422b1 shows this problem; all archs failed because: INFO gpgv-udeb_1.4.20-1ubuntu3.3+bug1825186v20190422b1_amd64.udeb: Version older than that in the archive. 1.4.20-1ubuntu3.3+bug1825186v20190422b1 <= 2.1.11-6ubuntu2.1+bug1825186v20190419b3 from: https://launchpadlibrarian.net/420547534/upload_16673848_log.txt [regression potential] low; the gpgv-udeb pkg is provided by gnupg2 in xenial and should not be built by gnupg. [other info] the v1 pkg is not what is reported by rmadison: $ rmadison gpgv-udeb | grep xenial gpgv-udeb | 2.1.11-6ubuntu2| xenial/main/debian-installer | amd64, arm64, armhf, i386, powerpc, ppc64el, s390x gpgv-udeb | 2.1.11-6ubuntu2.1 | xenial-security/main/debian-installer | amd64, arm64, armhf, i386, powerpc, ppc64el, s390x gpgv-udeb | 2.1.11-6ubuntu2.1 | xenial-updates/main/debian-installer | amd64, arm64, armhf, i386, powerpc, ppc64el, s390x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1825856/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1825448] Proposed package upload rejected
An upload of gnupg to xenial-proposed has been rejected from the upload queue for the following reason: "fixing tests only does not fit the SRU policy". -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1825448 Title: gnupg2 autopkgtest 'simple-tests' should be included in x/b/c Status in gnupg package in Ubuntu: Invalid Status in gnupg2 package in Ubuntu: Fix Released Status in gnupg source package in Xenial: New Status in gnupg2 source package in Xenial: New Status in gnupg2 source package in Bionic: New Status in gnupg2 source package in Cosmic: New Bug description: [impact] b/c currently only have gpgv-win32 test, which is limited in what it tests and what archs it runs on. additionally, it always fails (see bug 1825186). x currently has no tests at all for gnupg or gnupg2. [test case] run autopkgtests for gnupg2 on b/c. [regession potential] adding a testcase may result in the testcase incorrectly failing in the future. [other info] this test case is cherry-picked from gnupg2 in disco. the test case required slight modification for gnupg v1, as 'Key-Type: default' only works with v2. Note that Xenial is the last release that carries gnupg v1; Bionic and later carry only gnupg v2. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1825448/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1825186] Proposed package upload rejected
An upload of gnupg to xenial-proposed has been rejected from the upload queue for the following reason: "fixing tests only does not fit the SRU policy". -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1825186 Title: gpgv-win32 autopkgtest always fails Status in gnupg package in Ubuntu: Invalid Status in gnupg2 package in Ubuntu: Opinion Status in gnupg source package in Xenial: New Status in gnupg2 source package in Bionic: New Status in gnupg2 source package in Cosmic: New Status in gnupg2 source package in Disco: Fix Released Bug description: [impact] gpgv-win32 autopkgtest always fails [test case] check http://autopkgtest.ubuntu.com/packages/g/gnupg2 or run autopkgtest manually note the gpgv-win32 test is skipped on ppc64el and s390x for b/c, and has been removed from d/t/control entirely in d [regression potential] little to none; this affects the test case only [other info] as mentioned, in disco, the gpgv-win32 test has been removed from the tests/control completely. not sure if that is a better approach than fixing the test case. For now, I marked this Fix Released for disco since it doesn't fail there (since the testcase was removed). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1825186/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] [NEW] installed libssl1.1:amd64 package post-installation script subprocess returned error exit status
Public bug reported: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Tags: libssl1.1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status Status in openssl package in Ubuntu: New Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status
Version 1.1.1-1ubuntu2.1~18.04.2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status Status in openssl package in Ubuntu: New Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Confirmed Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status
During system upgrade: sudo apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: firefox firefox-locale-en gir1.2-xapp-1.0 libxapp1 openssl xapps-common 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. Need to get 0 B/50.6 MB of archives. After this operation, 106 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ... Checking for services that may need to be restarted...done. Checking for services that may need to be restarted...done. Checking init scripts... dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Errors were encountered while processing: libssl1.1:amd64 E: Sub-process /usr/bin/dpkg returned an error code (1) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Confirmed Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
** Summary changed: - installed libssl1.1:amd64 package post-installation script subprocess returned error exit status + installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Confirmed Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
Note: My system in question is an x86_64 (Intel CPU) so not sure why AMD packages are showing up here. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Confirmed Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
Stephen, AMD invented the 64 bit extensions to the x86 instruction set and brought their processors to market well before Intel brought theirs to market. Thus AMD won a huge amount of name recognition. Debian standardized on "amd64" to name packages for the architecture many years ago. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Confirmed Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server
I'm not sure how to do SRU verification on this update. I don't know a set of steps to take to see the update notification when running X11. Upgrading and downgrading among several packages did NOT show the update notification: sarnold@hunt:/tmp$ sudo dpkg -i ~/Downloads/libssl1.1_1.1.1-1ubuntu2.1~18.04.1_amd64.deb (Reading database ... 293979 files and directories currently installed.) Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.1_amd64.deb ... Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.1) over (1.1.1-1ubuntu2.1~18.04.1) ... Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.1) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... sarnold@hunt:/tmp$ sudo apt-get install libssl1.1=1.1.1-1ubuntu2.1~18.04.2 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: linux-headers-4.15.0-48 linux-headers-4.15.0-48-generic linux-image-4.15.0-48-generic linux-modules-4.15.0-48-generic linux-modules-extra-4.15.0-48-generic linux-tools-4.15.0-48 linux-tools-4.15.0-48-generic Use 'sudo apt autoremove' to remove them. The following packages will be upgraded: libssl1.1 1 upgraded, 0 newly installed, 0 to remove and 73 not upgraded. Need to get 0 B/1,295 kB of archives. After this operation, 0 B of additional disk space will be used. Preconfiguring packages ... (Reading database ... 293979 files and directories currently installed.) Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.2_amd64.deb ... Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) over (1.1.1-1ubuntu2.1~18.04.1) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ... Checking for services that may need to be restarted...done. Checking for services that may need to be restarted...done. Checking init scripts... Restarting services possibly affected by the upgrade: Services restarted successfully. Processing triggers for libc-bin (2.27-3ubuntu1) ... sarnold@hunt:/tmp$ sudo apt-get install libssl1.1=1.1.1-1ubuntu2.1~18.04.3 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: linux-headers-4.15.0-48 linux-headers-4.15.0-48-generic linux-image-4.15.0-48-generic linux-modules-4.15.0-48-generic linux-modules-extra-4.15.0-48-generic linux-tools-4.15.0-48 linux-tools-4.15.0-48-generic Use 'sudo apt autoremove' to remove them. The following packages will be upgraded: libssl1.1 1 upgraded, 0 newly installed, 0 to remove and 73 not upgraded. Need to get 0 B/1,295 kB of archives. After this operation, 4,096 B of additional disk space will be used. Preconfiguring packages ... (Reading database ... 293979 files and directories currently installed.) Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.3_amd64.deb ... Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.3) over (1.1.1-1ubuntu2.1~18.04.2) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.3) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... I'm going to mark this verification-done-bionic, because the notifier didn't show on my desktop system. Feel free to revert if you know a good way to see the notification on a desktop when it shouldn't have been visible. Thanks ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832421 Title: openssl reboot needed message using incorrect path to X server Status in openssl package in Ubuntu: Fix Committed Status in openssl source package in Bionic: Fix Committed Status in openssl source package in Cosmic: Fix Committed Status in openssl source package in Disco: Fix Committed Status in openssl source package in Eoan: Fix Committed Bug description: [Impact] * On desktop, upgrading libssl1.1 does not show reboot required notification [Test Case] * Boot ubuntu desktop * Upgrade libssl1.1 * Observe reboot notification pop-up from update-notifier is _not_ shown [Regression Potential] * Tweaking postinst only to correct for the Xorg path. Current code is innert, but is well excercised in prior releases. [Other Info] * Original bug report: Hello, the openssl library postinst file is using pidof /usr/bin/X, but that doesn't appear to be the path to the X11 server any more: debian/libssl1.1.postinst: # Only issue the reboot notification for servers; we proxy this by # testing that the X server is not running (LP: #244250) if ! pidof /usr/bin/X > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then /usr/share/update-notifier/n
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
Can you please paste the output of below two commands: debconf-get-selections | grep restart-without-asking dpkg-query -W libc6 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Incomplete Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
if `db_get libraries/restart-without-asking` fails with exit code 10, it means this templates is not in the debconf database. However, libc6 should be installed and configured on the system, with that template registered. I wonder, if your debconf database is corrupted / destroyed? Does $ dpkg-reconfigure libc6 help? ** Tags added: bionic ** Tags added: regression-update ** Changed in: openssl (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Incomplete Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
** Description changed: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): - installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 + installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: - libssl1.1:amd64 + libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true + + + [ Reproducer steps ] + + # DO NOT DO THIS ON PRODUCTION MACHINES # + + # echo PURGE | debconf-communicate libpam0g:amd64 + 0 + # echo PURGE | debconf-communicate libpam0g + 0 + # echo PURGE | debconf-communicate libc6:amd64 + 0 + # echo PURGE | debconf-communicate libc6 + 0 + # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1 + + . /usr/share/debconf/confmodule + + [ ! ] + + PERL_DL_NONLAZY=1 + + export PERL_DL_NONLAZY + + [ ] + + exec /usr/share/debconf/frontend /var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1 + Checking for services that may need to be restarted...done. + Checking for services that may need to be restarted...done. + Checking init scripts... + + # echo $? + 10 ** Description changed: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 The attempted fix Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - db_get libraries/restart-without-asking + db_get libraries/restart-without-asking || true + [ WORKAROUND TO RECOVER YOUR SYSTEM ] + + $ sudo dpkg-reconfigure libc6 + $ sudo dpkg --configure libssl1.1 [ Reproducer steps ] # DO NOT DO THIS ON PRODUCTION MACHINES # # echo PURGE | debconf-communicate libpam0g:amd64 0 # echo PURGE | debconf-communicate libpam0g 0 # echo PURGE | debconf-communicate libc6:amd64 0 # echo PURGE | debconf-communicate libc6 0 # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1 + . /usr/share/debconf/confmodule + [ ! ] + PERL_DL_NONLAZY=1 + export PERL_DL_NONLAZY + [ ] + exec /usr/share/debconf/frontend /var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1 Checking for services that may need to be restarted...done. Checking for services that may need to be restarted...done. Checking init scripts... # echo $? 10 ** Description changed: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 - - The attempted fix - Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst - - db_get libraries/restart-without-asking - + db_get libraries/restart-without-asking || true [ WORKAROUND TO RECOVER YOUR SYSTEM ] $ sudo dpkg-reconfigure libc6 $ sudo dpkg --configure libssl1.1 [ Reproducer steps ] # DO NOT DO THIS ON PRODUCTION MACHINES # # echo PURGE | debconf-communicate libpam0g:amd64 0 # echo PURGE | debconf-communicate libpam0g 0 # echo PURGE | debconf-communicate libc6:amd64 0 # echo PURGE | debconf-communicate libc6 0 # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1 + . /usr/share/debconf/confmodule + [ ! ] + PERL_DL_NONLAZY=1 + export PERL_DL_NONLAZY + [ ] + exec /usr/share/debconf/frontend /var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1 Checking for services that may need to be restarted...done. Checking for services that may need to be restarted...done. Checking init scripts... # echo $? 10 -- You received this bug notification because
[Touch-packages] [Bug 1832903] Re: 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver
I was able to reproduce the problem with 4.15.0-51, but problem seems to be gone using the hwe kernel 4.18.0-21-generic. I'll do a kernel bisection and try to find the commit which fixes the situation. I'll also ask another impacted user to confirm if v4.18 works fine too, to double-check my testing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wayland in Ubuntu. https://bugs.launchpad.net/bugs/1832903 Title: 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver Status in gdm3 package in Ubuntu: New Status in linux package in Ubuntu: Incomplete Status in wayland package in Ubuntu: New Bug description: After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login screen doesn't work if 'Wayland' is in use (default) and if video kernel driver is 'vgwfx'. It looks like the login screen got stuck, doesn't exit, and doesn't fallback to 'x11' by itself in case of failure. Workaround: - Access the machine via ssh or any other recovery approaches. - Force the login screen to use x11: File: /etc/gdm3/custom.conf [daemon] # Uncoment the line below to force the login screen to use Xorg WaylandEnable=false I tried to reproduce the behaviour on my personal laptop, KVM guest, ... without success. So far it is only reproducible when the 'vgwfx' driver is in use in combination with Wayland. lspci -nnvvv 00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] (prog-if 00 [VGA controller]) Subsystem: VMware SVGA II Adapter [15ad:0405] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- Capabilities: [44] PCI Advanced Features AFCap: TP+ FLR+ AFCtrl: FLR- AFStatus: TP- Kernel driver in use: vmwgfx Kernel modules: vmwgfx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1832903/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
sudo dpkg-reconfigure libc6 sudo dpkg-reconfigure libssl1.1 yields no errors Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Incomplete Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 [ WORKAROUND TO RECOVER YOUR SYSTEM ] $ sudo dpkg-reconfigure libc6 $ sudo dpkg --configure libssl1.1 [ Reproducer steps ] # DO NOT DO THIS ON PRODUCTION MACHINES # # echo PURGE | debconf-communicate libpam0g:amd64 0 # echo PURGE | debconf-communicate libpam0g 0 # echo PURGE | debconf-communicate libc6:amd64 0 # echo PURGE | debconf-communicate libc6 0 # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1 + . /usr/share/debconf/confmodule + [ ! ] + PERL_DL_NONLAZY=1 + export PERL_DL_NONLAZY + [ ] + exec /usr/share/debconf/frontend /var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1 Checking for services that may need to be restarted...done. Checking for services that may need to be restarted...done. Checking init scripts... # echo $? 10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
@Dimitri sudo debconf-get-selections | grep restart-without-asking yeilds no output and returns code 1 sudo dpkg-query -W libc6 yields libc6:amd64 2.27-3ubuntu1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1832919 Title: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 Status in openssl package in Ubuntu: Incomplete Bug description: The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 2 libssl1.1) dpkg: error processing package libssl1.1:amd64 (--configure): installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10 D02: post_script_tasks - ensure_diversions D02: post_script_tasks - trig_incorporate D02: check_triggers_cycle pnow=libc-bin:amd64 first Processing triggers for libc-bin (2.27-3ubuntu1) ... D02: post_postinst_tasks - trig_incorporate Errors were encountered while processing: libssl1.1:amd64 [ WORKAROUND TO RECOVER YOUR SYSTEM ] $ sudo dpkg-reconfigure libc6 $ sudo dpkg --configure libssl1.1 [ Reproducer steps ] # DO NOT DO THIS ON PRODUCTION MACHINES # # echo PURGE | debconf-communicate libpam0g:amd64 0 # echo PURGE | debconf-communicate libpam0g 0 # echo PURGE | debconf-communicate libc6:amd64 0 # echo PURGE | debconf-communicate libc6 0 # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1 + . /usr/share/debconf/confmodule + [ ! ] + PERL_DL_NONLAZY=1 + export PERL_DL_NONLAZY + [ ] + exec /usr/share/debconf/frontend /var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1 Checking for services that may need to be restarted...done. Checking for services that may need to be restarted...done. Checking init scripts... # echo $? 10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1832333] Re: There is no firejail-default profile in Ubuntu
OK. Could you try it on disco? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1832333 Title: There is no firejail-default profile in Ubuntu Status in AppArmor: New Status in apparmor package in Ubuntu: New Status in firejail package in Ubuntu: New Bug description: Firejail requires the firejail-default apparmor profile in /etc/apparmor.d to work together with apparmor but that doesn't exist in Ubuntu 19.04. After I had added firejail-default to /etc/apparmor.d and firejail-local to /etc/apparmor.d/local everything was OK. Could this be default in Ubuntu? To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1832333/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1815089] Re: 100% CPU / usr / lib / tracker / tracker-extract
[Expired for tracker (Ubuntu) because there has been no activity for 60 days.] ** Changed in: tracker (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tracker in Ubuntu. https://bugs.launchpad.net/bugs/1815089 Title: 100% CPU / usr / lib / tracker / tracker-extract Status in tracker package in Ubuntu: Expired Bug description: The / usr / lib / tracker / tracker-extract is using almost 100% CPU resources see attached image After updates on today's date 07/02/2019 has improved the crashes, but the hunger for CPU continues. ** O /usr/lib/tracker/tracker-extract está usando quase 100% de recursos da CPU vide imagem em anexo Após atualizações na data de hoje 07/02/2019 melhorou os travamentos, mas a fome por CPU continua. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tracker/+bug/1815089/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1824647] Re: Recurrent, annoying clicking sound but not showing any notifications
[Expired for alsa-driver (Ubuntu) because there has been no activity for 60 days.] ** Changed in: alsa-driver (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1824647 Title: Recurrent, annoying clicking sound but not showing any notifications Status in alsa-driver package in Ubuntu: Expired Bug description: About two weeks ago, my computer began to make a recurrent, irregular, clicking noise every few seconds. It occurs regardless if the computer is running on battery or electrical outlet. There are no notifications associated with this clicking noise. Changing the notifications section in systems does not stop this annoying clicking noise. This noise continues even when all browsers are shut off. Only turning the volume off stops the clicking noise. I cannot watch movies or youtube without hearing this annoying clicking noise. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 4.15.0-47.50-generic 4.15.18 Uname: Linux 4.15.0-47-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: bob2260 F pulseaudio /dev/snd/controlC0: bob2260 F pulseaudio CurrentDesktop: ubuntu:GNOME Date: Sat Apr 13 12:17:32 2019 InstallationDate: Installed on 2019-03-30 (14 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) PackageArchitecture: all ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alsa-driver Symptom: audio Title: PCI/internal sound card not detected UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 12/18/2014 dmi.bios.vendor: Insyde Corp. dmi.bios.version: V1.26 dmi.board.asset.tag: Type2 - Board Asset Tag dmi.board.name: EA50_HB dmi.board.vendor: Acer dmi.board.version: V1.26 dmi.chassis.asset.tag: Chassis Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: Acer dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnInsydeCorp.:bvrV1.26:bd12/18/2014:svnAcer:pnAspireE5-571:pvrV1.26:rvnAcer:rnEA50_HB:rvrV1.26:cvnAcer:ct10:cvrChassisVersion: dmi.product.family: SharkBay System dmi.product.name: Aspire E5-571 dmi.product.version: V1.26 dmi.sys.vendor: Acer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1824647/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp