[Touch-packages] [Bug 1824647] Re: Recurrent, annoying clicking sound but not showing any notifications

2019-06-14 Thread Launchpad Bug Tracker
[Expired for alsa-driver (Ubuntu) because there has been no activity for
60 days.]

** Changed in: alsa-driver (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1824647

Title:
  Recurrent, annoying clicking sound but not showing any notifications

Status in alsa-driver package in Ubuntu:
  Expired

Bug description:
  About two weeks ago, my computer began to make a recurrent, irregular,
  clicking noise every few seconds.  It occurs regardless if the
  computer is running on battery or electrical outlet.  There are no
  notifications associated with this clicking noise.  Changing the
  notifications section in systems does not stop this annoying clicking
  noise.  This noise continues even when all browsers are shut off.
  Only turning the volume off stops the clicking noise.  I cannot watch
  movies or youtube without hearing this annoying clicking noise.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu5
  ProcVersionSignature: Ubuntu 4.15.0-47.50-generic 4.15.18
  Uname: Linux 4.15.0-47-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC1:  bob2260 F pulseaudio
   /dev/snd/controlC0:  bob2260 F pulseaudio
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Apr 13 12:17:32 2019
  InstallationDate: Installed on 2019-03-30 (14 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  PackageArchitecture: all
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: alsa-driver
  Symptom: audio
  Title: PCI/internal sound card not detected
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 12/18/2014
  dmi.bios.vendor: Insyde Corp.
  dmi.bios.version: V1.26
  dmi.board.asset.tag: Type2 - Board Asset Tag
  dmi.board.name: EA50_HB
  dmi.board.vendor: Acer
  dmi.board.version: V1.26
  dmi.chassis.asset.tag: Chassis Asset Tag
  dmi.chassis.type: 10
  dmi.chassis.vendor: Acer
  dmi.chassis.version: Chassis Version
  dmi.modalias: 
dmi:bvnInsydeCorp.:bvrV1.26:bd12/18/2014:svnAcer:pnAspireE5-571:pvrV1.26:rvnAcer:rnEA50_HB:rvrV1.26:cvnAcer:ct10:cvrChassisVersion:
  dmi.product.family: SharkBay System
  dmi.product.name: Aspire E5-571
  dmi.product.version: V1.26
  dmi.sys.vendor: Acer

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1824647/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1815089] Re: 100% CPU / usr / lib / tracker / tracker-extract

2019-06-14 Thread Launchpad Bug Tracker
[Expired for tracker (Ubuntu) because there has been no activity for 60
days.]

** Changed in: tracker (Ubuntu)
   Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tracker in Ubuntu.
https://bugs.launchpad.net/bugs/1815089

Title:
  100% CPU / usr / lib / tracker / tracker-extract

Status in tracker package in Ubuntu:
  Expired

Bug description:
  The / usr / lib / tracker / tracker-extract is using almost 100% CPU
  resources see attached image

  After updates on today's date 07/02/2019 has improved the crashes, but
  the hunger for CPU continues.

  **

  O /usr/lib/tracker/tracker-extract está usando quase 100% de recursos
  da CPU vide imagem em anexo

  Após atualizações na data de hoje 07/02/2019 melhorou os travamentos,
  mas a fome por CPU continua.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tracker/+bug/1815089/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832333] Re: There is no firejail-default profile in Ubuntu

2019-06-14 Thread Richard Baka
OK. Could you try it on disco?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1832333

Title:
  There is no firejail-default profile in Ubuntu

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New
Status in firejail package in Ubuntu:
  New

Bug description:
  Firejail requires the firejail-default apparmor profile in
  /etc/apparmor.d to work together with apparmor but that doesn't exist
  in Ubuntu 19.04. After I had added firejail-default to /etc/apparmor.d
  and firejail-local to /etc/apparmor.d/local everything was OK.

  Could this be default in Ubuntu?

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1832333/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Amine Raounak
@Dimitri

sudo debconf-get-selections | grep restart-without-asking yeilds no
output and returns code 1

sudo dpkg-query -W libc6 yields
libc6:amd64 2.27-3ubuntu1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  [ WORKAROUND TO RECOVER YOUR SYSTEM ]

  $ sudo dpkg-reconfigure libc6
  $ sudo dpkg --configure libssl1.1

  [ Reproducer steps ]

  # DO NOT DO THIS ON PRODUCTION MACHINES #

  # echo PURGE | debconf-communicate libpam0g:amd64
  0
  # echo PURGE | debconf-communicate libpam0g
  0
  # echo PURGE | debconf-communicate libc6:amd64
  0
  # echo PURGE | debconf-communicate libc6
  0
  # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1
  + . /usr/share/debconf/confmodule
  + [ !  ]
  + PERL_DL_NONLAZY=1
  + export PERL_DL_NONLAZY
  + [  ]
  + exec /usr/share/debconf/frontend 
/var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1
  Checking for services that may need to be restarted...done.
  Checking for services that may need to be restarted...done.
  Checking init scripts...

  # echo $?
  10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Amine Raounak
sudo dpkg-reconfigure libc6
sudo dpkg-reconfigure libssl1.1

yields no errors

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  [ WORKAROUND TO RECOVER YOUR SYSTEM ]

  $ sudo dpkg-reconfigure libc6
  $ sudo dpkg --configure libssl1.1

  [ Reproducer steps ]

  # DO NOT DO THIS ON PRODUCTION MACHINES #

  # echo PURGE | debconf-communicate libpam0g:amd64
  0
  # echo PURGE | debconf-communicate libpam0g
  0
  # echo PURGE | debconf-communicate libc6:amd64
  0
  # echo PURGE | debconf-communicate libc6
  0
  # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1
  + . /usr/share/debconf/confmodule
  + [ !  ]
  + PERL_DL_NONLAZY=1
  + export PERL_DL_NONLAZY
  + [  ]
  + exec /usr/share/debconf/frontend 
/var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1
  Checking for services that may need to be restarted...done.
  Checking for services that may need to be restarted...done.
  Checking init scripts...

  # echo $?
  10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832903] Re: 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver

2019-06-14 Thread Eric Desrochers
I was able to reproduce the problem with 4.15.0-51, but problem seems to
be gone using the hwe kernel 4.18.0-21-generic.

I'll do a kernel bisection and try to find the commit which fixes the situation.
I'll also ask another impacted user to confirm if v4.18 works fine too, to 
double-check my testing.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wayland in Ubuntu.
https://bugs.launchpad.net/bugs/1832903

Title:
  18.04.2 login screen doesn't work if it uses 'wayland' and if video
  kernel driver is 'vgwfx' kernel driver

Status in gdm3 package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Incomplete
Status in wayland package in Ubuntu:
  New

Bug description:
  After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the
  login screen doesn't work if 'Wayland' is in use (default) and if
  video kernel driver is 'vgwfx'.

  It looks like the login screen got stuck, doesn't exit, and doesn't
  fallback to 'x11' by itself in case of failure.

  Workaround:
  - Access the machine via ssh or any other recovery approaches.
  - Force the login screen to use x11:

  File: /etc/gdm3/custom.conf
  [daemon]
  # Uncoment the line below to force the login screen to use Xorg
  WaylandEnable=false

  I tried to reproduce the behaviour on my personal laptop, KVM guest,
  ... without success.

  So far it is only reproducible when the 'vgwfx' driver is in use in
  combination with Wayland.

  lspci -nnvvv
  
  00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] 
(prog-if 00 [VGA controller])
   Subsystem: VMware SVGA II Adapter [15ad:0405]
   Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
   Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- 
   Capabilities: [44] PCI Advanced Features
    AFCap: TP+ FLR+
    AFCtrl: FLR-
    AFStatus: TP-
   Kernel driver in use: vmwgfx
   Kernel modules: vmwgfx
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1832903/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Dimitri John Ledkov
** Description changed:

  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)
  
  dpkg: error processing package libssl1.1:amd64 (--configure):
-  installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
+  installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
-  libssl1.1:amd64
+  libssl1.1:amd64
  
  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true
+ 
+ 
+ [ Reproducer steps ]
+ 
+ # DO NOT DO THIS ON PRODUCTION MACHINES #
+ 
+ # echo PURGE | debconf-communicate libpam0g:amd64
+ 0
+ # echo PURGE | debconf-communicate libpam0g
+ 0
+ # echo PURGE | debconf-communicate libc6:amd64
+ 0
+ # echo PURGE | debconf-communicate libc6
+ 0
+ # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1
+ + . /usr/share/debconf/confmodule
+ + [ !  ]
+ + PERL_DL_NONLAZY=1
+ + export PERL_DL_NONLAZY
+ + [  ]
+ + exec /usr/share/debconf/frontend 
/var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1
+ Checking for services that may need to be restarted...done.
+ Checking for services that may need to be restarted...done.
+ Checking init scripts...
+ 
+ # echo $?
+ 10

** Description changed:

  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)
  
  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64
  
  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true
  
+ [ WORKAROUND TO RECOVER YOUR SYSTEM ]
+ 
+ $ sudo dpkg-reconfigure libc6
+ $ sudo dpkg --configure libssl1.1
  
  [ Reproducer steps ]
  
  # DO NOT DO THIS ON PRODUCTION MACHINES #
  
  # echo PURGE | debconf-communicate libpam0g:amd64
  0
  # echo PURGE | debconf-communicate libpam0g
  0
  # echo PURGE | debconf-communicate libc6:amd64
  0
  # echo PURGE | debconf-communicate libc6
  0
  # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1
  + . /usr/share/debconf/confmodule
  + [ !  ]
  + PERL_DL_NONLAZY=1
  + export PERL_DL_NONLAZY
  + [  ]
  + exec /usr/share/debconf/frontend 
/var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1
  Checking for services that may need to be restarted...done.
  Checking for services that may need to be restarted...done.
  Checking init scripts...
  
  # echo $?
  10

** Description changed:

  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)
  
  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64
- 
- The attempted fix
- Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
- - db_get libraries/restart-without-asking
- + db_get libraries/restart-without-asking || true
  
  [ WORKAROUND TO RECOVER YOUR SYSTEM ]
  
  $ sudo dpkg-reconfigure libc6
  $ sudo dpkg --configure libssl1.1
  
  [ Reproducer steps ]
  
  # DO NOT DO THIS ON PRODUCTION MACHINES #
  
  # echo PURGE | debconf-communicate libpam0g:amd64
  0
  # echo PURGE | debconf-communicate libpam0g
  0
  # echo PURGE | debconf-communicate libc6:amd64
  0
  # echo PURGE | debconf-communicate libc6
  0
  # sh -x /var/lib/dpkg/info/libssl1.1\:amd64.postinst configure 1.1.1
  + . /usr/share/debconf/confmodule
  + [ !  ]
  + PERL_DL_NONLAZY=1
  + export PERL_DL_NONLAZY
  + [  ]
  + exec /usr/share/debconf/frontend 
/var/lib/dpkg/info/libssl1.1:amd64.postinst configure 1.1.1
  Checking for services that may need to be restarted...done.
  Checking for services that may need to be restarted...done.
  Checking init scripts...
  
  # echo $?
  10

-- 
You received this bug notification 

[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Dimitri John Ledkov
if `db_get libraries/restart-without-asking` fails with exit code 10, it
means this templates is not in the debconf database.

However, libc6 should be installed and configured on the system, with
that template registered.

I wonder, if your debconf database is corrupted / destroyed? Does

$ dpkg-reconfigure libc6

help?

** Tags added: bionic

** Tags added: regression-update

** Changed in: openssl (Ubuntu)
   Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Dimitri John Ledkov
Can you please paste the output of below two commands:


debconf-get-selections | grep restart-without-asking

dpkg-query -W libc6

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server

2019-06-14 Thread Seth Arnold
I'm not sure how to do SRU verification on this update. I don't know a
set of steps to take to see the update notification when running X11.
Upgrading and downgrading among several packages did NOT show the update
notification:

sarnold@hunt:/tmp$ sudo dpkg -i 
~/Downloads/libssl1.1_1.1.1-1ubuntu2.1~18.04.1_amd64.deb 
(Reading database ... 293979 files and directories currently installed.)
Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.1_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.1) over 
(1.1.1-1ubuntu2.1~18.04.1) ...
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
sarnold@hunt:/tmp$ sudo apt-get install libssl1.1=1.1.1-1ubuntu2.1~18.04.2
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.15.0-48 linux-headers-4.15.0-48-generic 
linux-image-4.15.0-48-generic
  linux-modules-4.15.0-48-generic linux-modules-extra-4.15.0-48-generic 
linux-tools-4.15.0-48
  linux-tools-4.15.0-48-generic
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
  libssl1.1
1 upgraded, 0 newly installed, 0 to remove and 73 not upgraded.
Need to get 0 B/1,295 kB of archives.
After this operation, 0 B of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 293979 files and directories currently installed.)
Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.2_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) over 
(1.1.1-1ubuntu2.1~18.04.1) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ...
Checking for services that may need to be restarted...done.
Checking for services that may need to be restarted...done.
Checking init scripts...

Restarting services possibly affected by the upgrade:

Services restarted successfully.

Processing triggers for libc-bin (2.27-3ubuntu1) ...
sarnold@hunt:/tmp$ sudo apt-get install libssl1.1=1.1.1-1ubuntu2.1~18.04.3
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.15.0-48 linux-headers-4.15.0-48-generic 
linux-image-4.15.0-48-generic
  linux-modules-4.15.0-48-generic linux-modules-extra-4.15.0-48-generic 
linux-tools-4.15.0-48
  linux-tools-4.15.0-48-generic
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
  libssl1.1
1 upgraded, 0 newly installed, 0 to remove and 73 not upgraded.
Need to get 0 B/1,295 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 293979 files and directories currently installed.)
Preparing to unpack .../libssl1.1_1.1.1-1ubuntu2.1~18.04.3_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.3) over 
(1.1.1-1ubuntu2.1~18.04.2) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.3) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...

I'm going to mark this verification-done-bionic, because the notifier
didn't show on my desktop system. Feel free to revert if you know a good
way to see the notification on a desktop when it shouldn't have been
visible.

Thanks

** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832421

Title:
  openssl reboot needed message using incorrect path to X server

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  Fix Committed
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Committed
Status in openssl source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

   * On desktop, upgrading libssl1.1 does not show reboot required
  notification

  [Test Case]

   * Boot ubuntu desktop
   * Upgrade libssl1.1
   * Observe reboot notification pop-up from update-notifier is _not_ shown

  [Regression Potential]

   * Tweaking postinst only to correct for the Xorg path. Current code
  is innert, but is well excercised in prior releases.

  [Other Info]

   * Original bug report:

  Hello, the openssl library postinst file is using pidof /usr/bin/X,
  but that doesn't appear to be the path to the X11 server any more:

  debian/libssl1.1.postinst:

  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  

[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Seth Arnold
Stephen, AMD invented the 64 bit extensions to the x86 instruction set
and brought their processors to market well before Intel brought theirs
to market. Thus AMD won a huge amount of name recognition. Debian
standardized on "amd64" to name packages for the architecture many years
ago.

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Stephen Davidson
Note: My system in question is an x86_64 (Intel CPU) so not sure why AMD
packages are showing up here.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status

2019-06-14 Thread Stephen Davidson
During system upgrade:
sudo apt-get upgrade
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  firefox firefox-locale-en gir1.2-xapp-1.0 libxapp1 openssl xapps-common
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 0 B/50.6 MB of archives.
After this operation, 106 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ...
Checking for services that may need to be restarted...done.
Checking for services that may need to be restarted...done.
Checking init scripts...
dpkg: error processing package libssl1.1:amd64 (--configure):
 installed libssl1.1:amd64 package post-installation script subprocess returned 
error exit status 10
Errors were encountered while processing:
 libssl1.1:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

2019-06-14 Thread Amine Raounak
** Summary changed:

- installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status
+ installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status

2019-06-14 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: openssl (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status 10

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] Re: installed libssl1.1:amd64 package post-installation script subprocess returned error exit status

2019-06-14 Thread Amine Raounak
Version 1.1.1-1ubuntu2.1~18.04.2

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status

Status in openssl package in Ubuntu:
  New

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832919] [NEW] installed libssl1.1:amd64 package post-installation script subprocess returned error exit status

2019-06-14 Thread Amine Raounak
Public bug reported:

The error happens when trying to configure libssl1.1:amd64 (dpkg
--configure -D 2  libssl1.1)

dpkg: error processing package libssl1.1:amd64 (--configure):
 installed libssl1.1:amd64 package post-installation script subprocess returned 
error exit status 10
D02: post_script_tasks - ensure_diversions
D02: post_script_tasks - trig_incorporate
D02: check_triggers_cycle pnow=libc-bin:amd64 first
Processing triggers for libc-bin (2.27-3ubuntu1) ...
D02: post_postinst_tasks - trig_incorporate
Errors were encountered while processing:
 libssl1.1:amd64

The attempted fix
Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
- db_get libraries/restart-without-asking
+ db_get libraries/restart-without-asking || true

** Affects: openssl (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: libssl1.1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832919

Title:
  installed libssl1.1:amd64 package post-installation script subprocess
  returned error exit status

Status in openssl package in Ubuntu:
  New

Bug description:
  The error happens when trying to configure libssl1.1:amd64 (dpkg
  --configure -D 2  libssl1.1)

  dpkg: error processing package libssl1.1:amd64 (--configure):
   installed libssl1.1:amd64 package post-installation script subprocess 
returned error exit status 10
  D02: post_script_tasks - ensure_diversions
  D02: post_script_tasks - trig_incorporate
  D02: check_triggers_cycle pnow=libc-bin:amd64 first
  Processing triggers for libc-bin (2.27-3ubuntu1) ...
  D02: post_postinst_tasks - trig_incorporate
  Errors were encountered while processing:
   libssl1.1:amd64

  The attempted fix
  Line #153 of file /var/lib/dpkg/info/libssl1.1\:amd64.postinst
  - db_get libraries/restart-without-asking
  + db_get libraries/restart-without-asking || true

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832919/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1825448] Proposed package upload rejected

2019-06-14 Thread Steve Langasek
An upload of gnupg to xenial-proposed has been rejected from the upload
queue for the following reason: "fixing tests only does not fit the SRU
policy".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1825448

Title:
  gnupg2 autopkgtest 'simple-tests' should be included in x/b/c

Status in gnupg package in Ubuntu:
  Invalid
Status in gnupg2 package in Ubuntu:
  Fix Released
Status in gnupg source package in Xenial:
  New
Status in gnupg2 source package in Xenial:
  New
Status in gnupg2 source package in Bionic:
  New
Status in gnupg2 source package in Cosmic:
  New

Bug description:
  [impact]

  b/c currently only have gpgv-win32 test, which is limited in what it
  tests and what archs it runs on.  additionally, it always fails (see
  bug 1825186).

  x currently has no tests at all for gnupg or gnupg2.

  [test case]

  run autopkgtests for gnupg2 on b/c.

  [regession potential]

  adding a testcase may result in the testcase incorrectly failing in
  the future.

  [other info]

  this test case is cherry-picked from gnupg2 in disco.

  the test case required slight modification for gnupg v1, as 'Key-Type:
  default' only works with v2.  Note that Xenial is the last release
  that carries gnupg v1; Bionic and later carry only gnupg v2.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1825448/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1825186] Proposed package upload rejected

2019-06-14 Thread Steve Langasek
An upload of gnupg to xenial-proposed has been rejected from the upload
queue for the following reason: "fixing tests only does not fit the SRU
policy".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1825186

Title:
  gpgv-win32 autopkgtest always fails

Status in gnupg package in Ubuntu:
  Invalid
Status in gnupg2 package in Ubuntu:
  Opinion
Status in gnupg source package in Xenial:
  New
Status in gnupg2 source package in Bionic:
  New
Status in gnupg2 source package in Cosmic:
  New
Status in gnupg2 source package in Disco:
  Fix Released

Bug description:
  [impact]

  gpgv-win32 autopkgtest always fails

  [test case]

  check http://autopkgtest.ubuntu.com/packages/g/gnupg2

  or run autopkgtest manually

  note the gpgv-win32 test is skipped on ppc64el and s390x for b/c, and
  has been removed from d/t/control entirely in d

  [regression potential]

  little to none; this affects the test case only

  [other info]

  as mentioned, in disco, the gpgv-win32 test has been removed from the
  tests/control completely.  not sure if that is a better approach than
  fixing the test case.  For now, I marked this Fix Released for disco
  since it doesn't fail there (since the testcase was removed).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1825186/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1825856] Proposed package upload rejected

2019-06-14 Thread Steve Langasek
An upload of gnupg to xenial-proposed has been rejected from the upload
queue for the following reason: "fixing tests only does not fit the SRU
policy".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1825856

Title:
  gnupg package 'gpgv-udeb' conflicts with gnupg2 (xenial)

Status in gnupg package in Ubuntu:
  Fix Released
Status in gnupg source package in Xenial:
  New

Bug description:
  [impact]

  both the 'gnupg' and 'gnupg2' sources build 'gpgv-udeb' for xenial.

  therefore, gnupg FTUFS since its version is < gnupg2 version.

  [test case]

  attempt to upload 'gnupg' and 'gnupg2' into a PPA.

  for example see this ppa:
  
https://launchpad.net/~ddstreet/+archive/ubuntu/lp1825186/+packages?field.name_filter=_filter=superseded_filter=

  version 1.4.20-1ubuntu3.3+bug1825186v20190422b1 shows this problem;
  all archs failed because:

  
  INFO  gpgv-udeb_1.4.20-1ubuntu3.3+bug1825186v20190422b1_amd64.udeb: Version 
older than that in the archive. 1.4.20-1ubuntu3.3+bug1825186v20190422b1 <= 
2.1.11-6ubuntu2.1+bug1825186v20190419b3

  
  from:
  https://launchpadlibrarian.net/420547534/upload_16673848_log.txt

  [regression potential]

  low; the gpgv-udeb pkg is provided by gnupg2 in xenial and should not
  be built by gnupg.

  [other info]

  the v1 pkg is not what is reported by rmadison:

  $ rmadison gpgv-udeb | grep xenial
   gpgv-udeb | 2.1.11-6ubuntu2| xenial/main/debian-installer   | 
amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
   gpgv-udeb | 2.1.11-6ubuntu2.1  | xenial-security/main/debian-installer  | 
amd64, arm64, armhf, i386, powerpc, ppc64el, s390x
   gpgv-udeb | 2.1.11-6ubuntu2.1  | xenial-updates/main/debian-installer   | 
amd64, arm64, armhf, i386, powerpc, ppc64el, s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1825856/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

2019-06-14 Thread Steve Wills
Hi,

The package version 1.1.1-1ubuntu2.1~18.04.3 does fix it for me, thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832659

Title:
  openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

Status in OpenSSL:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  Fix Committed
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Released
Status in openssl source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
   * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.

  [Test Case]

   * wget
  
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py

   * python3 ./test_multiple_libssl_libcrypto_init.py

  test_multiple_init (__main__.TestMultipleInit) ... ok

  --
  Ran 1 test in 0.014s

  OK

  [Regression Potential]

   * This is a cherrypick from upstream, and is backwards compatible
  with existing code. Simply init succeeds under more conditions now,
  than it did previously in 1.1.1. Also with this fix, OpenSSL is back
  to how things used to work with 1.1.0 and prior releases.

  [Original Bug report]

  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:

  https://github.com/openssl/openssl/issues/7350

  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832903] Missing required logs.

2019-06-14 Thread Ubuntu Kernel Bot
This bug is missing log files that will aid in diagnosing the problem.
While running an Ubuntu kernel (not a mainline or third-party kernel)
please enter the following command in a terminal window:

apport-collect 1832903

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.

** Changed in: linux (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wayland in Ubuntu.
https://bugs.launchpad.net/bugs/1832903

Title:
  18.04.2 login screen doesn't work if it uses 'wayland' and if video
  kernel driver is 'vgwfx' kernel driver

Status in gdm3 package in Ubuntu:
  New
Status in linux package in Ubuntu:
  Incomplete
Status in wayland package in Ubuntu:
  New

Bug description:
  After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the
  login screen doesn't work if 'Wayland' is in use (default) and if
  video kernel driver is 'vgwfx'.

  It looks like the login screen got stuck, doesn't exit, and doesn't
  fallback to 'x11' by itself in case of failure.

  Workaround:
  - Access the machine via ssh or any other recovery approaches.
  - Force the login screen to use x11:

  File: /etc/gdm3/custom.conf
  [daemon]
  # Uncoment the line below to force the login screen to use Xorg
  WaylandEnable=false

  I tried to reproduce the behaviour on my personal laptop, KVM guest,
  ... without success.

  So far it is only reproducible when the 'vgwfx' driver is in use in
  combination with Wayland.

  lspci -nnvvv
  
  00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] 
(prog-if 00 [VGA controller])
   Subsystem: VMware SVGA II Adapter [15ad:0405]
   Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
   Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- 
   Capabilities: [44] PCI Advanced Features
    AFCap: TP+ FLR+
    AFCtrl: FLR-
    AFStatus: TP-
   Kernel driver in use: vmwgfx
   Kernel modules: vmwgfx
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1832903/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832903] [NEW] 18.04.2 login screen doesn't work if it uses 'wayland' and if video kernel driver is 'vgwfx' kernel driver

2019-06-14 Thread Eric Desrochers
Public bug reported:

After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login
screen doesn't work if 'Wayland' is in use (default) and if video kernel
driver is 'vgwfx'.

It looks like the login screen got stuck, doesn't exit, and doesn't
fallback to 'x11' by itself in case of failure.

Workaround:
- Access the machine via ssh or any other recovery approaches.
- Force the login screen to use x11:

File: /etc/gdm3/custom.conf
[daemon]
# Uncoment the line below to force the login screen to use Xorg
WaylandEnable=false

I tried to reproduce the behaviour on my personal laptop, KVM guest, ...
without success.

So far it is only reproducible when the 'vgwfx' driver is in use in
combination with Wayland.

lspci -nnvvv

00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] 
(prog-if 00 [VGA controller])
 Subsystem: VMware SVGA II Adapter [15ad:0405]
 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- 
SERR- FastB2B- DisINTx-
 Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- 
 Capabilities: [44] PCI Advanced Features
  AFCap: TP+ FLR+
  AFCtrl: FLR-
  AFStatus: TP-
 Kernel driver in use: vmwgfx
 Kernel modules: vmwgfx


** Affects: gdm3 (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: linux (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: wayland (Ubuntu)
 Importance: Undecided
 Status: New

** Also affects: linux (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: wayland (Ubuntu)
   Importance: Undecided
   Status: New

** Description changed:

  After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the login
- screen doesn't work if it 'wayland' is in use (default) and if video
- kernel driver inside is 'vgwfx'.
+ screen doesn't work if 'Wayland' is in use (default) and if video kernel
+ driver is 'vgwfx'.
  
  It looks like the login screen got stuck, doesn't exit, and doesn't
  fallback to 'x11' by itself in case of failure.
  
  Workaround:
- Force the login screen to use x11:
+ - Access the machine via ssh or any other recovery approaches.
+ - Force the login screen to use x11:
  
- File: /etc/gdm3/custom.conf 
+ File: /etc/gdm3/custom.conf
  [daemon]
  # Uncoment the line below to force the login screen to use Xorg
  WaylandEnable=false
  
- I tried to reproduce the behaviour on my personal laptop, KVM guest, ... 
without success.
- So far it is only reproducible when the 'vgwfx' driver is in use in 
combination with Wayland.
+ I tried to reproduce the behaviour on my personal laptop, KVM guest, ...
+ without success.
  
+ So far it is only reproducible when the 'vgwfx' driver is in use in
+ combination with Wayland.
+ 
+ lspci -nnvvv
  
  00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter [15ad:0405] 
(prog-if 00 [VGA controller])
-   Subsystem: VMware SVGA II Adapter [15ad:0405]
-   Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
-   Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- 
SERR- 
-   Capabilities: [44] PCI Advanced Features
-   AFCap: TP+ FLR+
-   AFCtrl: FLR-
-   AFStatus: TP-
-   Kernel driver in use: vmwgfx
-   Kernel modules: vmwgfx
+  Subsystem: VMware SVGA II Adapter [15ad:0405]
+  Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
+  Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- 
+  Capabilities: [44] PCI Advanced Features
+   AFCap: TP+ FLR+
+   AFCtrl: FLR-
+   AFStatus: TP-
+  Kernel driver in use: vmwgfx
+  Kernel modules: vmwgfx
  

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wayland in Ubuntu.
https://bugs.launchpad.net/bugs/1832903

Title:
  18.04.2 login screen doesn't work if it uses 'wayland' and if video
  kernel driver is 'vgwfx' kernel driver

Status in gdm3 package in Ubuntu:
  New
Status in linux package in Ubuntu:
  New
Status in wayland package in Ubuntu:
  New

Bug description:
  After an upgrade from xenial to 18.04.2 OR 18.04.1 to 18.04.2 ,the
  login screen doesn't work if 'Wayland' is in use (default) and if
  video kernel driver is 'vgwfx'.

  It looks like the login screen got stuck, doesn't exit, and doesn't
  fallback to 'x11' by itself in case of failure.

  Workaround:
  - Access the machine via ssh or any other recovery approaches.
  - Force the login screen to use x11:

  File: /etc/gdm3/custom.conf
  [daemon]
  # Uncoment the line below to force the login screen to use Xorg
  WaylandEnable=false

  I tried to reproduce the behaviour on my personal laptop, KVM guest,
  ... without success.

  So far it is only reproducible when the 'vgwfx' driver is in use in
  combination with Wayland.

  lspci -nnvvv
  
  00:0f.0 VGA compatible controller [0300]: VMware SVGA II Adapter 

[Touch-packages] [Bug 1818527] Re: Stub resolver cache is corrupted

2019-06-14 Thread Heitor Alves de Siqueira
Verified for Bionic:

ubuntu@bionic:~$ dpkg -l | grep systemd
ii  systemd   237-3ubuntu10.23  
amd64system and service manager

ubuntu@bionic:~$ systemd-resolve --flush-caches

ubuntu@bionic:~$ dig +noall +answer github.com CNAME

ubuntu@bionic:~$ dig +noall +answer github.com A
github.com. 18  IN  A   140.82.118.4


** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1818527

Title:
  Stub resolver cache is corrupted

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Invalid
Status in systemd source package in Bionic:
  Fix Committed

Bug description:
  [Impact]
  systemd-resolved fails to resolve A records

  [Description]
  When systemd-resolve caches a non-existent CNAME record for a specific 
domain, further attempts at resolving A records for that same domain  fail. 
This has been fixed upstream in v240.

  Upstream commit:
  https://github.com/systemd/systemd/commit/3740146a4cbd

  $ git describe --contains 3740146a4cbd
  v240~839

  $ rmadison systemd --arch amd64
   systemd | 229-4ubuntu4 | xenial  | source, ...
   systemd | 229-4ubuntu21.21 | xenial-security | source, ...
   systemd | 229-4ubuntu21.21 | xenial-updates  | source, ...
   systemd | 237-3ubuntu10| bionic  | source, ...
   systemd | 237-3ubuntu10.19 | bionic-security | source, ...
   systemd | 237-3ubuntu10.21 | bionic-updates  | source, ...
   systemd | 237-3ubuntu10.22 | bionic-proposed | source, ...
   systemd | 239-7ubuntu10| cosmic  | source, ...
   systemd | 239-7ubuntu10.12 | cosmic-security | source, ...
   systemd | 239-7ubuntu10.13 | cosmic-updates  | source, ...
   systemd | 239-7ubuntu10.14 | cosmic-proposed | source, ...
   systemd | 240-6ubuntu5 | disco   | source, ...
   systemd | 240-6ubuntu5.1   | disco-proposed  | source, ...
   systemd | 240-6ubuntu9 | eoan| source, ...

  Despite the package versions above, only Bionic is affected. Cosmic
  already includes a backported fix, and Xenial doesn't seem affected
  due  to resolvconf handling DNS resolution.

  [Test Case]
  Flush resolved's caches and try resolving a non-existent CNAME record. 
Further resolution attempts for the corresponding A record will fail:

  #1
  On a Bionic host:
  $ systemd-resolve --flush-caches
  $ dig github.com CNAME
  
  ;; QUESTION SECTION:
  ;github.com.  IN  CNAME

  ;; Query time: 47 msec
  .

  $ dig github.com A
  
  ;; QUESTION SECTION:
  ;github.com.  IN  A

  ;; Query time: 0 msec
  

  While in reality, if no non-existent CNAME result query has been made
  first:

  $ systemd-resolve --flush-caches
  $ dig github.com
  
  ; QUESTION SECTION:
  ;github.com.  IN  A

  ;; ANSWER SECTION:
  github.com.   59  IN  A   192.30.253.112

  ;; Query time: 51 msec
  

  #2
  On a Bionic host:
  $ systemd-resolve --flush-caches
  $ dig github.com CNAME
  $ dig github.com A

  Build a lxd container with Cosmic/Disco/Eoan (systemd-240):
  $ lxc launch ubuntu:cosmic cosmiclxd
  $ lxd exec cosmiclxd bash
  $ dig github.com A
  
  ;; QUESTION SECTION:
  ;github.com.  IN  A

  ;; Query time: 0 msec
  

  Despite the fact that Cosmic and late has the proper systemd fix,
  Cosmic/Disco/Eoan container can suffer from the bug too if the host is
  Bionic (container uses the host as a DNS resolver).

  So you may face the problem inside Cosmic/Disco/Eoan container, but
  it's still the same Bionic systemd bug.

  [Regression Potential]
  The regression potential for this fix should be very low, as it's a direct 
cherry-pick from upstream systemd. It has seen extensive testing  in both 
upstream and other Ubuntu releases, and was verified for Bionic through 
autopkgtests.

  

  [Original Description]

  It seems that when systemd-resolve cache an non-existent CNAME record
  for a domain, any attempt to resolve A record for the same domain
  fail.

  systemd version the issue has been seen with
  Installed: 237-3ubuntu10.13
  Used distribution

  Distributor ID: Ubuntu
  Description: Ubuntu 18.04.2 LTS
  Release: 18.04
  Codename: bionic

  Expected behaviour you didn't see

  Return A record for a domain when it exists.

  Unexpected behaviour you saw

  Resolution failed.

  Steps to reproduce the problem

  Whait for 1 minutes (github.com TTL for A record)

  Try to resolv github.com CNAME record dig CNAME github.com

  This will return an empty result.

  Then try to resolve github.com A record dig A github.com.

  This will now return empty result unless you restart systemd-resolved
  or wait for cache 

[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server

2019-06-14 Thread Steve Langasek
Hello Seth, or anyone else affected,

Accepted openssl into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.3 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssl (Ubuntu Bionic)
   Status: New => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832421

Title:
  openssl reboot needed message using incorrect path to X server

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  Fix Committed
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Committed
Status in openssl source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

   * On desktop, upgrading libssl1.1 does not show reboot required
  notification

  [Test Case]

   * Boot ubuntu desktop
   * Upgrade libssl1.1
   * Observe reboot notification pop-up from update-notifier is _not_ shown

  [Regression Potential]

   * Tweaking postinst only to correct for the Xorg path. Current code
  is innert, but is well excercised in prior releases.

  [Other Info]

   * Original bug report:

  Hello, the openssl library postinst file is using pidof /usr/bin/X,
  but that doesn't appear to be the path to the X11 server any more:

  debian/libssl1.1.postinst:

  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  /usr/share/update-notifier/notify-reboot-required
  fi

  On my 18.04 LTS laptop:

  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

2019-06-14 Thread Steve Langasek
Hello Steve, or anyone else affected,

Accepted openssl into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.3 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssl (Ubuntu Bionic)
   Status: New => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832659

Title:
  openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

Status in OpenSSL:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  Fix Committed
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Released
Status in openssl source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
   * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.

  [Test Case]

   * wget
  
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py

   * python3 ./test_multiple_libssl_libcrypto_init.py

  test_multiple_init (__main__.TestMultipleInit) ... ok

  --
  Ran 1 test in 0.014s

  OK

  [Regression Potential]

   * This is a cherrypick from upstream, and is backwards compatible
  with existing code. Simply init succeeds under more conditions now,
  than it did previously in 1.1.1. Also with this fix, OpenSSL is back
  to how things used to work with 1.1.0 and prior releases.

  [Original Bug report]

  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:

  https://github.com/openssl/openssl/issues/7350

  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1803601] Re: motd-news.service scheduled even when /etc/update-motd.d/50-motd-news is not executable

2019-06-14 Thread Brian Murray
** Tags added: bionic bitsize eoan

** Tags removed: bitsize
** Tags added: bitesize

** Changed in: base-files (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to base-files in Ubuntu.
https://bugs.launchpad.net/bugs/1803601

Title:
  motd-news.service scheduled even when /etc/update-motd.d/50-motd-news
  is not executable

Status in base-files package in Ubuntu:
  New

Bug description:
  update-motd(5) says:

   Executable scripts in /etc/update-motd.d/* are executed by pam_motd(8) as 
the root user at each
   login, and this information is concatenated in /run/motd.dynamic.  The order 
of  script  execu‐
   tion is determined by the run-parts(8) --lsbsysinit option (basically 
alphabetical order, with
   a few caveats).

  So sysadmins are used to "chmod -x" motd fragments from /etc/update-
  motd.d/ to prevent their execution. When doing so for /etc/update-
  motd.d/50-motd-news, I noticed that motd-news.timer was still trying
  to execute the motd-news.service unit which then logged a failure:

   systemd[3704]: motd-news.service: Failed to execute command: Permission 
denied
   systemd[3704]: motd-news.service: Failed at step EXEC spawning 
/etc/update-motd.d/50-motd-news:
    Permission denied
   systemd[1]: motd-news.service: Main process exited, code=exited, 
status=203/EXEC
   systemd[1]: motd-news.service: Failed with result 'exit-code'.
   systemd[1]: Failed to start Message of the Day.

  
  The motd-news.service unit looks like this:

  $ systemctl cat motd-news.service
  # /lib/systemd/system/motd-news.service
  [Unit]
  Description=Message of the Day
  After=network-online.target
  Documentation=man:update-motd(8)

  [Service]
  Type=oneshot
  ExecStart=/etc/update-motd.d/50-motd-news --force

  
  This problem was observed on a Bionic system:

  $ lsb_release -rd
  Description:  Ubuntu 18.04.1 LTS
  Release:  18.04
  $ apt-cache policy base-files
  base-files:
    Installed: 10.1ubuntu2.3
    Candidate: 10.1ubuntu2.3
    Version table:
   *** 10.1ubuntu2.3 500
  500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   10.1ubuntu2.2 500
  500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 
Packages
   10.1ubuntu2 500
  500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

  But the problem also exist in Disco.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1803601/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832886] Re: 50-motd-news always called with --force

2019-06-14 Thread Steve Langasek
No.  The --force option is passed when called from the service.  It is
NOT passed when the script is called via update-motd during login.

** Changed in: base-files (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to base-files in Ubuntu.
https://bugs.launchpad.net/bugs/1832886

Title:
  50-motd-news always called with --force

Status in base-files package in Ubuntu:
  Invalid

Bug description:
  I was looking at the motd-news.service file and 50-motd-news recently
  and discovered that 50-motd-news is always called with --force.

  bdmurray@clean-disco-amd64:~$ systemctl cat motd-news.service
  # /lib/systemd/system/motd-news.service
  [Unit]
  Description=Message of the Day
  After=network-online.target
  Documentation=man:update-motd(8)

  [Service]
  Type=oneshot
  ExecStart=/etc/update-motd.d/50-motd-news --force

  However, 50-motd-news leads one to believe that it would be faster if
  it were not called with --force.

  "
  # If we're not forcing an update, and we have a cached motd-news file,
  # then just print it and exit as quickly as possible, for login performance.
  # Note that systemd should keep this cache file up to date, asynchronously
  if [ "$FORCED" != "1" ]; then
  if [ -r $CACHE ]; then
  echo
  safe_print $CACHE
  else
  : > $CACHE
  fi
  exit 0
  fi
  "

  So is login performance being degraded since 50-motd-news is always
  called with --force?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1832886/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832886] [NEW] 50-motd-news always called with --force

2019-06-14 Thread Brian Murray
Public bug reported:

I was looking at the motd-news.service file and 50-motd-news recently
and discovered that 50-motd-news is always called with --force.

bdmurray@clean-disco-amd64:~$ systemctl cat motd-news.service
# /lib/systemd/system/motd-news.service
[Unit]
Description=Message of the Day
After=network-online.target
Documentation=man:update-motd(8)

[Service]
Type=oneshot
ExecStart=/etc/update-motd.d/50-motd-news --force

However, 50-motd-news leads one to believe that it would be faster if it
were not called with --force.

"
# If we're not forcing an update, and we have a cached motd-news file,
# then just print it and exit as quickly as possible, for login performance.
# Note that systemd should keep this cache file up to date, asynchronously
if [ "$FORCED" != "1" ]; then
if [ -r $CACHE ]; then
echo
safe_print $CACHE
else
: > $CACHE
fi
exit 0
fi
"

So is login performance being degraded since 50-motd-news is always
called with --force?

** Affects: base-files (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: disco eoan rls-ee-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to base-files in Ubuntu.
https://bugs.launchpad.net/bugs/1832886

Title:
  50-motd-news always called with --force

Status in base-files package in Ubuntu:
  New

Bug description:
  I was looking at the motd-news.service file and 50-motd-news recently
  and discovered that 50-motd-news is always called with --force.

  bdmurray@clean-disco-amd64:~$ systemctl cat motd-news.service
  # /lib/systemd/system/motd-news.service
  [Unit]
  Description=Message of the Day
  After=network-online.target
  Documentation=man:update-motd(8)

  [Service]
  Type=oneshot
  ExecStart=/etc/update-motd.d/50-motd-news --force

  However, 50-motd-news leads one to believe that it would be faster if
  it were not called with --force.

  "
  # If we're not forcing an update, and we have a cached motd-news file,
  # then just print it and exit as quickly as possible, for login performance.
  # Note that systemd should keep this cache file up to date, asynchronously
  if [ "$FORCED" != "1" ]; then
  if [ -r $CACHE ]; then
  echo
  safe_print $CACHE
  else
  : > $CACHE
  fi
  exit 0
  fi
  "

  So is login performance being degraded since 50-motd-news is always
  called with --force?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1832886/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832865] Re: gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user

2019-06-14 Thread Bug Watch Updater
** Changed in: accountsservice
   Status: Unknown => New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to accountsservice in Ubuntu.
https://bugs.launchpad.net/bugs/1832865

Title:
  gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index ->
  g_hash_table_lookup_node -> g_hash_table_lookup -> update_user

Status in accountsservice:
  New
Status in accountsservice package in Ubuntu:
  Triaged
Status in gnome-shell package in Ubuntu:
  Won't Fix

Bug description:
  The Ubuntu Error Tracker has been receiving reports about a problem regarding 
gnome-shell.  This problem was most recently seen with package version 
3.32.1-1ubuntu1~19.04.1, the problem page at 
https://errors.ubuntu.com/problem/1a63c83d1c90f48036a2f839bf608738eefde4c8 
contains more details, including versions of packages affected, stacktrace or 
traceback, and individual crash reports.
  If you do not have access to the Ubuntu Error Tracker and are a software 
developer, you can request it at http://forms.canonical.com/reports/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/accountsservice/+bug/1832865/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832882] [NEW] libcurl-gnutls segfaults spotify client

2019-06-14 Thread mrvanes
Public bug reported:

The latest release of Spotify client segfaults in libcurl-gnutls as can be read 
in this thread on spotify support forum:
https://community.spotify.com/t5/Desktop-Linux/Ubuntu-19-04-deb-package-segfault/td-p/4761479

According to one participant the work-around is to install debian
packages libgnutls30_3.6.8-1_amd64.deb and
libcurl3-gnutls_7.64.0-3_amd64.deb

Ubuntu 19.04 version of the packages:
libgnutls30 3.6.5-2ubuntu1.1
libcurl3-gnutls 7.64.0-2ubuntu1.1

As the bug can be resolved by installing debian packages, I assume
Ubuntu's version of the packages is at fault and should be upgraded to
match debian's level as soon as possible.

** Affects: curl (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1832882

Title:
  libcurl-gnutls segfaults spotify client

Status in curl package in Ubuntu:
  New

Bug description:
  The latest release of Spotify client segfaults in libcurl-gnutls as can be 
read in this thread on spotify support forum:
  
https://community.spotify.com/t5/Desktop-Linux/Ubuntu-19-04-deb-package-segfault/td-p/4761479

  According to one participant the work-around is to install debian
  packages libgnutls30_3.6.8-1_amd64.deb and
  libcurl3-gnutls_7.64.0-3_amd64.deb

  Ubuntu 19.04 version of the packages:
  libgnutls30 3.6.5-2ubuntu1.1
  libcurl3-gnutls 7.64.0-2ubuntu1.1

  As the bug can be resolved by installing debian packages, I assume
  Ubuntu's version of the packages is at fault and should be upgraded to
  match debian's level as soon as possible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1832882/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832522] Please test proposed package

2019-06-14 Thread Steve Langasek
Hello Dimitri, or anyone else affected,

Accepted openssl into cosmic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-cosmic to verification-done-cosmic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-cosmic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832522

Title:
  openssl maintainer scripts do not trigger services restart

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  Fix Released
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Committed

Bug description:
  [Impact]

   * Major libssl ugprades require services to be restarted, for them to 
continue to function correctly at runtime.
   * The maintainer scripts were not adjusted to trigger.

  [Test Case]

   * Install bionic from release pocket and install ssl using daemon e.g. 
openssh-server libapache-mod-ssl
   * Upgrade libssl1.1
   * Ensure that services that use openssl are offered to be restarted.

  [Regression Potential]

   * We are rebuilding libssl1.1 and changing maintainer scripts. Given
  that we have missed upgrade trigger, we will ask users to restart
  services again even if they may have restarted them already.

  [Other Info]
   
   * Previous major libssl upgrade issue of similar nature was
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743889

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832421] Please test proposed package

2019-06-14 Thread Steve Langasek
Hello Seth, or anyone else affected,

Accepted openssl into cosmic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-cosmic to verification-done-cosmic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-cosmic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832421

Title:
  openssl reboot needed message using incorrect path to X server

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Committed
Status in openssl source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

   * On desktop, upgrading libssl1.1 does not show reboot required
  notification

  [Test Case]

   * Boot ubuntu desktop
   * Upgrade libssl1.1
   * Observe reboot notification pop-up from update-notifier is _not_ shown

  [Regression Potential]

   * Tweaking postinst only to correct for the Xorg path. Current code
  is innert, but is well excercised in prior releases.

  [Other Info]

   * Original bug report:

  Hello, the openssl library postinst file is using pidof /usr/bin/X,
  but that doesn't appear to be the path to the X11 server any more:

  debian/libssl1.1.postinst:

  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  /usr/share/update-notifier/notify-reboot-required
  fi

  On my 18.04 LTS laptop:

  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832522] Re: openssl maintainer scripts do not trigger services restart

2019-06-14 Thread Steve Langasek
Hello Dimitri, or anyone else affected,

Accepted openssl into disco-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/openssl/1.1.1b-
1ubuntu2.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-disco to verification-done-disco. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-disco. In either case, without details of your
testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssl (Ubuntu Disco)
   Status: New => Fix Committed

** Tags removed: verification-done
** Tags added: verification-needed verification-needed-disco

** Changed in: openssl (Ubuntu Cosmic)
   Status: New => Fix Committed

** Tags added: verification-needed-cosmic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832522

Title:
  openssl maintainer scripts do not trigger services restart

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  Fix Released
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Committed

Bug description:
  [Impact]

   * Major libssl ugprades require services to be restarted, for them to 
continue to function correctly at runtime.
   * The maintainer scripts were not adjusted to trigger.

  [Test Case]

   * Install bionic from release pocket and install ssl using daemon e.g. 
openssh-server libapache-mod-ssl
   * Upgrade libssl1.1
   * Ensure that services that use openssl are offered to be restarted.

  [Regression Potential]

   * We are rebuilding libssl1.1 and changing maintainer scripts. Given
  that we have missed upgrade trigger, we will ask users to restart
  services again even if they may have restarted them already.

  [Other Info]
   
   * Previous major libssl upgrade issue of similar nature was
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743889

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server

2019-06-14 Thread Steve Langasek
Hello Seth, or anyone else affected,

Accepted openssl into disco-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/openssl/1.1.1b-
1ubuntu2.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-disco to verification-done-disco. If it does not fix
the bug for you, please add a comment stating that, and change the tag
to verification-failed-disco. In either case, without details of your
testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssl (Ubuntu Disco)
   Status: New => Fix Committed

** Tags added: verification-needed verification-needed-disco

** Changed in: openssl (Ubuntu Cosmic)
   Status: New => Fix Committed

** Tags added: verification-needed-cosmic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832421

Title:
  openssl reboot needed message using incorrect path to X server

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Committed
Status in openssl source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

   * On desktop, upgrading libssl1.1 does not show reboot required
  notification

  [Test Case]

   * Boot ubuntu desktop
   * Upgrade libssl1.1
   * Observe reboot notification pop-up from update-notifier is _not_ shown

  [Regression Potential]

   * Tweaking postinst only to correct for the Xorg path. Current code
  is innert, but is well excercised in prior releases.

  [Other Info]

   * Original bug report:

  Hello, the openssl library postinst file is using pidof /usr/bin/X,
  but that doesn't appear to be the path to the X11 server any more:

  debian/libssl1.1.postinst:

  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  /usr/share/update-notifier/notify-reboot-required
  fi

  On my 18.04 LTS laptop:

  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

2019-06-14 Thread Steve Langasek
Hello Steve, or anyone else affected,

Accepted openssl into cosmic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.4 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-cosmic to verification-done-cosmic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-cosmic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssl (Ubuntu Cosmic)
   Status: New => Fix Committed

** Tags added: verification-needed verification-needed-cosmic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832659

Title:
  openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

Status in OpenSSL:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  Fix Committed
Status in openssl source package in Disco:
  Fix Released
Status in openssl source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
   * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.

  [Test Case]

   * wget
  
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py

   * python3 ./test_multiple_libssl_libcrypto_init.py

  test_multiple_init (__main__.TestMultipleInit) ... ok

  --
  Ran 1 test in 0.014s

  OK

  [Regression Potential]

   * This is a cherrypick from upstream, and is backwards compatible
  with existing code. Simply init succeeds under more conditions now,
  than it did previously in 1.1.1. Also with this fix, OpenSSL is back
  to how things used to work with 1.1.0 and prior releases.

  [Original Bug report]

  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:

  https://github.com/openssl/openssl/issues/7350

  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Dimitri John Ledkov
** Changed in: openssl (Ubuntu Bionic)
   Status: Incomplete => Invalid

** Changed in: openssl (Ubuntu Cosmic)
   Status: Incomplete => Invalid

** Changed in: openssl (Ubuntu Disco)
   Status: Incomplete => Invalid

** Changed in: openssl (Ubuntu Eoan)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Invalid
Status in openssl source package in Bionic:
  Invalid
Status in openssl source package in Cosmic:
  Invalid
Status in openssl source package in Disco:
  Invalid
Status in openssl source package in Eoan:
  Invalid

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services

2019-06-14 Thread Robie Basak
You're going round in circles.

Let's take a step back. Please assume that Ubuntu does not want to make
any change right now because no change is currently considered
justified.

An open question here is if Ubuntu's patches on upstream are creating
any problem that you're reporting. That's why I'm asking.

If they are, then please explain how and why.

If they are not, then I see no reason to make any change.

There's no point discussing this any further unless you can demonstrate
how Ubuntu is introducing any kind of problem that is unique to the
packaging and not upstream.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1756595] Re: disk space info inadvertently provides all installed snaps

2019-06-14 Thread Brian Murray
** Also affects: apt (Ubuntu Eoan)
   Importance: Medium
   Status: Fix Committed

** Also affects: apport (Ubuntu Eoan)
   Importance: Undecided
   Status: Invalid

** Tags removed: rls-ee-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1756595

Title:
  disk space info inadvertently provides all installed snaps

Status in apport package in Ubuntu:
  Invalid
Status in apt package in Ubuntu:
  Fix Committed
Status in apport source package in Bionic:
  Invalid
Status in apt source package in Bionic:
  Triaged
Status in apport source package in Disco:
  New
Status in apt source package in Disco:
  Triaged
Status in apport source package in Eoan:
  Invalid
Status in apt source package in Eoan:
  Fix Committed

Bug description:
  When apport is reporting a crash, it includes the output of the "df"
  utility, to list the free disk space information per mount point.

  That output nowadays will inadvertently include all snaps that the
  user may have installed, including their revision numbers.

  Here is a simple df output:
  andreas@nsn7:~$ df
  Filesystem  1K-blocksUsed Available Use% Mounted on
  udev  8119680   0   8119680   0% /dev
  tmpfs 16301561828   1628328   1% /run
  nsn7/ROOT/ubuntu433084288 2500608 430583680   1% /
  tmpfs 8150776   1   8131888   1% /dev/shm
  tmpfs5120   4  5116   1% /run/lock
  tmpfs 8150776   0   8150776   0% 
/sys/fs/cgroup
  nsn7/var/log430763136  179456 430583680   1% /var/log
  nsn7/var/tmp430583808 128 430583680   1% /var/tmp
  /dev/sda2 1032088  160336871752  16% /boot
  /dev/sda1  5232482720520528   1% /boot/efi
  nsn7/home   430651264   67584 430583680   1% /home
  nsn7/var/cache  430653312   69632 430583680   1% /var/cache
  nsn7/var/mail   430583808 128 430583680   1% /var/mail
  nsn7/var/spool  430583808 128 430583680   1% /var/spool
  tmpfs 1630152  16   1630136   1% /run/user/120
  tmpfs 100   0   100   0% 
/var/lib/lxd/shmounts
  tmpfs 100   0   100   0% 
/var/lib/lxd/devlxd
  tmpfs 1630152  36   1630116   1% 
/run/user/1000
  nsn7/lxd/containers/squid-ds216 431444096  860416 430583680   1% 
/var/lib/lxd/storage-pools/default/containers/squid-ds216
  /dev/loop0  83712   83712 0 100% 
/snap/core/4206
  /dev/loop1 102144  102144 0 100% 
/snap/git-ubuntu/402

  You can see I have the core snap at revision 4206, and git-ubuntu at
  revision 402.

  There are already many bug reports in launchpad where one can see this
  information.

  Granted, the user can review it, refuse to send this data, etc. This
  bug is about the unexpectedness of having that information in the disk
  space data.

  If the user sees a prompt like "Would you like to include disk free
  space information in your report?", or "Would you like to include the
  output of the df(1) command in your report?", that doesn't immediately
  translate to "Would you like to include disk free space information
  and a list of all installed snaps and their revision numbers in your
  report?".

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1756595/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


Re: [Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services

2019-06-14 Thread Robie Basak
On Fri, Jun 14, 2019 at 04:02:10PM -, Luke A. Perkins wrote:
>   When I compile this version of the code, the privilege
> separation directory is defined as "/var/empty" which would solve the
> problem.

Why/how would this solve the problem?

> So, which git repository should I use to get the Ubuntu 18.04.2 (LTS) /
> OpenSSH 7.6p1 should I use?

You can use https://code.launchpad.net/ubuntu/+source/openssh to see the
sources used in Ubuntu's packaging. The applied/ubuntu/bionic-devel
branch will give you the current tree for 18.04 in Ubuntu with
distribution patches already applied.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services

2019-06-14 Thread Luke A. Perkins
My recommmendation moving forward.

1) If Ubuntu wants to move the privilege separation directory from
/var/empty to /run/sshd, then there needs to be a command-line option
for the sshd to adjust the location of the privilege separation
directory.

2) If Ubuntu keeps the privilege separation directory at /var/empty,
then the man pages would need to be updated in the released openssh and
no code changes would be required.

My $0.02 worth.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1759008] Re: Revert automatic suspend by default for bionic?

2019-06-14 Thread Mikko Rantalainen
Still broken with MATE desktop on Ubuntu 18.04.2 LTS. If I run mate-
power-preferences and select ON AC Power - Put computer to sleep when
inactive for: [never] the computer still automatically sleeps (enters
S3) after 20 minutes.

$ grep -C1 sleep-inactive-ac-timeout 
/usr/share/glib-2.0/schemas/10_ubuntu-settings.gschema.override
[org.gnome.settings-daemon.plugins.power]
sleep-inactive-ac-timeout = 0

I've tried to manually run
$ systemd-inhibit --mode=block sleep 2h

but the system still enters S3 after 20 minutes unless I disable screen
saver using mate-inhibit-applet.

$ apt policy mate-desktop
mate-desktop:
  Installed: 1.20.1-2ubuntu1
  Candidate: 1.20.1-2ubuntu1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-settings in Ubuntu.
https://bugs.launchpad.net/bugs/1759008

Title:
  Revert automatic suspend by default for bionic?

Status in ubuntu-settings package in Ubuntu:
  Fix Released
Status in ubuntu-settings source package in Bionic:
  Fix Released

Bug description:
  GNOME 3.28 has turned Automatic Suspend on by default and set it to 20
  minutes:

  https://gitlab.gnome.org/GNOME/gnome-settings-daemon/commit/2fdb48fa

  I generally think this is a good thing. There are a few issues though.

  1. The computer will still suspend even if there are remote users
  logged in or the computer is being used as a server for files,
  printers, etc.

  2. Some software doesn't set inhibit correctly. ~ahasenack mentioned
  he was using the Spotify Snap and the computer suspend after 20
  minutes. (Maybe Spotify needs to use the screen-inhibit-control snap
  interface.)

  3. Even if it does set inhibit, there is a report that the computer will 
suspend as soon as the inhibit is removed if there is no other activity. 
(Imagine a movie playing. At the end of the movie, the computer goes to sleep 
immediately.) More details and proposed fix at
  https://bugzilla.gnome.org/show_bug.cgi?id=705942#c21

  4. There is no GUI way to change this setting for the login screen yet.
  https://gitlab.gnome.org/GNOME/gnome-control-center/issues/22

  5. Some users think that desktop computers should be always running
  unless told otherwise. Personally, I don't give this argument much
  weight at all.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-settings/+bug/1759008/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1781746] Re: [SRU] Slow startup with zram-config installed (/dev/zram0) or encrypted swap

2019-06-14 Thread Mathieu Trudel-Lapierre
** Also affects: initramfs-tools (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: initramfs-tools (Ubuntu)
   Status: Confirmed => Fix Released

** Changed in: initramfs-tools (Ubuntu Bionic)
   Status: New => Triaged

** Tags removed: rls-ee-incoming
** Tags added: rls-bb-notfixing

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1781746

Title:
  [SRU] Slow startup with zram-config installed (/dev/zram0) or
  encrypted swap

Status in Default settings and artwork for Baltix OS:
  Confirmed
Status in initramfs-tools package in Ubuntu:
  Fix Released
Status in initramfs-tools source package in Bionic:
  Triaged
Status in initramfs-tools package in Debian:
  Fix Released

Bug description:
  [Impact]

  Ubuntu 18.04 startup slowdowns for 30-120 seconds when zram swap is enabled 
(for example zram-config installed) or swap is encrypted.
  Today lots of users have SSD instead of HDD disk drives and use zram swap 
instead of swap partition or swap file, but if initrd is generated when zram 
swap is enabled then system can become "unbootable" from the user's perspective 
(Users with SSD storage doesn't wait 2 or more minutes...)

  This bug is already fixed in Debian initramfs-tools ver 0.132, please accept 
this simple 3 lines patch from Debian into Ubuntu 18.04 LTS
  
https://salsa.debian.org/kernel-team/initramfs-tools/commit/312393b0cf1231125eeff3d1a2b6b778a935c21d

  [Test Case]
  Install zram-config package and regenerate and initrd, for example with 
  sudo update-initramfs -u

  When generating initrd I get this message in terminal:

  I: The initramfs will attempt to resume from /dev/zram0
  I: (UUID=e380356c-767e-4265-98da-8be62ad28569)
  I: Set the RESUME variable to override 
this.###.]

  So the local-premount script in initramfs was waiting for a swap
  device that was not available, until it timed out. The relevant
  message was gave up waiting for suspend/resume device.

  [Regression Potential]

  None, patch simply adds case for /dev/zram*:

  60case "$resume_auto" in
  61/dev/zram*)
  62ephemeral=true
  63;;
  64esac

  
  [Other Info]
  Manual method to disable this (as resuming from swap is not possible with an 
encrypted or zram swap): modify file /etc/initramfs-tools/conf.d/resume - add 
(or change) line
  RESUME=none
  (instead of the UUID that was here) will disable waiting for a resume device.
  and run sudo update-initramfs -u to apply the changes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/baltix-default-settings/+bug/1781746/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1750051] Re: cron doesn't support MAILFROM

2019-06-14 Thread elatllat
CentOS 8 is not out yet so Ubuntu 18.04 is the best LTS for servers at
the moment ... except for bugs like this.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cron in Ubuntu.
https://bugs.launchpad.net/bugs/1750051

Title:
  cron doesn't support MAILFROM

Status in cron package in Ubuntu:
  Triaged
Status in cron package in Debian:
  New

Bug description:
  Ubuntu's cron version doesn't support setting MAILFROM to set the
  "From:" header of cron generated emails. This feature would be nice to
  have and bring parity with RHEL/CentOS which has it since RHEL 6:

  $ cat /etc/redhat-release 
  CentOS release 6.6 (Final)

  $ man 5 crontab | grep -1 FROM
 doesn´t do aliasing, and UUCP usually doesn´t read its mail.  If  MAIL-
 FROM is defined (and non-empty), it will be used as the envelope sender
 address, otherwise, ‘‘root’’ will be used.

  $ apt-cache policy cron
  cron:
Installed: 3.0pl1-128ubuntu2
Candidate: 3.0pl1-128ubuntu2
Version table:
   *** 3.0pl1-128ubuntu2 500
  500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
  100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: cron 3.0pl1-128ubuntu2
  ProcVersionSignature: Ubuntu 4.4.0-116.140-generic 4.4.98
  Uname: Linux 4.4.0-116-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri Feb 16 15:52:54 2018
  InstallationDate: Installed on 2016-12-06 (436 days ago)
  InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Beta amd64 
(20161206)
  SourcePackage: cron
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1750051/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Ubuntu Foundations Team Bug Bot
** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services

2019-06-14 Thread Luke A. Perkins
> Does that somehow mean that your problem doesn't occur if you use only
the upstream source code and no distribution patches? If so, how?

Good question. I have cloned the git version of OpenSSH for disco-
proposed. When I compile this version of the code, the privilege
separation directory is defined as "/var/empty" which would solve the
problem. However, the installed version 18.04.2 LTS (bionic), has it
defined as /run/sshd. The man pages for disco-proposed indicate that the
privilege separation directory is at /run/sshd.

So, which git repository should I use to get the Ubuntu 18.04.2 (LTS) /
OpenSSH 7.6p1 should I use?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1829566] Re: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns

2019-06-14 Thread Mal
Here you are, Till. Three sections, one for each NM version containing
the two dig requests during the tests, plus one for a dig to contact the
local DNS explicitly.

nm-1.10.6:

$ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER' # first attempt always fails
;; ANSWER SECTION:
dnsmasq.local.org.com.  600 IN  A   127.0.0.1

$ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER' # second onwards always 
works
;; ANSWER SECTION:
dnsmasq.local.org.com.  600 IN  A   172.22.0.2

nm-1.10.14:

$ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER'
;; ANSWER SECTION:
dnsmasq.local.org.com.  600 IN  A   127.0.0.1 # first attempt 
always fails

$ dig dnsmasq.local.org.com | grep -FA1 ';; ANSWER'
;; ANSWER SECTION:
dnsmasq.local.org.com.  600 IN  A   127.0.0.1 # all subsequent 
attempts fail too :(

Direct dig example:

$ dig dnsmasq.local.org.com @127.0.0.54 | grep -FA1 ';; ANSWER' # direct query 
to local dns specified in config (see main issue body)
;; ANSWER SECTION:
dnsmasq.local.org.com.  600 IN  A   172.22.0.2

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1829566

Title:
  network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured
  dns

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Bionic:
  Triaged

Bug description:
  On 18.04.2 the `upgrade network-manager:amd64 1.10.6-2ubuntu1.1
  1.10.14-0ubuntu2` lead to scoped DNS servers defined in
  `/etc/systemd/resolved.conf.d/*.conf` being ignored.

  Downgrading with `sudo apt-get install network-
  manager=1.10.6-2ubuntu1.1` has resolved the issue for now.

  Example systemd-resolved conf:

  [Resolve]
  Cache=no
  DNS=127.0.0.54
  Domains=~.local.org.com

  Where 127.0.0.54:53 is bound to a dnsmasq server capable of resolving
  queries in that subdomain.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1829566/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services

2019-06-14 Thread Luke A. Perkins
This is the git diff of sshd.c

** Patch added: "sshd.c.diff"
   
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+attachment/5270821/+files/sshd.c.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832110] Re: Resource Sharing with multiple sshd services

2019-06-14 Thread Luke A. Perkins
This is a proposed patch of "disco-proposed" of the sshd.c file. I have
uploaded the original and the diff version.

** Attachment added: "The proposed changed sshd.c file in its entirety."
   
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+attachment/5270820/+files/sshd.c

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1832110

Title:
  Resource Sharing with multiple sshd services

Status in openssh package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu: 18.04.2 LTS
  OpenSSH: 7.6p1

  I am having a problem starting multiple sshd processes. The default
  location of the sshd privilege separation directory is hard-coded to
  /run/sshd (see man page). If I want to have 2 sshd services using
  systemd, I need to write 2 service files, let's call them
  sshd_wan.service ans sshd_lan.service. Both of these services need to
  have their own "RuntimeDirectory=sshd_wan" and
  "RuntimeDirectory=sshd_lan". If you do not have separate
  RuntimeDirectory definitions for the 2 services, then when one service
  is killed/faults/restarts/stops/etc. the systemd (or init) process
  deletes the RuntimeDirectory and causes the other service to crash
  since a RuntimeDirectory does not exist.

  The problem is the hard-coding of the sshd Privilege Separation
  Directory. We need to modify the OpenBSD/OpenSSH sshd code to
  provision command line assignment of the privilege separation
  directory.

  I have attempted to contact the OpenSSH team (i.e. OpenSSH.com) and
  they say it is a Ubuntu problem. I reported this in Ubuntu bug
  #1831765 and Ubuntu (e.g. Paride Legovini, June 6, 2019 @ 2:55AM PDT)
  rejected it because I described the problem using the init.d example.

  I know how to modify the sshd.c file in OpenSSH 7.6p1, the problem is
  getting Ubuntu and OpenSSH to admit there is a problem and it needs to
  be fixed.

  The problem is still there regardless if you are using Upstart (i.e.
  init.d) or systemd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Brian Murray
** Tags removed: rls-ee-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1798369] Re: Reinstall Ubuntu (with preserving existing data) shows error message due to "Could not get lock /target/var/cache/apt/archives/lock"

2019-06-14 Thread Mathieu Trudel-Lapierre
** Tags removed: rls-ee-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1798369

Title:
  Reinstall Ubuntu (with preserving existing data) shows error message
  due to "Could not get lock /target/var/cache/apt/archives/lock"

Status in APT:
  New
Status in ubiquity:
  New
Status in apt package in Ubuntu:
  Invalid
Status in ubiquity package in Ubuntu:
  Confirmed
Status in apt source package in Eoan:
  Invalid
Status in ubiquity source package in Eoan:
  Confirmed

Bug description:
  When trying to reinstall an existing Ubuntu cosmic installation using
  latest 18.10 desktop images, the install shows an error dialog around
  the end of the installation with an "Error restoring installed
  applications". Looking at the syslog such a traceback can be seen:

  apt_pkg.Error: E:Could not get lock
  /target/var/cache/apt/archives/lock - open (11: Resource temporarily
  unavailable), E:Unable to lock directory
  /target/var/cache/apt/archives/

  After reproducing this on a live session, after chrooting into /target
  indeed any apt-get install operations result in the same lock-file
  error. The whole syslog of the reinstall attached to the bug.

  Test case:
   * Download latest cosmic image
   * Install cosmic on the whole disk (can be on a VM)
   * (optional) Boot into the system and leave a file in the home directory (to 
leave a trace, just in case)
   * Reboot and install cosmic using the first option in ubiquity: Reinstall 
Ubuntu
   * Finish configuration

  The install itself doesn't fail, but around the end of the
  installation process the error dialog appears. System is still
  bootable but left with old packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1798369/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832865] Re: gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> g_hash_table_lookup_node -> g_hash_table_lookup -> update_user

2019-06-14 Thread Treviño
Not a gnome-shell issue, but an accountsservice one.

** Summary changed:

- 
/usr/bin/gnome-shell:11:g_str_hash:g_hash_table_hash_to_index:g_hash_table_lookup_node:g_hash_table_lookup:update_user
+ gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index -> 
g_hash_table_lookup_node -> g_hash_table_lookup -> update_user

** Changed in: gnome-shell (Ubuntu)
   Status: New => Won't Fix

** Also affects: accountsservice (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: accountsservice (Ubuntu)
   Status: New => In Progress

** Changed in: accountsservice (Ubuntu)
   Status: In Progress => Triaged

** Bug watch added: 
gitlab.freedesktop.org/accountsservice/accountsservice/issues #55
   https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55

** Also affects: accountsservice via
   https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to accountsservice in Ubuntu.
https://bugs.launchpad.net/bugs/1832865

Title:
  gnome-shell crashes on g_str_hash -> g_hash_table_hash_to_index ->
  g_hash_table_lookup_node -> g_hash_table_lookup -> update_user

Status in accountsservice:
  Unknown
Status in accountsservice package in Ubuntu:
  Triaged
Status in gnome-shell package in Ubuntu:
  Won't Fix

Bug description:
  The Ubuntu Error Tracker has been receiving reports about a problem regarding 
gnome-shell.  This problem was most recently seen with package version 
3.32.1-1ubuntu1~19.04.1, the problem page at 
https://errors.ubuntu.com/problem/1a63c83d1c90f48036a2f839bf608738eefde4c8 
contains more details, including versions of packages affected, stacktrace or 
traceback, and individual crash reports.
  If you do not have access to the Ubuntu Error Tracker and are a software 
developer, you can request it at http://forms.canonical.com/reports/.

To manage notifications about this bug go to:
https://bugs.launchpad.net/accountsservice/+bug/1832865/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1382054] Re: Add support for configuring VLAN interfaces in the initrd

2019-06-14 Thread Dimitri John Ledkov
** Changed in: initramfs-tools (Ubuntu)
   Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1382054

Title:
  Add support for configuring VLAN interfaces in the initrd

Status in initramfs-tools package in Ubuntu:
  Fix Committed

Bug description:
  It would be helpful to be able to create VLAN network interfaces in initrd 
images provided
  by Ubuntu, based on kernel command line parameters. (i.e. VLAN=eth0.100, )

  Some use cases for this feature addition are MAAS users trying to boot 
machines
  using a specific VLAN interface.

  On a specific case we have 2 physical network interfaces, one is plugged into 
a specific VLAN interface,
  Since we can specify the network interface on BIOS, the initial PXE boot 
occurs, but
  then the installation fails when using the fast-path installer because the 
specific VLAN is not configured on the ram disk.

  While we can use the other network interface because is a trunk interface 
that allows us to use
  several VLANs, this is not supported on all the network architectures and 
some security limitations doesn't allows this method.

  Reference Redhat implementation can be found here:

  - http://marc.info/?l=initramfs=133767307516594

  Reference Suse implementation can be found here:

  - https://gitorious.org/opensuse/agrafs-
  mkinitrd/commit/6124f87f3132b6369c0335c319832619a49d0bf7

  The command line syntax for this could be something like, similar to
  Redhat implementation

  vlan=:

  For an example:

  vlan=eth0.2:eth0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1382054/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Simon Déziel
@xnox, thanks it was indeed an error on my part. The key was to have
openssl_conf in the default/unnamed section and then not introduce bogus
values: Ciphers is not recognized and causes the config section to be
ignored.

I believe this bug could be marked as Invalid for all the releases but
I'll let you do that as I only tested on Bionic and I don't want to
overrule the statuses you set. Thanks again!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

2019-06-14 Thread Dimitri John Ledkov
** Attachment removed: "test_multiple_libssl_libcrypto_init.py"
   
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py

** Attachment added: "test_multiple_libssl_libcrypto_init.py"
   
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py

** Description changed:

  [Impact]
  
-  * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
-  * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.
+  * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
+  * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.
  
  [Test Case]
  
-  * wget
- 
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py
+  * wget
+ 
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py
  
-  * python3 ./test_multiple_libssl_libcrypto_init.py
+  * python3 ./test_multiple_libssl_libcrypto_init.py
  
  test_multiple_init (__main__.TestMultipleInit) ... ok
  
  --
  Ran 1 test in 0.014s
  
  OK
  
  [Regression Potential]
  
-  * This is a cherrypick from upstream, and is backwards compatible with
+  * This is a cherrypick from upstream, and is backwards compatible with
  existing code. Simply init succeeds under more conditions now, than it
  did previously in 1.1.1. Also with this fix, OpenSSL is back to how
  things used to work with 1.1.0 and prior releases.
  
  [Original Bug report]
  
  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:
  
  https://github.com/openssl/openssl/issues/7350
  
  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832659

Title:
  openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

Status in OpenSSL:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  New
Status in openssl source package in Disco:
  Fix Released
Status in openssl source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
   * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.

  [Test Case]

   * wget
  
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270802/+files/test_multiple_libssl_libcrypto_init.py

   * python3 ./test_multiple_libssl_libcrypto_init.py

  test_multiple_init (__main__.TestMultipleInit) ... ok

  --
  Ran 1 test in 0.014s

  OK

  [Regression Potential]

   * This is a cherrypick from upstream, and is backwards compatible
  with existing code. Simply init succeeds under more conditions now,
  than it did previously in 1.1.1. Also with this fix, OpenSSL is back
  to how things used to work with 1.1.0 and prior releases.

  [Original Bug report]

  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:

  https://github.com/openssl/openssl/issues/7350

  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: 

[Touch-packages] [Bug 1829718] Re: Network printers (cups-browsed) disappear after each CUPS update on client side

2019-06-14 Thread MichaelB
Just a few more information about this issue.
This is the cups-browsed's state just after a cups update...  is dead...

root@foo-ubuntu:/home/foo# service cups-browsed status
● cups-browsed.service - Make remote CUPS printers available locally
   Loaded: loaded (/lib/systemd/system/cups-browsed.service; enabled; vendor 
preset: enabled)
   Active: inactive (dead) since ven 2019-06-14 14:51:38 CEST; 2min 27s ago
 Main PID: 927 (code=exited, status=0/SUCCESS)

jun 14 14:35:02 foo-ubuntu systemd[1]: Started Make remote CUPS printers 
available locally.
jun 14 14:51:38 foo-ubuntu systemd[1]: Stopping Make remote CUPS printers 
available locally...
jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped Make remote CUPS printers 
available locally. 


And here the syslog just when update is applied...

Jun 14 14:51:32 foo-ubuntu systemd[1]: Stopped Daily apt upgrade and clean 
activities.
Jun 14 14:51:32 foo-ubuntu systemd[1]: Stopped Daily apt download activities.
Jun 14 14:51:32 foo-ubuntu systemd[1]: Reloading.
Jun 14 14:51:32 foo-ubuntu systemd[1]: Started CUPS Scheduler.
Jun 14 14:51:32 foo-ubuntu systemd[1]: Started ACPI event daemon.
Jun 14 14:51:34 foo-ubuntu systemd[1]: Reloading.
Jun 14 14:51:34 foo-ubuntu systemd[1]: Started CUPS Scheduler.
Jun 14 14:51:34 foo-ubuntu systemd[1]: Started ACPI event daemon.
Jun 14 14:51:34 foo-ubuntu systemd[1]: Started Daily apt upgrade and clean 
activities.
Jun 14 14:51:34 foo-ubuntu systemd[1]: Started Daily apt download activities.
Jun 14 14:51:37 foo-ubuntu gnome-session[1647]: debconf: DbDriver "passwords" 
warning: could not open /var/cache/debconf/passwords.dat: Permission denied
Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped CUPS Scheduler.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Reloading.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Started ACPI event daemon.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopping Make remote CUPS printers 
available locally...
Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped Make remote CUPS printers 
available locally.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopping CUPS Scheduler...
Jun 14 14:51:38 foo-ubuntu systemd[1]: Stopped CUPS Scheduler.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Reloading.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Started ACPI event daemon.
Jun 14 14:51:38 foo-ubuntu systemd[1]: Reloading.
Jun 14 14:51:39 foo-ubuntu systemd[1]: Started ACPI event daemon.
Jun 14 14:51:41 foo-ubuntu systemd[1]: Reloading.
Jun 14 14:51:42 foo-ubuntu systemd[1]: Started ACPI event daemon.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1829718

Title:
  Network printers (cups-browsed) disappear after each CUPS update on
  client side

Status in cups package in Ubuntu:
  New

Bug description:
  Hi,

  We have a cups server (ubuntu) that centralize all our network
  printers. Each desktop users on Ubuntu (16.04, 18.04) are looking in
  that print server to retrieve those printers. It works fine but...

  # /etc/cups/cups-browsed.conf in a desktop user
  ...
  BrowseRemoteProtocols cups dnssd
  BrowsePoll 192.168.10.80:631 # CUPS server
  ...

  Each time that an CUPS update is applied on the client side all
  printers disappear from the listing and users are unable to print. So
  i have to connect to xxx computers in our company to restart the cups-
  browsed service...

  This problem exist from some years.. but still not resolved and i
  didn't found a way to fix it.

  
  Workaround:
  - sudo service cups-browsed restart OR reboot the computer

  
  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1829718/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1827396] Re: package rsyslog 8.16.0-1ubuntu3.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Secure boot

2019-06-14 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: rsyslog (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1827396

Title:
  package rsyslog 8.16.0-1ubuntu3.1 failed to install/upgrade:
  subprocess installed post-installation script returned error exit
  status 1 Secure boot

Status in rsyslog package in Ubuntu:
  Confirmed

Bug description:
  The Log said something about this system not supporting Secure Boot.

  The hardware is a iMac model A1224.

  ProblemType: Package
  DistroRelease: Ubuntu 16.04
  Package: rsyslog 8.16.0-1ubuntu3.1
  ProcVersionSignature: Ubuntu 4.4.0-145.171-generic 4.4.176
  Uname: Linux 4.4.0-145-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  Date: Thu May  2 11:52:55 2019
  ErrorMessage: subprocess installed post-installation script returned error 
exit status 1
  InstallationDate: Installed on 2016-11-05 (907 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 
(20160420.1)
  RelatedPackageVersions:
   dpkg 1.18.4ubuntu1.5
   apt  1.2.31
  SourcePackage: rsyslog
  Title: package rsyslog 8.16.0-1ubuntu3.1 failed to install/upgrade: 
subprocess installed post-installation script returned error exit status 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1827396/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

2019-06-14 Thread Dimitri John Ledkov
** Description changed:

+ [Impact]
+ 
+  * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
+  * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.
+ 
+ [Test Case]
+ 
+  * wget
+ 
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py
+ 
+  * python3 ./test_multiple_libssl_libcrypto_init.py
+ 
+ test_multiple_init (__main__.TestMultipleInit) ... ok
+ 
+ --
+ Ran 1 test in 0.014s
+ 
+ OK
+ 
+ [Regression Potential]
+ 
+  * This is a cherrypick from upstream, and is backwards compatible with
+ existing code. Simply init succeeds under more conditions now, than it
+ did previously in 1.1.1. Also with this fix, OpenSSL is back to how
+ things used to work with 1.1.0 and prior releases.
+ 
+ [Original Bug report]
+ 
  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:
  
  https://github.com/openssl/openssl/issues/7350
  
  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm-256color
+  PATH=(custom, no user)
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832659

Title:
  openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

Status in OpenSSL:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  New
Status in openssl source package in Disco:
  Fix Released
Status in openssl source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
   * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.

  [Test Case]

   * wget
  
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py

   * python3 ./test_multiple_libssl_libcrypto_init.py

  test_multiple_init (__main__.TestMultipleInit) ... ok

  --
  Ran 1 test in 0.014s

  OK

  [Regression Potential]

   * This is a cherrypick from upstream, and is backwards compatible
  with existing code. Simply init succeeds under more conditions now,
  than it did previously in 1.1.1. Also with this fix, OpenSSL is back
  to how things used to work with 1.1.0 and prior releases.

  [Original Bug report]

  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:

  https://github.com/openssl/openssl/issues/7350

  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832659] Re: openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

2019-06-14 Thread Dimitri John Ledkov
** Attachment added: "test_multiple_libssl_libcrypto_init.py"
   
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832659

Title:
  openssl 1.1.1-1ubuntu2.1~18.04.1 contains upstream bug 7350

Status in OpenSSL:
  Fix Released
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  New
Status in openssl source package in Disco:
  Fix Released
Status in openssl source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * Regression was introduced in OpenSSL 1.1.1 and fixed in 1.1.1b that 
prevents initialising libcrypto/libssl multiple times, and/or with different 
options.
   * This breaks existing applications that correctly use init API, ie. 
initialise libcrypto before/separately from libssl and/or with different 
options.

  [Test Case]

   * wget
  
https://bugs.launchpad.net/ubuntu/cosmic/+source/openssl/+bug/1832659/+attachment/5270782/+files/test_multiple_libssl_libcrypto_init.py

   * python3 ./test_multiple_libssl_libcrypto_init.py

  test_multiple_init (__main__.TestMultipleInit) ... ok

  --
  Ran 1 test in 0.014s

  OK

  [Regression Potential]

   * This is a cherrypick from upstream, and is backwards compatible
  with existing code. Simply init succeeds under more conditions now,
  than it did previously in 1.1.1. Also with this fix, OpenSSL is back
  to how things used to work with 1.1.0 and prior releases.

  [Original Bug report]

  After the update of openssl in bionic, I started having an issue and
  after troubleshooting found this issue:

  https://github.com/openssl/openssl/issues/7350

  Applying the patch linked in that issue and rebuilding the openssl
  package avoided the issue.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Thu Jun 13 00:21:16 2019
  InstallationDate: Installed on 2019-06-12 (0 days ago)
  InstallationMedia: Ubuntu-Server 18.04 LTS "Bionic Beaver" - Release amd64 
(20180426)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1832659/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832802] Re: disco: curl error while loading shared libraries: libssl.so.1.0.0

2019-06-14 Thread Tom Reynolds
*** This bug is a duplicate of bug 1832801 ***
https://bugs.launchpad.net/bugs/1832801

** This bug has been marked a duplicate of bug 1832801
   disco: curl error while loading shared libraries: libssl.so.1.0.0

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1832802

Title:
  disco: curl error while loading shared libraries: libssl.so.1.0.0

Status in curl package in Ubuntu:
  New

Bug description:
  Linux 5.0.0-16-generic #17-Ubuntu SMP Wed May 15 10:52:21 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
  DISTRIB_RELEASE=19.04
  DISTRIB_DESCRIPTION="Ubuntu 19.04"

  curl:
Installed: 7.64.0-2ubuntu1.1
Candidate: 7.64.0-2ubuntu1.1
Version table:
   *** 7.64.0-2ubuntu1.1 1001
 1001 http://security.ubuntu.com/ubuntu disco-security/main amd64 
Packages
 1001 http://mirror.aarnet.edu.au/pub/ubuntu/archive disco-updates/main 
amd64 Packages
  100 /var/lib/dpkg/status
   7.64.0-2ubuntu1 1001
 1001 http://mirror.aarnet.edu.au/pub/ubuntu/archive disco/main amd64 
Packages

  
  When I run curl, I get the following error:

  curl: error while loading shared libraries: libssl.so.1.0.0: cannot
  open shared object file: No such file or directory

  On other disco machines I'm not experiencing this issue. I apt purged
  openssl/libssl/curl and re-installed, but the error persists. I'm sure
  my system has some issue, but I'm unable to figure it out, and this
  felt like a bug as curl was working before upgrade to disco.

  I tried proposed packages to see if openssl 1.1.1b-1ubuntu2.2 instead
  of 1.1.1b-1ubuntu2 would make any difference, but the error persists.

  me@mbp:/usr/lib/x86_64-linux-gnu$ curl
  curl: error while loading shared libraries: libssl.so.1.0.0: cannot open 
shared object file: No such file or directory

  me@mbp:/usr/lib/x86_64-linux-gnu$ which curl
  /usr/bin/curl

  me@mbp:/usr/lib/x86_64-linux-gnu$ sudo dpkg -l | grep curl
  ii  curl
7.64.0-2ubuntu1.1   amd64command line tool for 
transferring data with URL syntax
  ii  libcurl3-gnutls:amd64   
7.64.0-2ubuntu1.1   amd64easy-to-use 
client-side URL transfer library (GnuTLS flavour)
  ii  libcurl4:amd64  
7.64.0-2ubuntu1.1   amd64easy-to-use 
client-side URL transfer library (OpenSSL flavour)
  ii  python3-pycurl  7.43.0.2-0.1  
  amd64Python bindings to libcurl (Python 3)

  me@mbp:/usr/lib/x86_64-linux-gnu$ sudo dpkg -l | grep ssl
  ii  android-libboringssl8.1.0+r23-2   
  amd64Google's internal fork of OpenSSL 
for the Android SDK
  rc  docbook-dsssl   1.79-9.1  
  all  modular DocBook DSSSL stylesheets, 
for print and HTML
  ii  libflac++6v5:amd64  1.3.2-3   
  amd64Free Lossless Audio Codec - C++ 
runtime library
  ii  libflac8:amd64  1.3.2-3   
  amd64Free Lossless Audio Codec - runtime 
C library
  ii  libflac8:i386   1.3.2-3   
  i386 Free Lossless Audio Codec - runtime 
C library
  ii  libio-socket-ssl-perl   2.060-3   
  all  Perl module implementing object 
oriented interface to SSL sockets
  ii  libnet-smtp-ssl-perl1.04-1
  all  Perl module providing SSL support to 
Net::SMTP
  ii  libnet-ssleay-perl  1.85-2ubuntu3 
  amd64Perl module for Secure Sockets Layer 
(SSL)
  ii  libssl-dev:amd64
1.1.1b-1ubuntu2.2   amd64Secure Sockets Layer 
toolkit - development files
  ii  libssl1.1:amd64 
1.1.1b-1ubuntu2.2   amd64Secure Sockets Layer 
toolkit - shared libraries
  ii  libssl1.1:i386  
1.1.1b-1ubuntu2.2   i386 Secure Sockets Layer 
toolkit - shared libraries
  ii  libwavpack1:amd64   
5.1.0-5ubuntu0.1amd64audio codec (lossy and 
lossless) - library
  ii  libwavpack1:i386
5.1.0-5ubuntu0.1

[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Francis Ginther
** Tags added: id-5d0269c526b1af4a5c615490

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server

2019-06-14 Thread Dimitri John Ledkov
** Description changed:

  [Impact]
  
-  * On desktop, upgrading libssl1.1 does not show reboot required
+  * On desktop, upgrading libssl1.1 does not show reboot required
  notification
  
  [Test Case]
  
-  * Boot ubuntu desktop
-  * Upgrade libssl1.1
-  * Observe reboot notification pop-up from update-notifier
+  * Boot ubuntu desktop
+  * Upgrade libssl1.1
+  * Observe reboot notification pop-up from update-notifier is _not_ shown
  
  [Regression Potential]
  
-  * Tweaking postinst only to correct for the Xorg path. Current code is
+  * Tweaking postinst only to correct for the Xorg path. Current code is
  innert, but is well excercised in prior releases.
  
  [Other Info]
-  
-  * Original bug report:
+ 
+  * Original bug report:
  
  Hello, the openssl library postinst file is using pidof /usr/bin/X, but
  that doesn't appear to be the path to the X11 server any more:
  
  debian/libssl1.1.postinst:
  
  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  /usr/share/update-notifier/notify-reboot-required
  fi
  
  On my 18.04 LTS laptop:
  
  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l
  
  Thanks
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832421

Title:
  openssl reboot needed message using incorrect path to X server

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  New
Status in openssl source package in Disco:
  New
Status in openssl source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

   * On desktop, upgrading libssl1.1 does not show reboot required
  notification

  [Test Case]

   * Boot ubuntu desktop
   * Upgrade libssl1.1
   * Observe reboot notification pop-up from update-notifier is _not_ shown

  [Regression Potential]

   * Tweaking postinst only to correct for the Xorg path. Current code
  is innert, but is well excercised in prior releases.

  [Other Info]

   * Original bug report:

  Hello, the openssl library postinst file is using pidof /usr/bin/X,
  but that doesn't appear to be the path to the X11 server any more:

  debian/libssl1.1.postinst:

  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  /usr/share/update-notifier/notify-reboot-required
  fi

  On my 18.04 LTS laptop:

  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832421] Re: openssl reboot needed message using incorrect path to X server

2019-06-14 Thread Dimitri John Ledkov
** Description changed:

+ [Impact]
+ 
+  * On desktop, upgrading libssl1.1 does not show reboot required
+ notification
+ 
+ [Test Case]
+ 
+  * Boot ubuntu desktop
+  * Upgrade libssl1.1
+  * Observe reboot notification pop-up from update-notifier
+ 
+ [Regression Potential]
+ 
+  * Tweaking postinst only to correct for the Xorg path. Current code is
+ innert, but is well excercised in prior releases.
+ 
+ [Other Info]
+  
+  * Original bug report:
+ 
  Hello, the openssl library postinst file is using pidof /usr/bin/X, but
  that doesn't appear to be the path to the X11 server any more:
  
  debian/libssl1.1.postinst:
  
- # Only issue the reboot notification for servers; we proxy this by
- # testing that the X server is not running (LP: #244250)
- if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
- /usr/share/update-notifier/notify-reboot-required
- fi
- 
+ # Only issue the reboot notification for servers; we proxy this by
+ # testing that the X server is not running (LP: #244250)
+ if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
+ /usr/share/update-notifier/notify-reboot-required
+ fi
  
  On my 18.04 LTS laptop:
  
  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l
  
  Thanks
  
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
-  TERM=rxvt-unicode-256color
-  PATH=(custom, no user)
-  XDG_RUNTIME_DIR=
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=rxvt-unicode-256color
+  PATH=(custom, no user)
+  XDG_RUNTIME_DIR=
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832421

Title:
  openssl reboot needed message using incorrect path to X server

Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  New
Status in openssl source package in Cosmic:
  New
Status in openssl source package in Disco:
  New
Status in openssl source package in Eoan:
  Fix Committed

Bug description:
  [Impact]

   * On desktop, upgrading libssl1.1 does not show reboot required
  notification

  [Test Case]

   * Boot ubuntu desktop
   * Upgrade libssl1.1
   * Observe reboot notification pop-up from update-notifier

  [Regression Potential]

   * Tweaking postinst only to correct for the Xorg path. Current code
  is innert, but is well excercised in prior releases.

  [Other Info]
   
   * Original bug report:

  Hello, the openssl library postinst file is using pidof /usr/bin/X,
  but that doesn't appear to be the path to the X11 server any more:

  debian/libssl1.1.postinst:

  # Only issue the reboot notification for servers; we proxy this by
  # testing that the X server is not running (LP: #244250)
  if ! pidof /usr/bin/X > /dev/null && [ -x 
/usr/share/update-notifier/notify-reboot-required ]; then
  /usr/share/update-notifier/notify-reboot-required
  fi

  On my 18.04 LTS laptop:

  $ ps auxw | grep Xorg
  root  2440  0.5  0.4 495932 78996 tty7 Rsl+ May10 264:45 
/usr/lib/xorg/Xorg :0 vt7 -nolisten tcp -auth /var/l

  Thanks

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Tue Jun 11 18:06:51 2019
  InstallationDate: Installed on 2012-10-18 (2427 days ago)
  InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 
(20120823.1)
  ProcEnviron:
   TERM=rxvt-unicode-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-05-02 (406 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832421/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : 

[Touch-packages] [Bug 1832834] [NEW] Irregular system freezes after updating to 1.1.1b-1ubuntu2.2

2019-06-14 Thread Markus Birth
Public bug reported:

Yesterday, I've updated openssl on my Raspberry Pi 3B+ running disco
arm64 from 1.1.1b-1ubuntu2.1 to 1.1.1b-1ubuntu2.2 . That was at 10:41
CEST. About 12:36 the system froze. I was able to reset the system at
around 17:17. It froze again at around 17:55. Reset it again 19:09,
froze again 00:15.

Freeze = solid green "busy" light and doesn't answer to anything. Since
it's a headless system, I only have the logfiles but they don't show
anything obvious.

At 01:06, I've downgraded back to 1.1.1b-1ubuntu2.1 and didn't have ANY
freeze at all since then (13:13 now here).

The system is running ejabberd, SyncThing and a few more programs, that
make heavy use of OpenSSL.

** Affects: openssl (Ubuntu)
 Importance: Undecided
 Status: New

** Description changed:

  Yesterday, I've updated openssl on my Raspberry Pi 3B+ running disco
  arm64 from 1.1.1b-1ubuntu2.1 to 1.1.1b-1ubuntu2.2 . That was at 10:41
  CEST. About 12:36 the system froze. I was able to reset the system at
  around 17:17. It froze again at around 17:55. Reset it again 19:09,
  froze again 00:15.
  
  Freeze = solid green "busy" light and doesn't answer to anything. Since
  it's a headless system, I only have the logfiles but they don't show
  anything obvious.
  
  At 01:06, I've downgraded back to 1.1.1b-1ubuntu2.1 and didn't have ANY
- freeze at all since then.
+ freeze at all since then (13:13 now here).
  
  The system is running ejabberd, SyncThing and a few more programs, that
  make heavy use of OpenSSL.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832834

Title:
  Irregular system freezes after updating to 1.1.1b-1ubuntu2.2

Status in openssl package in Ubuntu:
  New

Bug description:
  Yesterday, I've updated openssl on my Raspberry Pi 3B+ running disco
  arm64 from 1.1.1b-1ubuntu2.1 to 1.1.1b-1ubuntu2.2 . That was at 10:41
  CEST. About 12:36 the system froze. I was able to reset the system at
  around 17:17. It froze again at around 17:55. Reset it again 19:09,
  froze again 00:15.

  Freeze = solid green "busy" light and doesn't answer to anything.
  Since it's a headless system, I only have the logfiles but they don't
  show anything obvious.

  At 01:06, I've downgraded back to 1.1.1b-1ubuntu2.1 and didn't have
  ANY freeze at all since then (13:13 now here).

  The system is running ejabberd, SyncThing and a few more programs,
  that make heavy use of OpenSSL.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832834/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1829566] Re: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns

2019-06-14 Thread mzmrk
Some clarification:
1. dns-priority=-1 used to work (openvpn had highest DNS priority over other 
connections) before the regression happend.
2. I rebooted my system after changing config to dns-search=~

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1829566

Title:
  network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured
  dns

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Bionic:
  Triaged

Bug description:
  On 18.04.2 the `upgrade network-manager:amd64 1.10.6-2ubuntu1.1
  1.10.14-0ubuntu2` lead to scoped DNS servers defined in
  `/etc/systemd/resolved.conf.d/*.conf` being ignored.

  Downgrading with `sudo apt-get install network-
  manager=1.10.6-2ubuntu1.1` has resolved the issue for now.

  Example systemd-resolved conf:

  [Resolve]
  Cache=no
  DNS=127.0.0.54
  Domains=~.local.org.com

  Where 127.0.0.54:53 is bound to a dnsmasq server capable of resolving
  queries in that subdomain.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1829566/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1829566] Re: network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured dns

2019-06-14 Thread mzmrk
I have some extra information that might lead you into the right
direction.

I used the following extra line in my openvpn connection config file 
(/etc/NetworkManager/system-connections/vpn_connection_name):
[ipv4]
dns-priority=-1

After the update DNS received from OpenVPN connection was not respected
anymore.

Today I replaced that line with the following: 
[ipv4]
dns-search=~

with following versions:
network-manager: 1.10.14-0ubuntu2
systemd: 237-3ubuntu10.22

Now my DNS is correctly updated after connecting to OpenVPN.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1829566

Title:
  network-manager 1.10.14-0ubuntu2 ignores systemd-resolved configured
  dns

Status in network-manager package in Ubuntu:
  Triaged
Status in network-manager source package in Bionic:
  Triaged

Bug description:
  On 18.04.2 the `upgrade network-manager:amd64 1.10.6-2ubuntu1.1
  1.10.14-0ubuntu2` lead to scoped DNS servers defined in
  `/etc/systemd/resolved.conf.d/*.conf` being ignored.

  Downgrading with `sudo apt-get install network-
  manager=1.10.6-2ubuntu1.1` has resolved the issue for now.

  Example systemd-resolved conf:

  [Resolve]
  Cache=no
  DNS=127.0.0.54
  Domains=~.local.org.com

  Where 127.0.0.54:53 is bound to a dnsmasq server capable of resolving
  queries in that subdomain.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1829566/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Dimitri John Ledkov
** Patch added: "reorder-tls1.3-ciphersuites.patch"
   
https://bugs.launchpad.net/ubuntu/bionic/+source/openssl/+bug/1832370/+attachment/5270754/+files/reorder-tls1.3-ciphersuites.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Dimitri John Ledkov
I have started bionic lxd container with nginx and snakeoil
certificates.

# patch /etc/ssl/openssl.cnf cap-to-tls1.2.patch 
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 353 (offset 2 lines).
# systemctl restart nginx

And connect from the host system which has stock openssl.cnf

$ openssl s_client [fd42:3fcc:8a27:4e69:216:3eff:fe4c:5b9e]:443 | grep -e 
Protocol -e Cipher
Can't use SSL_get_servername
depth=0 CN = nearby-osprey.lxd
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = nearby-osprey.lxd
verify return:1
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Protocol  : TLSv1.2
Cipher: ECDHE-RSA-AES256-GCM-SHA384
^C

Back in the container

# patch -R /etc/ssl/openssl.cnf cap-to-tls1.2.patch 
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 350 (offset 2 lines).

# patch /etc/ssl/openssl.cnf reorder-tls1.3-ciphersuites.patch 
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 353 (offset 2 lines).
# systemctl restart nginx

Connecting to the container again externally:
$ openssl s_client [fd42:3fcc:8a27:4e69:216:3eff:fe4c:5b9e]:443 | grep -e 
Protocol -e Cipher
Can't use SSL_get_servername
depth=0 CN = nearby-osprey.lxd
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = nearby-osprey.lxd
verify return:1
New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
^C

# patch -R /etc/ssl/openssl.cnf reorder-tls1.3-ciphersuites.patch 
patching file /etc/ssl/openssl.cnf
Hunk #1 succeeded at 16 (offset 1 line).
Hunk #2 succeeded at 350 (offset 2 lines).
# systemctl restart nginx


So using the above patches to openssl.cnf I was able to reorder chipersuites of 
stock bionic nginx, and cap to TLSv1.2.

So with attached

** Changed in: openssl (Ubuntu Bionic)
   Status: New => Incomplete

** Changed in: openssl (Ubuntu Disco)
   Status: New => Incomplete

** Changed in: openssl (Ubuntu Cosmic)
   Status: New => Incomplete

** Changed in: openssl (Ubuntu Eoan)
 Assignee: Dimitri John Ledkov (xnox) => (unassigned)

** Changed in: openssl (Ubuntu Eoan)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: 

[Touch-packages] [Bug 1832370] Re: Unable to configure or disable TLS 1.3 via openssl.cnf

2019-06-14 Thread Dimitri John Ledkov
** Patch added: "cap-to-tls1.2.patch"
   
https://bugs.launchpad.net/ubuntu/bionic/+source/openssl/+bug/1832370/+attachment/5270755/+files/cap-to-tls1.2.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832370

Title:
  Unable to configure or disable TLS 1.3 via openssl.cnf

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Bionic:
  Incomplete
Status in openssl source package in Cosmic:
  Incomplete
Status in openssl source package in Disco:
  Incomplete
Status in openssl source package in Eoan:
  Incomplete

Bug description:
  [Description]

  Since OpenSSL 1.1.1 was backported to Bionic, some (all?) applications
  gained access to TLS 1.3 by default. The applications that were not
  rebuilt against OpenSSL 1.1.1 can't tune the TLS 1.3 settings
  (protocol, ciphersuites selection, ciphersuites order) like it's
  possible with 1.2 and below. As such, one should turn to configuring
  /etc/ssl/openssl.cnf to alter TLS 1.3 settings.

  Here is how I'd expect to be able to turn off TLS 1.3:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:15:23.805113804 -0400
  @@ -12,6 +12,16 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +MaxProtocol = TLSv1.2
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  This doesn't work as 'openssl s_client -connect
  rproxy.sdeziel.info:443' negotiates TLS 1.3 with
  TLS_AES_256_GCM_SHA384.

  
  Similarly, trying to change the 'Ciphers' or the 'Ciphersuites' list with:

  # diff -Naur /etc/ssl/openssl.cnf{.orig,}
  --- /etc/ssl/openssl.cnf.orig 2019-06-11 10:33:02.330143086 -0400
  +++ /etc/ssl/openssl.cnf  2019-06-11 11:37:23.362889367 -0400
  @@ -12,6 +12,17 @@
   HOME = .
   RANDFILE = $ENV::HOME/.rnd
   
  +ssl_conf = ssl_sect
  +
  +[ssl_sect]
  +
  +system_default = system_default_sect
  +
  +[system_default_sect]
  +
  +Ciphers = TLS_AES_128_GCM_SHA256
  +Ciphersuites = TLS_AES_128_GCM_SHA256
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file= $ENV::HOME/.oid
   oid_section  = new_oids

  Doesn't work as s_client keeps negotiating TLS 1.3 with
  TLS_AES_256_GCM_SHA384 (!= 128)

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-51.55-generic 4.15.18
  Uname: Linux 4.15.0-51-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Jun 11 11:22:47 2019
  InstallationDate: Installed on 2018-07-15 (331 days ago)
  InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180714)
  ProcEnviron:
   LANG=en_CA.UTF-8
   TERM=xterm-256color
   SHELL=/bin/bash
   XDG_RUNTIME_DIR=
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1832822] [NEW] functionality stopped working (extra new_oids policy)

2019-06-14 Thread Gerben
Public bug reported:

Unable to generate certificate request targeting new_oids policy.

It used to work on this machine, looks like openssl got updated just few
days ago: 12-06-2019

The command and exit result:
gge@itstools-04:~/ssl_ownca/direct_1$ openssl req -new -key direct_1.key -out 
direct_1.csr -subj '/2.5.4.97=direct_1/O=Sample Direct 
1/C=NL/ST=NorthHolland/L=Amsterdam/CN=direct_1.sample.net'problem creating 
object psd2=2.5.4.97
140648544747968:error:08064066:object identifier routines:OBJ_create:oid 
exists:../crypto/objects/obj_dat.c:709:
gge@itstools-04:~/ssl_ownca/direct_1$ echo $?
1

No CSR file is produced
(openssl1.1.1-1ubuntu2.1~18.04.1)


re-playing this on different machines provides correct results:
  fresh unupdated ubuntu-18.04.1-live-server-amd64.iso install:  openssl   
1.1.0g-2ubuntu4.1
  old unupdated CentOS release 6.10 (Final):  openssl-1.0.1e-57.el6.x86_64

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssl 1.1.1-1ubuntu2.1~18.04.1
ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
Uname: Linux 4.15.0-50-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
Date: Fri Jun 14 10:00:10 2019
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
 TERM=xterm
 PATH=(custom, no user)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.ssl.openssl.cnf: 2019-06-14T09:29:39.313665

** Affects: openssl (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug bionic uec-images

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832822

Title:
  functionality stopped working (extra new_oids policy)

Status in openssl package in Ubuntu:
  New

Bug description:
  Unable to generate certificate request targeting new_oids policy.

  It used to work on this machine, looks like openssl got updated just
  few days ago: 12-06-2019

  The command and exit result:
  gge@itstools-04:~/ssl_ownca/direct_1$ openssl req -new -key direct_1.key -out 
direct_1.csr -subj '/2.5.4.97=direct_1/O=Sample Direct 
1/C=NL/ST=NorthHolland/L=Amsterdam/CN=direct_1.sample.net'problem creating 
object psd2=2.5.4.97
  140648544747968:error:08064066:object identifier routines:OBJ_create:oid 
exists:../crypto/objects/obj_dat.c:709:
  gge@itstools-04:~/ssl_ownca/direct_1$ echo $?
  1

  No CSR file is produced
  (openssl1.1.1-1ubuntu2.1~18.04.1)

  
  re-playing this on different machines provides correct results:
fresh unupdated ubuntu-18.04.1-live-server-amd64.iso install:  openssl   
1.1.0g-2ubuntu4.1
old unupdated CentOS release 6.10 (Final):  openssl-1.0.1e-57.el6.x86_64

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.1
  ProcVersionSignature: Ubuntu 4.15.0-50.54-generic 4.15.18
  Uname: Linux 4.15.0-50-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  Date: Fri Jun 14 10:00:10 2019
  ProcEnviron:
   LANG=en_US.UTF-8
   SHELL=/bin/bash
   TERM=xterm
   PATH=(custom, no user)
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.ssl.openssl.cnf: 2019-06-14T09:29:39.313665

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832822/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp