[Touch-packages] [Bug 1827417] Re: Ubuntu 16.04 - EMU10K1 / CT4832 lost ability to listen stereo on headphones - there is upmixed surround only.
Sorry for the late reply. Have you tried latest latest Ubuntu ISO? http://cdimages.ubuntu.com/daily-live/current/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1827417 Title: Ubuntu 16.04 - EMU10K1 / CT4832 lost ability to listen stereo on headphones - there is upmixed surround only. Status in linux package in Ubuntu: Expired Status in pulseaudio package in Ubuntu: Expired Bug description: Hello, I have a problem - after one of the updates (sorry for being not precise - I can only track it back to the time I have been surely listening something on headphones - it has to be beginning of this year because last time I have been listening more on my SB Live for sure was in last one-two weeks of February 2019 - I have suddenly lost "stereo" on my headphones. I have speakers connected to on-board sound card and headphones connected to SB Live Value for few years, so I did not mess with outputs or something - one day I changed Audacious output to SbLive in pavucontrol (as usually) and that time the sound was weirdly filtered. I have found that this must be "surround upmix" which I do not need and tried to disable it, enable-remixing = no and the same for "LFE remixing" in /etc/pulse/daemon.conf did not work. It does not matter what configuration I choose in pavucontrol- analog stereo duplex, "analog stereo output", "Analog surround 5.1" or 4.1 - for all "Analog output" scenarios the output is the same except for "mono" (no sound at all). I have tried do "skip" pulseaudio choosing "ALSA" output in Audacious + the alsa configuration for stereo but the upmix is still present. I have followed the old thread in Launchpad Answers: https://answers.launchpad.net/ubuntu/+source/alsa-driver/+question/169428 = Hello, i'm on ubuntu 16.04LTS (AMD64, with emu10k1 based soundcard) and since the last update I have similar problem - I have lost ability to listen stereo music on my Soundblaster Live Value (i use earphones). Even system sounds , web browser content and mp3 files are up-mixed. Few days ago it was no problem to choose "analag stereo output" in pavucontrol, now it seems that at this output have rear surround channel only (as I suppose, there is "stereo" but vocals are like heard from the other room and there is sometimes reverb as in the bathroom) :/. I had tried adding "set enable-remixing=no" in both /etc/pulse/daemon.conf and in the home directory configuration file without success. I have purged pulseaudio but with the ALSA there is the same problem, I have tried purging alsa and reinstalling without effect. So i thought that it can be emu10k1 driver specific, after digging in the network for solutions I have had tried adding "hint.emu10kx.0.multichannel_disabled " to the module configuration file without visible (or rather soundible ;) effect. I have tried to check EMU10K1 configuration with aweset, but it gives error message, so maybe the bad magic sits somewhere around? aweset /dev/sequencer: No such file or directory Once again - everything worked fine until the last update. I use xubuntu desktop as my machine is quite old, in despair I have installed unity to find the sound settings / speaker configuration etc and button to "disable all effects" as I have seen somewhere, but there were no such options. Help me Obi Wan Kenobi, you're my only hope... = I have next tried to follow the path from ubuntu sound troubleshooting guide, I have purged everything, installed back and now I'm here again with this "upmix" on SBLive! Value. Thanks in advance for help :) Tom --- ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 CurrentDesktop: XFCE DistroRelease: Ubuntu 16.04 HibernationDevice: RESUME=UUID=654027ee-6ab0-41ba-8537-452da07cda0e InstallationDate: Installed on 2011-10-07 (2765 days ago) InstallationMedia: Ubuntu 10.04.3 LTS "Lucid Lynx" - Release amd64 (20110720.1) IwConfig: lono wireless extensions. lxcbr0no wireless extensions. eth0 no wireless extensions. MachineType: Gigabyte Technology Co., Ltd. M68MT-S2 Package: pulseaudio 1:8.0-0ubuntu3.10 PackageArchitecture: amd64 ProcFB: 0 nouveaufb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-146-generic root=UUID=4559c496-f083-41a2-ad7c-1e03334389fd ro plymouth usbcore.autosuspend=-1 ProcVersionSignature: Ubuntu 4.4.0-146.172-generic 4.4.177 RelatedPackageVersions: linux-restricted-modules-4.4.0-146-generic N/A linux-backports-modules-4.4.0-146-generic N/A linux-firmware 1.157.21 RfKill: Tags: xenial third-party-packages xenial Uname: Linux 4.4.0-146-generic x86_64 UpgradeStatus: Upgraded to xenial on
[Touch-packages] [Bug 1820203] Re: [MIR] libpgm as dependency of mailman3
After evaluating dependencies, required further changes and mostly maintainability for security and packaging it was decided there are too many concerns - not about any single package in particular, but the overall Mailman3 stack - about the ability to maintain and monitor it as well as we need it for support in main. We have closed the primary LP bug already, the MIRs that are already approved will stay that way, but we will make no seed change to pull things in for now. Yet if other needs come up for those they have a prepared MIR already. Other bugs - like this one - which are not yet completed in terms of review will be closed as Won't Fix. Even thou it ended being aborted, I think that is a valid outcome of the MIR evaluations. Never the less I want to thank everybody involved for all the work spent in what was nearly a year working through these MIRs. ** Changed in: libpgm (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libpgm in Ubuntu. https://bugs.launchpad.net/bugs/1820203 Title: [MIR] libpgm as dependency of mailman3 Status in libpgm package in Ubuntu: Won't Fix Bug description: [Availability] The package is already universe for quite a while and build/works fine so far. It is for example already used for https://lists.canonical.com/mailman3/postorius/lists/ OTOH it is a library that can/could be used for much more than just the mailman3 stack. It builds on all architectures (arch:any) [Security] No known CVEs found. The protocol had some issues a few years ago and related issues in Cisco/Microsoft products, but I found no open issues in the package. => https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pgm [Quality assurance] As part of the mailman3 stacks as of now (Disco) this installs fine and works fine. On itself it is useful to (many) other dependencies and does not need a post install configuration on its own. The package does not ask debconf questions. One known bug in each of Ubuntu and Debian. - The Ubunut bug is outdated and should be ok with 5.2 which we have. - The Debian bug is only important for solaris builds Upstream has 16 open and 27 closed issues - nothing very severe for our intentions. The package seems get updates by Debian as needed. But upstream seems to have stopped releasing after 2012. => https://github.com/steve-o/openpgm/releases After talking with one of the uploaders it became clear that they still work on master and fixes can be pulled from there as needed. https://github.com/steve-o/openpgm/commits/master No exotic HW involved. There are some tests in ./openpgm/pgm/test/ and ./openpgm/pgm/*_unittest.c but dh_auto_test isn't catching them. OTOH I can't even guarantee they would be usable, but TL;DR no build time tests run. d/watch is set up and ok. gNo Lintian warning except newer Standards/Compat versions and no HTTPS links uses or GPG checks - nothing severe. The package does not rely on demoted or obsolete packages. The Scons build system is a pain, but it seems to work as packaged by Debian so no complains. No new gt2k dependencies As mentioned the package itself might be abandoned/orphaned by upstream [UI standards] It uses i18n from gi18n-lib to provide the infrastructure, but I found no translations so far. But that is ok as this is a low level library without (a lot) of user visible strings - no translations (needed). No End-user applications that needs a standard conformant desktop file. [Dependencies] Some dependencies are not in main, but we drive MIR for all related packages that are not in main at the same time. Please check the list of bugs from the main Mailman3 MIR in bug 1775427 to get an overview. [Standards compliance] The package meets the FHS and Debian Policy standards. The packaging itself is very straight forward and uses dh_* as much as possible - the d/rules fits on one screen. [Maintenance] The Server team will subscribe for the package for maintenance, but in general it seems low on updates and currently is a sync from Debian. [Background] The package description explains the general purpose and context of the package well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpgm/+bug/1820203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1827417] Re: Ubuntu 16.04 - EMU10K1 / CT4832 lost ability to listen stereo on headphones - there is upmixed surround only.
[Expired for pulseaudio (Ubuntu) because there has been no activity for 60 days.] ** Changed in: pulseaudio (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1827417 Title: Ubuntu 16.04 - EMU10K1 / CT4832 lost ability to listen stereo on headphones - there is upmixed surround only. Status in linux package in Ubuntu: Expired Status in pulseaudio package in Ubuntu: Expired Bug description: Hello, I have a problem - after one of the updates (sorry for being not precise - I can only track it back to the time I have been surely listening something on headphones - it has to be beginning of this year because last time I have been listening more on my SB Live for sure was in last one-two weeks of February 2019 - I have suddenly lost "stereo" on my headphones. I have speakers connected to on-board sound card and headphones connected to SB Live Value for few years, so I did not mess with outputs or something - one day I changed Audacious output to SbLive in pavucontrol (as usually) and that time the sound was weirdly filtered. I have found that this must be "surround upmix" which I do not need and tried to disable it, enable-remixing = no and the same for "LFE remixing" in /etc/pulse/daemon.conf did not work. It does not matter what configuration I choose in pavucontrol- analog stereo duplex, "analog stereo output", "Analog surround 5.1" or 4.1 - for all "Analog output" scenarios the output is the same except for "mono" (no sound at all). I have tried do "skip" pulseaudio choosing "ALSA" output in Audacious + the alsa configuration for stereo but the upmix is still present. I have followed the old thread in Launchpad Answers: https://answers.launchpad.net/ubuntu/+source/alsa-driver/+question/169428 = Hello, i'm on ubuntu 16.04LTS (AMD64, with emu10k1 based soundcard) and since the last update I have similar problem - I have lost ability to listen stereo music on my Soundblaster Live Value (i use earphones). Even system sounds , web browser content and mp3 files are up-mixed. Few days ago it was no problem to choose "analag stereo output" in pavucontrol, now it seems that at this output have rear surround channel only (as I suppose, there is "stereo" but vocals are like heard from the other room and there is sometimes reverb as in the bathroom) :/. I had tried adding "set enable-remixing=no" in both /etc/pulse/daemon.conf and in the home directory configuration file without success. I have purged pulseaudio but with the ALSA there is the same problem, I have tried purging alsa and reinstalling without effect. So i thought that it can be emu10k1 driver specific, after digging in the network for solutions I have had tried adding "hint.emu10kx.0.multichannel_disabled " to the module configuration file without visible (or rather soundible ;) effect. I have tried to check EMU10K1 configuration with aweset, but it gives error message, so maybe the bad magic sits somewhere around? aweset /dev/sequencer: No such file or directory Once again - everything worked fine until the last update. I use xubuntu desktop as my machine is quite old, in despair I have installed unity to find the sound settings / speaker configuration etc and button to "disable all effects" as I have seen somewhere, but there were no such options. Help me Obi Wan Kenobi, you're my only hope... = I have next tried to follow the path from ubuntu sound troubleshooting guide, I have purged everything, installed back and now I'm here again with this "upmix" on SBLive! Value. Thanks in advance for help :) Tom --- ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 CurrentDesktop: XFCE DistroRelease: Ubuntu 16.04 HibernationDevice: RESUME=UUID=654027ee-6ab0-41ba-8537-452da07cda0e InstallationDate: Installed on 2011-10-07 (2765 days ago) InstallationMedia: Ubuntu 10.04.3 LTS "Lucid Lynx" - Release amd64 (20110720.1) IwConfig: lono wireless extensions. lxcbr0no wireless extensions. eth0 no wireless extensions. MachineType: Gigabyte Technology Co., Ltd. M68MT-S2 Package: pulseaudio 1:8.0-0ubuntu3.10 PackageArchitecture: amd64 ProcFB: 0 nouveaufb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-146-generic root=UUID=4559c496-f083-41a2-ad7c-1e03334389fd ro plymouth usbcore.autosuspend=-1 ProcVersionSignature: Ubuntu 4.4.0-146.172-generic 4.4.177 RelatedPackageVersions: linux-restricted-modules-4.4.0-146-generic N/A linux-backports-modules-4.4.0-146-generic N/A linux-firmware 1.157.21 RfKill: Tags: xenial third-party-packages xenial Uname: Linux 4.4.0-146-generic x86_64
[Touch-packages] [Bug 1827417] Re: Ubuntu 16.04 - EMU10K1 / CT4832 lost ability to listen stereo on headphones - there is upmixed surround only.
[Expired for linux (Ubuntu) because there has been no activity for 60 days.] ** Changed in: linux (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1827417 Title: Ubuntu 16.04 - EMU10K1 / CT4832 lost ability to listen stereo on headphones - there is upmixed surround only. Status in linux package in Ubuntu: Expired Status in pulseaudio package in Ubuntu: Expired Bug description: Hello, I have a problem - after one of the updates (sorry for being not precise - I can only track it back to the time I have been surely listening something on headphones - it has to be beginning of this year because last time I have been listening more on my SB Live for sure was in last one-two weeks of February 2019 - I have suddenly lost "stereo" on my headphones. I have speakers connected to on-board sound card and headphones connected to SB Live Value for few years, so I did not mess with outputs or something - one day I changed Audacious output to SbLive in pavucontrol (as usually) and that time the sound was weirdly filtered. I have found that this must be "surround upmix" which I do not need and tried to disable it, enable-remixing = no and the same for "LFE remixing" in /etc/pulse/daemon.conf did not work. It does not matter what configuration I choose in pavucontrol- analog stereo duplex, "analog stereo output", "Analog surround 5.1" or 4.1 - for all "Analog output" scenarios the output is the same except for "mono" (no sound at all). I have tried do "skip" pulseaudio choosing "ALSA" output in Audacious + the alsa configuration for stereo but the upmix is still present. I have followed the old thread in Launchpad Answers: https://answers.launchpad.net/ubuntu/+source/alsa-driver/+question/169428 = Hello, i'm on ubuntu 16.04LTS (AMD64, with emu10k1 based soundcard) and since the last update I have similar problem - I have lost ability to listen stereo music on my Soundblaster Live Value (i use earphones). Even system sounds , web browser content and mp3 files are up-mixed. Few days ago it was no problem to choose "analag stereo output" in pavucontrol, now it seems that at this output have rear surround channel only (as I suppose, there is "stereo" but vocals are like heard from the other room and there is sometimes reverb as in the bathroom) :/. I had tried adding "set enable-remixing=no" in both /etc/pulse/daemon.conf and in the home directory configuration file without success. I have purged pulseaudio but with the ALSA there is the same problem, I have tried purging alsa and reinstalling without effect. So i thought that it can be emu10k1 driver specific, after digging in the network for solutions I have had tried adding "hint.emu10kx.0.multichannel_disabled " to the module configuration file without visible (or rather soundible ;) effect. I have tried to check EMU10K1 configuration with aweset, but it gives error message, so maybe the bad magic sits somewhere around? aweset /dev/sequencer: No such file or directory Once again - everything worked fine until the last update. I use xubuntu desktop as my machine is quite old, in despair I have installed unity to find the sound settings / speaker configuration etc and button to "disable all effects" as I have seen somewhere, but there were no such options. Help me Obi Wan Kenobi, you're my only hope... = I have next tried to follow the path from ubuntu sound troubleshooting guide, I have purged everything, installed back and now I'm here again with this "upmix" on SBLive! Value. Thanks in advance for help :) Tom --- ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 CurrentDesktop: XFCE DistroRelease: Ubuntu 16.04 HibernationDevice: RESUME=UUID=654027ee-6ab0-41ba-8537-452da07cda0e InstallationDate: Installed on 2011-10-07 (2765 days ago) InstallationMedia: Ubuntu 10.04.3 LTS "Lucid Lynx" - Release amd64 (20110720.1) IwConfig: lono wireless extensions. lxcbr0no wireless extensions. eth0 no wireless extensions. MachineType: Gigabyte Technology Co., Ltd. M68MT-S2 Package: pulseaudio 1:8.0-0ubuntu3.10 PackageArchitecture: amd64 ProcFB: 0 nouveaufb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-146-generic root=UUID=4559c496-f083-41a2-ad7c-1e03334389fd ro plymouth usbcore.autosuspend=-1 ProcVersionSignature: Ubuntu 4.4.0-146.172-generic 4.4.177 RelatedPackageVersions: linux-restricted-modules-4.4.0-146-generic N/A linux-backports-modules-4.4.0-146-generic N/A linux-firmware 1.157.21 RfKill: Tags: xenial third-party-packages xenial Uname: Linux 4.4.0-146-generic x86_64
[Touch-packages] [Bug 1835118] Re: i don't know
Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately, we cannot work on this bug because your description didn't include enough information. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. We'd be grateful if you would then provide a more complete description of the problem. We have instructions on debugging some types of problems at http://wiki.ubuntu.com/DebuggingProcedures. At a minimum, we need: 1. The specific steps or actions you took that caused you to encounter the problem. 2. The behavior you expected. 3. The behavior you actually encountered (in as much detail as possible). Thanks! ** Package changed: xorg (Ubuntu) => ubuntu ** Changed in: ubuntu Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1835118 Title: i don't know Status in Ubuntu: Incomplete Bug description: system doesn't work properly ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: xorg 1:7.7+19ubuntu7.1 ProcVersionSignature: Ubuntu 4.8.0-36.36~16.04.1-generic 4.8.11 Uname: Linux 4.8.0-36-generic x86_64 .tmp.unity_support_test.0: ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: None Date: Tue Jul 2 21:26:42 2019 DistUpgraded: 2019-05-20 17:28:18,104 DEBUG icon theme changed, re-reading DistroCodename: bionic DistroVariant: ubuntu DpkgLog: ExtraDebuggingInterest: Yes, if not too technical GraphicsCard: Intel Corporation HD Graphics 5500 [8086:1616] (rev 09) (prog-if 00 [VGA controller]) Subsystem: Dell HD Graphics 5500 [1028:06ae] Subsystem: Dell GK208BM [GeForce 920M] [1028:06ae] InstallationDate: Installed on 2019-05-20 (43 days ago) InstallationMedia: Ubuntu 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.2) MachineType: Dell Inc. Inspiron 5558 ProcEnviron: PATH=(custom, no user) LANG=pl_PL.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.8.0-36-generic root=UUID=6785a890-123c-4cfb-a3dc-60056c9c2ac3 ro drm.debug=0xe plymouth:debug SourcePackage: xorg UpgradeStatus: Upgraded to bionic on 2019-05-20 (43 days ago) dmi.bios.date: 02/09/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A01 dmi.board.name: 086DKN dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA01:bd02/09/2015:svnDellInc.:pnInspiron5558:pvr01:rvnDellInc.:rn086DKN:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: Inspiron 5558 dmi.product.version: 01 dmi.sys.vendor: Dell Inc. version.compiz: compiz 1:0.9.13.1+18.04.20180302-0ubuntu1 version.libdrm2: libdrm2 2.4.95-1~18.04.1 version.libgl1-mesa-dri: libgl1-mesa-dri 18.2.8-0ubuntu0~18.04.2 version.libgl1-mesa-glx: libgl1-mesa-glx 18.2.8-0ubuntu0~18.04.2 version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4.3 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.5-1ubuntu1 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20171229-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2 xserver.bootTime: Mon May 20 15:28:01 2019 xserver.configfile: default xserver.errors: Failed to load module "nvidia" (module does not exist, 0) Failed to load module "nvidia" (module does not exist, 0) NOUVEAU(G0): [XvMC] Failed to initialize extension. xserver.logfile: /var/log/Xorg.0.log xserver.version: 2:1.18.4-1ubuntu6.1~16.04.1 xserver.video_driver: modeset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/1835118/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1820203] Re: [MIR] libpgm as dependency of mailman3
** Changed in: libpgm (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libpgm in Ubuntu. https://bugs.launchpad.net/bugs/1820203 Title: [MIR] libpgm as dependency of mailman3 Status in libpgm package in Ubuntu: New Bug description: [Availability] The package is already universe for quite a while and build/works fine so far. It is for example already used for https://lists.canonical.com/mailman3/postorius/lists/ OTOH it is a library that can/could be used for much more than just the mailman3 stack. It builds on all architectures (arch:any) [Security] No known CVEs found. The protocol had some issues a few years ago and related issues in Cisco/Microsoft products, but I found no open issues in the package. => https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pgm [Quality assurance] As part of the mailman3 stacks as of now (Disco) this installs fine and works fine. On itself it is useful to (many) other dependencies and does not need a post install configuration on its own. The package does not ask debconf questions. One known bug in each of Ubuntu and Debian. - The Ubunut bug is outdated and should be ok with 5.2 which we have. - The Debian bug is only important for solaris builds Upstream has 16 open and 27 closed issues - nothing very severe for our intentions. The package seems get updates by Debian as needed. But upstream seems to have stopped releasing after 2012. => https://github.com/steve-o/openpgm/releases After talking with one of the uploaders it became clear that they still work on master and fixes can be pulled from there as needed. https://github.com/steve-o/openpgm/commits/master No exotic HW involved. There are some tests in ./openpgm/pgm/test/ and ./openpgm/pgm/*_unittest.c but dh_auto_test isn't catching them. OTOH I can't even guarantee they would be usable, but TL;DR no build time tests run. d/watch is set up and ok. gNo Lintian warning except newer Standards/Compat versions and no HTTPS links uses or GPG checks - nothing severe. The package does not rely on demoted or obsolete packages. The Scons build system is a pain, but it seems to work as packaged by Debian so no complains. No new gt2k dependencies As mentioned the package itself might be abandoned/orphaned by upstream [UI standards] It uses i18n from gi18n-lib to provide the infrastructure, but I found no translations so far. But that is ok as this is a low level library without (a lot) of user visible strings - no translations (needed). No End-user applications that needs a standard conformant desktop file. [Dependencies] Some dependencies are not in main, but we drive MIR for all related packages that are not in main at the same time. Please check the list of bugs from the main Mailman3 MIR in bug 1775427 to get an overview. [Standards compliance] The package meets the FHS and Debian Policy standards. The packaging itself is very straight forward and uses dh_* as much as possible - the d/rules fits on one screen. [Maintenance] The Server team will subscribe for the package for maintenance, but in general it seems low on updates and currently is a sync from Debian. [Background] The package description explains the general purpose and context of the package well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpgm/+bug/1820203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1828720] Re: eog (Ubuntu image viewer) consumes all memory when opening a tiff file
** Changed in: gdk-pixbuf Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1828720 Title: eog (Ubuntu image viewer) consumes all memory when opening a tiff file Status in gdk-pixbuf: New Status in gdk-pixbuf package in Ubuntu: Triaged Bug description: The ImageViewer app (/usr/bin/eog) will go into a loop if a TIFF files are opened. Any TIFF file can cause a loop even if less than 1MB in size, so it seems that the program is encountering an internal issue with the TIFF format. The loop quickly consumes all free memory and locks up the machine (I do not have any swap). Steps to reproduce: * open any TIFF file using ImageViewer, the default image file handler. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: eog 3.28.1-1 ProcVersionSignature: Ubuntu 4.15.0-48.51-generic 4.15.18 Uname: Linux 4.15.0-48-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sun May 12 11:11:02 2019 InstallationDate: Installed on 2015-02-21 (1540 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) SourcePackage: eog UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/gdk-pixbuf/+bug/1828720/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835135] [NEW] FIPS OpenSSL crashes Python2 hashlib
Public bug reported: If Ubuntu/Canonical's FIPS-compliant OpenSSL is initialized with SSL_library_init, then Python2's hashlib bindings for MD5 can trigger a SIGSEGV via a NULL pointer dereference (if calling the .update method) or a SIGABRT (if passing input to the constructor or passing no input and invoking the .final method). This happens if, for example, PyOpenSSL is imported before hashlib. Canonical's FIPS patches for OpenSSL introduce some odd behavior that arguably should be revisited, but the (TL;DR) core bug is that Python2 hashlib doesn't properly check the return value of EVP_DigestInit, preventing hashlib from falling back to it's internal MD5 implementation and instead setting things up for use of the MD5 context to trigger SIGSEGV or SIGABRT. Python3 correctly checks the return value, so the fix is to backport the relevant code into Python2 (see python2.7-2.7.12/Modules/_hashopenssl.c). See attached good.py and bad.py files which exhibit the import order- dependent crashing issue. See attached fips-md5-python-init-bug.c which shows the FIPS OpenSSL behaviors that conditionally tickle the Python2 bug. The C file also contains a much more detailed description of the Python2 bug and other behavior which I'd rather not repeat here. I discovered this bug investigating an issue with the third-party apt- boto-s3 package. See https://github.com/boto/boto3/issues/2021 Note that this bug effects Splunk, Inc, which has a corporate Ubuntu Advantage license. My login account is attached to a different, single- seat license. ** Affects: python2.7 (Ubuntu) Importance: Undecided Status: New ** Attachment added: "Conditional MD5 registration in FIPS OpenSSL crashes Python2 hashlib" https://bugs.launchpad.net/bugs/1835135/+attachment/5274771/+files/fips-md5-python-init-bug.tgz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python2.7 in Ubuntu. https://bugs.launchpad.net/bugs/1835135 Title: FIPS OpenSSL crashes Python2 hashlib Status in python2.7 package in Ubuntu: New Bug description: If Ubuntu/Canonical's FIPS-compliant OpenSSL is initialized with SSL_library_init, then Python2's hashlib bindings for MD5 can trigger a SIGSEGV via a NULL pointer dereference (if calling the .update method) or a SIGABRT (if passing input to the constructor or passing no input and invoking the .final method). This happens if, for example, PyOpenSSL is imported before hashlib. Canonical's FIPS patches for OpenSSL introduce some odd behavior that arguably should be revisited, but the (TL;DR) core bug is that Python2 hashlib doesn't properly check the return value of EVP_DigestInit, preventing hashlib from falling back to it's internal MD5 implementation and instead setting things up for use of the MD5 context to trigger SIGSEGV or SIGABRT. Python3 correctly checks the return value, so the fix is to backport the relevant code into Python2 (see python2.7-2.7.12/Modules/_hashopenssl.c). See attached good.py and bad.py files which exhibit the import order- dependent crashing issue. See attached fips-md5-python-init-bug.c which shows the FIPS OpenSSL behaviors that conditionally tickle the Python2 bug. The C file also contains a much more detailed description of the Python2 bug and other behavior which I'd rather not repeat here. I discovered this bug investigating an issue with the third-party apt- boto-s3 package. See https://github.com/boto/boto3/issues/2021 Note that this bug effects Splunk, Inc, which has a corporate Ubuntu Advantage license. My login account is attached to a different, single-seat license. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1835135/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835118] Re: i don't know
Joanna; hello Provide some background information, please. You show booting a 4.8 kernel on the xenial (16.04) release. However ! linux-image-generic xenial == Version 4.4.0.154.162 (xenial) linux-generic-hwe-16.04 == Version 4.15.0.54.56 (bionic) xorg == Version 1:7.7+13ubuntu3.1 (xenial) Maybe try a mainline kernel and Xserver stack to see if the issue us reproduce-able ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1835118 Title: i don't know Status in xorg package in Ubuntu: New Bug description: system doesn't work properly ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: xorg 1:7.7+19ubuntu7.1 ProcVersionSignature: Ubuntu 4.8.0-36.36~16.04.1-generic 4.8.11 Uname: Linux 4.8.0-36-generic x86_64 .tmp.unity_support_test.0: ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: None Date: Tue Jul 2 21:26:42 2019 DistUpgraded: 2019-05-20 17:28:18,104 DEBUG icon theme changed, re-reading DistroCodename: bionic DistroVariant: ubuntu DpkgLog: ExtraDebuggingInterest: Yes, if not too technical GraphicsCard: Intel Corporation HD Graphics 5500 [8086:1616] (rev 09) (prog-if 00 [VGA controller]) Subsystem: Dell HD Graphics 5500 [1028:06ae] Subsystem: Dell GK208BM [GeForce 920M] [1028:06ae] InstallationDate: Installed on 2019-05-20 (43 days ago) InstallationMedia: Ubuntu 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.2) MachineType: Dell Inc. Inspiron 5558 ProcEnviron: PATH=(custom, no user) LANG=pl_PL.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.8.0-36-generic root=UUID=6785a890-123c-4cfb-a3dc-60056c9c2ac3 ro drm.debug=0xe plymouth:debug SourcePackage: xorg UpgradeStatus: Upgraded to bionic on 2019-05-20 (43 days ago) dmi.bios.date: 02/09/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A01 dmi.board.name: 086DKN dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA01:bd02/09/2015:svnDellInc.:pnInspiron5558:pvr01:rvnDellInc.:rn086DKN:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: Inspiron 5558 dmi.product.version: 01 dmi.sys.vendor: Dell Inc. version.compiz: compiz 1:0.9.13.1+18.04.20180302-0ubuntu1 version.libdrm2: libdrm2 2.4.95-1~18.04.1 version.libgl1-mesa-dri: libgl1-mesa-dri 18.2.8-0ubuntu0~18.04.2 version.libgl1-mesa-glx: libgl1-mesa-glx 18.2.8-0ubuntu0~18.04.2 version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4.3 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.5-1ubuntu1 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20171229-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2 xserver.bootTime: Mon May 20 15:28:01 2019 xserver.configfile: default xserver.errors: Failed to load module "nvidia" (module does not exist, 0) Failed to load module "nvidia" (module does not exist, 0) NOUVEAU(G0): [XvMC] Failed to initialize extension. xserver.logfile: /var/log/Xorg.0.log xserver.version: 2:1.18.4-1ubuntu6.1~16.04.1 xserver.video_driver: modeset To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1835118/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1691556] Re: Can't send audio to Amazon Echo via Bluetooth
After trying a random assortment of fixes to get my Amazon Echo Show to connect as a speaker using bluetooth to my Linux Mint 19.2 box I found the solution far too simple. The magic reboot! I rebooted the Echo and that must have cleared the bluetooth connections... ha -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1691556 Title: Can't send audio to Amazon Echo via Bluetooth Status in bluez package in Ubuntu: Confirmed Bug description: Pairing and coupling to Amazon Echo works, but no sound is heard. I believe the issue is related to the fact that Amazon Echo is paired as a handset (i.e., speaker + microphone) rather than just as a speaker. I believe the critical error is found in a dmesg line such as: Feb 28 10:59:05 n1 bluetoothd[1025]: a2dp-source profile connect failed for 50:F5:DA:A6:3F:EA: Device or resource busy as I describe in the askubuntu.com discussion at: https://askubuntu.com/questions/871630/cant-send-audio-to-amazon-echo- via-bluetooth I have clarified there my thinking and the steps I've taken thus far on this issue, which includes trying debug bluetooth per the Ubuntu wiki page which describes how to do so. This is probably an upstream issue, as Mike H-R has commented there that the problem also occurs on ArchLinux. I and a few others would like to get this resolved, and I am happy to help (I'm a software developer). However, at this point, I'm not sure how to proceed without some assistance. I suppose I could report it to Debain, but I've only ever used Debain vis a vis Ubuntu, so I thought it best to start here. Thanks. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: bluez 5.37-0ubuntu5 ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49 Uname: Linux 4.4.0-72-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 CurrentDesktop: Unity Date: Wed May 17 22:27:59 2017 InstallationDate: Installed on 2015-12-26 (507 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021) InterestingModules: rfcomm bnep btusb bluetooth ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-72-generic root=UUID=5950fbba-cde1-49ac-a918-04e517894c57 ro quiet splash vt.handoff=7 SourcePackage: bluez UpgradeStatus: Upgraded to xenial on 2017-02-28 (78 days ago) dmi.bios.date: 01/18/2017 dmi.bios.vendor: Intel Corporation dmi.bios.version: RYBDWi35.86A.0362.2017.0118.0940 dmi.board.name: NUC5i5RYB dmi.board.vendor: Intel Corporation dmi.board.version: H40999-504 dmi.chassis.type: 3 dmi.modalias: dmi:bvnIntelCorporation:bvrRYBDWi35.86A.0362.2017.0118.0940:bd01/18/2017:svn:pn:pvr:rvnIntelCorporation:rnNUC5i5RYB:rvrH40999-504:cvn:ct3:cvr: hciconfig: hci0:Type: BR/EDR Bus: USB BD Address: DC:53:60:97:55:17 ACL MTU: 1021:5 SCO MTU: 96:6 UP RUNNING PSCAN RX bytes:13547334 acl:58 sco:0 events:1935087 errors:0 TX bytes:1652407651 acl:1934967 sco:0 commands:76 errors:0 mtime.conffile..etc.bluetooth.main.conf: 2015-12-29T07:24:08.439240 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1691556/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1602900] Re: libzmq3 crashes when 'getifaddrs()' is unavailable
Fixed since Bionic ** Changed in: zeromq3 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to zeromq3 in Ubuntu. https://bugs.launchpad.net/bugs/1602900 Title: libzmq3 crashes when 'getifaddrs()' is unavailable Status in IPython: Fix Released Status in zeromq3 package in Ubuntu: Fix Released Bug description: libzmq3 crashes when used on a computer where the kernel is unable to provide any information about network-device addresses. This is uncommon with normal Ubuntu configurations. But is currently always the case with Ubuntu as run under the new Windows Subsystem for Linux. This has already been diagnosed and fixed upstream: https://github.com/jupyter/notebook/issues/1331 I have backported the fix; an updated package (based on the stock Ubuntu 14.04 package but with the backport as an added patch) is available in this PPA: https://launchpad.net/~aseering/+archive/ubuntu/wsl This has been reported in a couple other bugtrackers. Even with the fix in a PPA, there's still some amount of user confusion: https://github.com/jupyter/notebook/issues/1331 https://github.com/Microsoft/BashOnWindows/issues/185 It would be great if this fix could be pulled into Ubuntu 14.04 directly, so that people stop hitting this bug. To manage notifications about this bug go to: https://bugs.launchpad.net/ipython/+bug/1602900/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 69724] Re: Mawk does not support Posix character classes in expressions
The bash completion bug was fixed. I'm inclined to say that if character classes are needed, gawk should be used. It looks like mawk has stalled, and the call to switch to Thomas Dickey's fork isn't mine to make. We are following debian on this one. ** Changed in: mawk (Ubuntu) Importance: Undecided => Wishlist ** Changed in: mawk (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mawk in Ubuntu. https://bugs.launchpad.net/bugs/69724 Title: Mawk does not support Posix character classes in expressions Status in mawk package in Ubuntu: Triaged Status in mawk package in Debian: Confirmed Bug description: Binary package hint: mawk Mawk does not support Posix character classes, such as [:upper:] and [:lower:], in regular expressions. This makes it more difficult to write portable Awk scripts (since [A-Z] match lower-case characters in Gawk using non-English locales) E.G.: $ echo x | mawk '/[[:lower:]]/' $ echo x | gawk '/[[:lower:]]/' x $ Attached is a patch to fix this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mawk/+bug/69724/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835077] Re: [FEATURE] Add support for ~/.bashrc.d/*
Hello, and thank you for opening this report. Upon further review, this bug report as-is is not yet ready to be considered for Sponsoring in Ubuntu, as it does not yet provide justification for the change nor does it provide requisite information to determine whether this change is even sensible at this time in Ubuntu. For these reasons, I am unsubscribing ~ubuntu-sponsors from this bug. In the future, when this bug is provided additional justification as to why it's ready for sponsoring, including references and documentation that this is a standard item upstream, and a full debdiff (at least) ready for sponsoring and inclusion, you may resubscribe ~ubuntu-sponsors and we will go through the process of considering this then. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1835077 Title: [FEATURE] Add support for ~/.bashrc.d/* Status in bash package in Ubuntu: New Bug description: In ~/.profile add support for ~/.bashrc.d/* alongside ~/.bashrc # include all files from .bashrc.d/ if [ -d "$HOME/.bashrc.d" ]; then for rc in "$HOME/.bashrc.d/"*; do if [ -f "$rc" ]; then . "$rc" fi done fi Patch for /etc/skel/.profile in the attachment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1835077/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1829829] Re: Ubuntu CI has been flaky for a week
opened https://github.com/systemd/systemd/issues/12932
so TEST-30 and TEST-34 need to go on the blacklist, unless we can figure
out how to get them less flaky soon.
** Bug watch added: github.com/systemd/systemd/issues #12932
https://github.com/systemd/systemd/issues/12932
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1829829
Title:
Ubuntu CI has been flaky for a week
Status in systemd package in Ubuntu:
Confirmed
Bug description:
It was originally reported in
https://github.com/systemd/systemd/pull/12583#issuecomment-492949206 5 days
ago. To judge from the logs VMs can't be rebooted there:
```
Ubuntu 18.04.2 LTS autopkgtest ttyS0
autopkgtest login:
---
--- nova show 91e76a78-d05c-412a-b383-55a26010ae69
(adt-bionic-amd64-systemd-upstream-20190516-051604) --
+--++
| Property | Value
|
+--++
| OS-DCF:diskConfig| MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | euler
|
| OS-EXT-SRV-ATTR:hypervisor_hostname | euler.lcy01.scalingstack
|
| OS-EXT-SRV-ATTR:instance_name| instance-003d216a
|
| OS-EXT-STS:power_state | 1
|
| OS-EXT-STS:task_state| -
|
| OS-EXT-STS:vm_state | active
|
| OS-SRV-USG:launched_at | 2019-05-16T07:00:42.00
|
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| config_drive |
|
| created | 2019-05-16T07:00:33Z
|
| flavor | autopkgtest
(f878e70e-9991-46e0-ba02-8ea159a71656) |
| hostId |
1722c5f2face86c3fc9f338ae96835924721512372342f664e6941bd
|
| id | 91e76a78-d05c-412a-b383-55a26010ae69
|
| image|
adt/ubuntu-bionic-amd64-server-20190516.img
(d00bf12c-467e-433f-a4f5-15720f13bff1) |
| key_name |
testbed-juju-prod-ues-proposed-migration-machine-11
|
| metadata | {}
|
| name |
adt-bionic-amd64-systemd-upstream-20190516-051604
|
| net_ues_proposed_migration network | 10.42.40.13
|
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| security_groups | autopkgtest@lcy01-27.secgroup
|
| status | ACTIVE
|
| tenant_id| afaef86b96dd4828a1ed5ee395ea1421
|
| updated | 2019-05-16T07:00:42Z
|
| user_id
[Touch-packages] [Bug 1835118] [NEW] i don't know
Public bug reported: system doesn't work properly ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: xorg 1:7.7+19ubuntu7.1 ProcVersionSignature: Ubuntu 4.8.0-36.36~16.04.1-generic 4.8.11 Uname: Linux 4.8.0-36-generic x86_64 .tmp.unity_support_test.0: ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: None Date: Tue Jul 2 21:26:42 2019 DistUpgraded: 2019-05-20 17:28:18,104 DEBUG icon theme changed, re-reading DistroCodename: bionic DistroVariant: ubuntu DpkgLog: ExtraDebuggingInterest: Yes, if not too technical GraphicsCard: Intel Corporation HD Graphics 5500 [8086:1616] (rev 09) (prog-if 00 [VGA controller]) Subsystem: Dell HD Graphics 5500 [1028:06ae] Subsystem: Dell GK208BM [GeForce 920M] [1028:06ae] InstallationDate: Installed on 2019-05-20 (43 days ago) InstallationMedia: Ubuntu 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.2) MachineType: Dell Inc. Inspiron 5558 ProcEnviron: PATH=(custom, no user) LANG=pl_PL.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.8.0-36-generic root=UUID=6785a890-123c-4cfb-a3dc-60056c9c2ac3 ro drm.debug=0xe plymouth:debug SourcePackage: xorg UpgradeStatus: Upgraded to bionic on 2019-05-20 (43 days ago) dmi.bios.date: 02/09/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A01 dmi.board.name: 086DKN dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA01:bd02/09/2015:svnDellInc.:pnInspiron5558:pvr01:rvnDellInc.:rn086DKN:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: Inspiron 5558 dmi.product.version: 01 dmi.sys.vendor: Dell Inc. version.compiz: compiz 1:0.9.13.1+18.04.20180302-0ubuntu1 version.libdrm2: libdrm2 2.4.95-1~18.04.1 version.libgl1-mesa-dri: libgl1-mesa-dri 18.2.8-0ubuntu0~18.04.2 version.libgl1-mesa-glx: libgl1-mesa-glx 18.2.8-0ubuntu0~18.04.2 version.xserver-xorg-core: xserver-xorg-core 2:1.19.6-1ubuntu4.3 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.5-1ubuntu1 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:18.0.1-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20171229-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.15-2 xserver.bootTime: Mon May 20 15:28:01 2019 xserver.configfile: default xserver.errors: Failed to load module "nvidia" (module does not exist, 0) Failed to load module "nvidia" (module does not exist, 0) NOUVEAU(G0): [XvMC] Failed to initialize extension. xserver.logfile: /var/log/Xorg.0.log xserver.version: 2:1.18.4-1ubuntu6.1~16.04.1 xserver.video_driver: modeset ** Affects: xorg (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1835118 Title: i don't know Status in xorg package in Ubuntu: New Bug description: system doesn't work properly ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: xorg 1:7.7+19ubuntu7.1 ProcVersionSignature: Ubuntu 4.8.0-36.36~16.04.1-generic 4.8.11 Uname: Linux 4.8.0-36-generic x86_64 .tmp.unity_support_test.0: ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: None Date: Tue Jul 2 21:26:42 2019 DistUpgraded: 2019-05-20 17:28:18,104 DEBUG icon theme changed, re-reading DistroCodename: bionic DistroVariant: ubuntu DpkgLog: ExtraDebuggingInterest: Yes, if not too technical GraphicsCard: Intel Corporation HD Graphics 5500 [8086:1616] (rev 09) (prog-if 00 [VGA controller]) Subsystem: Dell HD Graphics 5500 [1028:06ae] Subsystem: Dell GK208BM [GeForce 920M] [1028:06ae] InstallationDate: Installed on 2019-05-20 (43 days ago) InstallationMedia: Ubuntu 16.04.2 LTS "Xenial Xerus" - Release amd64 (20170215.2) MachineType: Dell Inc. Inspiron 5558 ProcEnviron: PATH=(custom, no user) LANG=pl_PL.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.8.0-36-generic root=UUID=6785a890-123c-4cfb-a3dc-60056c9c2ac3 ro drm.debug=0xe plymouth:debug SourcePackage: xorg UpgradeStatus: Upgraded to bionic on 2019-05-20 (43 days ago) dmi.bios.date: 02/09/2015 dmi.bios.vendor: Dell Inc. dmi.bios.version: A01 dmi.board.name: 086DKN dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA01:bd02/09/2015:svnDellInc.:pnInspiron5558:pvr01:rvnDellInc.:rn086DKN:rvrA00:cvnDellInc.:ct9:cvr: dmi.product.name: Inspiron 5558 dmi.product.version: 01 dmi.sys.vendor: Dell Inc. version.compiz: compiz 1:0.9.13.1+18.04.20180302-0ubuntu1 version.libdrm2: libdrm2 2.4.95-1~18.04.1 version.libgl1-mesa-dri:
[Touch-packages] [Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
The apache2 DEP8 tests are now clear across the board for bionic and
cosmic:
https://people.canonical.com/~ubuntu-archive/proposed-
migration/bionic/update_excuses.html#apache2
https://people.canonical.com/~ubuntu-archive/proposed-
migration/cosmic/update_excuses.html#apache2
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl --output index.html
[Touch-packages] [Bug 1770961] Re: Add options to set the snappy refresh schedule
Thank you for your bug report, maybe you could post on https://forum.snapcraft.io/ about it? Snap related features are usually discussed there ** Changed in: software-properties (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1770961 Title: Add options to set the snappy refresh schedule Status in software-properties package in Ubuntu: Confirmed Bug description: Snappy has a feature where the user can state when in a month to refresh (update) their snaps. Please provide options in Software & Updates to control this. https://docs.snapcraft.io/system-options ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: software-properties-gtk 0.96.24.32.1 ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 Uname: Linux 4.15.0-20-generic x86_64 ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 CurrentDesktop: communitheme:ubuntu:GNOME Date: Sun May 13 15:10:07 2018 InstallationDate: Installed on 2017-08-03 (282 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: software-properties UpgradeStatus: Upgraded to bionic on 2018-04-22 (21 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1770961/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835077] Re: [FEATURE] Add support for ~/.bashrc.d/*
Thank you for your bug report, is that .bashrc.d directory something standard/documented upstream? could you give some reference/context to the change? ** Changed in: bash (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1835077 Title: [FEATURE] Add support for ~/.bashrc.d/* Status in bash package in Ubuntu: New Bug description: In ~/.profile add support for ~/.bashrc.d/* alongside ~/.bashrc # include all files from .bashrc.d/ if [ -d "$HOME/.bashrc.d" ]; then for rc in "$HOME/.bashrc.d/"*; do if [ -f "$rc" ]; then . "$rc" fi done fi Patch for /etc/skel/.profile in the attachment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1835077/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835095] Re: Lubuntu initrd images leaking cryptographic secret when disk encryption is used
** Package changed: initramfs-tools (Ubuntu) => calamares (Ubuntu) ** No longer affects: lubuntu-meta (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used Status in calamares package in Ubuntu: Confirmed Bug description: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS- encrypted rootfs volume on the HDD and a separate unencrypted /boot partition where the grub config files, the kernel and the initrd images reside. Ever since grub2 added support for LUKS several distros have apparently moved to the newer scheme which is very similar to the one that was first described by Pavel Kogan in his blog. A) https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/ B) https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ This new scheme stores the rootfs (including the /boot folder) on a single LUKS-encrypted partition with two keyslots in use. One of the keyslots is normally a passphrase that is used in the first stage by the grub2 EFI image as pre-boot authentication. It serves to decrypt the rootfs, access the contents of /boot and copy the config, kernel and initrd image to RAM. Once done, grub2 then forgets the passphrase and closes the encrypted volume. The system will continue to boot, but at this point the rootfs will now have to be decrypted a second time - this time by the kernel/initrd so it can be mounted. Normally this is the point where the user would be asked to enter a passphrase for the second time, but for convenience reasons (to automate the process) a second LUKS keyslot and a keyfile are used instead. The file /crypto_keyfile.bin is generated during the installation phase. This is the secret keyfile that is used to unlock the other LUKS keyslot and decrypt the rootfs. It is properly protected with owner set to root:root and file permissions 600 (-rw---). Unfortunately the key is not of much use while it resides inside the encrypted volume that it is supposed to decrypt. This is where initramfs-tools comes into play. I believe there is a special hook inside /usr/share/initramfs-tools/hooks that is responsible for copying this crypto_keyfile.bin file into appropriate initrd image. This image that now contains the secret keyfile is copied into RAM during the first decryption stage by the grub2. While the original secret keyfile /crypto_keyfile.bin is protected: $ ls -l / ... -rw--- 1 root root 2048 jul 2 18:34 crypto_keyfile.bin ... $ sha1sum /crypto_keyfile.bin sha1sum: /crypto_keyfille.bin: Permission denied $ sudo sha1sum /crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /crypto_keyfile.bin The second copy (the one inside initramfs image) is not: $ ls -l /boot ... -rw-r--r-- 1 root root 68149041 jul 2 18:35 initrd.img-5.0.0-13-generic As you can see, the initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be 644 (-rw-r--r--). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image. Run as user: $ unmkinitramfs /boot/initrd.img-5.0.0-13-generic /tmp $ sha1sum /tmp/main/crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /tmp/main/crypto_keyfile.bin Would there be any adverse effects, if we were to set mkinitramfs (i.e. via a hook) to always set file permissions of initramfs images to 600 whenever this type of disk encryption is used? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/1835095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1834494] Re: latest bzip2 reports crc errors incorrectly
Hey @Mark, Thanks for provide these tests (https://sourceware.org/git/?p=bzip2-tests.git;a=summary). I ran our internal regression tests on the version patched and also the tests you provided. Our tests passed, but yours fails (believe is the same you mentioned in Debian-bug). See bellow: !!! 1 .bz files did not decompressed/recompressed correctly. Testing detection of bad input data... Processing ./go/compress/fail-issue5747.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Processing ./lbzip2/cve.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Processing ./lbzip2/cve2.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Processing ./lbzip2/overrun.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Processing ./lbzip2/void.bz2.bad Trying to decompress... Trying to decompress (small)... Processing ./lbzip2/crc1.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Processing ./lbzip2/crc2.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Processing ./lbzip2/overrun2.bz2.bad Trying to decompress... bzip2: Data integrity error when decompressing. Trying to decompress (small)... bzip2: Data integrity error when decompressing. Correctly found all bad file data integrity errors. Bad results, look for !!! in the logs above -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bzip2 in Ubuntu. https://bugs.launchpad.net/bugs/1834494 Title: latest bzip2 reports crc errors incorrectly Status in bzip2: New Status in bzip2 package in Ubuntu: Confirmed Status in bzip2 source package in Xenial: New Status in bzip2 source package in Bionic: New Status in bzip2 source package in Cosmic: New Status in bzip2 source package in Disco: New Status in bzip2 package in Debian: Confirmed Bug description: I just got the bzip2 1.0.6-8.1ubuntu0.1 updates pushed to my machine and am now having problems with some .tbz2 archives. In particular, I can no longer extract this one: https://developer.nvidia.com/embedded/dlc/l4t-jetson-xavier-driver- package-31-1-0 Downloading this and running: bunzip2 -tvv Jetson_Linux_R31.1.0_aarch64.tbz2 ...yields a CRC error. The previous version of bunzip2 does not report any errors with this archive. To manage notifications about this bug go to: https://bugs.launchpad.net/bzip2/+bug/1834494/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835095] Re: Lubuntu initrd images leaking cryptographic secret when disk encryption is used
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lubuntu-meta (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used Status in initramfs-tools package in Ubuntu: Confirmed Status in lubuntu-meta package in Ubuntu: Confirmed Bug description: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS- encrypted rootfs volume on the HDD and a separate unencrypted /boot partition where the grub config files, the kernel and the initrd images reside. Ever since grub2 added support for LUKS several distros have apparently moved to the newer scheme which is very similar to the one that was first described by Pavel Kogan in his blog. A) https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/ B) https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ This new scheme stores the rootfs (including the /boot folder) on a single LUKS-encrypted partition with two keyslots in use. One of the keyslots is normally a passphrase that is used in the first stage by the grub2 EFI image as pre-boot authentication. It serves to decrypt the rootfs, access the contents of /boot and copy the config, kernel and initrd image to RAM. Once done, grub2 then forgets the passphrase and closes the encrypted volume. The system will continue to boot, but at this point the rootfs will now have to be decrypted a second time - this time by the kernel/initrd so it can be mounted. Normally this is the point where the user would be asked to enter a passphrase for the second time, but for convenience reasons (to automate the process) a second LUKS keyslot and a keyfile are used instead. The file /crypto_keyfile.bin is generated during the installation phase. This is the secret keyfile that is used to unlock the other LUKS keyslot and decrypt the rootfs. It is properly protected with owner set to root:root and file permissions 600 (-rw---). Unfortunately the key is not of much use while it resides inside the encrypted volume that it is supposed to decrypt. This is where initramfs-tools comes into play. I believe there is a special hook inside /usr/share/initramfs-tools/hooks that is responsible for copying this crypto_keyfile.bin file into appropriate initrd image. This image that now contains the secret keyfile is copied into RAM during the first decryption stage by the grub2. While the original secret keyfile /crypto_keyfile.bin is protected: $ ls -l / ... -rw--- 1 root root 2048 jul 2 18:34 crypto_keyfile.bin ... $ sha1sum /crypto_keyfile.bin sha1sum: /crypto_keyfille.bin: Permission denied $ sudo sha1sum /crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /crypto_keyfile.bin The second copy (the one inside initramfs image) is not: $ ls -l /boot ... -rw-r--r-- 1 root root 68149041 jul 2 18:35 initrd.img-5.0.0-13-generic As you can see, the initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be 644 (-rw-r--r--). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image. Run as user: $ unmkinitramfs /boot/initrd.img-5.0.0-13-generic /tmp $ sha1sum /tmp/main/crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /tmp/main/crypto_keyfile.bin Would there be any adverse effects, if we were to set mkinitramfs (i.e. via a hook) to always set file permissions of initramfs images to 600 whenever this type of disk encryption is used? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1770961] Re: Add options to set the snappy refresh schedule
** Description changed: Snappy has a feature where the user can state when in a month to refresh (update) their snaps. Please provide options in Software & Updates to control this. - https://snapdocs.labix.org/configuration-options/87 + https://docs.snapcraft.io/system-options ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: software-properties-gtk 0.96.24.32.1 ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 Uname: Linux 4.15.0-20-generic x86_64 ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 CurrentDesktop: communitheme:ubuntu:GNOME Date: Sun May 13 15:10:07 2018 InstallationDate: Installed on 2017-08-03 (282 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: software-properties UpgradeStatus: Upgraded to bionic on 2018-04-22 (21 days ago) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1770961 Title: Add options to set the snappy refresh schedule Status in software-properties package in Ubuntu: Confirmed Bug description: Snappy has a feature where the user can state when in a month to refresh (update) their snaps. Please provide options in Software & Updates to control this. https://docs.snapcraft.io/system-options ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: software-properties-gtk 0.96.24.32.1 ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 Uname: Linux 4.15.0-20-generic x86_64 ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 CurrentDesktop: communitheme:ubuntu:GNOME Date: Sun May 13 15:10:07 2018 InstallationDate: Installed on 2017-08-03 (282 days ago) InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) PackageArchitecture: all SourcePackage: software-properties UpgradeStatus: Upgraded to bionic on 2018-04-22 (21 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1770961/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835095] Re: Lubuntu initrd images leaking cryptographic secret when disk encryption is used
** Also affects: lubuntu-meta (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used Status in initramfs-tools package in Ubuntu: Confirmed Status in lubuntu-meta package in Ubuntu: New Bug description: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS- encrypted rootfs volume on the HDD and a separate unencrypted /boot partition where the grub config files, the kernel and the initrd images reside. Ever since grub2 added support for LUKS several distros have apparently moved to the newer scheme which is very similar to the one that was first described by Pavel Kogan in his blog. A) https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/ B) https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ This new scheme stores the rootfs (including the /boot folder) on a single LUKS-encrypted partition with two keyslots in use. One of the keyslots is normally a passphrase that is used in the first stage by the grub2 EFI image as pre-boot authentication. It serves to decrypt the rootfs, access the contents of /boot and copy the config, kernel and initrd image to RAM. Once done, grub2 then forgets the passphrase and closes the encrypted volume. The system will continue to boot, but at this point the rootfs will now have to be decrypted a second time - this time by the kernel/initrd so it can be mounted. Normally this is the point where the user would be asked to enter a passphrase for the second time, but for convenience reasons (to automate the process) a second LUKS keyslot and a keyfile are used instead. The file /crypto_keyfile.bin is generated during the installation phase. This is the secret keyfile that is used to unlock the other LUKS keyslot and decrypt the rootfs. It is properly protected with owner set to root:root and file permissions 600 (-rw---). Unfortunately the key is not of much use while it resides inside the encrypted volume that it is supposed to decrypt. This is where initramfs-tools comes into play. I believe there is a special hook inside /usr/share/initramfs-tools/hooks that is responsible for copying this crypto_keyfile.bin file into appropriate initrd image. This image that now contains the secret keyfile is copied into RAM during the first decryption stage by the grub2. While the original secret keyfile /crypto_keyfile.bin is protected: $ ls -l / ... -rw--- 1 root root 2048 jul 2 18:34 crypto_keyfile.bin ... $ sha1sum /crypto_keyfile.bin sha1sum: /crypto_keyfille.bin: Permission denied $ sudo sha1sum /crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /crypto_keyfile.bin The second copy (the one inside initramfs image) is not: $ ls -l /boot ... -rw-r--r-- 1 root root 68149041 jul 2 18:35 initrd.img-5.0.0-13-generic As you can see, the initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be 644 (-rw-r--r--). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image. Run as user: $ unmkinitramfs /boot/initrd.img-5.0.0-13-generic /tmp $ sha1sum /tmp/main/crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /tmp/main/crypto_keyfile.bin Would there be any adverse effects, if we were to set mkinitramfs (i.e. via a hook) to always set file permissions of initramfs images to 600 whenever this type of disk encryption is used? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835096] Re: Unprivileged user can access LUKS keyfile
*** This bug is a duplicate of bug 1835095 *** https://bugs.launchpad.net/bugs/1835095 ** Information type changed from Private Security to Public Security ** This bug has been marked a duplicate of bug 1835095 Lubuntu initrd images leaking cryptographic secret when disk encryption is used -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835096 Title: Unprivileged user can access LUKS keyfile Status in initramfs-tools package in Ubuntu: New Status in lubuntu-meta package in Ubuntu: New Bug description: Lubuntu 19.04 and newer uses Calamares as installer. During the installation, the user can choose to encrypt the entire disk (Full Disk Encryption FDE). Calamares creates an LUKS container (and an EFI- System-Partition, when needed). When booting, Grub asks for the passphrase to unlock the LUKS container. For convenience, there is the keyfile "/crypto_keyfile.bin" (600, root:root) which will be used later to unlock the LUKS container again. An unprivileged user can't copy or read the keyfile. But the keyfile is also in the initrd.img. Attack: Even an unprivileged user has read-access to the initrd.img under /boot, so the attacker can execute: (1) $ unmkinitramfs /boot/initrd.img-5.0.0.20-generic /tmp/initrd (2) $ cp /tmp/initrd/main/crypto_keyfile.bin ~ DREAD (LOW = 1, MEDIUM = 2, HIGH = 3): Damage: HIGH => This attack allows to get the keyfile Reproducibility: HIGH => Works every time with access to the system Exploitability: LOW/MEDIUM => You must have access to a shell and the unencrypted device (maybe in combination with another vulnerability) Affected users: MEDIUM => Every user which uses Lubuntu 19.04 and newer in combination with FDE, maybe also other users Discoverability: HIGH => The origin of this bug report is publicly logged: https://irclogs.ubuntu.com/2019/07/02/%23lubuntu.html#t10:26 DREAD-Rating: 12/13 of 15 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835095] Re: Lubuntu initrd images leaking cryptographic secret when disk encryption is used
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: initramfs-tools (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used Status in initramfs-tools package in Ubuntu: Confirmed Status in lubuntu-meta package in Ubuntu: New Bug description: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS- encrypted rootfs volume on the HDD and a separate unencrypted /boot partition where the grub config files, the kernel and the initrd images reside. Ever since grub2 added support for LUKS several distros have apparently moved to the newer scheme which is very similar to the one that was first described by Pavel Kogan in his blog. A) https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/ B) https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ This new scheme stores the rootfs (including the /boot folder) on a single LUKS-encrypted partition with two keyslots in use. One of the keyslots is normally a passphrase that is used in the first stage by the grub2 EFI image as pre-boot authentication. It serves to decrypt the rootfs, access the contents of /boot and copy the config, kernel and initrd image to RAM. Once done, grub2 then forgets the passphrase and closes the encrypted volume. The system will continue to boot, but at this point the rootfs will now have to be decrypted a second time - this time by the kernel/initrd so it can be mounted. Normally this is the point where the user would be asked to enter a passphrase for the second time, but for convenience reasons (to automate the process) a second LUKS keyslot and a keyfile are used instead. The file /crypto_keyfile.bin is generated during the installation phase. This is the secret keyfile that is used to unlock the other LUKS keyslot and decrypt the rootfs. It is properly protected with owner set to root:root and file permissions 600 (-rw---). Unfortunately the key is not of much use while it resides inside the encrypted volume that it is supposed to decrypt. This is where initramfs-tools comes into play. I believe there is a special hook inside /usr/share/initramfs-tools/hooks that is responsible for copying this crypto_keyfile.bin file into appropriate initrd image. This image that now contains the secret keyfile is copied into RAM during the first decryption stage by the grub2. While the original secret keyfile /crypto_keyfile.bin is protected: $ ls -l / ... -rw--- 1 root root 2048 jul 2 18:34 crypto_keyfile.bin ... $ sha1sum /crypto_keyfile.bin sha1sum: /crypto_keyfille.bin: Permission denied $ sudo sha1sum /crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /crypto_keyfile.bin The second copy (the one inside initramfs image) is not: $ ls -l /boot ... -rw-r--r-- 1 root root 68149041 jul 2 18:35 initrd.img-5.0.0-13-generic As you can see, the initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be 644 (-rw-r--r--). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image. Run as user: $ unmkinitramfs /boot/initrd.img-5.0.0-13-generic /tmp $ sha1sum /tmp/main/crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /tmp/main/crypto_keyfile.bin Would there be any adverse effects, if we were to set mkinitramfs (i.e. via a hook) to always set file permissions of initramfs images to 600 whenever this type of disk encryption is used? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835100] Re: package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
** Tags removed: need-duplicate-check -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835100 Title: package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Status in initramfs-tools package in Ubuntu: New Bug description: trying to install updates ProblemType: Package DistroRelease: Ubuntu 16.04 Package: initramfs-tools 0.122ubuntu8.8 ProcVersionSignature: Ubuntu 4.10.0-28.32~16.04.2-generic 4.10.17 Uname: Linux 4.10.0-28-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.10 AptOrdering: amd64-microcode: Install amd64-microcode: Configure NULL: ConfigurePending Architecture: amd64 Date: Tue Jul 2 14:11:15 2019 ErrorMessage: subprocess installed post-installation script returned error exit status 1 PackageArchitecture: all RelatedPackageVersions: dpkg 1.18.4ubuntu1.2 apt 1.2.24 SourcePackage: initramfs-tools Title: package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835100/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835095] Re: Lubuntu initrd images leaking cryptographic secret when disk encryption is used
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used Status in initramfs-tools package in Ubuntu: New Bug description: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS- encrypted rootfs volume on the HDD and a separate unencrypted /boot partition where the grub config files, the kernel and the initrd images reside. Ever since grub2 added support for LUKS several distros have apparently moved to the newer scheme which is very similar to the one that was first described by Pavel Kogan in his blog. A) https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/ B) https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ This new scheme stores the rootfs (including the /boot folder) on a single LUKS-encrypted partition with two keyslots in use. One of the keyslots is normally a passphrase that is used in the first stage by the grub2 EFI image as pre-boot authentication. It serves to decrypt the rootfs, access the contents of /boot and copy the config, kernel and initrd image to RAM. Once done, grub2 then forgets the passphrase and closes the encrypted volume. The system will continue to boot, but at this point the rootfs will now have to be decrypted a second time - this time by the kernel/initrd so it can be mounted. Normally this is the point where the user would be asked to enter a passphrase for the second time, but for convenience reasons (to automate the process) a second LUKS keyslot and a keyfile are used instead. The file /crypto_keyfile.bin is generated during the installation phase. This is the secret keyfile that is used to unlock the other LUKS keyslot and decrypt the rootfs. It is properly protected with owner set to root:root and file permissions 600 (-rw---). Unfortunately the key is not of much use while it resides inside the encrypted volume that it is supposed to decrypt. This is where initramfs-tools comes into play. I believe there is a special hook inside /usr/share/initramfs-tools/hooks that is responsible for copying this crypto_keyfile.bin file into appropriate initrd image. This image that now contains the secret keyfile is copied into RAM during the first decryption stage by the grub2. While the original secret keyfile /crypto_keyfile.bin is protected: $ ls -l / ... -rw--- 1 root root 2048 jul 2 18:34 crypto_keyfile.bin ... $ sha1sum /crypto_keyfile.bin sha1sum: /crypto_keyfille.bin: Permission denied $ sudo sha1sum /crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /crypto_keyfile.bin The second copy (the one inside initramfs image) is not: $ ls -l /boot ... -rw-r--r-- 1 root root 68149041 jul 2 18:35 initrd.img-5.0.0-13-generic As you can see, the initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be 644 (-rw-r--r--). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image. Run as user: $ unmkinitramfs /boot/initrd.img-5.0.0-13-generic /tmp $ sha1sum /tmp/main/crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /tmp/main/crypto_keyfile.bin Would there be any adverse effects, if we were to set mkinitramfs (i.e. via a hook) to always set file permissions of initramfs images to 600 whenever this type of disk encryption is used? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835100] [NEW] package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Public bug reported: trying to install updates ProblemType: Package DistroRelease: Ubuntu 16.04 Package: initramfs-tools 0.122ubuntu8.8 ProcVersionSignature: Ubuntu 4.10.0-28.32~16.04.2-generic 4.10.17 Uname: Linux 4.10.0-28-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.10 AptOrdering: amd64-microcode: Install amd64-microcode: Configure NULL: ConfigurePending Architecture: amd64 Date: Tue Jul 2 14:11:15 2019 ErrorMessage: subprocess installed post-installation script returned error exit status 1 PackageArchitecture: all RelatedPackageVersions: dpkg 1.18.4ubuntu1.2 apt 1.2.24 SourcePackage: initramfs-tools Title: package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: initramfs-tools (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835100 Title: package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 Status in initramfs-tools package in Ubuntu: New Bug description: trying to install updates ProblemType: Package DistroRelease: Ubuntu 16.04 Package: initramfs-tools 0.122ubuntu8.8 ProcVersionSignature: Ubuntu 4.10.0-28.32~16.04.2-generic 4.10.17 Uname: Linux 4.10.0-28-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.10 AptOrdering: amd64-microcode: Install amd64-microcode: Configure NULL: ConfigurePending Architecture: amd64 Date: Tue Jul 2 14:11:15 2019 ErrorMessage: subprocess installed post-installation script returned error exit status 1 PackageArchitecture: all RelatedPackageVersions: dpkg 1.18.4ubuntu1.2 apt 1.2.24 SourcePackage: initramfs-tools Title: package initramfs-tools 0.122ubuntu8.8 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835100/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1831505] Re: Qt5 incorrectly interpret keypresses from remote VNC keyboard
> Packages from bionic-proposed fix the issue. Thanks, marking as verified then. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1831505 Title: Qt5 incorrectly interpret keypresses from remote VNC keyboard Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Bionic: Fix Committed Status in qtbase-opensource-src package in Debian: Fix Released Bug description: [Impact] Qt applications incorrectly interpret keyboard input when running over some VNC clients such as TightVNC. [Test Case] 1. Have Ubuntu 18.04 LTS installed with VNC server 2. Connect to Ubuntu 18.04 LTS from other machine with VNC client 3. Launch any Qt5 based application such as `assistant`, `kate` or `retext` 4. Press keyboard combination on VNC client Expected results: all keypresses are recognized successfully Actual results: * produces `1` * produces `5` * <`> produces `p` * and are not working * all letters are messed [Proposed Fix] The proposed fix is a backport of two upstream commits: the second being the actual fix, the first one is some refactoring of the code to make it easier to write the second. The commits are: - https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f8b164e1c37ca901 - https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3edcd9420e3ad661 [Regression Potential] Most of the new code is triggered only when the keymap is missing rules, models, or layout (i.e. rmlvo_is_incomplete == true). This minimizes the risk of regressions when working with simple X11 server. In any case, the potential regressions will be related to input handling. [Other Info] Note: only Qt applications are affected, the GTK-based work as expected (including Chromium from which I write this bug-report) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: qt5-assistant 5.9.5-0ubuntu1 Uname: Linux 4.4.78-perf+ aarch64 NonfreeKernelModules: wlan exfat ApportVersion: 2.20.9-0ubuntu7 Architecture: armhf CurrentDesktop: MATE Date: Tue Jun 4 00:46:55 2019 ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: qttools-opensource-src UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1831505/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1588395] Re: 70gconfd_path-on-session doesn't quote DESKTOP_SESSION and fails if it contains a space
This bug was fixed in the package gconf - 3.2.6-5ubuntu2
---
gconf (3.2.6-5ubuntu2) eoan; urgency=medium
* debian/70gconfd_path-on-session:
- correctly escape the session specific default/mandatory paths
(lp: #1588395)
-- Sebastien Bacher Tue, 02 Jul 2019 17:20:09
+0200
** Changed in: gconf (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gconf in Ubuntu.
https://bugs.launchpad.net/bugs/1588395
Title:
70gconfd_path-on-session doesn't quote DESKTOP_SESSION and fails if it
contains a space
Status in gconf package in Ubuntu:
Fix Released
Bug description:
In /etc/X11/Xsession.d/70gconfd_path-on-session these lines fail if
there is a space in ${DESKTOP_SESSION}:
export MANDATORY_PATH=${GCONF_PREFIX}/${DESKTOP_SESSION}.mandatory.path
export DEFAULTS_PATH=${GCONF_PREFIX}/${DESKTOP_SESSION}.default.path
The error output to ~/.xsession-errors is:
/etc/X11/Xsession: 6: export: Session.mandatory.path: bad variable
name
I'm not sure why the error is pointing to the wrong file. Adding quotes
around the variables in those lines makes the error go away. This error totally
prevents logging into X. It happens when using LXDM to start Xfce, because LXDM
sets DESKTOP_SESSION to Name from /usr/share/xsessions/xfce.desktop :
Name=Xfce Session
These LXDM bugs relate to the problem, but I guess the lack of quoting
here is the root cause. I'm not sure if setting DESKTOP_SESSION to the
Name from the .desktop file and having a space in it is wise, but
everything seems to work after fixing the quoting. Proper quoting is
used elsewhere.
https://sourceforge.net/p/lxde/bugs/420/
https://bugs.launchpad.net/ubuntu/+source/lxdm/+bug/875991
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gconf2-common 3.2.6-3ubuntu6
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Thu Jun 2 10:16:46 2016
PackageArchitecture: all
ProcEnviron:
LANGUAGE=en_CA:en
TERM=xterm
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: gconf
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gconf/+bug/1588395/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1828720] Re: eog (Ubuntu image viewer) consumes all memory when opening a tiff file
The issue seems similar to https://gitlab.gnome.org/GNOME/gdk- pixbuf/issues/30 ** Changed in: eog (Ubuntu) Status: Incomplete => New ** Bug watch added: gitlab.gnome.org/GNOME/gdk-pixbuf/issues #30 https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues/30 ** Package changed: eog (Ubuntu) => gdk-pixbuf (Ubuntu) ** Changed in: gdk-pixbuf (Ubuntu) Status: New => Triaged ** Also affects: gdk-pixbuf via https://gitlab.gnome.org/GNOME/gdk-pixbuf/issues/30 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. https://bugs.launchpad.net/bugs/1828720 Title: eog (Ubuntu image viewer) consumes all memory when opening a tiff file Status in gdk-pixbuf: Unknown Status in gdk-pixbuf package in Ubuntu: Triaged Bug description: The ImageViewer app (/usr/bin/eog) will go into a loop if a TIFF files are opened. Any TIFF file can cause a loop even if less than 1MB in size, so it seems that the program is encountering an internal issue with the TIFF format. The loop quickly consumes all free memory and locks up the machine (I do not have any swap). Steps to reproduce: * open any TIFF file using ImageViewer, the default image file handler. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: eog 3.28.1-1 ProcVersionSignature: Ubuntu 4.15.0-48.51-generic 4.15.18 Uname: Linux 4.15.0-48-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sun May 12 11:11:02 2019 InstallationDate: Installed on 2015-02-21 (1540 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) SourcePackage: eog UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/gdk-pixbuf/+bug/1828720/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833039] Autopkgtest regression report (apache2/2.4.29-1ubuntu4.7)
All autopkgtests for the newly accepted apache2 (2.4.29-1ubuntu4.7) for bionic
have finished running.
There have been regressions in tests triggered by the package. Please visit the
sru report page and investigate the failures.
https://people.canonical.com/~ubuntu-archive/pending-sru.html#bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl
[Touch-packages] [Bug 1828720] [NEW] eog (Ubuntu image viewer) consumes all memory when opening a tiff file
You have been subscribed to a public bug: The ImageViewer app (/usr/bin/eog) will go into a loop if a TIFF files are opened. Any TIFF file can cause a loop even if less than 1MB in size, so it seems that the program is encountering an internal issue with the TIFF format. The loop quickly consumes all free memory and locks up the machine (I do not have any swap). Steps to reproduce: * open any TIFF file using ImageViewer, the default image file handler. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: eog 3.28.1-1 ProcVersionSignature: Ubuntu 4.15.0-48.51-generic 4.15.18 Uname: Linux 4.15.0-48-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.9-0ubuntu7.6 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sun May 12 11:11:02 2019 InstallationDate: Installed on 2015-02-21 (1540 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) SourcePackage: eog UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gdk-pixbuf (Ubuntu) Importance: High Status: Triaged ** Tags: amd64 apport-bug bionic third-party-packages -- eog (Ubuntu image viewer) consumes all memory when opening a tiff file https://bugs.launchpad.net/bugs/1828720 You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdk-pixbuf in Ubuntu. -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
There are dozens of cosmic tests still running
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem
--cert client-auth.pem --key client-auth.key --tlsv1.2
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload
[Touch-packages] [Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
I'm checking.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem
--cert client-auth.pem --key client-auth.key --tlsv1.2
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
[Touch-packages] [Bug 1835095] [NEW] Lubuntu initrd images leaking cryptographic secret when disk encryption is used
Public bug reported: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS-encrypted rootfs volume on the HDD and a separate unencrypted /boot partition where the grub config files, the kernel and the initrd images reside. Ever since grub2 added support for LUKS several distros have apparently moved to the newer scheme which is very similar to the one that was first described by Pavel Kogan in his blog. A) https://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/ B) https://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ This new scheme stores the rootfs (including the /boot folder) on a single LUKS-encrypted partition with two keyslots in use. One of the keyslots is normally a passphrase that is used in the first stage by the grub2 EFI image as pre-boot authentication. It serves to decrypt the rootfs, access the contents of /boot and copy the config, kernel and initrd image to RAM. Once done, grub2 then forgets the passphrase and closes the encrypted volume. The system will continue to boot, but at this point the rootfs will now have to be decrypted a second time - this time by the kernel/initrd so it can be mounted. Normally this is the point where the user would be asked to enter a passphrase for the second time, but for convenience reasons (to automate the process) a second LUKS keyslot and a keyfile are used instead. The file /crypto_keyfile.bin is generated during the installation phase. This is the secret keyfile that is used to unlock the other LUKS keyslot and decrypt the rootfs. It is properly protected with owner set to root:root and file permissions 600 (-rw---). Unfortunately the key is not of much use while it resides inside the encrypted volume that it is supposed to decrypt. This is where initramfs-tools comes into play. I believe there is a special hook inside /usr/share/initramfs-tools/hooks that is responsible for copying this crypto_keyfile.bin file into appropriate initrd image. This image that now contains the secret keyfile is copied into RAM during the first decryption stage by the grub2. While the original secret keyfile /crypto_keyfile.bin is protected: $ ls -l / ... -rw--- 1 root root 2048 jul 2 18:34 crypto_keyfile.bin ... $ sha1sum /crypto_keyfile.bin sha1sum: /crypto_keyfille.bin: Permission denied $ sudo sha1sum /crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /crypto_keyfile.bin The second copy (the one inside initramfs image) is not: $ ls -l /boot ... -rw-r--r-- 1 root root 68149041 jul 2 18:35 initrd.img-5.0.0-13-generic As you can see, the initramfs images that are generated by mkinitramfs will have the user:group set to root:root, but their access flags will be 644 (-rw-r--r--). This means that any user or even a script that has read access to the file system can read and extract the secret keyfile from an initramfs image. Run as user: $ unmkinitramfs /boot/initrd.img-5.0.0-13-generic /tmp $ sha1sum /tmp/main/crypto_keyfile.bin 7a1c44fd036510cc02e32c094bd16b4a76a7f14c /tmp/main/crypto_keyfile.bin Would there be any adverse effects, if we were to set mkinitramfs (i.e. via a hook) to always set file permissions of initramfs images to 600 whenever this type of disk encryption is used? ** Affects: initramfs-tools (Ubuntu) Importance: Undecided Status: New ** Tags: encryption initramfs-tools leak secret -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1835095 Title: Lubuntu initrd images leaking cryptographic secret when disk encryption is used Status in initramfs-tools package in Ubuntu: New Bug description: Hello! I've had a short discussion about this issue on lubuntu irc, and I was asked to open a bug report. Basically I only tested this on lubuntu 19.04 x64 live image on a UEFI system, I haven't tested other ubuntu flavors. Anyway, I was poking around with disk encryption, and I noticed that lubuntu live image uses a graphical installation tool called Calamares. This tool has an option to encrypt the hard disk during installation, and the encryption setup that is used is the newer one with /boot folder as part of the encrypted rootfs. Traditionally the installers used to setup encryption where there is a main LUKS- encrypted rootfs volume on the HDD and a separate
[Touch-packages] [Bug 1801382] Re: printing complex documents does not reproduce screen image on paper
Hi to all, I switched to macOS after the ongoing issues that reoccured with 19.04 (including this one). I could not bear with it any longer (12 years are a long time). Sorry to be of no assistance to this and any other issues any longer. cheers -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1801382 Title: printing complex documents does not reproduce screen image on paper Status in evince package in Ubuntu: Incomplete Status in gtk+3.0 package in Ubuntu: Incomplete Bug description: Ubuntu 18.10 latest update (by 2.11.2018) printing PDF documents that contain embedded images, these images get printed nearly black and completely illegible. I have attached a sample file and a printout of my cups pdf writer (which produces the exact same results as the printer) ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: cups 2.2.8-5ubuntu1 ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12 Uname: Linux 4.18.0-10-generic x86_64 ApportVersion: 2.20.10-0ubuntu13 Architecture: amd64 CupsErrorLog: W [02/Nov/2018:16:18:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-Gray..\' already exists W [02/Nov/2018:16:18:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-DeviceN..\' already exists W [02/Nov/2018:16:20:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-Gray..\' already exists W [02/Nov/2018:16:20:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-DeviceN..\' already exists CurrentDesktop: ubuntu:GNOME Date: Fri Nov 2 16:21:51 2018 InstallationDate: Installed on 2018-04-30 (186 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) Lpstat: device for HP_Color_LaserJet_MFP_M477fdw: hp:/net/HP_Color_LaserJet_MFP_M477fdw?ip=10.1.0.21 Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 05ac:0273 Apple, Inc. Bus 001 Device 002: ID 05ac:8290 Apple, Inc. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Apple Inc. MacBookPro12,1 Papersize: a4 PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_Color_LaserJet_MFP_M477fdw.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_Color_LaserJet_MFP_M477fdw.ppd: Permission denied ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.18.0-10-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=1 SourcePackage: cups UpgradeStatus: Upgraded to cosmic on 2018-10-20 (13 days ago) dmi.bios.date: 08/08/2017 dmi.bios.vendor: Apple Inc. dmi.bios.version: MBP121.88Z.0171.B00.1708080033 dmi.board.name: Mac-E43C1C25D4880AD6 dmi.board.vendor: Apple Inc. dmi.board.version: MacBookPro12,1 dmi.chassis.type: 9 dmi.chassis.vendor: Apple Inc. dmi.chassis.version: Mac-E43C1C25D4880AD6 dmi.modalias: dmi:bvnAppleInc.:bvrMBP121.88Z.0171.B00.1708080033:bd08/08/2017:svnAppleInc.:pnMacBookPro12,1:pvr1.0:rvnAppleInc.:rnMac-E43C1C25D4880AD6:rvrMacBookPro12,1:cvnAppleInc.:ct9:cvrMac-E43C1C25D4880AD6: dmi.product.family: MacBook Pro dmi.product.name: MacBookPro12,1 dmi.product.version: 1.0 dmi.sys.vendor: Apple Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1801382/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1834211] Re: [SRU] gconf FTBFS in Bionic
Before this is sponsored, I would like to see Brian's comment on the other bug addressed; does this need to go to Eoan, any other releases, or Debian? Thanks, and please resubscribe sponsors when this is answered. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gconf in Ubuntu. https://bugs.launchpad.net/bugs/1834211 Title: [SRU] gconf FTBFS in Bionic Status in gconf package in Ubuntu: New Bug description: [Impact] Two issues make gconf FTBFS in Bionic: - outdated gtk-doc.make which fails with gtk-doc-tools >= 1.26 - missing dh-python in B-D The debdiff attached below fixes these issues and makes gconf build properly. [Test Case] Just install the needed build dependencies and try to build gconf. It will fail with an error from gtk-doc.make. Second issue: if gtk- doc.make is patched, the build will fail if dh-python isn't installed. [Regression Potential] None, you can't break it more than FTBFS :) [Other Info] Fixes are backported from Cosmic. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gconf/+bug/1834211/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835077] Re: [FEATURE] Add support for ~/.bashrc.d/*
The attachment "patch for /etc/skle/.profile" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1835077 Title: [FEATURE] Add support for ~/.bashrc.d/* Status in bash package in Ubuntu: New Bug description: In ~/.profile add support for ~/.bashrc.d/* alongside ~/.bashrc # include all files from .bashrc.d/ if [ -d "$HOME/.bashrc.d" ]; then for rc in "$HOME/.bashrc.d/"*; do if [ -f "$rc" ]; then . "$rc" fi done fi Patch for /etc/skel/.profile in the attachment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1835077/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1797999] Re: eog segfaults in gtk_tree_model_get_valist ()
*** This bug is a duplicate of bug 1244071 *** https://bugs.launchpad.net/bugs/1244071 ** This bug has been marked a duplicate of bug 1244071 eog crashed with SIGSEGV in gtk_tree_model_get_valist() -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1797999 Title: eog segfaults in gtk_tree_model_get_valist () Status in gtk+3.0 package in Ubuntu: New Bug description: Happens 100% of the time, but only in one directory. 1) cd into that directory (cd ~/gplus) 2) eog . 3) segfault stack trace: #0 0x76c8db8d in gtk_tree_model_get_valist () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #1 0x76c8de7d in gtk_tree_model_get () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 #2 0x77b89256 in () at /usr/lib/x86_64-linux-gnu/eog/libeog.so #3 0x77b8a487 in () at /usr/lib/x86_64-linux-gnu/eog/libeog.so #4 0x73a87dae in ffi_call_unix64 () at /usr/lib/x86_64-linux-gnu/libffi.so.6 #5 0x73a8771f in ffi_call () at /usr/lib/x86_64-linux-gnu/libffi.so.6 #6 0x7791aced in g_cclosure_marshal_generic_va () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #7 0x7791a346 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #8 0x7793596f in g_signal_emit_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #9 0x7793609f in g_signal_emit () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #10 0x7733dda9 in () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #11 0x77640287 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #12 0x776404c0 in () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #13 0x7764054c in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #14 0x772f7ddd in g_application_run () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #15 0x52b2 in main () Granted, it's a big directory: at least 56,000 pictures, but still. eog: Installed: 3.28.1-1 Candidate: 3.28.1-1 Version table: *** 3.28.1-1 500 500 https://gpl.savoirfairelinux.net/pub/mirrors/ubuntu bionic/main amd64 Packages 500 https://mirror.its.sfu.ca/mirror/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status libgtk-3-0: Installed: 3.22.30-1ubuntu1 Candidate: 3.22.30-1ubuntu1 Version table: *** 3.22.30-1ubuntu1 500 500 https://gpl.savoirfairelinux.net/pub/mirrors/ubuntu bionic/main amd64 Packages 500 https://mirror.its.sfu.ca/mirror/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status ubuntu: 18.04.1 bionic gnome: 3.28.2 linux: Linux eva1 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1797999/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1801382] Re: printing complex documents does not reproduce screen image on paper
Do you still get the issue in newer versions/series? What image exactly has the wrong color? ** Changed in: evince (Ubuntu) Importance: Undecided => High ** Changed in: gtk+3.0 (Ubuntu) Importance: Undecided => High ** Changed in: evince (Ubuntu) Status: Confirmed => Incomplete ** Changed in: gtk+3.0 (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1801382 Title: printing complex documents does not reproduce screen image on paper Status in evince package in Ubuntu: Incomplete Status in gtk+3.0 package in Ubuntu: Incomplete Bug description: Ubuntu 18.10 latest update (by 2.11.2018) printing PDF documents that contain embedded images, these images get printed nearly black and completely illegible. I have attached a sample file and a printout of my cups pdf writer (which produces the exact same results as the printer) ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: cups 2.2.8-5ubuntu1 ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12 Uname: Linux 4.18.0-10-generic x86_64 ApportVersion: 2.20.10-0ubuntu13 Architecture: amd64 CupsErrorLog: W [02/Nov/2018:16:18:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-Gray..\' already exists W [02/Nov/2018:16:18:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-DeviceN..\' already exists W [02/Nov/2018:16:20:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-Gray..\' already exists W [02/Nov/2018:16:20:30 +0100] CreateProfile failed: org.freedesktop.ColorManager.AlreadyExists:profile id \'HP_Color_LaserJet_MFP_M477fdw_AF82F1_-DeviceN..\' already exists CurrentDesktop: ubuntu:GNOME Date: Fri Nov 2 16:21:51 2018 InstallationDate: Installed on 2018-04-30 (186 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) Lpstat: device for HP_Color_LaserJet_MFP_M477fdw: hp:/net/HP_Color_LaserJet_MFP_M477fdw?ip=10.1.0.21 Lsusb: Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 05ac:0273 Apple, Inc. Bus 001 Device 002: ID 05ac:8290 Apple, Inc. Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Apple Inc. MacBookPro12,1 Papersize: a4 PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_Color_LaserJet_MFP_M477fdw.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_Color_LaserJet_MFP_M477fdw.ppd: Permission denied ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.18.0-10-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=1 SourcePackage: cups UpgradeStatus: Upgraded to cosmic on 2018-10-20 (13 days ago) dmi.bios.date: 08/08/2017 dmi.bios.vendor: Apple Inc. dmi.bios.version: MBP121.88Z.0171.B00.1708080033 dmi.board.name: Mac-E43C1C25D4880AD6 dmi.board.vendor: Apple Inc. dmi.board.version: MacBookPro12,1 dmi.chassis.type: 9 dmi.chassis.vendor: Apple Inc. dmi.chassis.version: Mac-E43C1C25D4880AD6 dmi.modalias: dmi:bvnAppleInc.:bvrMBP121.88Z.0171.B00.1708080033:bd08/08/2017:svnAppleInc.:pnMacBookPro12,1:pvr1.0:rvnAppleInc.:rnMac-E43C1C25D4880AD6:rvrMacBookPro12,1:cvnAppleInc.:ct9:cvrMac-E43C1C25D4880AD6: dmi.product.family: MacBook Pro dmi.product.name: MacBookPro12,1 dmi.product.version: 1.0 dmi.sys.vendor: Apple Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1801382/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833039] Autopkgtest regression report (apache2/2.4.34-1ubuntu2.2)
All autopkgtests for the newly accepted apache2 (2.4.34-1ubuntu2.2) for cosmic
have finished running.
There have been regressions in tests triggered by the package. Please visit the
sru report page and investigate the failures.
https://people.canonical.com/~ubuntu-archive/pending-sru.html#cosmic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl
[Touch-packages] [Bug 1833479] Re: libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs
Unsubscribing the Sponsors Team as there is no debdiff to sponsor. Poked the Security Team. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to jackd2 in Ubuntu. https://bugs.launchpad.net/bugs/1833479 Title: libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs Status in jackd2 package in Ubuntu: New Status in jackd2 package in Debian: New Bug description: After upgrading to Ubuntu 19.04, I started experiencing sporadic crashes in kodi when turning my AV receiver on. Ubuntu 19.04 upgraded alsa-plugins to 1.1.8. For alsa-plugins >= 1.1.7, the ALSA jack plugin is enabled by default in /etc/alsa/conf.d/50-jack.conf. The crashes are caused by a race condition when kodi's audio engine thread is enumerating the ALSA sound devices, and the udev thread is enumerating the udev devices triggered by the sound device add from turning the AVR on. When enumerating the ALSA jack plugin device, it tries to connect to connect to jackd. Since I don't have jackd installed, it fails to connect. libjack closes the socket on error, and then closes it again in it's cleanup code. Since it's closing the same file descriptor twice, it interacts with other threads that have potentially opened file descriptors, and causes the crash. This same bug could potentially affect other multi-threaded programs that enumerate ALSA devices. Fix committed upstream: https://github.com/jackaudio/jack2/commit/dad4b5702782eef3bd66e3c3f4fefaaae3571208 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jackd2/+bug/1833479/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1795479] Re: ark does not save pdf from internal viewer
Thank you for your bug report, the issue there seems to be with the ark
software though, reassigning
** Package changed: shared-mime-info (Ubuntu) => ark (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to shared-mime-info in
Ubuntu.
https://bugs.launchpad.net/bugs/1795479
Title:
ark does not save pdf from internal viewer
Status in ark package in Ubuntu:
New
Bug description:
Open a zip file with ark
in ark settings choose preview the file with internal previewer.
Open a pdf file from the zip archive.
Save the file using "Save as by choosing a new directory (outside
/tmp/)
The file is saved, but when the PDF previewer is closed, the file disappears.
an strace of the ark process shows
unlink("/home/elgaard/foo.pdf")
which is where the PDF was saved to.
I did have a similar problems years ago, and I am almost sure that I checked
the option "open the file with associated application" back then and suspect
that the setting was changed behind my back at a later update.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ark/+bug/1795479/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1831505] Re: Qt5 incorrectly interpret keypresses from remote VNC keyboard
Packages from bionic-proposed fix the issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1831505 Title: Qt5 incorrectly interpret keypresses from remote VNC keyboard Status in qtbase-opensource-src package in Ubuntu: Fix Released Status in qtbase-opensource-src source package in Bionic: Fix Committed Status in qtbase-opensource-src package in Debian: Fix Released Bug description: [Impact] Qt applications incorrectly interpret keyboard input when running over some VNC clients such as TightVNC. [Test Case] 1. Have Ubuntu 18.04 LTS installed with VNC server 2. Connect to Ubuntu 18.04 LTS from other machine with VNC client 3. Launch any Qt5 based application such as `assistant`, `kate` or `retext` 4. Press keyboard combination on VNC client Expected results: all keypresses are recognized successfully Actual results: * produces `1` * produces `5` * <`> produces `p` * and are not working * all letters are messed [Proposed Fix] The proposed fix is a backport of two upstream commits: the second being the actual fix, the first one is some refactoring of the code to make it easier to write the second. The commits are: - https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f8b164e1c37ca901 - https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3edcd9420e3ad661 [Regression Potential] Most of the new code is triggered only when the keymap is missing rules, models, or layout (i.e. rmlvo_is_incomplete == true). This minimizes the risk of regressions when working with simple X11 server. In any case, the potential regressions will be related to input handling. [Other Info] Note: only Qt applications are affected, the GTK-based work as expected (including Chromium from which I write this bug-report) ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: qt5-assistant 5.9.5-0ubuntu1 Uname: Linux 4.4.78-perf+ aarch64 NonfreeKernelModules: wlan exfat ApportVersion: 2.20.9-0ubuntu7 Architecture: armhf CurrentDesktop: MATE Date: Tue Jun 4 00:46:55 2019 ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: qttools-opensource-src UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1831505/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1588395] Re: 70gconfd_path-on-session doesn't quote DESKTOP_SESSION and fails if it contains a space
** Changed in: gconf (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gconf in Ubuntu.
https://bugs.launchpad.net/bugs/1588395
Title:
70gconfd_path-on-session doesn't quote DESKTOP_SESSION and fails if it
contains a space
Status in gconf package in Ubuntu:
Fix Committed
Bug description:
In /etc/X11/Xsession.d/70gconfd_path-on-session these lines fail if
there is a space in ${DESKTOP_SESSION}:
export MANDATORY_PATH=${GCONF_PREFIX}/${DESKTOP_SESSION}.mandatory.path
export DEFAULTS_PATH=${GCONF_PREFIX}/${DESKTOP_SESSION}.default.path
The error output to ~/.xsession-errors is:
/etc/X11/Xsession: 6: export: Session.mandatory.path: bad variable
name
I'm not sure why the error is pointing to the wrong file. Adding quotes
around the variables in those lines makes the error go away. This error totally
prevents logging into X. It happens when using LXDM to start Xfce, because LXDM
sets DESKTOP_SESSION to Name from /usr/share/xsessions/xfce.desktop :
Name=Xfce Session
These LXDM bugs relate to the problem, but I guess the lack of quoting
here is the root cause. I'm not sure if setting DESKTOP_SESSION to the
Name from the .desktop file and having a space in it is wise, but
everything seems to work after fixing the quoting. Proper quoting is
used elsewhere.
https://sourceforge.net/p/lxde/bugs/420/
https://bugs.launchpad.net/ubuntu/+source/lxdm/+bug/875991
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gconf2-common 3.2.6-3ubuntu6
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Thu Jun 2 10:16:46 2016
PackageArchitecture: all
ProcEnviron:
LANGUAGE=en_CA:en
TERM=xterm
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: gconf
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gconf/+bug/1588395/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1771041] Re: Remove gconf from Ubuntu
https://launchpad.net/ubuntu/+source/gtkwave/3.3.91-1 * New upstream release * Switch to gsettings instead of gconf. (Closes: #886067) ** Changed in: gtkwave (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gconf in Ubuntu. https://bugs.launchpad.net/bugs/1771041 Title: Remove gconf from Ubuntu Status in autopilot-legacy package in Ubuntu: New Status in desktopnova package in Ubuntu: New Status in evolution-indicator package in Ubuntu: New Status in gconf package in Ubuntu: New Status in gconf-editor package in Ubuntu: New Status in gkdebconf package in Ubuntu: New Status in gnome-mastermind package in Ubuntu: New Status in gnome-phone-manager package in Ubuntu: New Status in gnome-xcf-thumbnailer package in Ubuntu: New Status in gnomint package in Ubuntu: New Status in gtkwave package in Ubuntu: Fix Released Status in guake-indicator package in Ubuntu: New Status in gyrus package in Ubuntu: New Status in jack-mixer package in Ubuntu: New Status in jana package in Ubuntu: New Status in mssh package in Ubuntu: New Status in ogmrip package in Ubuntu: New Status in ooo-thumbnailer package in Ubuntu: New Status in planner package in Ubuntu: New Status in ogmrip package in Debian: Confirmed Bug description: gconf is being removed from Debian Testing. We should remove it from Ubuntu also. eclipse is troublesome. At a minimum, we can remove everything but eclipse and gconf. libgnome is sort of a blocker so do it first LP: #1771031 And remove libqt-gconf LP: #1740538 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/autopilot-legacy/+bug/1771041/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835077] [NEW] [FEATURE] Add support for ~/.bashrc.d/*
Public bug reported: In ~/.profile add support for ~/.bashrc.d/* alongside ~/.bashrc # include all files from .bashrc.d/ if [ -d "$HOME/.bashrc.d" ]; then for rc in "$HOME/.bashrc.d/"*; do if [ -f "$rc" ]; then . "$rc" fi done fi Patch for /etc/skel/.profile in the attachment. ** Affects: bash (Ubuntu) Importance: Undecided Status: New ** Patch added: "patch for /etc/skle/.profile" https://bugs.launchpad.net/bugs/1835077/+attachment/5274709/+files/etc--skel--.profile.diff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1835077 Title: [FEATURE] Add support for ~/.bashrc.d/* Status in bash package in Ubuntu: New Bug description: In ~/.profile add support for ~/.bashrc.d/* alongside ~/.bashrc # include all files from .bashrc.d/ if [ -d "$HOME/.bashrc.d" ]; then for rc in "$HOME/.bashrc.d/"*; do if [ -f "$rc" ]; then . "$rc" fi done fi Patch for /etc/skel/.profile in the attachment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1835077/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
Hello Benjamin, or anyone else affected,
Accepted apache2 into cosmic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/apache2/2.4.34-1ubuntu2.2 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-cosmic to verification-done-cosmic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-cosmic. In either case, without details of
your testing we will not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: apache2 (Ubuntu Cosmic)
Status: In Progress => Fix Committed
** Tags added: verification-needed verification-needed-cosmic
** Changed in: apache2 (Ubuntu Bionic)
Status: In Progress => Fix Committed
** Tags added: verification-needed-bionic
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just
[Touch-packages] [Bug 1826916] Re: MAAS uninstalls itself on unattended upgrade
** Changed in: unattended-upgrades (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1826916 Title: MAAS uninstalls itself on unattended upgrade Status in maas package in Ubuntu: Incomplete Status in unattended-upgrades package in Ubuntu: Fix Released Bug description: Having recently found my MAAS unresponsive I was surprised to find out it's because it uninstalled itself. First, how on earth does this happen, and second how do I go about recovering this I have several critical juju services deployed on a nodes that this MAAS runs and juju is unusable with MAAS down. I've just done the backup as per https://docs.maas.io/2.5/en/manage- backup do I just do a fresh install now and do the restore steps? Will this simply get removed on the next upgrade? Start-Date: 2019-04-24 06:02:09 Commandline: /usr/bin/unattended-upgrade Remove: libjs-yui3-full:amd64 (3.5.1-1ubuntu3), python3-pexpect:amd64 (4.0.1-1), python3-distro-info:amd64 (0.14build1), libwebp5:amd64 (0.4.4-1), python3-roman:amd64 (2.0.0-2), python3-html5lib:amd64 (0.999-4), squid-langpack:amd64 (20150704-1), python3-ecdsa:amd64 (0.13-2), python3-dnspython:amd64 (1.12.0-0ubuntu3), python3-mimeparse:amd64 (0.1.4-1build1), libirs-export141:amd64 (1:9.10.3.dfsg.P4-8ubuntu1.12), fonts-font-awesome:amd64 (4.5.0~dfsg-1), python3-zope.interface:amd64 (4.1.3-1build1), python3-djorm-ext-pgarray:amd64 (1.2-0ubuntu2), javascript-common:amd64 (11), python3-formencode:amd64 (1.3.0-0ubuntu5), dbconfig-pgsql:amd64 (2.0.4ubuntu1), os-prober:amd64 (1.70ubuntu3.3), python3-seamicroclient:amd64 (0.4.0-1ubuntu1), python3-babel:amd64 (1.3+dfsg.1-6), docutils-common:amd64 (0.12+dfsg-1), python3-maas-provisioningserver:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), libibverbs1:amd64 (1.1.8-1.1ubuntu2), python3-sphinx:amd64 (1.3.6-2ubuntu1.1), libfreeipmi16:amd64 (1.4.11-1.1ubuntu4~0.16.04), libaprutil1:amd64 (1.5.4-1build1), libipmidetect0:amd64 (1.4.11-1.1ubuntu4~0.16.04), python3-netaddr:amd64 (0.7.18-1), grub-common:amd64 (2.02~beta2-36ubuntu3.17), libirs141:amd64 (1:9.10.3.dfsg.P4-8ubuntu1.12), squid-common:amd64 (3.5.12-1ubuntu7.5), authbind:amd64 (2.1.1+nmu1), freeipmi-common:amd64 (1.4.11-1.1ubuntu4~0.16.04), python3-pam:amd64 (0.4.2-13.2ubuntu2), python3-pbr:amd64 (1.8.0-4ubuntu1), python3-pil:amd64 (3.1.2-0ubuntu1.1), python3-simplestreams:amd64 (0.1.0~bzr426-0ubuntu1.2), libaprutil1-dbd-sqlite3:amd64 (1.5.4-1build1), python3-netifaces:amd64 (0.10.4-0.1build2), python3-django-maas:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), libjs-jquery:amd64 (1.11.3+dfsg-4), libjs-underscore:amd64 (1.7.0~dfsg-1ubuntu1), libjs-yui3-min:amd64 (3.5.1-1ubuntu3), python3-curtin:amd64 (17.1-11-ga4c9636b-0ubuntu1~16.04.1), python-django-common:amd64 (1.8.7-1ubuntu5.8), python3-service-identity:amd64 (16.0.0-2), bind9utils:amd64 (1:9.10.3.dfsg.P4-8ubuntu1.12), librdmacm1:amd64 (1.0.21-1), libconfig-general-perl:amd64 (2.60-1), python3-jsonschema:amd64 (2.5.1-4), maas-common:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), python3-txtftp:amd64 (0.1~bzr42-0ubuntu2), apache2-data:amd64 (2.4.18-2ubuntu3.10), python3-crochet:amd64 (1.4.0-0ubuntu2), python3-httplib2:amd64 (0.9.1+dfsg-1), python3-iso8601:amd64 (0.1.11-1), pxelinux:amd64 (3:6.03+dfsg-11ubuntu1), python3-sphinx-rtd-theme:amd64 (0.1.9-1), python3-pyparsing:amd64 (2.0.3+dfsg1-1ubuntu0.1), libpaper1:amd64 (1.1.24+nmu4ubuntu1), libjs-yui3-common:amd64 (3.5.1-1ubuntu3), python3-twisted:amd64 (16.0.0-1ubuntu0.2), python3-simplejson:amd64 (3.8.1-1ubuntu2), ntp:amd64 (1:4.2.8p4+dfsg-3ubuntu5.9), libllvm4.0:amd64 (1:4.0-1ubuntu1~16.04.2), libapr1:amd64 (1.5.2-3), maas-rack-controller:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), libipmiconsole2:amd64 (1.4.11-1.1ubuntu4~0.16.04), libaprutil1-ldap:amd64 (1.5.4-1build1), maas-cli:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), distro-info:amd64 (0.14build1), maas-dns:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), libisccfg-export140:amd64 (1:9.10.3.dfsg.P4-8ubuntu1.12), python3-pyvmomi:amd64 (5.5.0-2014.1.1-3), sphinx-rtd-theme-common:amd64 (0.1.9-1), python3-petname:amd64 (2.0-0ubuntu1~16.04), python3-alabaster:amd64 (0.7.7-1), python3-maas-client:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), tgt:amd64 (1:1.0.63-1ubuntu1.1), python3-docutils:amd64 (0.12+dfsg-1), postgresql:amd64 (9.5+173ubuntu0.1), python3-tempita:amd64 (0.5.2-1build1), python3-bson-ext:amd64 (3.2-1build1), python3-convoy:amd64 (0.2.1+bzr39-1), maas-region-controller:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), libpaper-utils:amd64 (1.1.24+nmu4ubuntu1), ieee-data:amd64 (20150531.1), maas-dhcp:amd64 (2.3.0-6434-gd354690-0ubuntu1~16.04.1), python3-django-piston3:amd64 (0.3~rc2-3ubuntu1), liblua5.1-0:amd64 (5.1.5-8ubuntu1), python-babel-localedata:amd64
[Touch-packages] [Bug 1833039] Please test proposed package
Hello Benjamin, or anyone else affected,
Accepted apache2 into bionic-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.7 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
Fix Committed
Status in apache2 source package in Cosmic:
Fix Committed
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert
[Touch-packages] [Bug 1588395] Re: 70gconfd_path-on-session doesn't quote DESKTOP_SESSION and fails if it contains a space
** Changed in: gconf (Ubuntu)
Importance: Undecided => Low
** Changed in: gconf (Ubuntu)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gconf in Ubuntu.
https://bugs.launchpad.net/bugs/1588395
Title:
70gconfd_path-on-session doesn't quote DESKTOP_SESSION and fails if it
contains a space
Status in gconf package in Ubuntu:
In Progress
Bug description:
In /etc/X11/Xsession.d/70gconfd_path-on-session these lines fail if
there is a space in ${DESKTOP_SESSION}:
export MANDATORY_PATH=${GCONF_PREFIX}/${DESKTOP_SESSION}.mandatory.path
export DEFAULTS_PATH=${GCONF_PREFIX}/${DESKTOP_SESSION}.default.path
The error output to ~/.xsession-errors is:
/etc/X11/Xsession: 6: export: Session.mandatory.path: bad variable
name
I'm not sure why the error is pointing to the wrong file. Adding quotes
around the variables in those lines makes the error go away. This error totally
prevents logging into X. It happens when using LXDM to start Xfce, because LXDM
sets DESKTOP_SESSION to Name from /usr/share/xsessions/xfce.desktop :
Name=Xfce Session
These LXDM bugs relate to the problem, but I guess the lack of quoting
here is the root cause. I'm not sure if setting DESKTOP_SESSION to the
Name from the .desktop file and having a space in it is wise, but
everything seems to work after fixing the quoting. Proper quoting is
used elsewhere.
https://sourceforge.net/p/lxde/bugs/420/
https://bugs.launchpad.net/ubuntu/+source/lxdm/+bug/875991
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: gconf2-common 3.2.6-3ubuntu6
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
NonfreeKernelModules: nvidia_uvm nvidia
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: XFCE
Date: Thu Jun 2 10:16:46 2016
PackageArchitecture: all
ProcEnviron:
LANGUAGE=en_CA:en
TERM=xterm
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: gconf
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gconf/+bug/1588395/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1818713] Re: WARNING: icon cache generation failed when installing elementary-icon-theme
*** This bug is a duplicate of bug 962225 *** https://bugs.launchpad.net/bugs/962225 ** This bug has been marked a duplicate of bug 962225 icon cache generation failure -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1818713 Title: WARNING: icon cache generation failed when installing elementary-icon- theme Status in gtk+3.0 package in Ubuntu: New Bug description: WHen installing elementary-icon-theme, receive the message: gtk-update-icon-cache: The generated cache was invalid. WARNING: icon cache generation failed for /usr/share/icons/elementary I believe this is because there is a folder with a space in the name: root@howard:/usr/share/icons/elementary# find ./ -name "* *" ./status/48/untitled folder After removing that directory, the cache is created successfully: root@howard:/usr/share/icons/elementary# rm -rf "./status/48/untitled folder" root@howard:/usr/share/icons/elementary# gtk-update-icon-cache /usr/share/icons/elementary gtk-update-icon-cache: Cache file created successfully. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1818713/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1834138] Re: PA: Don't restore the streams to sinks/sources with only unavailable ports
@Hui, thanks for the work. Is that bug fixed in eoan? It needs to be resolved there before being SRUed ** Changed in: pulseaudio (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1834138 Title: PA: Don't restore the streams to sinks/sources with only unavailable ports Status in HWE Next: New Status in pulseaudio package in Ubuntu: New Bug description: SRU Document: [Impact] The Lenovo P520 machine has dual analogue codecs, so there are two sinks and two sources in the PA, one has the front headphone and front microphone, the other has the rear lineout, linein and rear microphone, and the rear microphone always shows up in the gnome- sound-setting, When we plug a microphone to front audio jack, there are two input devices: rear mic and front mic in the gnome-sound- setting, and suppose users select the the front mic to record sound via audio app like arecord, the front mic will be bond the arecord, after the front mic is unplugged, there is only one rear mic left in the gnome-sound-setting, but the binding will not be changed, the arecrod still bind to front mic, under this situation if users record sound via arecord, they will find they can't record any sound from any other input devices even they are listed in the gnome-sound-setting. This problem also happens to output devices too. [Test Case] After applying this patch, I did the same test: unplug the front mic, then use the arecord to record sound, the app can record sound from rear mic now. After I plug the front mic back, the arecord still record from front mic. Also did the similar test for output devices, it worked as expected too. [Regression Potential] No, Just make a simple check when creating new streams (sink_input/source_output), If the restored device (sink/source) has ports and all ports are unavialble, it will not restore the binding, otherwise it will work as before. [Other Info] No more info here To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1834138/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1771858] Re: /snap/bin not in default PATH for units, snapd should ship system-environment-generators to inject /snap/bin into $PATH
** Tags removed: verification-needed verification-needed-xenial ** Tags added: verification-done verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1771858 Title: /snap/bin not in default PATH for units, snapd should ship system- environment-generators to inject /snap/bin into $PATH Status in snapd package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Fix Released Status in snapd source package in Xenial: Invalid Status in systemd source package in Xenial: Fix Committed Status in snapd source package in Bionic: Confirmed Status in systemd source package in Bionic: Fix Committed Status in snapd source package in Cosmic: Fix Released Status in systemd source package in Cosmic: Fix Released Bug description: [Impact] * This means that software installed via snap isn't transparently available for units to use. As snaps are first-class citizens in Ubuntu, we should update the PATH. * When a generator started to be provided by systemd, it was recognized that $PATH is not correctly set, nonetheless, due to an environment bug that systemd generators run in. [Testcase] # make snapd-env-generator executable if it is not $ sudo chmod +x /usr/lib/systemd/system-environment-generators/snapd-env-generator # reboot, then test the effect of the fix $ systemd-run /usr/bin/env $ journalctl -e | grep PATH Output should contain /snap/bin Output should contain a complete and a valid PATH, i.e. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" or similar. [Regression Potential] * snapd generator was already fixed separately to cause no harm, when running under a broken systemd. With the corrected environment, generators will now run with a correct PATH out of the box. A slight change of PATH will be observed by all generators, when running in containers/initramfs-less boots. However most generators will not be affected as they typically do not execute external binaries. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1771858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1771858] Re: /snap/bin not in default PATH for units, snapd should ship system-environment-generators to inject /snap/bin into $PATH
Tested 229-4ubuntu21.22 on Xenial: ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo systemd-run /usr/bin/env [sudo] password for ubuntu: Running as unit run-r22d04a00a8304e2da719773bb14b6fb4.service. ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ journalctl -a | grep PATH Jul 02 14:31:04 ubuntu-Standard-PC-i440FX-PIIX-1996 env[2093]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ dpkg -l systemd Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Architecture Description +++-===---=== ii systemd 229-4ubuntu21.22 amd64system and service manager ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ dmesg | grep initr [0.243635] Unpacking initramfs... [0.891349] Freeing initrd memory: 54320K The fix for Xenial does not depend on snapd's environment generator, just hardcodes including /snap/bin in the PATH. ** Changed in: snapd (Ubuntu Xenial) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1771858 Title: /snap/bin not in default PATH for units, snapd should ship system- environment-generators to inject /snap/bin into $PATH Status in snapd package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Fix Released Status in snapd source package in Xenial: Invalid Status in systemd source package in Xenial: Fix Committed Status in snapd source package in Bionic: Confirmed Status in systemd source package in Bionic: Fix Committed Status in snapd source package in Cosmic: Fix Released Status in systemd source package in Cosmic: Fix Released Bug description: [Impact] * This means that software installed via snap isn't transparently available for units to use. As snaps are first-class citizens in Ubuntu, we should update the PATH. * When a generator started to be provided by systemd, it was recognized that $PATH is not correctly set, nonetheless, due to an environment bug that systemd generators run in. [Testcase] # make snapd-env-generator executable if it is not $ sudo chmod +x /usr/lib/systemd/system-environment-generators/snapd-env-generator # reboot, then test the effect of the fix $ systemd-run /usr/bin/env $ journalctl -e | grep PATH Output should contain /snap/bin Output should contain a complete and a valid PATH, i.e. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" or similar. [Regression Potential] * snapd generator was already fixed separately to cause no harm, when running under a broken systemd. With the corrected environment, generators will now run with a correct PATH out of the box. A slight change of PATH will be observed by all generators, when running in containers/initramfs-less boots. However most generators will not be affected as they typically do not execute external binaries. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1771858/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1751417] Re: gtk3.22 makes gedit & pluma screen flash for short text only
I am having text flashing issues in several text editors. Loading a large file causing the scrollbar to appear stops the issue. Linux Mint 19, i see it in gedit and xed. I'm on a MS Surface Pro-4 with the jakeday kernel installed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/1751417 Title: gtk3.22 makes gedit & pluma screen flash for short text only Status in gtk+3.0 package in Ubuntu: Expired Bug description: Environment: Ubuntu 18.04 development branch; GTK-3 version: 3.22; For almost all gtk3-based text editor, such as gedit, pluma, mousepad. There is textview flashing issue when the textview doesn't have its side-scrollbar. Typically, short text in textview can make this condition satisified. 1) Editor textview flashing problem only happens in OS physical hosts, and doesn't happen when editors run inside Virtualbox. 2) Editor textview flashing problem doesn't happen in Ubuntu 16.04 which is of lower gtk3 version; 3) If text document is long to generate either side of scrollbar for the editor textview, then the textview is no longer flashing. More to see: https://github.com/mate-desktop/pluma/issues/282 Still, I just ensure that it is not a pluma issue but happens in all gtk3-based text editor including gedit. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: libgtk-3-0 3.22.28-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-10.11-generic 4.15.3 Uname: Linux 4.15.0-10-generic x86_64 ApportVersion: 2.20.8-0ubuntu10 Architecture: amd64 CurrentDesktop: MATE Date: Sat Feb 24 14:32:35 2018 SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1751417/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1825940] Re: [graphics] Enable ICL
This bug was fixed in the package linux-oem-osp1 - 5.0.0-1012.13 --- linux-oem-osp1 (5.0.0-1012.13) bionic; urgency=medium * linux-oem-osp1: 5.0.0-1012.13 -proposed tracker (LP: #1833932) * Add DMIC support to oem-kernel (LP: #1826181) - ASoC: SOF: Intel: hda: reduce ifdef usage for hda - ASoC: SOF: Intel: hda: Enable jack detection in sof hda driver - Revert "ASoC: SOF: Intel: hda: switch to use legacy IRQ mode" - ASoC: SOF: Intel: hda: modify stream interrupt handler - ASoC: SOF: Intel: fix warning for unused variable in non-HDA builds - ASoC: hdac_hdmi: report codec link up/down status to bus - ASoC: SOF: add runtime idle callback - ASoC: SOF: Intel: implement runtime idle for CNL/APL - ASoC: SOF: dont wake dsp up in kcontrol IO - ASoC: codec: hdac_hdmi: fix pin connections at cvt enable - ALSA: hda: fix headphone detection failed * [SRU][B/B-OEM/B-OEM-OSP-1/C/D/E] Add trackpoint middle button support of 2 new thinpads (LP: #1833637) - Input: elantech - enable middle button support on 2 ThinkPads * [graphics] Enable ICL (LP: #1825940) - drm/i915/icl: Add WaDisableBankHangMode - drm/i915/icl: Adding few more device IDs for Ice Lake - drm/i915/cfl: Adding another PCI Device ID. - drm/i915: Accept alloc_size == blocks - drm/i915: Don't pass plane state to skl_compute_plane_wm() - drm/i915: Extract skl_compute_wm_params() - drm/i915: Allocate enough DDB for the cursor - drm/i915: Make sure cursor has enough ddb for the selected wm level - drm/i915: Keep plane watermarks enabled more aggressively - drm/i915: Move some variables to tighter scope - drm/i915: Don't pass pipe_wm around so much - drm/i915: Inline skl_update_pipe_wm() into its only caller - drm/i915: Fix PSR2 selective update corruption after PSR1 setup - drm/i915: Populate pipe_offsets[] & co. accurately - drm/i915: Extract ilk_lut_10() - drm/i915: Don't use split gamma when we don't have to - drm/i915: Implement split/10bit gamma for ivb/hsw - drm/i915: Add 10bit LUT for ilk/snb - drm/i915: Add "10.6" LUT mode for i965+ - drm/i915: Expose the legacy LUT via the GAMMA_LUT/GAMMA_LUT_SIZE props on gen2/3 - drm/i915: Expose full 1024 LUT entries on ivb+ - drm/i915: Introduce struct class_instance for engines across the uAPI - drm/i915: Fix skl+ max plane width - drm/i915: Rename skl_wa_clkgating to the actual WA - drm/i915: Fix the inconsistent RMW in WA 827 - drm/i915/icl: Fix clockgating issue when using scalers - drm/i915: Always try to reset the GPU on takeover - drm/i915: Add Wa_1409120013:icl,ehl - drm/i915/icl: use ranges for voltage level lookup - drm/i915/cnl: use ranges for voltage level lookup - drm/i915/skl: use ranges for voltage level lookup * Sometimes touchpad automatically trigger double click (LP: #1833484) - SAUCE: i2c: designware: Add disable runtime pm quirk * Add pointstick support on HP ZBook 17 G5 (LP: #1833387) - Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A" - SAUCE: HID: multitouch: Add pointstick support for ALPS Touchpad * Dell XPS 13 (9370) defaults to s2idle sleep/suspend instead of deep, NVMe drains lots of power under s2idle (LP: #1808957) - Revert "UBUNTU: SAUCE: pci/nvme: prevent WDC PC SN720 NVMe from entering D3 and being disabled" - Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when suspending" - Revert "UBUTU: SAUCE: pci: prevent Intel NVMe SSDPEKKF from entering D3" - Revert "UBUNTU: SAUCE: nvme: add quirk to not call disable function when suspending" - Revert "UBUNTU: SAUCE: pci: prevent sk hynix nvme from entering D3" - PCI: PM: Avoid possible suspend-to-idle issue - SAUCE: PCI: PM: Skip devices in D0 for suspend-to-idle - nvme-pci: Sync queues on reset - nvme: Export get and set features - nvme-pci: Use host managed power state for suspend * Intel WiFi (CNVi) module has no function on Comet Lake [8086:02f0] (LP: #1833065) - iwlwifi: add support for 6-7 GHz channels - iwlwifi: support new NVM response API - iwlwifi: for AX210 device support radio GF4 - iwlwifi: bump FW API to 47 for 22000 series - iwlwifi: remove unused 0x40C0 PCI device IDs - iwlwifi: bump FW API to 48 for 22000 series - iwlwifi: bump FW API to 49 for 22000 series - iwlwifi: add new cards for 22000 and fix struct name - iwlwifi: bump FW API to 50 for 22000 series - iwlwifi: add new cards for 22000 and change wrong structs - iwlwifi: change 0x02F0 fw from qu to quz [ Ubuntu: 5.0.0-20.21 ] * linux: 5.0.0-20.21 -proposed tracker (LP: #1833934) * CVE-2019-11479 - SAUCE: tcp: add tcp_min_snd_mss sysctl - SAUCE: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() * Remote denial of service (resource exhaustion) caused by TCP SACK scoreboard
[Touch-packages] [Bug 1835055] [NEW] [iMac14, 2, Cirrus Logic CS4206, Speaker, Internal] No sound at all
Public bug reported: - ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 4.15.0-54.58~16.04.1-generic 4.15.18 Uname: Linux 4.15.0-54-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: sohaib 1788 F pulseaudio /dev/snd/controlC0: sohaib 1788 F pulseaudio CurrentDesktop: Unity Date: Tue Jul 2 14:21:48 2019 InstallationDate: Installed on 2019-06-30 (1 days ago) InstallationMedia: Ubuntu 16.04.6 LTS "Xenial Xerus" - Release amd64 (20190227) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: sohaib 1788 F pulseaudio /dev/snd/controlC0: sohaib 1788 F pulseaudio Symptom_Jack: Speaker, Internal Symptom_PulsePlaybackTest: PulseAudio playback test successful Symptom_Type: No sound at all Title: [iMac14,2, Cirrus Logic CS4206, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/16/2019 dmi.bios.vendor: Apple Inc. dmi.bios.version: 137.0.0.0.0 dmi.board.asset.tag: Base Board Asset Tag# dmi.board.name: Mac-27ADBB7B4CEE8E61 dmi.board.vendor: Apple Inc. dmi.board.version: iMac14,2 dmi.chassis.type: 13 dmi.chassis.vendor: Apple Inc. dmi.chassis.version: Mac-27ADBB7B4CEE8E61 dmi.modalias: dmi:bvnAppleInc.:bvr137.0.0.0.0:bd04/16/2019:svnAppleInc.:pniMac14,2:pvr1.0:rvnAppleInc.:rnMac-27ADBB7B4CEE8E61:rvriMac14,2:cvnAppleInc.:ct13:cvrMac-27ADBB7B4CEE8E61: dmi.product.family: iMac dmi.product.name: iMac14,2 dmi.product.version: 1.0 dmi.sys.vendor: Apple Inc. ** Affects: alsa-driver (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1835055 Title: [iMac14,2, Cirrus Logic CS4206, Speaker, Internal] No sound at all Status in alsa-driver package in Ubuntu: New Bug description: - ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 4.15.0-54.58~16.04.1-generic 4.15.18 Uname: Linux 4.15.0-54-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: sohaib 1788 F pulseaudio /dev/snd/controlC0: sohaib 1788 F pulseaudio CurrentDesktop: Unity Date: Tue Jul 2 14:21:48 2019 InstallationDate: Installed on 2019-06-30 (1 days ago) InstallationMedia: Ubuntu 16.04.6 LTS "Xenial Xerus" - Release amd64 (20190227) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: sohaib 1788 F pulseaudio /dev/snd/controlC0: sohaib 1788 F pulseaudio Symptom_Jack: Speaker, Internal Symptom_PulsePlaybackTest: PulseAudio playback test successful Symptom_Type: No sound at all Title: [iMac14,2, Cirrus Logic CS4206, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 04/16/2019 dmi.bios.vendor: Apple Inc. dmi.bios.version: 137.0.0.0.0 dmi.board.asset.tag: Base Board Asset Tag# dmi.board.name: Mac-27ADBB7B4CEE8E61 dmi.board.vendor: Apple Inc. dmi.board.version: iMac14,2 dmi.chassis.type: 13 dmi.chassis.vendor: Apple Inc. dmi.chassis.version: Mac-27ADBB7B4CEE8E61 dmi.modalias: dmi:bvnAppleInc.:bvr137.0.0.0.0:bd04/16/2019:svnAppleInc.:pniMac14,2:pvr1.0:rvnAppleInc.:rnMac-27ADBB7B4CEE8E61:rvriMac14,2:cvnAppleInc.:ct13:cvrMac-27ADBB7B4CEE8E61: dmi.product.family: iMac dmi.product.name: iMac14,2 dmi.product.version: 1.0 dmi.sys.vendor: Apple Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1835055/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1563110]
> I hope these efforts can be merged into mainline Linux and ALSA. Me too: I lack the know-how to fix the kernel myself, unfortunately... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1563110 Title: No sound on Asus e200ha, intel sst with cx2072x codec Status in ALSA driver: Confirmed Status in alsa-driver package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Bug description: I've recently bought an Asus e200ha. Sound in this laptop doesn't work. The sound card is an intel sst with codec conexant cx2072x aplay -l: aplay: device_list:268: no soundcard found... in the sound setting there is a "Dummy output" --- ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CurrentDesktop: XFCE DistroRelease: Ubuntu 14.04 HibernationDevice: RESUME=UUID=7b77dc46-7d5b-4869-83dd-739980736c3a InstallationDate: Installed on 2016-03-28 (0 days ago) InstallationMedia: Linux Mint 17.3 "Rosa" - Release amd64 20160105 Lsusb: Bus 002 Device 002: ID 0781:5583 SanDisk Corp. Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 13d3:3496 IMC Networks Bus 001 Device 002: ID 04f2:b54b Chicony Electronics Co., Ltd Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: ASUSTeK COMPUTER INC. E200HA Package: linux (not installed) ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=it_IT.UTF-8 SHELL=/bin/bash ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-32-generic root=UUID=50fb13c0-a8cd-441d-a38b-c0295c1b9a15 ro quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 3.19.0-32.37~14.04.1-generic 3.19.8-ckt7 RelatedPackageVersions: linux-restricted-modules-3.19.0-32-generic N/A linux-backports-modules-3.19.0-32-generic N/A linux-firmware 1.127.16 Tags: rosa Uname: Linux 3.19.0-32-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 11/26/2015 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: E200HA.203 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: E200HA dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: ATN12345678901234567 dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrE200HA.203:bd11/26/2015:svnASUSTeKCOMPUTERINC.:pnE200HA:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnE200HA:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0: dmi.product.name: E200HA dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/alsa-driver/+bug/1563110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1563110]
(In reply to mirh from comment #113) > https://mailman.alsa-project.org/pipermail/alsa-devel/2019-May/149706.html > > CX2072X is landing in 5.3. That's good news! I'll look forward to it, thanks :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1563110 Title: No sound on Asus e200ha, intel sst with cx2072x codec Status in ALSA driver: Confirmed Status in alsa-driver package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Bug description: I've recently bought an Asus e200ha. Sound in this laptop doesn't work. The sound card is an intel sst with codec conexant cx2072x aplay -l: aplay: device_list:268: no soundcard found... in the sound setting there is a "Dummy output" --- ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CurrentDesktop: XFCE DistroRelease: Ubuntu 14.04 HibernationDevice: RESUME=UUID=7b77dc46-7d5b-4869-83dd-739980736c3a InstallationDate: Installed on 2016-03-28 (0 days ago) InstallationMedia: Linux Mint 17.3 "Rosa" - Release amd64 20160105 Lsusb: Bus 002 Device 002: ID 0781:5583 SanDisk Corp. Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 13d3:3496 IMC Networks Bus 001 Device 002: ID 04f2:b54b Chicony Electronics Co., Ltd Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: ASUSTeK COMPUTER INC. E200HA Package: linux (not installed) ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=it_IT.UTF-8 SHELL=/bin/bash ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-32-generic root=UUID=50fb13c0-a8cd-441d-a38b-c0295c1b9a15 ro quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 3.19.0-32.37~14.04.1-generic 3.19.8-ckt7 RelatedPackageVersions: linux-restricted-modules-3.19.0-32-generic N/A linux-backports-modules-3.19.0-32-generic N/A linux-firmware 1.127.16 Tags: rosa Uname: Linux 3.19.0-32-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 11/26/2015 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: E200HA.203 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: E200HA dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: ATN12345678901234567 dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrE200HA.203:bd11/26/2015:svnASUSTeKCOMPUTERINC.:pnE200HA:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnE200HA:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0: dmi.product.name: E200HA dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/alsa-driver/+bug/1563110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1563110]
https://mailman.alsa-project.org/pipermail/alsa- devel/2019-May/149706.html CX2072X is landing in 5.3. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1563110 Title: No sound on Asus e200ha, intel sst with cx2072x codec Status in ALSA driver: Confirmed Status in alsa-driver package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Bug description: I've recently bought an Asus e200ha. Sound in this laptop doesn't work. The sound card is an intel sst with codec conexant cx2072x aplay -l: aplay: device_list:268: no soundcard found... in the sound setting there is a "Dummy output" --- ApportVersion: 2.14.1-0ubuntu3.19 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CurrentDesktop: XFCE DistroRelease: Ubuntu 14.04 HibernationDevice: RESUME=UUID=7b77dc46-7d5b-4869-83dd-739980736c3a InstallationDate: Installed on 2016-03-28 (0 days ago) InstallationMedia: Linux Mint 17.3 "Rosa" - Release amd64 20160105 Lsusb: Bus 002 Device 002: ID 0781:5583 SanDisk Corp. Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 003: ID 13d3:3496 IMC Networks Bus 001 Device 002: ID 04f2:b54b Chicony Electronics Co., Ltd Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: ASUSTeK COMPUTER INC. E200HA Package: linux (not installed) ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=it_IT.UTF-8 SHELL=/bin/bash ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.19.0-32-generic root=UUID=50fb13c0-a8cd-441d-a38b-c0295c1b9a15 ro quiet splash vt.handoff=7 ProcVersionSignature: Ubuntu 3.19.0-32.37~14.04.1-generic 3.19.8-ckt7 RelatedPackageVersions: linux-restricted-modules-3.19.0-32-generic N/A linux-backports-modules-3.19.0-32-generic N/A linux-firmware 1.127.16 Tags: rosa Uname: Linux 3.19.0-32-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 11/26/2015 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: E200HA.203 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: E200HA dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: ATN12345678901234567 dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrE200HA.203:bd11/26/2015:svnASUSTeKCOMPUTERINC.:pnE200HA:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnE200HA:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0: dmi.product.name: E200HA dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/alsa-driver/+bug/1563110/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1809856] Re: [XPS 13 9370, Realtek ALC3271, Headphone Out, Right] Static/Electric background noise when volume is not muted
Hi Hui Wang, sorry it has taken me so long to test this. I installed your patch and noticed the following things: 1. I **think** the noise is less than before although still present. 2. The commands in your test instructions now make no difference (https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1809856/comments/12) Please let me know if you need any further detail. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/1809856 Title: [XPS 13 9370, Realtek ALC3271, Headphone Out, Right] Static/Electric background noise when volume is not muted Status in alsa-driver package in Ubuntu: Confirmed Status in linux package in Ubuntu: Incomplete Bug description: Whenever I plug in my Sennheiser HD1 Wired headphones with mic, I start hearing a static/electric (some internal?) sound if the volume isn't muted. Something similar occurs with my other earbuds with mic, just much quieter and less noticable. It works fine on Windows 10 running on the same machine, and on my Android phone. I don't notice is when something is playing, but the frequency of the sound changes when I play something, then pause it, the background noise will sound slightly different. This is from an installed Ubuntu 18.10. I have tried booting 18.10 Live USB and 18.04.1 LTS Live USB, and the issue still occurs. I have tried playing with alsamixer and pavucontrol settings, and nothing fixed this background noise. ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: alsa-base 1.0.25+dfsg-0ubuntu5 ProcVersionSignature: Ubuntu 4.18.0-13.14-generic 4.18.17 Uname: Linux 4.18.0-13-generic x86_64 ApportVersion: 2.20.10-0ubuntu13.1 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: davidkoplik 1891 F pulseaudio CurrentDesktop: ubuntu:GNOME Date: Wed Dec 26 20:17:59 2018 InstallationDate: Installed on 2018-12-26 (0 days ago) InstallationMedia: Ubuntu 18.10 "Cosmic Cuttlefish" - Release amd64 (20181017.3) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_Jack: Black Headphone Out, Right Symptom_PulsePlaybackTest: PulseAudio playback test successful Symptom_Type: High background noise, or volume is too low Title: [XPS 13 9370, Realtek ALC3271, Black Headphone Out, Right] Background noise or low volume UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/04/2018 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.6.3 dmi.board.name: 0F6P3V dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 10 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.6.3:bd11/04/2018:svnDellInc.:pnXPS139370:pvr:rvnDellInc.:rn0F6P3V:rvrA00:cvnDellInc.:ct10:cvr: dmi.product.family: XPS dmi.product.name: XPS 13 9370 dmi.product.sku: 07E6 dmi.sys.vendor: Dell Inc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1809856/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1810018] Re: Static library missing from librsvg2-dev
Thank you for your bug report. The change is commit from Debian https://salsa.debian.org/gnome-team/librsvg/commit/1c53c0b1d Could you report it to them on https://packages.qa.debian.org/libr/librsvg.html ? ** Changed in: librsvg (Ubuntu) Importance: Undecided => Wishlist ** Changed in: librsvg (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to librsvg in Ubuntu. https://bugs.launchpad.net/bugs/1810018 Title: Static library missing from librsvg2-dev Status in librsvg package in Ubuntu: Confirmed Bug description: In xenial the file /usr/lib/x86_64-linux-gnu/librsvg-2.a was still there but in bionic onwards it's missing. I cannot statically link with librsvg-2 without it. Please add it back in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1810018/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1835053] [NEW] package libavahi-glib1:amd64 0.6.32~rc+dfsg-1ubuntu2 [modified: usr/lib/x86_64-linux-gnu/libavahi-glib.so.1.0.2] failed to install/upgrade: 现在尚不能配置软件包 libavahi-gli
Public bug reported: the error had happened when i tyr to install pcl library ProblemType: Package DistroRelease: Ubuntu 16.04 Package: libavahi-glib1:amd64 0.6.32~rc+dfsg-1ubuntu2 [modified: usr/lib/x86_64-linux-gnu/libavahi-glib.so.1.0.2] ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6 Uname: Linux 4.4.0-21-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 Date: Tue Jul 2 20:47:45 2019 ErrorMessage: 现在尚不能配置软件包 libavahi-glib1:amd64 不能配置(目前状态为 half-installed ) InstallationDate: Installed on 2019-06-29 (3 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) RelatedPackageVersions: dpkg 1.18.4ubuntu1 apt 1.2.29ubuntu0.1 SourcePackage: avahi Title: package libavahi-glib1:amd64 0.6.32~rc+dfsg-1ubuntu2 [modified: usr/lib/x86_64-linux-gnu/libavahi-glib.so.1.0.2] failed to install/upgrade: 现在尚不能配置软件包 libavahi-glib1:amd64 不能配置(目前状态为 half-installed ) UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: avahi (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1835053 Title: package libavahi-glib1:amd64 0.6.32~rc+dfsg-1ubuntu2 [modified: usr/lib/x86_64-linux-gnu/libavahi-glib.so.1.0.2] failed to install/upgrade: 现在尚不能配置软件包 libavahi-glib1:amd64 不能配置(目前状态为 half- installed ) Status in avahi package in Ubuntu: New Bug description: the error had happened when i tyr to install pcl library ProblemType: Package DistroRelease: Ubuntu 16.04 Package: libavahi-glib1:amd64 0.6.32~rc+dfsg-1ubuntu2 [modified: usr/lib/x86_64-linux-gnu/libavahi-glib.so.1.0.2] ProcVersionSignature: Ubuntu 4.4.0-21.37-generic 4.4.6 Uname: Linux 4.4.0-21-generic x86_64 ApportVersion: 2.20.1-0ubuntu2 Architecture: amd64 Date: Tue Jul 2 20:47:45 2019 ErrorMessage: 现在尚不能配置软件包 libavahi-glib1:amd64 不能配置(目前状态为 half-installed ) InstallationDate: Installed on 2019-06-29 (3 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) RelatedPackageVersions: dpkg 1.18.4ubuntu1 apt 1.2.29ubuntu0.1 SourcePackage: avahi Title: package libavahi-glib1:amd64 0.6.32~rc+dfsg-1ubuntu2 [modified: usr/lib/x86_64-linux-gnu/libavahi-glib.so.1.0.2] failed to install/upgrade: 现在尚不能配置软件包 libavahi-glib1:amd64 不能配置(目前状态为 half-installed ) UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1835053/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833236] Re: whoopsie ftbfs in eoan
This bug was fixed in the package whoopsie - 0.2.65 --- whoopsie (0.2.65) eoan; urgency=medium [ Sebastien Bacher ] * Don't use deprecated n-m components. LP: #1833236. -- Steve Langasek Mon, 01 Jul 2019 11:43:00 -0700 ** Changed in: whoopsie (Ubuntu Eoan) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to whoopsie in Ubuntu. https://bugs.launchpad.net/bugs/1833236 Title: whoopsie ftbfs in eoan Status in whoopsie package in Ubuntu: Fix Released Status in whoopsie source package in Eoan: Fix Released Bug description: whoopsie ftbfs in eoan https://launchpad.net/ubuntu/+archive/test- rebuild-20190614/+build/17048048/+files/buildlog_ubuntu-eoan- amd64.whoopsie_0.2.64_BUILDING.txt.gz dh_auto_build make -j1 make[1]: Entering directory '/<>' Package NetworkManager was not found in the pkg-config search path. Perhaps you should add the directory containing `NetworkManager.pc' to the PKG_CONFIG_PATH environment variable No package 'NetworkManager' found cc -std=c99 -c -g -Ilib -Wall -Werror -Os -DVERSION=\"0.2.64\" -fPIC -g -O2 -fdebug-prefix-map=/<>=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -o src/whoopsie.o src/whoopsie.c src/whoopsie.c:26:10: fatal error: glib.h: No such file or directory #include ^~~~ compilation terminated. make[1]: *** [Makefile:58: src/whoopsie.o] Error 1 make[1]: Leaving directory '/<>' dh_auto_build: make -j1 returned exit code 2 make: *** [debian/rules:17: build] Error 2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1833236/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1744366] Re: xfce power manager shows wrong battery life information (Lbuntu 16.04.3)
I have similar problem on xubuntu 16.04. The only problem is that it occurs with only one of my two batteries. This leads me to consider that the problem may be stemming from an interaction with the battery metadata. The odd thing about the battery (the one that instigates the faulty behavior) is that it reports an unusually high energy-full value (>65Wh) whereas the design capacity is actually much smaller (~5Wh). I speculate that this could cause confusion into the actual state of charge and may prematurely shut the laptop down peter@peter-Studio-1558:~$ upower -d Device: /org/freedesktop/UPower/devices/line_power_ADP1 native-path: ADP1 power supply: yes updated: Tue 02 Jul 2019 08:01:03 AM EDT (1126 seconds ago) has history: no has statistics: no line-power warning-level: none online: yes icon-name: 'ac-adapter-symbolic' Device: /org/freedesktop/UPower/devices/battery_BAT0 native-path: BAT0 vendor: SDI model:Dell serial: 36892 power supply: yes updated: Tue 02 Jul 2019 08:19:03 AM EDT (46 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable:yes state: charging warning-level: none energy: 2.924 Wh energy-empty:0 Wh energy-full: 65.509 Wh energy-full-design: 5.2 Wh energy-rate: 2.995 W voltage: 12.413 V percentage: 4% capacity:100% technology: lithium-ion icon-name: 'battery-caution-charging-symbolic' History (rate): 1562069943 2.995 charging Device: /org/freedesktop/UPower/devices/DisplayDevice power supply: yes updated: Tue 02 Jul 2019 08:19:03 AM EDT (46 seconds ago) has history: no has statistics: no battery present: yes state: charging warning-level: none energy: 2.924 Wh energy-full: 65.509 Wh energy-rate: 2.995 W percentage: 4% icon-name: 'battery-caution-charging-symbolic' Daemon: daemon-version: 0.99.4 on-battery: no lid-is-closed: no lid-is-present: yes critical-action: HybridSleep peter@peter-Studio-1558:~$ upower -d Device: /org/freedesktop/UPower/devices/line_power_ADP1 native-path: ADP1 power supply: yes updated: Tue 02 Jul 2019 08:01:03 AM EDT (1899 seconds ago) has history: no has statistics: no line-power warning-level: none online: yes icon-name: 'ac-adapter-symbolic' Device: /org/freedesktop/UPower/devices/battery_BAT0 native-path: BAT0 vendor: SDI model:Dell serial: 36892 power supply: yes updated: Tue 02 Jul 2019 08:31:04 AM EDT (98 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable:yes state: charging warning-level: none energy: 3.409 Wh energy-empty:0 Wh energy-full: 65.509 Wh energy-full-design: 5.2 Wh energy-rate: 1.806 W voltage: 12.515 V percentage: 5% capacity:100% technology: lithium-ion icon-name: 'battery-caution-charging-symbolic' History (rate): 1562070664 1.806 charging Device: /org/freedesktop/UPower/devices/DisplayDevice power supply: yes updated: Tue 02 Jul 2019 08:31:04 AM EDT (98 seconds ago) has history: no has statistics: no battery present: yes state: charging warning-level: none energy: 3.409 Wh energy-full: 65.509 Wh energy-rate: 1.806 W percentage: 5% icon-name: 'battery-caution-charging-symbolic' Daemon: daemon-version: 0.99.4 on-battery: no lid-is-closed: no lid-is-present: yes critical-action: HybridSleep -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upower in Ubuntu. https://bugs.launchpad.net/bugs/1744366 Title: xfce power manager shows wrong battery life information (Lbuntu 16.04.3) Status in upower package in Ubuntu: Confirmed Bug description: As per title xfce power manager (version 1.4.4-4ubuntu2) on my Lubuntu 16.04.3 shows a wrong battery life. What happens is that I plug in the laptop, it tells me the battery is 100% I unplug the write and I can see after maybe 10 minutes that the battery level lowered. I check and it gives me something like 80% and
[Touch-packages] [Bug 1744366] Re: xfce power manager shows wrong battery life information (Lbuntu 16.04.3)
I forgot to post the version of upower I am running: peter@peter-Studio-1558:~$ apt show upower Package: upower Version: 0.99.4-2ubuntu0.3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upower in Ubuntu. https://bugs.launchpad.net/bugs/1744366 Title: xfce power manager shows wrong battery life information (Lbuntu 16.04.3) Status in upower package in Ubuntu: Confirmed Bug description: As per title xfce power manager (version 1.4.4-4ubuntu2) on my Lubuntu 16.04.3 shows a wrong battery life. What happens is that I plug in the laptop, it tells me the battery is 100% I unplug the write and I can see after maybe 10 minutes that the battery level lowered. I check and it gives me something like 80% and then, suddenly the laptop turns of because the battery is discharged. When i plug it back it shows as the battery is either charging correctly or charging and the percentage is over 70%. The battery is a few months old, so I think the problem lies in xfce power manager which displays the wrong information.Bug #1216594 opened in 2013 is very similar to my case, however that bug report was closed not because it was fixed but because it expired after 60 days. I tried 'upower -d' and it gives me the same info as the power manager. The output was: Device: /org/freedesktop/UPower/devices/line_power_ADP1 native-path: ADP1 power supply: yes updated: XX XX XXX 17:58:48 GMT (815 seconds ago) has history: no has statistics: no line-power warning-level: none online: yes icon-name: 'ac-adapter-symbolic' Device: /org/freedesktop/UPower/devices/battery_BAT0 native-path: BAT0 vendor: Hewlett-Packard model:Primary power supply: yes updated: Fri 19 Jan 2018 18:10:34 GMT (109 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable:yes state: charging warning-level: none energy: 22.2592 Wh energy-empty:0 Wh energy-full: 26.048 Wh energy-full-design: 26.048 Wh energy-rate: 20.0392 W voltage: 16.444 V time to full:11.3 minutes percentage: 85% capacity:100% technology: lithium-ion icon-name: 'battery-full-charging-symbolic' History (charge): 151638543485.000 charging History (rate): 151638543420.039 charging Device: /org/freedesktop/UPower/devices/DisplayDevice power supply: yes updated: XX XX XXX 18:10:34 GMT (109 seconds ago) has history: no has statistics: no battery present: yes state: charging warning-level: none energy: 22.2592 Wh energy-full: 26.048 Wh energy-rate: 20.0392 W time to full:11.3 minutes percentage: 85% icon-name: 'battery-full-charging-symbolic' Daemon: daemon-version: 0.99.4 on-battery: no lid-is-closed: no lid-is-present: yes critical-action: HybridSleep Any ideas? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/upower/+bug/1744366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1810346] Re: VLC interface not displayed correctly
As a temporary fix, so you don't have to launch it from the terminal you can do something like this, (need root): sudo su mv /usr/bin/vlc /usr/bin/vlcbin echo 'QT_AUTO_SCREEN_SCALE_FACTOR=0 /usr/bin/vlcbin "$@"' > /usr/bin/vlc chmod +x /usr/bin/vlc It fixes the problem for me and i can launch it normally using the icon or from the file manager, i tested it with Nautilus and Nemo. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtbase-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1810346 Title: VLC interface not displayed correctly Status in qtbase-opensource-src package in Ubuntu: Confirmed Bug description: I use vlc on a Dell E-5530 laptop seated on its docking station. The laptop display cover is closed, the output is sent on an external LG TV with 1920x1080. This system has been working flawlessly for many years, resp. under late 14.04 and 16.04. After recently upgrading to 18.04, I noticed VLC wouldn't display correctly - see attachment. This only occurs on the external display ; if I open the cover and use the internal display, there is no problem - except I cannot work on the internal display. regards, J.-Luc ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: vlc-bin 3.0.4-1ubuntu0.2 ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18 Uname: Linux 4.15.0-43-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Wed Jan 2 23:38:36 2019 ExecutablePath: /usr/bin/vlc InstallationDate: Installed on 2018-12-19 (14 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) ProcEnviron: PATH=(custom, user) XDG_RUNTIME_DIR= LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: vlc UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1810346/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1744366] Re: xfce power manager shows wrong battery life information (Lbuntu 16.04.3)
** Changed in: upower (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to upower in Ubuntu. https://bugs.launchpad.net/bugs/1744366 Title: xfce power manager shows wrong battery life information (Lbuntu 16.04.3) Status in upower package in Ubuntu: Confirmed Bug description: As per title xfce power manager (version 1.4.4-4ubuntu2) on my Lubuntu 16.04.3 shows a wrong battery life. What happens is that I plug in the laptop, it tells me the battery is 100% I unplug the write and I can see after maybe 10 minutes that the battery level lowered. I check and it gives me something like 80% and then, suddenly the laptop turns of because the battery is discharged. When i plug it back it shows as the battery is either charging correctly or charging and the percentage is over 70%. The battery is a few months old, so I think the problem lies in xfce power manager which displays the wrong information.Bug #1216594 opened in 2013 is very similar to my case, however that bug report was closed not because it was fixed but because it expired after 60 days. I tried 'upower -d' and it gives me the same info as the power manager. The output was: Device: /org/freedesktop/UPower/devices/line_power_ADP1 native-path: ADP1 power supply: yes updated: XX XX XXX 17:58:48 GMT (815 seconds ago) has history: no has statistics: no line-power warning-level: none online: yes icon-name: 'ac-adapter-symbolic' Device: /org/freedesktop/UPower/devices/battery_BAT0 native-path: BAT0 vendor: Hewlett-Packard model:Primary power supply: yes updated: Fri 19 Jan 2018 18:10:34 GMT (109 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable:yes state: charging warning-level: none energy: 22.2592 Wh energy-empty:0 Wh energy-full: 26.048 Wh energy-full-design: 26.048 Wh energy-rate: 20.0392 W voltage: 16.444 V time to full:11.3 minutes percentage: 85% capacity:100% technology: lithium-ion icon-name: 'battery-full-charging-symbolic' History (charge): 151638543485.000 charging History (rate): 151638543420.039 charging Device: /org/freedesktop/UPower/devices/DisplayDevice power supply: yes updated: XX XX XXX 18:10:34 GMT (109 seconds ago) has history: no has statistics: no battery present: yes state: charging warning-level: none energy: 22.2592 Wh energy-full: 26.048 Wh energy-rate: 20.0392 W time to full:11.3 minutes percentage: 85% icon-name: 'battery-full-charging-symbolic' Daemon: daemon-version: 0.99.4 on-battery: no lid-is-closed: no lid-is-present: yes critical-action: HybridSleep Any ideas? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/upower/+bug/1744366/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
Packages uploaded to their respective -proposed queues, it's up to the
SRU team now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
In Progress
Status in apache2 source package in Cosmic:
In Progress
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem
--cert client-auth.pem --key client-auth.key --tlsv1.2
% Total% Received % Xferd Average Speed TimeTime Time
Current
[Touch-packages] [Bug 1825940] Re: [graphics] Enable ICL
thanks These lists also have entries for EHL, but it's beyond our scope to support ICL, unless there are common commits needed for both. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1825940 Title: [graphics] Enable ICL Status in intel: Fix Committed Status in linux package in Ubuntu: Confirmed Status in linux-oem-osp1 package in Ubuntu: New Status in mesa package in Ubuntu: Fix Released Status in linux source package in Bionic: Invalid Status in linux-oem-osp1 source package in Bionic: Fix Committed Status in mesa source package in Bionic: New Bug description: [Impact] Ice Lake (ICL) graphics needs to be enabled for OEM OSP1 image which is based on 18.04.3 graphics stack with linux-oem-osp1 kernel. [Test case] The usual desktop usage, graphics tests etc. [Regression potential] Linux-oem-osp1 kernel is a new kernel used only on new OEM enablements, and it can't regress any currently running system. Mesa backports are limited to ICL, so they shouldn't regress earlier generations either. -- Original description: ICL graphics is not enabled in 19.04. if you want to use 19.04 on ICL platform, you need do like this Add kernel option i915.alpha_support=1 Target Release:19.10 Target Kernel: 5.2 Target Mesa: 19.1 To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1825940/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1
I followed the test steps in the description and I can confirm the fix
works as expected. Thanks Andreas for making a complicated setup so easy
to test!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039
Title:
18.04/Apache2: rejecting client initiated renegotiation due to openssl
1.1.1
Status in apache2 package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Invalid
Status in apache2 source package in Bionic:
In Progress
Status in apache2 source package in Cosmic:
In Progress
Bug description:
[Impact]
Under the following conditions, https connections using client cert
authentication will suffer a long delay (about 15s if modreqtimeout is enabled,
more if it is disabled):
* TLSv1.2
* client certificate authentication in use
* a Location, Directory, or other such block defining the client certificate
authentication for that block only, differing from the SSL vhost as a whole
This was triggered by the OpenSSL 1.1.1 SRU and was caused by this
openssl change in SSL_MODE_AUTO_RETRY from disabled to enabled by
default:
https://github.com/openssl/openssl/blob/a4a90a8a3bdcb9336b5c9c15da419e99a87bc6ed/CHANGES#L121-L130
[Test Case]
It helps if you have lxd up and running. Otherwise, a VM or even bare
metal host also works, as long as you stick to the "ubuntu" hostname.
Launch a container for the release you are testing. The command below is for
bionic:
$ lxc launch ubuntu-daily:bionic ubuntu
Enter the container as root:
$ lxc exec ubuntu bash
Verify hostname is "ubuntu":
# hostname
ubuntu
Install apache2:
apt update && apt install apache2
Download the following files from this bug report and place them in
/etc/apache2:
cd /etc/apache2
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key
Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key
Download the client certificate and key files and place them in /root:
cd /root
wget
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key
Create this vhost file (caution, lines may wrap, in particular LogFormat: it
should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <
LogLevel info ssl:warn
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x"
combined-ssl
ErrorLog \${APACHE_LOG_DIR}/error.log
CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
SSLEngine on
SSLCertificateFile /etc/apache2/ubuntu.pem
SSLCertificateKeyFile /etc/apache2/ubuntu.key
SSLCACertificateFile /etc/apache2/cacert.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLVerifyClient require
Require ssl-verify-client
EOF
Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf
Restart apache2:
systemctl restart apache2
If at this stage you try the following command, it will fail like this
because no client certificate was provided:
# curl --output /dev/null https://ubuntu/ --cacert /etc/apache2/cacert.pem
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure, errno 0
And the apache error log will confirm the reason:
[Mon Jul 01 14:10:23.312645 2019] [ssl:error] [pid 1685:tid 140326396421888]
SSL Library Error: error:1417C0C7:SSL
routines:tls_process_client_certificate:peer did not return a certificate -- No
CAs known to server for verification?
Now retry, but providing the client certificate and key files, and forcing
TLSv1.2 just to be sure. Due to the bug, the command will stall for about 15
seconds, but the index.html file will be downloaded:
# rm -f index.html
# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem
--cert client-auth.pem --key client-auth.key --tlsv1.2
% Total% Received %
[Touch-packages] [Bug 1834138] Re: PA: Don't restore the streams to sinks/sources with only unavailable ports
This is the debdiff for disco version, after it is merged any verified, I will continue uploading the debdiff for cosmic and bionic. So please put this change into the disco queue first. thanks. ** Patch added: "pulseaudio_12.2-2ubuntu4.debdiff" https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1834138/+attachment/5274590/+files/pulseaudio_12.2-2ubuntu4.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1834138 Title: PA: Don't restore the streams to sinks/sources with only unavailable ports Status in HWE Next: New Status in pulseaudio package in Ubuntu: Incomplete Bug description: SRU Document: [Impact] The Lenovo P520 machine has dual analogue codecs, so there are two sinks and two sources in the PA, one has the front headphone and front microphone, the other has the rear lineout, linein and rear microphone, and the rear microphone always shows up in the gnome- sound-setting, When we plug a microphone to front audio jack, there are two input devices: rear mic and front mic in the gnome-sound- setting, and suppose users select the the front mic to record sound via audio app like arecord, the front mic will be bond the arecord, after the front mic is unplugged, there is only one rear mic left in the gnome-sound-setting, but the binding will not be changed, the arecrod still bind to front mic, under this situation if users record sound via arecord, they will find they can't record any sound from any other input devices even they are listed in the gnome-sound-setting. This problem also happens to output devices too. [Test Case] After applying this patch, I did the same test: unplug the front mic, then use the arecord to record sound, the app can record sound from rear mic now. After I plug the front mic back, the arecord still record from front mic. Also did the similar test for output devices, it worked as expected too. [Regression Potential] No, Just make a simple check when creating new streams (sink_input/source_output), If the restored device (sink/source) has ports and all ports are unavialble, it will not restore the binding, otherwise it will work as before. [Other Info] No more info here To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/1834138/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1834138] Re: PA: Don't restore the streams to sinks/sources with only unavailable ports
Since the P520 machine uses ucm in the PA, the patch in the #1 doesn't fix any problem for this machine, so only need to backport the patch of #2. ** Summary changed: - PA: can't auto switch streams between different sinks + PA: Don't restore the streams to sinks/sources with only unavailable ports ** Description changed: - On the Lenovo P52 machine, there are dual analogue codecs: the 1st one - contains the speaker and front headphone, the 2nd one contains the rear - lineout. + SRU Document: - As there are two codecs, there are 2 sinks in the PA, the one sink has - speaker and headphone, the other one has the lineout + [Impact] - Supposing users play music via totem (gnome app) and neither front - headphone nor rear lineout is plugged, the sound will comes out from - speaker. While the music is playing, if users plug a headphone into the - front headphone, the headphone will show up in the gonme-sound-setting - and the speaker will disappear, and the sound will change to heapdhone - from speaker, so the steam auto swtiches from speaker to headphone - because both speaker and headphone belong to the same PA sink. But while - the music is playing, if users plug a headphone into the rear lineout - jack, the lineout will show up in the gnome-sound-setting and the - speaker will disappear too, but the sound will not switch to lineout, it - keeps staying in the speaker even the UI shows the speaker is relaced by - lineout. it doesn't auto switch just because the speaker belongs to one - sink and the lineout belongs to the other. + The Lenovo P520 machine has dual analogue codecs, so there are two sinks + and two sources in the PA, one has the front headphone and front + microphone, the other has the rear lineout, linein and rear microphone, + and the rear microphone always shows up in the gnome-sound-setting, When + we plug a microphone to front audio jack, there are two input devices: + rear mic and front mic in the gnome-sound-setting, and suppose users + select the the front mic to record sound via audio app like arecord, the + front mic will be bond the arecord, after the front mic is unplugged, + there is only one rear mic left in the gnome-sound-setting, but the + binding will not be changed, the arecrod still bind to front mic, under + this situation if users record sound via arecord, they will find they + can't record any sound from any other input devices even they are listed + in the gnome-sound-setting. This problem also happens to output devices + too. - When this issue happens, if users want the sound comes out from lineout, - users have to close the totem and re-run the toem to make the sound come - out from lineout. This is not user friendly. + [Test Case] - And a similar situation is: - users play the music through lineout and UI (gnome-soudn-setting) shows lineout is active, while it is playing the music, if users unplug the headphone from the rear lineout jack, the lineout will disappear from UI and the speaker will show up, but the sound still comes from lineout, it doesn't switch to speaker. + After applying this patch, I did the same test: unplug the front mic, + then use the arecord to record sound, the app can record sound from rear + mic now. After I plug the front mic back, the arecord still record from + front mic. Also did the similar test for output devices, it worked as + expected too. + + [Regression Potential] + + No, Just make a simple check when creating new streams + (sink_input/source_output), If the restored device (sink/source) has + ports and all ports are unavialble, it will not restore the binding, + otherwise it will work as before. + + [Other Info] + + No more info here -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1834138 Title: PA: Don't restore the streams to sinks/sources with only unavailable ports Status in HWE Next: New Status in pulseaudio package in Ubuntu: Incomplete Bug description: SRU Document: [Impact] The Lenovo P520 machine has dual analogue codecs, so there are two sinks and two sources in the PA, one has the front headphone and front microphone, the other has the rear lineout, linein and rear microphone, and the rear microphone always shows up in the gnome- sound-setting, When we plug a microphone to front audio jack, there are two input devices: rear mic and front mic in the gnome-sound- setting, and suppose users select the the front mic to record sound via audio app like arecord, the front mic will be bond the arecord, after the front mic is unplugged, there is only one rear mic left in the gnome-sound-setting, but the binding will not be changed, the arecrod still bind to front mic, under this situation if users record sound via arecord, they will find they can't record any sound from any other input devices even they are listed in the
[Touch-packages] [Bug 1821625] Re: systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-seccomp)
** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1821625
Title:
systemd 237-3ubuntu10.14 ADT test failure on Bionic ppc64el (test-
seccomp)
Status in libseccomp package in Ubuntu:
Incomplete
Status in linux package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Invalid
Status in libseccomp source package in Bionic:
Incomplete
Status in linux source package in Bionic:
Fix Committed
Status in systemd source package in Bionic:
Invalid
Bug description:
Starting with systemd 237-3ubuntu10.14, the testcase test-seccomp is
failing on Bionic on ppc64el with the error messages:
Operating on architecture: ppc
Failed to add n/a() rule for architecture ppc, skipping: Bad address
Operating on architecture: ppc64
Failed to add n/a() rule for architecture ppc64, skipping: Bad address
Operating on architecture: ppc64-le
Failed to add n/a() rule for architecture ppc64-le, skipping: Numerical
argument out of domain
Assertion 'p == MAP_FAILED' failed at ../src/test/test-seccomp.c:413,
function test_memory_deny_write_execute_mmap(). Aborting.
memoryseccomp-mmap terminated by signal ABRT.
Assertion 'wait_for_terminate_and_check("memoryseccomp-mmap", pid, WAIT_LOG)
== EXIT_SUCCESS' failed at ../src/test/test-seccomp.c:427, function
test_memory_deny_write_execute_mmap(). Aborting.
Aborted (core dumped)
FAIL: test-seccomp (code: 134)
Full logs at:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/ppc64el/s/systemd/20190302_025135_d0e38@/log.gz
The testcase passed with systemd version 237-3ubuntu10.13 running on the same
4.15.0-45 kernel on ppc64el:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/ppc64el/s/systemd/20190228_154406_6b12f@/log.gz
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1821625/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1812247] Re: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation
Issuing call setenv("DISPLAY", ":0", 1) via gdb seems to result in a
dialog popping up, as desired.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1812247
Title:
ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation
Status in gnome-keyring package in Ubuntu:
Confirmed
Status in openssh package in Ubuntu:
Invalid
Bug description:
Ubuntu uses ssh-agent from OpenSSH which supports adding keys by means
of `ssh-add -c` indicating that keys "should be subject to
confirmation before being used for authentication. In Ubuntu 18.10
this fails with the error
sign_and_send_pubkey: signing failed: agent refused operation
To reproduce I used a Ubuntu 18.10 Live "CD", apt-get update && apt-
get upgrade, log out and log back in (these steps are not required but
we want to use an up-to-date system). Then:
$ sudo apt-get install ssh-askpass-gnome
(...)
$ # verify that ssh-askpass shows a popup, confirm with Enter
$ ssh-askpass ; echo $?
0
$ ssh-keygen
(...)
$ ssh-add -D
All identities removed.
$ ssh-copy-id $sshuser@$sshserver
(...)
Number of key(s) added: 1
(...)
$ ssh $sshuser@$sshserver uname -a
Linux server 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64
GNU/Linux
$ ssh-add -d
Identity removed: /home/ubuntu/.ssh/id_rsa (ubuntu@ubuntu)
$ ssh-add -c
Enter passphrase for /home/ubuntu/.ssh/id_rsa (will confirm each use):
Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa)
The user must confirm each use of the key
$ ssh $sshuser@$sshserver uname -a
sign_and_send_pubkey: signing failed: agent refused operation
sshuser@server's password: [^C'ed]
$ ssh-add -l
2048 SHA256:yvAFsTpkNWnlrQyCp+tWV83dIF8Je3AksM0o+Ajvyyc
/home/ubuntu/.ssh/id_rsa (RSA)
So, our key is loaded, ssh-askpass is working (also confirmed with
`ssh-add -c
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: gnome-session
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1812247/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1812247] Re: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation
My suspicion is that we never get as far as askpass – gnome-keyring- daemon spawns a ssh-agent to pass requests on to (in my case, that's easy to spot because I use PKCS#11 tokens and that's the one spawning ssh-pkcs11-helpers), and that one doesn't have DISPLAY in its environment, so it won't even try to obtain permission that way. I'll see if I have enough foo to either force the ssh agents into debug mode (readpass.c's read_passphrase() only logs at debug level) or frobnicate their environment to have a DISPLAY, see if that fixes things. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1812247 Title: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation Status in gnome-keyring package in Ubuntu: Confirmed Status in openssh package in Ubuntu: Invalid Bug description: Ubuntu uses ssh-agent from OpenSSH which supports adding keys by means of `ssh-add -c` indicating that keys "should be subject to confirmation before being used for authentication. In Ubuntu 18.10 this fails with the error sign_and_send_pubkey: signing failed: agent refused operation To reproduce I used a Ubuntu 18.10 Live "CD", apt-get update && apt- get upgrade, log out and log back in (these steps are not required but we want to use an up-to-date system). Then: $ sudo apt-get install ssh-askpass-gnome (...) $ # verify that ssh-askpass shows a popup, confirm with Enter $ ssh-askpass ; echo $? 0 $ ssh-keygen (...) $ ssh-add -D All identities removed. $ ssh-copy-id $sshuser@$sshserver (...) Number of key(s) added: 1 (...) $ ssh $sshuser@$sshserver uname -a Linux server 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux $ ssh-add -d Identity removed: /home/ubuntu/.ssh/id_rsa (ubuntu@ubuntu) $ ssh-add -c Enter passphrase for /home/ubuntu/.ssh/id_rsa (will confirm each use): Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa) The user must confirm each use of the key $ ssh $sshuser@$sshserver uname -a sign_and_send_pubkey: signing failed: agent refused operation sshuser@server's password: [^C'ed] $ ssh-add -l 2048 SHA256:yvAFsTpkNWnlrQyCp+tWV83dIF8Je3AksM0o+Ajvyyc /home/ubuntu/.ssh/id_rsa (RSA) So, our key is loaded, ssh-askpass is working (also confirmed with `ssh-add -c LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: gnome-session UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1812247/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1825940] Re: [graphics] Enable ICL
20170702 update of ICL kernel (drm-tip) --- icl_commit_20190626.list_kernv_drm-tip 2019-06-26 08:10:11.102281024 +0800 +++ icl_commit_20190702.list_kernv_drm-tip 2019-07-02 13:55:00.666216695 +0800 @@ -1,6 +1,10 @@ -fc25441c7b9,drm/i915/ehl: Add one additional PCH ID to MCC,2019-06-21 08:18:47,not in drm-intel-next/linux-upstream -8dcfdfb4501,drm/i915/perf: fix ICL perf register offsets,2019-06-10 11:19:14,not in drm-intel-next/linux-upstream -f9a393875d3,drm/i915: Disable SAMPLER_STATE prefetching on all Gen11 steppings.,2019-06-25 10:06:55,not in drm-intel-next/linux-upstream +63c9dae71dc,drm/i915/ehl: Add voltage level requirement table,2019-06-25 18:40:53,next-20190628 +6e63790efdf,drm/i915/ehl: Remove unsupported cd clocks,2019-06-25 18:40:52,next-20190628 +9c811fce8a4,drm/i915/icl: Add new supported CD clocks,2019-06-25 18:40:51,next-20190628 +9a6a644096a,drm/i915/ehl: Add missing VECS engine,2019-06-14 14:37:49,next-20190628 +fc25441c7b9,drm/i915/ehl: Add one additional PCH ID to MCC,2019-06-21 08:18:47,next-20190628 +8dcfdfb4501,drm/i915/perf: fix ICL perf register offsets,2019-06-10 11:19:14,next-20190628 +f9a393875d3,drm/i915: Disable SAMPLER_STATE prefetching on all Gen11 steppings.,2019-06-25 10:06:55,next-20190628 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/1825940 Title: [graphics] Enable ICL Status in intel: Fix Committed Status in linux package in Ubuntu: Confirmed Status in linux-oem-osp1 package in Ubuntu: New Status in mesa package in Ubuntu: Fix Released Status in linux source package in Bionic: Invalid Status in linux-oem-osp1 source package in Bionic: Fix Committed Status in mesa source package in Bionic: New Bug description: [Impact] Ice Lake (ICL) graphics needs to be enabled for OEM OSP1 image which is based on 18.04.3 graphics stack with linux-oem-osp1 kernel. [Test case] The usual desktop usage, graphics tests etc. [Regression potential] Linux-oem-osp1 kernel is a new kernel used only on new OEM enablements, and it can't regress any currently running system. Mesa backports are limited to ICL, so they shouldn't regress earlier generations either. -- Original description: ICL graphics is not enabled in 19.04. if you want to use 19.04 on ICL platform, you need do like this Add kernel option i915.alpha_support=1 Target Release:19.10 Target Kernel: 5.2 Target Mesa: 19.1 To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1825940/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1834994] Re: rsync: --xattrs is extremely slow
Note that this bug is NOT a duplicate of https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1524703 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1834994 Title: rsync: --xattrs is extremely slow Status in rsync package in Ubuntu: New Bug description: Ubuntu 16.04 LTS repositories contain only rsync version 3.1.1: $ apt policy rsync rsync: Installed: 3.1.1-3ubuntu1.2 Candidate: 3.1.1-3ubuntu1.2 Version table: *** 3.1.1-3ubuntu1.2 500 500 http://fi.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status 3.1.1-3ubuntu1 500 500 http://fi.archive.ubuntu.com/ubuntu xenial/main amd64 Packages However, this version has a bug where flag --xattrs causes very very high CPU usage if source contains lots of unique extended attributes. I'm trying to sync 13 TB (roughly 6.5 M files) with extended attributes and this bug seems to make this slower and slower as the time goes by. The system has been copying the stuff for three weeks (!) now. It's getting slower every day but still seems to make progress so I try to run it to completion. First couple of terabytes suggested that this sync operation should have taken around 4 days. The source directory is used by glusterfs which creates checksums as extended attributes and practically every file has different checksum. Please, update rsync package on Ubuntu 16.04 to 3.1.2-2 or later. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799143 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: rsync 3.1.1-3ubuntu1.2 ProcVersionSignature: Ubuntu 4.15.0-51.55~16.04.1-lowlatency 4.15.18 Uname: Linux 4.15.0-51-lowlatency x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 CurrentDesktop: MATE Date: Tue Jul 2 09:07:49 2019 InstallationDate: Installed on 2015-02-23 (1589 days ago) InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) SourcePackage: rsync UpgradeStatus: Upgraded to xenial on 2016-06-10 (1116 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1834994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1834994] [NEW] rsync: --xattrs is extremely slow
Public bug reported: Ubuntu 16.04 LTS repositories contain only rsync version 3.1.1: $ apt policy rsync rsync: Installed: 3.1.1-3ubuntu1.2 Candidate: 3.1.1-3ubuntu1.2 Version table: *** 3.1.1-3ubuntu1.2 500 500 http://fi.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status 3.1.1-3ubuntu1 500 500 http://fi.archive.ubuntu.com/ubuntu xenial/main amd64 Packages However, this version has a bug where flag --xattrs causes very very high CPU usage if source contains lots of unique extended attributes. I'm trying to sync 13 TB (roughly 6.5 M files) with extended attributes and this bug seems to make this slower and slower as the time goes by. The system has been copying the stuff for three weeks (!) now. It's getting slower every day but still seems to make progress so I try to run it to completion. First couple of terabytes suggested that this sync operation should have taken around 4 days. The source directory is used by glusterfs which creates checksums as extended attributes and practically every file has different checksum. Please, update rsync package on Ubuntu 16.04 to 3.1.2-2 or later. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799143 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: rsync 3.1.1-3ubuntu1.2 ProcVersionSignature: Ubuntu 4.15.0-51.55~16.04.1-lowlatency 4.15.18 Uname: Linux 4.15.0-51-lowlatency x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 CurrentDesktop: MATE Date: Tue Jul 2 09:07:49 2019 InstallationDate: Installed on 2015-02-23 (1589 days ago) InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) SourcePackage: rsync UpgradeStatus: Upgraded to xenial on 2016-06-10 (1116 days ago) ** Affects: rsync (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1834994 Title: rsync: --xattrs is extremely slow Status in rsync package in Ubuntu: New Bug description: Ubuntu 16.04 LTS repositories contain only rsync version 3.1.1: $ apt policy rsync rsync: Installed: 3.1.1-3ubuntu1.2 Candidate: 3.1.1-3ubuntu1.2 Version table: *** 3.1.1-3ubuntu1.2 500 500 http://fi.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 100 /var/lib/dpkg/status 3.1.1-3ubuntu1 500 500 http://fi.archive.ubuntu.com/ubuntu xenial/main amd64 Packages However, this version has a bug where flag --xattrs causes very very high CPU usage if source contains lots of unique extended attributes. I'm trying to sync 13 TB (roughly 6.5 M files) with extended attributes and this bug seems to make this slower and slower as the time goes by. The system has been copying the stuff for three weeks (!) now. It's getting slower every day but still seems to make progress so I try to run it to completion. First couple of terabytes suggested that this sync operation should have taken around 4 days. The source directory is used by glusterfs which creates checksums as extended attributes and practically every file has different checksum. Please, update rsync package on Ubuntu 16.04 to 3.1.2-2 or later. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799143 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: rsync 3.1.1-3ubuntu1.2 ProcVersionSignature: Ubuntu 4.15.0-51.55~16.04.1-lowlatency 4.15.18 Uname: Linux 4.15.0-51-lowlatency x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 CurrentDesktop: MATE Date: Tue Jul 2 09:07:49 2019 InstallationDate: Installed on 2015-02-23 (1589 days ago) InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) SourcePackage: rsync UpgradeStatus: Upgraded to xenial on 2016-06-10 (1116 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1834994/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1812247] Re: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gnome-keyring (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1812247 Title: ssh-askpass(-gnome) fails for ssh-add -c: agent refused operation Status in gnome-keyring package in Ubuntu: Confirmed Status in openssh package in Ubuntu: Invalid Bug description: Ubuntu uses ssh-agent from OpenSSH which supports adding keys by means of `ssh-add -c` indicating that keys "should be subject to confirmation before being used for authentication. In Ubuntu 18.10 this fails with the error sign_and_send_pubkey: signing failed: agent refused operation To reproduce I used a Ubuntu 18.10 Live "CD", apt-get update && apt- get upgrade, log out and log back in (these steps are not required but we want to use an up-to-date system). Then: $ sudo apt-get install ssh-askpass-gnome (...) $ # verify that ssh-askpass shows a popup, confirm with Enter $ ssh-askpass ; echo $? 0 $ ssh-keygen (...) $ ssh-add -D All identities removed. $ ssh-copy-id $sshuser@$sshserver (...) Number of key(s) added: 1 (...) $ ssh $sshuser@$sshserver uname -a Linux server 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux $ ssh-add -d Identity removed: /home/ubuntu/.ssh/id_rsa (ubuntu@ubuntu) $ ssh-add -c Enter passphrase for /home/ubuntu/.ssh/id_rsa (will confirm each use): Identity added: /home/ubuntu/.ssh/id_rsa (/home/ubuntu/.ssh/id_rsa) The user must confirm each use of the key $ ssh $sshuser@$sshserver uname -a sign_and_send_pubkey: signing failed: agent refused operation sshuser@server's password: [^C'ed] $ ssh-add -l 2048 SHA256:yvAFsTpkNWnlrQyCp+tWV83dIF8Je3AksM0o+Ajvyyc /home/ubuntu/.ssh/id_rsa (RSA) So, our key is loaded, ssh-askpass is working (also confirmed with `ssh-add -c LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: gnome-session UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1812247/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
