[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
** Tags removed: server-todo
** Tags removed: regression-update
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776
Title:
After updating ubuntu, the network to which the subnet address is
assigned does not become active in KVM.
Status in dnsmasq package in Ubuntu:
Invalid
Bug description:
phenomenon:
After updating ubuntu, the network to which the subnet address is assigned
does not become active in KVM.
Cause:
This is because the following dnsmasq update operation performed by apt's
automatic update causes an error. It worked properly with dnsmasq 2.80, but
does not work properly with 2.90.
$ cat /var/log/apt/history.log
(snip)
Start-Date: 2024-02-27 06:17:31
Commandline: /usr/bin/unattended-upgrade
Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
End-Date: 2024-02-27 06:17:44
(snip)
$
Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below
is an example.
$ cat default.conf
##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
##virsh net-edit default
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
user=libvirt-dnsmasq
pid-file=/run/libvirt/network/default.pid
except-interface=lo
bind-dynamic
interface=virbr0
dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
$
When starting the network with KVM (virsh net-start), dnsmasq started from
KVM executes the make_sock function twice as shown below.
$ cat network.c
(snip)
1087 static struct listener *create_listeners(union mysockaddr *addr, int
do_
1087 tftp, int dienow)
1088 {
1089 struct listener *l = NULL;
1090 int fd = -1, tcpfd = -1, tftpfd = -1;
1091
1092 (void)do_tftp;
1093
1094 if (daemon->port != 0)
1095 {
1096 fd = make_sock(addr, SOCK_DGRAM, dienow);
1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
1098 }
(snip)
The following code causes an issue with the update made in dnsmasq
2.90.
$ cat network.c
(snip)
895 static int make_sock(union mysockaddr *addr, int type, int dienow)
896 {
(snip)
934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
935 {
936 if (dienow)
937 die(s, daemon->addrbuff, EC_BADNET);
938 else
939 my_syslog(LOG_WARNING, s, daemon->addrbuff,
strerror(errno))939 ;
940 }
(snip)
function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24,
and then make_sock in network.c:1097 tries to bind to the same address.
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so
dnsmasq does not cause a startup error. As a result, virsh net-start fails.
As a temporary workaround, it will work if you try not to die.
$ diff -u network_c_back network.c
--- network_c_back 2024-02-29 15:36:05.156467935 +
+++ network.c 2024-02-29 15:36:38.733324350 +
@@ -934,7 +934,8 @@
if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
if (dienow)
- die(s, daemon->addrbuff, EC_BADNET);
+ my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
+ //die(s, daemon->addrbuff, EC_BADNET);
else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
$
If bind-dynamic is set, it should be modified so that it works even if
errno==98.
For reference, in the case of dnsmasq 2.80, the code is as follows, so
no error occurs.
network.c
699 static int make_sock(union mysockaddr *addr, int type, int dienow)
700 {
701 int family = addr->sa.sa_family;
702 int fd, rc, opt = 1;
(snip)
715 err:
716 errsave = errno;
717 port = prettyprint_addr(addr, daemon->addrbuff);
718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
719 sprintf(daemon->addrbuff, "port %d", port);
720 s = _("failed to create listening socket for %s: %s");
721
722 if (fd != -1)
723 close (fd);
724
725 errno = errsave;
726
727 if (dienow)
728 {
729 /* failure to bind addresses given by --listen-address at
this
729 point
730 is OK if we're doing bind-dynamic */
731 if (!option_bool(OPT_CLEVERBIND))
[Touch-packages] [Bug 1965328] Re: transient scope could not be started error in bionic lxd container
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1965328 Title: transient scope could not be started error in bionic lxd container Status in snapd: New Status in systemd package in Ubuntu: Invalid Status in systemd source package in Bionic: New Bug description: On my impish development host machine I tend to use lxd containers to support snap building and other tasks targeting different releases. Today I came to use a bionic container as per usual and found that I could not invoke any snap applications. I installed hello-world as the most simple test of running a snap app: ``` ubuntu@b:~$ hello-world internal error, please report: running "hello-world" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/44 finished with result failed ``` I made sure the container had up to date packages in it (apt & snaps) and rebooted it. But the problem persisted. I then created a second container and installed hello-world in it and again the problem was reproducible. At the time of producing the following attachments I had not attempted to reboot the host. To manage notifications about this bug go to: https://bugs.launchpad.net/snapd/+bug/1965328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
** Changed in: dnsmasq (Ubuntu)
Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)
** Tags removed: server-triage-discuss
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2055776
Title:
After updating ubuntu, the network to which the subnet address is
assigned does not become active in KVM.
Status in dnsmasq package in Ubuntu:
Confirmed
Bug description:
phenomenon:
After updating ubuntu, the network to which the subnet address is assigned
does not become active in KVM.
Cause:
This is because the following dnsmasq update operation performed by apt's
automatic update causes an error. It worked properly with dnsmasq 2.80, but
does not work properly with 2.90.
$ cat /var/log/apt/history.log
(snip)
Start-Date: 2024-02-27 06:17:31
Commandline: /usr/bin/unattended-upgrade
Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1)
End-Date: 2024-02-27 06:17:44
(snip)
$
Cause details:
As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below
is an example.
$ cat default.conf
##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
##virsh net-edit default
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
user=libvirt-dnsmasq
pid-file=/run/libvirt/network/default.pid
except-interface=lo
bind-dynamic
interface=virbr0
dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
$
When starting the network with KVM (virsh net-start), dnsmasq started from
KVM executes the make_sock function twice as shown below.
$ cat network.c
(snip)
1087 static struct listener *create_listeners(union mysockaddr *addr, int
do_
1087 tftp, int dienow)
1088 {
1089 struct listener *l = NULL;
1090 int fd = -1, tcpfd = -1, tftpfd = -1;
1091
1092 (void)do_tftp;
1093
1094 if (daemon->port != 0)
1095 {
1096 fd = make_sock(addr, SOCK_DGRAM, dienow);
1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow);
1098 }
(snip)
The following code causes an issue with the update made in dnsmasq
2.90.
$ cat network.c
(snip)
895 static int make_sock(union mysockaddr *addr, int type, int dienow)
896 {
(snip)
934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
935 {
936 if (dienow)
937 die(s, daemon->addrbuff, EC_BADNET);
938 else
939 my_syslog(LOG_WARNING, s, daemon->addrbuff,
strerror(errno))939 ;
940 }
(snip)
function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24,
and then make_sock in network.c:1097 tries to bind to the same address.
However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so
dnsmasq does not cause a startup error. As a result, virsh net-start fails.
As a temporary workaround, it will work if you try not to die.
$ diff -u network_c_back network.c
--- network_c_back 2024-02-29 15:36:05.156467935 +
+++ network.c 2024-02-29 15:36:38.733324350 +
@@ -934,7 +934,8 @@
if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL)
{
if (dienow)
- die(s, daemon->addrbuff, EC_BADNET);
+ my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
+ //die(s, daemon->addrbuff, EC_BADNET);
else
my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno));
}
$
If bind-dynamic is set, it should be modified so that it works even if
errno==98.
For reference, in the case of dnsmasq 2.80, the code is as follows, so
no error occurs.
network.c
699 static int make_sock(union mysockaddr *addr, int type, int dienow)
700 {
701 int family = addr->sa.sa_family;
702 int fd, rc, opt = 1;
(snip)
715 err:
716 errsave = errno;
717 port = prettyprint_addr(addr, daemon->addrbuff);
718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
719 sprintf(daemon->addrbuff, "port %d", port);
720 s = _("failed to create listening socket for %s: %s");
721
722 if (fd != -1)
723 close (fd);
724
725 errno = errsave;
726
727 if (dienow)
728 {
729 /* failure to bind addresses given by --listen-address at
this
729 point
730
[Touch-packages] [Bug 2053146] Re: openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is slightly wrong
** Changed in: openssh (Ubuntu)
Assignee: (unassigned) => Andreas Hasenack (ahasenack)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2053146
Title:
openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is
slightly wrong
Status in openssh package in Ubuntu:
Incomplete
Bug description:
The Authmethod struct now have 4 entries but the initialization of the
method_gsskeyex in the debian/patches/gssapi.patch only have 3
entries.
The struct was changed in upstream commit
dbb339f015c33d63484261d140c84ad875a9e548 as
===
@@ -104,7 +104,8 @@ struct Authctxt {
struct Authmethod {
char*name;
- int (*userauth)(struct ssh *);
+ char*synonym;
+ int (*userauth)(struct ssh *, const char *);
int *enabled;
};
===
The incorrect code does
===
+Authmethod method_gsskeyex = {
+ "gssapi-keyex",
+ userauth_gsskeyex,
+ _authentication
+};
===
but should have a NULL between the "gssapi-keyex" string and userauth_gsskeyex
This is now (change from Focal) causing gssapi-keyex to be disabled.
===
lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
===
apt-cache policy openssh-server
openssh-server:
Installed: 1:8.9p1-3ubuntu0.6
Candidate: 1:8.9p1-3ubuntu0.6
Version table:
*** 1:8.9p1-3ubuntu0.6 500
500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu
jammy-updates/main amd64 Packages
500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu
jammy-security/main amd64 Packages
100 /var/lib/dpkg/status
1:8.9p1-3 500
500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu jammy/main
amd64 Packages
===
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040389] Re: Sync libmnl from Debian unstable for noble
** Changed in: libmnl (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Sync libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: Fix Released Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2045570] Re: dnsmasq crash when no servers in resolv.conf
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2045570 Title: dnsmasq crash when no servers in resolv.conf Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] dnsmasq "keeps an eye" on /etc/resolv.conf, and reloads it whenever the file is updated. When that happens and for some reason there were no "nameserver" declarations in the updated file, dnsmasq can crash. Here is a log of a reproducer: $ dig +short @127.0.0.1 ubuntu.com ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached We can see the startup, then when resolv.conf is read again and no nameservers were found, and the crash: Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: started, version 2.86 cachesize 150 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: DNS service limited to local subnets Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: reading /etc/resolv.conf Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: using nameserver 10.0.100.1#53 Jan 03 13:57:13 j-dnsmasq-2045570 dnsmasq[1507]: read /etc/hosts - 7 addresses Jan 03 13:57:13 j-dnsmasq-2045570 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Jan 03 13:58:01 j-dnsmasq-2045570 dnsmasq[1507]: no servers found in /etc/resolv.conf, will retry Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. dnsmasq has provisions for this situation, we can see that in the 13:58:01 message where it says it will retry, but due to this bug, it crashes instead. The problem was introduced[1] in version 2.86, and fixed in 2.87, so only jammy is affected. 1. https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=d290630d31f4517ab26392d00753d1397f9a4114;hp=d2ad5dc073aaacaf22b117f16106282a73586803 The commit message says: """ This problem was introduced in 2.86. """ And indeed, I wasn't able to crash 2.80 shipped in focal. [ Test Plan ] It might take a few tries to reproduce the bug, but here is the general outline. Also keep in mind that it's important to use a DNS name that isn't cached already by a previous query. # Create a jammy lxd container lxc launch ubuntu-daily:jammy j-dnsmasq-2045570 # Enter the container lxc shell j-dnsmasq-2045570 # From now on, all commands should be executed in the container. # Install dnsmasq, and disable systemd-resolved apt update && apt install -y dnsmasq # Disable systemd-resolved, and start dnsmasq systemctl disable --now systemd-resolved systemctl enable --now dnsmasq # In one terminal inside the container, watch the dnsmasq logs: journalctl -u dnsmasq.service -f # In another terminal, remove /etc/resolv.conf and create a new one, empty rm /etc/resolv.conf echo "nameserver 1.1.1.1" > /etc/resolv.conf # restart dnsmasq systemctl restart dnsmasq.service # Perform a dns query dig @127.0.0.1 +short linux.com # Comment the namserver directive in resolv.conf echo "#nameserver 1.1.1.1" > /etc/resolv.conf # Observe in the dnsmasq logs that it notices the change with a message like: Jan 03 14:14:51 j-dnsmasq-2045570 dnsmasq[2274]: no servers found in /etc/resolv.conf, will retry # Perform a *different* DNS query dig @127.0.0.1 +short ubuntu.com # Observe in the dnsmasq logs that it crashes. Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Jan 03 13:58:22 j-dnsmasq-2045570 systemd[1]: dnsmasq.service: Failed with result 'core-dump'. If it doesn't crash right away, repeat these steps a few times, but using a different domain name each time: - add "nameserver 127.0.0.1" to /etc/resolv.conf - observe that dnsmasq notices the change to the file - perform a query for some random domain using "dig @127.0.0.1 +short " - remove "nameserver" from /etc/resolv.conf, observe that dnsmasq noticed the change - perform a query for another random domain The fixed version from proposed will not crash. That last query with no "nameserver" lines in resolv.conf won't work, but it won't crash the server. [ Where problems could occur ] This is doing some pointer/memory manipulation that could introduce memory leaks or other crashes. In fact,
[Touch-packages] [Bug 2042587] Re: jammy's version breaks existing dhcp scripts with relay
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2042587 Title: jammy's version breaks existing dhcp scripts with relay Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Fix Committed Bug description: [ Impact ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. This was fixed in 2.87, therefore making only jammy carry an affected package. [ Test Plan ] To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration. # Launch a jammy VM lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm # open a root shell in that VM. All subsequent commands must be executed as root in that VM lxc shell j-dnsmasq-2042587 # download test script wget https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup- and-server.sh # make it executable chmod +x setup-and-server.sh # install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict) apt update && apt install dnsmasq -y # run the setup script. It will configure things and start dnsmasq ready to be tested ./setup-and-server.sh # in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown): No DHCP relay: ip netns exec client dhclient -d -v p2 The setup script should log an IP that is not a relay. For example: dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ### IP = 192.168.47.150 ### With DHCP relay set to 192.168.47.9, IP should NOT be that address: ip netns exec client dhclient -d -v p2 -g 192.168.47.9 With the affected dnsmasq package, we will see an error: dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587 ### IP = 192.168.47.9 TEST FAILED ### The error is that the obtained IP is that of the dhcp relay (provided via the -g option). With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay. [ Where problems could occur ] If the fix is incorrect, it would mean the dhcp-script would get an incorrect IP again, or perhaps we could have crashes in dnsmasq when dealing with buffers and pointers if the dhcp-script option is in use. This fix was committed upstream a few months after the bug was introduced, so it took a while to be noticed. [ Other Info ] Not at this time. [ Original description ] When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp- script: > The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known. I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 (https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f) as the commit message only speaks about inet_ntoa replacement and not the behavioral change it also introduces (previously the relay address was only set to the environment variable, now it effectively overrides the prevoiusly set client's IP address). dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040389] Re: Sync libmnl from Debian unstable for noble
Sync has made it to -proposed libmnl | 1.0.4-3build2 | jammy | source libmnl | 1.0.4-3ubuntu1 | lunar | source libmnl | 1.0.4-3ubuntu1 | mantic | source libmnl | 1.0.4-3ubuntu1 | noble | source libmnl | 1.0.5-2| noble-proposed | source ** Changed in: libmnl (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Sync libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: Fix Committed Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040389] Re: Merge libmnl from Debian unstable for noble
libmnl | 1.0.5-2| sid libmnl | 1.0.4-3ubuntu1 | noble Reopening since a new version is available in Debian ** Changed in: libmnl (Ubuntu) Status: Expired => New ** Description changed: Scheduled-For: Backlog Upstream: tbd - Debian: 1.0.4-3 + Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 - There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. - ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium - * Static build does not work for libmnl (-lmnl) (LP: #1971523) + * Static build does not work for libmnl (-lmnl) (LP: #1971523) - -- Michal Maloszewski Thu, 21 Jul + -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high - * No change rebuild for ppc64el baseline bump. + * No change rebuild for ppc64el baseline bump. - -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 + -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium - * No-change rebuild to build packages with zstd compression. + * No-change rebuild to build packages with zstd compression. - -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 + -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Changed in: libmnl (Ubuntu) Milestone: None => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Merge libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: New Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.5.2 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040385] Re: Merge init-system-helpers from Debian unstable for noble
[Foundations appears to handle this package, and no merge is available yet anyway] ** Changed in: init-system-helpers (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2040385 Title: Merge init-system-helpers from Debian unstable for noble Status in init-system-helpers package in Ubuntu: Invalid Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.65.2 Ubuntu: 1.65.2ubuntu1 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### init-system-helpers (1.65.2) unstable; urgency=low * Undo yet another hostile and baseless NMU. -- Luca Boccassi Sun, 18 Sep 2022 02:53:19 +0100 init-system-helpers (1.65.1) unstable; urgency=low * Undo hostile NMU. -- Luca Boccassi Sun, 18 Sep 2022 01:53:32 +0100 init-system-helpers (1.65) unstable; urgency=low * Upload to unstable. -- Luca Boccassi Sat, 17 Sep 2022 21:11:07 +0100 init-system-helpers (1.65~exp2) experimental; urgency=medium * fakechroot tests: skip on architectures where it is not available -- Luca Boccassi Thu, 15 Sep 2022 21:14:08 +0100 init-system-helpers (1.65~exp1) experimental; urgency=medium [ Luca Boccassi ] * Drop outdated conflict with file-rc * Add myself to Uploaders * d/rules: use execute_after instead of override * Add a dependency on usrmerge | usr-is-merged to complete the transition. As per ctte decision and discussion at: https://lists.debian.org/debian-ctte/2022/07/msg00019.html https://lists.debian.org/debian-ctte/2022/07/msg00061.html https://lists.debian.org/debian-ctte/2022/08/msg6.html [ Victor Westerhuis ] * Make deb-systemd-helper work on template units with DefaultInstance. DefaultInstance only influences the meaning of WantedBy/RequiredBy. Alias and Also are not impacted. This patch does not enable changing template instantiations, so `deb-systemd-helper enable getty@tty2.service` will still fail. * Fix tests depending on ordering of lines in state file. The previous commit changes the order in which lines are written to the state file. Because correctness does not depend on the order in which the state file is written, ignore the order in the test. -- Luca Boccassi Sat, 10 Sep 2022 13:27:16 +0100 init-system-helpers (1.64) unstable; urgency=medium * Team upload. * d-s-h: break infinite recursion on symlinks. (Closes: #1014119) * Bump Standards-Version to 4.6.1, no changes * Update date ranges in d/copyright -- Luca Boccassi Mon, 04 Jul 2022 11:19:08 +0100 init-system-helpers (1.63) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster * init-system-helpers: Drop versioned constraint on perl-base in Depends. * init: Drop versioned constraint on init-system-helpers in Depends. [ Johannes Schauer Marin Rodrigues ] * t/helpers.pm: use installed version of deb-systemd-helper if TEST_INSTALLED is set * add DPKG_ROOT support (Closes: #983421) [ Niels Thykier ] * Add additional error checking on write operations. The `close()` call can fail on both read and write - while the read is usually relatively benign, for the write counter part can include 'fun' errors. Most of these would most likely be persistent issues, but it makes sense to detect errors as early possible. [ Ville Skyttä ] * service: use `grep -F` instead of `egrep` `egrep` and `fgrep` have been deprecated in GNU grep since 2007, and in current post 3.7 Git they have been made to emit obsolescence warnings. The occurrence in `service` uses a non-regex argument, so switch to `grep -F` instead of `-E`. -- Michael Biebl Mon, 23 May 2022 22:48:30 +0200 init-system-helpers (1.62) unstable; urgency=medium * Team upload. [ Johannes Schauer Marin Rodrigues ] * use fakechroot instead of unsharing the mount namespace and mounting tmpfs [ Luca Boccassi ] * deb-systemd-invoke: systemctl --machine @ is now available in v249.10. Adjust the version check accordingly * Skip build-time tests if DEB_BUILD_OPTIONS=nocheck is set * Fix typos found by Lintian * Set Rules-Requires-Root: no ### Old Ubuntu Delta ### init-system-helpers (1.65.2ubuntu1) mantic; urgency=medium * Drop dependency on usrmerge; this transition is long completed in Ubuntu. LP: #2027712. -- Steve Langasek Mon, 17 Jul 2023 08:32:00 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2040385/+subscriptions --
[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic
[Unsubscribing sponsors pending resolution of Robie's request] -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/2039873 Title: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic Status in lxc package in Ubuntu: Confirmed Bug description: [ Impact ] LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release build we should have LXC_DEVEL=0. LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h and then can be (and actually it is) used by other projects to detect if liblxc-dev is a development build or stable. Having LXC_DEVEL=1 makes problems for the users who want to build projects those are depend on liblxc from source (for example, LXD, go-lxc: https://github.com/canonical/lxd/pull/12420). Q: Why it was not a problem for so long? A: Because LXC API was stable for a long time, but recently we have extended liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc was updated too (https://github.com/lxc/go-lxc/pull/166). This change was developed properly to be backward compatible with the old versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro check VERSION_AT_LEAST (https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7) is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release build of LXC. [ Test Plan ] Install liblxc-dev package and check /usr/include/lxc/version.h file LXC_DEVEL should be 0 [ Where problems could occur ] Theoretically, build of a software which depends on liblxc-dev may start to fail if it assumes that LXC_DEVEL is 1. [ Other Info ] - To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2025339] Re: FDE image fails to run e2fsck
** Also affects: e2fsprogs (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031622 Importance: Unknown Status: Unknown ** Changed in: e2fsprogs (Ubuntu Lunar) Status: Confirmed => In Progress ** Changed in: e2fsprogs (Ubuntu Lunar) Assignee: (unassigned) => Paul Mars (upils) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to e2fsprogs in Ubuntu. https://bugs.launchpad.net/bugs/2025339 Title: FDE image fails to run e2fsck Status in e2fsprogs package in Ubuntu: Fix Released Status in e2fsprogs source package in Jammy: Confirmed Status in e2fsprogs source package in Lunar: In Progress Status in e2fsprogs package in Debian: Unknown Bug description: After installation of the FDE image, the system fails to boot due to e2fsck failing with: Jun 21 12:48:19 ubuntu systemd-fsck[268]: /dev/vda2 has unsupported feature(s): FEATURE_C12 this means that Jammy fsck fails against mantic created ext4 which is not great Seems this is orphan_file feature / orphan_present Also need to check if grub2 supports this as it is RO_INCOMPAT feature. [Impact] See LP: #2028564. Generating a filesystem on lunar with e2fsprogs will use the orphan_file feature. This will prevent a jammy (or older) based OS from modifying this filesystem (in particular resize it at first boot). [ Test Plan ] On lunar, generate a filesystem and check the orphan_file feature is enabled: $ dd if=/dev/zero of=test.img bs=100M count=1 $ mkfs.ext4 test.img $ # Then check the orphan_file feature is enabled $ dumpe2fs test.img | grep orphan Move this .img file to a jammy based machine, and try using resize2fs on it: $ resize2fs -d -f -M test.img resize2fs 1.46.5 (30-Dec-2021) resize2fs: Filesystem has unsupported feature(s) (test.img) [Where problems could occur] Some users on Lunar may currently rely on this feature to be enabled by default. This can still be enabled explicitly when calling mkfs.ext4 but the default behavior will be changed. The orphan_file feature aims at improving performances when dealing with deleted files or directories. So if we disable this by default, I think it should only impact performances of generated filesystems and probably not break anything else. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/2025339/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2025339] Re: FDE image fails to run e2fsck
** Merge proposal linked: https://code.launchpad.net/~upils/ubuntu/+source/e2fsprogs/+git/e2fsprogs/+merge/454796 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to e2fsprogs in Ubuntu. https://bugs.launchpad.net/bugs/2025339 Title: FDE image fails to run e2fsck Status in e2fsprogs package in Ubuntu: Fix Released Status in e2fsprogs source package in Jammy: Confirmed Status in e2fsprogs source package in Lunar: Confirmed Bug description: After installation of the FDE image, the system fails to boot due to e2fsck failing with: Jun 21 12:48:19 ubuntu systemd-fsck[268]: /dev/vda2 has unsupported feature(s): FEATURE_C12 this means that Jammy fsck fails against mantic created ext4 which is not great Seems this is orphan_file feature / orphan_present Also need to check if grub2 supports this as it is RO_INCOMPAT feature. [Impact] See LP: #2028564. Generating a filesystem on lunar with e2fsprogs will use the orphan_file feature. This will prevent a jammy (or older) based OS from modifying this filesystem (in particular resize it at first boot). [ Test Plan ] On lunar, generate a filesystem and check the orphan_file feature is enabled: $ dd if=/dev/zero of=test.img bs=100M count=1 $ mkfs.ext4 test.img $ # Then check the orphan_file feature is enabled $ dumpe2fs test.img | grep orphan Move this .img file to a jammy based machine, and try using resize2fs on it: $ resize2fs -d -f -M test.img resize2fs 1.46.5 (30-Dec-2021) resize2fs: Filesystem has unsupported feature(s) (test.img) [Where problems could occur] Some users on Lunar may currently rely on this feature to be enabled by default. This can still be enabled explicitly when calling mkfs.ext4 but the default behavior will be changed. The orphan_file feature aims at improving performances when dealing with deleted files or directories. So if we disable this by default, I think it should only impact performances of generated filesystems and probably not break anything else. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/2025339/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018091] Re: Merge net-tools from Debian unstable for mantic
*** This bug is a duplicate of bug 2040403 *** https://bugs.launchpad.net/bugs/2040403 ** This bug has been marked a duplicate of bug 2040403 Merge net-tools from Debian unstable for noble -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/2018091 Title: Merge net-tools from Debian unstable for mantic Status in net-tools package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix
[Touch-packages] [Bug 2040465] [NEW] MRE updates of openldap for noble
Public bug reported: Backport openldap as MRE to noble once the update for noble has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Noble) Importance: Undecided Status: New ** Tags: needs-mre-backport ** Changed in: openldap (Ubuntu) Milestone: None => ubuntu-24.02 ** Also affects: openldap (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: MRE updates of openldap for noble Status in openldap package in Ubuntu: New Status in openldap source package in Noble: New Bug description: Backport openldap as MRE to noble once the update for noble has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018094] Re: Merge openssh from Debian unstable for mantic
** Changed in: openssh (Ubuntu)
Milestone: None => mantic-updates
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2018094
Title:
Merge openssh from Debian unstable for mantic
Status in openssh package in Ubuntu:
Fix Released
Bug description:
Scheduled-For: Backlog
Upstream: tbd
Debian: 1:9.2p1-2
Ubuntu: 1:9.0p1-1ubuntu8
The foundations team has maintained this package in the past and may
be handling this merge.
If it turns out this needs a sync rather than a merge, please change
the tag 'needs-merge' to 'needs-sync', and (optionally) update the
title as desired.
### New Debian Changes ###
openssh (1:9.2p1-2) unstable; urgency=medium
* Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
-- Colin Watson Wed, 08 Feb 2023 10:43:07
+
openssh (1:9.2p1-1) unstable; urgency=medium
* Set 'UsePAM yes' when running regression tests, to match our default
sshd configuration.
* Ignore Lintian error about depending on lsb-base for now, to avoid
problems with partial upgrades on non-default init systems.
* New upstream release (https://www.openssh.com/releasenotes.html#9.2p1):
- [SECURITY] sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be exploitable, and
it occurs in the unprivileged pre-auth process that is subject to
chroot(2) and is further sandboxed on most major platforms.
- [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen
option would ignore its first argument unless it was one of the
special keywords 'any' or 'none', causing the permission list to fail
open if only one permission was specified.
- [SECURITY] ssh(1): if the CanonicalizeHostname and
CanonicalizePermittedCNAMEs options were enabled, and the system/libc
resolver did not check that names in DNS responses were valid, then
use of these options could allow an attacker with control of DNS to
include invalid characters (possibly including wildcards) in names
added to known_hosts files when they were updated. These names would
still have to match the CanonicalizePermittedCNAMEs allow-list, so
practical exploitation appears unlikely.
- ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime. This option
defaults to 'no', disabling the ~C command-line that was previously
enabled by default.
- sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be automatically
closed. Different timeouts may be applied to session, X11, agent and
TCP forwarding channels.
- sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for a length of time.
This complements the ChannelTimeout option above.
- sshd(8): add a -V (version) option to sshd like the ssh client has.
- ssh(1): add a 'Host' line to the output of ssh -G showing the original
hostname argument. bz3343
- scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol parameters: the copy buffer length and
the number of in-flight requests, both of which are used during
upload/download. Previously these could be controlled in sftp(1) only.
This makes them available in both SFTP protocol clients using the same
option character sequence.
- ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g.
'ssh-keyscan 192.168.0.0/24'. If a CIDR range is passed, then it will
be expanded to all possible addresses in the range including the
all-0s and all-1s addresses.
- ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing.
- ssh(1): when restoring non-blocking mode to stdio fds, restore exactly
the flags that ssh started with and don't just clobber them with zero,
as this could also remove the append flag from the set.
- ssh(1): avoid printf('%s', NULL) if using UserKnownHostsFile=none and
a hostkey in one of the system known hosts file changes.
- scp(1): switch scp from using pipes to a socket-pair for communication
with its ssh sub-processes, matching how sftp(1) operates.
- sshd(8): clear signal mask early in main(); sshd may have been started
with one or more signals
[Touch-packages] [Bug 2040391] [NEW] Merge libseccomp from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2040391 Title: Merge libseccomp from Debian unstable for noble Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2040391/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040403] [NEW] Merge net-tools from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mismerge of Ubuntu units patch. -- Steve Langasek Tue, 13 Dec 2022 13:40:24 -0800 net-tools (2.10-0.1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - Ubuntu_unit_conversion.patch: + Ubuntu Policy: output using standard SI unit multiples: KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15). Includes manpage update to remove comment about IEC units. - Add new DEP8 tests for hostname and ifconfig. -- Steve Langasek Tue, 13 Dec 2022 13:27:00 -0800 ** Affects: net-tools (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in:
[Touch-packages] [Bug 2040405] [NEW] Merge openldap from Debian unstable for noble
Public bug reported:
Upstream: tbd
Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2
Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1
Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
### New Debian Changes ###
openldap (2.5.13+dfsg-5) unstable; urgency=medium
* Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path.
(Closes: #1030814)
* Disable flaky test test069-delta-multiprovider-starttls.
-- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800
openldap (2.5.13+dfsg-4) unstable; urgency=medium
[ Andreas Hasenack ]
* d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817)
* d/t/sha2-contrib: add test for sha2 module
-- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800
openldap (2.5.13+dfsg-3) unstable; urgency=medium
[ Ryan Tandy ]
* Disable flaky test test063-delta-multiprovider. Mitigates #1010608.
[ Gioele Barabucci ]
* slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185)
* d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style`
* d/slapd.postinst: Remove test for ancient version
* slapd.scripts-common: Remove unused `normalize_ldif`
* d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics`
-- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800
openldap (2.5.13+dfsg-2) unstable; urgency=medium
* d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
autopkgtest failure due to heimdal setting mode 700 on this directory.
(Closes: #1020442)
* d/source/lintian-overrides: Add wildcards to make overrides compatible
with both older and newer versions of lintian.
* d/slapd-contrib.lintian-overrides: Remove unused
custom-library-search-path override now that krb5-config no longer sets
-rpath.
-- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700
openldap (2.5.13+dfsg-1) unstable; urgency=medium
* d/rules: Remove get-orig-source, now unnecessary.
* Check PGP signature when running uscan.
* d/watch: Modernize watch file; use repacksuffix.
* d/copyright: Update according to DEP-5.
* d/control: Add myself to Uploaders.
* New upstream release.
-- Sergio Durigan Junior Sun, 18 Sep 2022
18:29:46 -0400
openldap (2.5.12+dfsg-2) unstable; urgency=medium
* Stop slapd explicitly in prerm as a workaround for #1006147, which caused
dpkg-reconfigure to not restart the service, so the new configuration was
not applied. See also #994204. (Closes: #1010971)
-- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700
openldap (2.5.12+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
* Update debconf translations:
- German, thanks to Helge Kreutzmann. (Closes: #1007728)
- Spanish, thanks to Camaleón. (Closes: #1008529)
- Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
-- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700
openldap (2.5.11+dfsg-1) unstable; urgency=medium
* Upload to unstable.
-- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800
openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Add openssl to Build-Depends to enable more checks in test067-tls.
* Update slapd-contrib's custom-library-search-path override to work with
current Lintian.
-- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800
openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Update slapd-contrib's custom-library-search-path override to work with
Lintian 2.108.0.
-- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700
openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
### Old Ubuntu Delta ###
openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2028721). Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- d/{rules,slapd.py}: Add apport hook.
- d/rules: better regexp to match the Maintainer tag in d/control,
needed in the Ubuntu case because of XSBC-Original-Maintainer
(Closes #960448, LP #1875697)
- d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in
the
smbk5pwd DEP8 test (LP #2004560)
[ Partially incorporated by Debian. ]
-- Sergio Durigan Junior Wed, 02 Aug
2023 19:53:17 -0400
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
** Tags: needs-merge upgrade-software-version
** Changed in:
[Touch-packages] [Bug 2040406] [NEW] Merge openssh from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1:9.4p1-1 Ubuntu: 1:9.3p1-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openssh (1:9.4p1-1) unstable; urgency=medium * New upstream release (https://www.openssh.com/releasenotes.html#9.4p1): - ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. - ssh(1): allow forwarding Unix Domain sockets via ssh -W. - ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) 'Tag' directive and corresponding 'Match tag' predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. - ssh(1): add a 'match localnetwork' predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. - ssh(1), sshd(8), ssh-keygen(1): infrastructure support for KRL extensions. This defines wire formats for optional KRL extensions and implements parsing of the new submessages. No actual extensions are supported at this point. - sshd(8): AuthorizedPrincipalsCommand and AuthorizedKeysCommand now accept two additional %-expansion sequences: %D which expands to the routing domain of the connected session and %C which expands to the addresses and port numbers for the source and destination of the connection. - ssh-keygen(1): increase the default work factor (rounds) for the bcrypt KDF used to derive symmetric encryption keys for passphrase protected key files by 50%. - ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. - ssh(1): make -f (fork after authentication) work correctly with multiplexed connections, including ControlPersist (closes: #348741). - ssh(1): make ConnectTimeout apply to multiplexing sockets and not just to network connections. - ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. - sshd(8): fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand appears before it in sshd_config. Since OpenSSH 8.7 the AuthorizedPrincipalsCommand directive was incorrectly ignored in this situation. - sshd(8), ssh(1), ssh-keygen(1): remove vestigial support for KRL signatures. When the KRL format was originally defined, it included support for signing of KRL objects. However, the code to sign KRLs and verify KRL signatues was never completed in OpenSSH. This release removes the partially-implemented code to verify KRLs. All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in KRL files. - All: fix a number of memory leaks and unreachable/harmless integer overflows. - ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11 modules. - sshd(8), ssh(1): better validate CASignatureAlgorithms in ssh_config and sshd_config. Previously this directive would accept certificate algorithm names, but these were unusable in practice as OpenSSH does not support CA chains. - ssh(1): make `ssh -Q CASignatureAlgorithms` only list signature algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms. - ssh-keyscan(1): gracefully handle systems where rlimits or the maximum number of open files is larger than INT_MAX. - ssh-keygen(1): fix 'no comment' not showing on when running `ssh-keygen -l` on multiple keys where one has a comment and other following keys do not. bz3580 - scp(1), sftp(1): adjust ftruncate() logic to handle servers that reorder requests. Previously, if the server reordered requests then the resultant file would be erroneously truncated. - ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was explicitly set to 'none'. - scp(1): when copying local->remote, check that the source file exists before opening an SFTP connection to the server (closes: #59255). - sshd(8): provide a replacement for the SELinux matchpathcon() function, which is deprecated. - All: relax libcrypto version checks for OpenSSL >=3 (closes: #1035623). Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only the library major must match instead of major and minor in earlier
[Touch-packages] [Bug 2040369] [NEW] Merge bridge-utils from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.7.1-1 Ubuntu: 1.7.1-1ubuntu1 There is nothing yet to merge for bridge-utils currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update unsettable gcint value for newer kernels * Dropped changes, no longer applicable: - debian/bridge-utils-interface.5: + Update max, default value for path cost -- Graham Inggs Thu, 23 Feb 2023 15:07:42 + ** Affects: bridge-utils (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is
[Touch-packages] [Bug 2040384] [NEW] Merge heimdal from Debian unstable for noble
Public bug reported:
Upstream: tbd
Debian: 7.8.git20221117.28daf24+dfsg-3
Ubuntu: 7.8.git20221117.28daf24+dfsg-3ubuntu1
Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
### New Debian Changes ###
heimdal (7.8.git20221117.28daf24+dfsg-3) unstable; urgency=medium
* Fix random 'Ticket expired' and 'Clock skew too great' errors by setting
kdc_offset correctly. Closes: #1039992.
-- Brian May Tue, 04 Jul 2023 10:09:56 +1000
heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium
* Fix incorrect license of Debian files.
* Fix deprecated dependancies.
* gsskrb5: fix accidental logic inversions (CVE-2022-45142)
(Closes: #1030849) - change applied from NMU version
7.8.git20221117.28daf24+dfsg-1.1
* Add ro.po file. Closes: #1031897.
-- Brian May Sat, 25 Feb 2023 09:32:57 +1100
heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium
* New upstream release.
-- Brian May Sat, 10 Dec 2022 16:29:20 +1100
heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium
* Source-only upload to enable migration to testingi (2nd attempt).
-- Brian May Sun, 04 Dec 2022 09:56:06 +1100
heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium
* Source-only upload to enable migration to testing.
-- Brian May Sun, 04 Dec 2022 09:09:44 +1100
heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium
* New upstream version.
* Numerous security fixes (Closes: #1024187).
* asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
* krb5: PAC parse integer overflows (CVE-2022-42898)
* gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
* gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
* gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
(CVE-2022-3437)
* gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad()
(CVE-2022-3437)
* gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Check buffer length against overflow for DES{,3} unwrap
(CVE-2022-3437)
* gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
* libhx509: Fix denial of service vulnerability (CVE-2022-41916)
* spnego: send_reject when no mech selected (CVE-2021-44758)
* Fix regression in _krb5_get_int64 on 32 bit systems.
https://github.com/heimdal/heimdal/pull/1025
* Increment soname for libroken.
* Increment soname for libhcrypto.
* Remove legacy shared library version requirements.
* Add symbols to libkadm5srv8.
-- Brian May Sun, 27 Nov 2022 10:44:26 +1100
heimdal (7.7.0+dfsg-6) unstable; urgency=medium
* Retry deleting dangling windc.so again. Closes: #857215.
* Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey.
Closes: #964008.
* Disable use of -rpath in krb5-config.heimdal. Closes: #868840.
-- Brian May Mon, 05 Sep 2022 08:35:33 +1000
heimdal (7.7.0+dfsg-5) unstable; urgency=medium
* Fix missing closefrom symbol. Closes: #1016884, #1017244.
* Fix spelling of dependency in changelog.
* Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/
* Remove default --parallel from dh call.
* Remove unused debian/upstream/signing-key.asc key.
* Fix Multi-Arch headers. heimdal-multidev is not co-installable, so
heimdal-dev cannot be co-installable either.
-- Brian May Fri, 02 Sep 2022 07:59:59 +1000
heimdal (7.7.0+dfsg-4) unstable; urgency=medium
* Delete dependency on install-info. Closes: #1013735.
* Non-maintainer upload.
* Reduce Build-Depends: (Closes: #980531)
+ Drop unused libhesiod-dev.
+ Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses
it.
+ Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and
x11proto-core-dev.
+ Clean generated C tables to actually rebuild them using python3.
-- Brian May Mon, 27 Jun 2022 10:36:10 +1000
heimdal (7.7.0+dfsg-3) unstable; urgency=high
### Old Ubuntu Delta ###
heimdal (7.8.git20221117.28daf24+dfsg-3ubuntu1) mantic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
-- Steve Langasek Tue, 18 Jul 2023
09:23:55 -0700
** Affects: heimdal (Ubuntu)
Importance: Undecided
Status: New
** Tags: needs-merge upgrade-software-version
** Changed in: heimdal (Ubuntu)
Milestone: None => ubuntu-24.01
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
[Touch-packages] [Bug 2040386] [NEW] Merge krb5 from Debian unstable for noble
Public bug reported: Upstream: tbd Debian: 1.20.1-5 Ubuntu: 1.20.1-3ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### krb5 (1.20.1-5) unstable; urgency=medium [ Helmut Grohne ] * Annotate test dependencies . (Closes: #1054461) [ Sam Hartman ] * Fix keyutils to be linux-any -- Helmut Grohne Tue, 24 Oct 2023 07:17:27 +0200 krb5 (1.20.1-4) unstable; urgency=low [ Steve Langasek ] * libkrb5support0: require strict binary dependency to deal with glibc 2.38, Closes: #1043184 [Jelmer Vernooij] * krb5-user: Use alternatives for kinit, klist, kswitch, ksu, kpasswd, kdestroy, kadmin and ktutil. This allows installation together with heimdal-clients. Closes: #213316, #751203 [ Sam Hartman ] * Enable build-time tests, Thanks Andreas Hasenack, Closes: #1017763 * Work around doxygen change that breaks doc build, Thanks Greg Hudson, Closes: #1051523 -- Sam Hartman Mon, 11 Sep 2023 11:06:57 -0600 krb5 (1.20.1-3) unstable; urgency=high * Fixes CVE-2023-36054: a remote authenticated attacker can cause kadmind to free an uninitialized pointer. Upstream believes remote code execusion is unlikely, Closes: #1043431 -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means that the entire upgrade from bullseye to bookworm needs to be lockstep, but it appears that's what is required, Closes: #1036055 -- Sam Hartman Mon, 15 May 2023 17:44:41 -0600 krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] * Sync debian/copyright with NOTICE from upstream [ Debian Janitor ] * Trim trailing whitespace. * Strip unusual field spacing from debian/control. * Use secure URI in Homepage field. * Merge upstream signing key files. * Update renamed lintian tag names in lintian overrides. * Update standards version to 4.6.1, no changes needed. * Remove field Section on binary package krb5-gss-samples that duplicates source. * Fix field name cases in debian/control (VCS-Browser => Vcs-Browser, VCS-Git => Vcs-Git). [ Sam Hartman ] * New upstream release - Integer overflows in PAC parsing; potentially critical for 32-bit KDCs or when cross-realm acts maliciously; DOS in other conditions; CVE-2022-42898, Closes: #1024267 * Tighten version dependencies around crypto library, Closes: 1020424 * krb5-user reccomends rather than Depends on krb5-config. This avoids a hard dependency on bind9-host, but also supports cases where krb5-config is externally managed, Closes: #1005821 -- Sam Hartman Thu, 17 Nov 2022 10:34:28 -0700 krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman Fri, 22 Jul 2022 16:32:38 -0600 krb5 (1.20~beta1-1) experimental; urgency=medium * New Upstream version -- Sam Hartman Thu, 07 Apr 2022 11:57:27 -0600 krb5 (1.19.2-2) unstable; urgency=medium * Standards version 4.6.0; no change * kpropd: run after network.target, Closes: #948820 * krb5-kdc: Remove /var from PidFile, Closes: #982009 -- Sam Hartman Mon, 21 Feb 2022 13:05:20 -0700 krb5 (1.19.2-1) experimental; urgency=medium * New Upstream version * Include patch to work with OpenSSL 3.0, Closes: #995152 * Depend on tex-gyre, Closes: #997407 ### Old Ubuntu Delta ### krb5 (1.20.1-3ubuntu1) mantic; urgency=medium * Make krb5int_strl(cat|copy) optional symbols, since they are not needed when built against glibc 2.38. Closes: #1043184. * Declare Breaks: against older packages using these symbols. * Make dependencies on libkrb5support0 strict to avoid future symbol skew. -- Steve Langasek Thu, 24 Aug 2023 18:07:33 + ** Affects: krb5 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: krb5 (Ubuntu) Milestone: None => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2040386 Title: Merge krb5 from Debian unstable for noble Status in krb5 package in Ubuntu: New Bug description: Upstream: tbd Debian: 1.20.1-5 Ubuntu: 1.20.1-3ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ###
[Touch-packages] [Bug 2040385] [NEW] Merge init-system-helpers from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.65.2 Ubuntu: 1.65.2ubuntu1 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### init-system-helpers (1.65.2) unstable; urgency=low * Undo yet another hostile and baseless NMU. -- Luca Boccassi Sun, 18 Sep 2022 02:53:19 +0100 init-system-helpers (1.65.1) unstable; urgency=low * Undo hostile NMU. -- Luca Boccassi Sun, 18 Sep 2022 01:53:32 +0100 init-system-helpers (1.65) unstable; urgency=low * Upload to unstable. -- Luca Boccassi Sat, 17 Sep 2022 21:11:07 +0100 init-system-helpers (1.65~exp2) experimental; urgency=medium * fakechroot tests: skip on architectures where it is not available -- Luca Boccassi Thu, 15 Sep 2022 21:14:08 +0100 init-system-helpers (1.65~exp1) experimental; urgency=medium [ Luca Boccassi ] * Drop outdated conflict with file-rc * Add myself to Uploaders * d/rules: use execute_after instead of override * Add a dependency on usrmerge | usr-is-merged to complete the transition. As per ctte decision and discussion at: https://lists.debian.org/debian-ctte/2022/07/msg00019.html https://lists.debian.org/debian-ctte/2022/07/msg00061.html https://lists.debian.org/debian-ctte/2022/08/msg6.html [ Victor Westerhuis ] * Make deb-systemd-helper work on template units with DefaultInstance. DefaultInstance only influences the meaning of WantedBy/RequiredBy. Alias and Also are not impacted. This patch does not enable changing template instantiations, so `deb-systemd-helper enable getty@tty2.service` will still fail. * Fix tests depending on ordering of lines in state file. The previous commit changes the order in which lines are written to the state file. Because correctness does not depend on the order in which the state file is written, ignore the order in the test. -- Luca Boccassi Sat, 10 Sep 2022 13:27:16 +0100 init-system-helpers (1.64) unstable; urgency=medium * Team upload. * d-s-h: break infinite recursion on symlinks. (Closes: #1014119) * Bump Standards-Version to 4.6.1, no changes * Update date ranges in d/copyright -- Luca Boccassi Mon, 04 Jul 2022 11:19:08 +0100 init-system-helpers (1.63) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster * init-system-helpers: Drop versioned constraint on perl-base in Depends. * init: Drop versioned constraint on init-system-helpers in Depends. [ Johannes Schauer Marin Rodrigues ] * t/helpers.pm: use installed version of deb-systemd-helper if TEST_INSTALLED is set * add DPKG_ROOT support (Closes: #983421) [ Niels Thykier ] * Add additional error checking on write operations. The `close()` call can fail on both read and write - while the read is usually relatively benign, for the write counter part can include 'fun' errors. Most of these would most likely be persistent issues, but it makes sense to detect errors as early possible. [ Ville Skyttä ] * service: use `grep -F` instead of `egrep` `egrep` and `fgrep` have been deprecated in GNU grep since 2007, and in current post 3.7 Git they have been made to emit obsolescence warnings. The occurrence in `service` uses a non-regex argument, so switch to `grep -F` instead of `-E`. -- Michael Biebl Mon, 23 May 2022 22:48:30 +0200 init-system-helpers (1.62) unstable; urgency=medium * Team upload. [ Johannes Schauer Marin Rodrigues ] * use fakechroot instead of unsharing the mount namespace and mounting tmpfs [ Luca Boccassi ] * deb-systemd-invoke: systemctl --machine @ is now available in v249.10. Adjust the version check accordingly * Skip build-time tests if DEB_BUILD_OPTIONS=nocheck is set * Fix typos found by Lintian * Set Rules-Requires-Root: no ### Old Ubuntu Delta ### init-system-helpers (1.65.2ubuntu1) mantic; urgency=medium * Drop dependency on usrmerge; this transition is long completed in Ubuntu. LP: #2027712. -- Steve Langasek Mon, 17 Jul 2023 08:32:00 -0700 ** Affects: init-system-helpers (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2040385 Title: Merge init-system-helpers from Debian unstable for noble Status in init-system-helpers package in Ubuntu: New Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.65.2 Ubuntu: 1.65.2ubuntu1 If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### init-system-helpers (1.65.2)
[Touch-packages] [Bug 2040389] [NEW] Merge libmnl from Debian unstable for noble
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Affects: libmnl (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libmnl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2040389 Title: Merge libmnl from Debian unstable for noble Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2040389/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 160631] Re: scp does not validate existance of file before connecting to remote host
Reported to be fixed in 1:9.4p1-1 - scp(1): when copying local->remote, check that the source file exists before opening an SFTP connection to the server (closes: #59255). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/160631 Title: scp does not validate existance of file before connecting to remote host Status in openssh package in Ubuntu: Triaged Status in openssh package in Debian: Fix Released Bug description: Binary package hint: openssh-client This is a minor issue, but if you attempt to copy a non-existent file to an existing host, scp fails to detect this basic issue until *after* you have been prompted for the remote systems password. Steps to recreate: 1. scp this_file_does_not_exist localhost:/tmp 2. enter your password for localhost 3. observe the error: > scp this_file_does_not_exist localhost:/tmp user@localhost's password: this_file_does_not_exist: No such file or directory > This is with feisty (openssh-client version 4.3p2-8ubuntu1). Thanks for reading! LAST VERSION TESTED: openssh-client 1:5.5p1-4ubuntu4 (Maverick) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/160631/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028419] [NEW] MRE updates of openldap for focal, jammy and lunar
Public bug reported: Backport openldap as MRE to focal, jammy and lunar once the update for mantic has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Focal) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Lunar) Importance: Undecided Status: New ** Tags: needs-mre-backport ** Changed in: openldap (Ubuntu) Milestone: None => ubuntu-23.08 ** Also affects: openldap (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Lunar) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2028419 Title: MRE updates of openldap for focal, jammy and lunar Status in openldap package in Ubuntu: New Status in openldap source package in Focal: New Status in openldap source package in Jammy: New Status in openldap source package in Lunar: New Bug description: Backport openldap as MRE to focal, jammy and lunar once the update for mantic has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2028419/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2009544] Re: OpenSSL 3 performance regression
Upstream has an umbrella bug that covers this and other associated performance related problems: https://github.com/openssl/openssl/issues/17627 ** Bug watch added: github.com/openssl/openssl/issues #17627 https://github.com/openssl/openssl/issues/17627 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2009544 Title: OpenSSL 3 performance regression Status in openssl package in Ubuntu: New Bug description: Hello, it sounds like there's some significant performance regressions in OpenSSL 3: https://github.com/openssl/openssl/issues/20286#issuecomment-1438826816 Some we might be able to address with: https://github.com/openssl/openssl/pull/18151 Some of the performance differences may be subject to ongoing work. Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2009544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018060] Re: Merge bridge-utils from Debian unstable for mantic
** Changed in: bridge-utils (Ubuntu) Status: Expired => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/2018060 Title: Merge bridge-utils from Debian unstable for mantic Status in bridge-utils package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.7.1-1 Ubuntu: 1.7.1-1ubuntu1 There is nothing yet to merge for bridge-utils currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value -
[Touch-packages] [Bug 2018081] Re: Merge libseccomp from Debian unstable for mantic
** Changed in: libseccomp (Ubuntu) Status: Expired => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2018081 Title: Merge libseccomp from Debian unstable for mantic Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2018081/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018079] Re: Merge libmnl from Debian unstable for mantic
** Changed in: libmnl (Ubuntu) Status: Expired => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2018079 Title: Merge libmnl from Debian unstable for mantic Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2018079/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2022927] Re: Busybox mount fails to mount Snaps
Hi Isaac, I'm at end of my shift so don't have time for a full review, just a few notes before I hand-off to the next patch pilot: - In your changelog entry, please reference this bug report, i.e.: - I'd recommend making your PPA version be "1:1.35.0-4ubuntu2~ppa5" - Name your patch "mount-ignore-x-options" as "mount-ignore-x- options.patch" - I'd strongly recommend including DEP3 headers on your patch. See https://dep-team.pages.debian.net/deps/dep3/. If you refer to the busybox patch static-sh-alias.patch you can see a good example of this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to busybox in Ubuntu. https://bugs.launchpad.net/bugs/2022927 Title: Busybox mount fails to mount Snaps Status in busybox package in Ubuntu: New Bug description: Snapd tries to mount squashfs Snaps with non-standard mount flags like "x-gdu.hide" and "x-gvfs-hide", both of which are used to indicate to userspace programs that a given mount should not be shown in a list of mounted partitions/filesystems. Busybox does not support these flags, and so fails with "Invalid argument". $ sudo busybox mount -t tmpfs -o x-gdu-hide test /tmp/test mount: mounting test on /tmp/test failed: Invalid argument These flags can likely be be safely ignored, as they don't actually affect the functionality of the mount. This goes for all mount options starting with "x-", as these generally denote non-standard mount option "extensions". I've created a patch against Busybox which adds an optional configuration item to ignore all mount options beginning with "x-". An additional verbose option has also been added to enable the ability to report that the mount flags have been ignored, rather than silently ignoring them. This is a requirement for a customer project, where we are limited to using Busybox (due to coreutils' GPL-3.0 licence) but would also require using Snaps like checkbox for testing and verification. This was posted on the Busybox mailing list a few months ago (http://lists.busybox.net/pipermail/busybox/2023-March/090202.html) but patch acceptance there seems to take quite a long time, and we need this for the customer. A PPA containing the patched Busybox version is available on the project's Launchpad team: https://launchpad.net/~nemos- team/+archive/ubuntu/ppa To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2022927/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2020464] Re: Please merge lvm 2.03.16-2 from Debian unstable
Hi Dave, Thanks for including the packaging branch in addition to the ppa and debdiff, that definitely helps with the review! Btw, since you use packaging branches, you can file 'Merge Proposal' requests that are helpful for structuring reviews. When creating an MP for a merge against debian unstable, you can set the MP target to 'debian/sid' (instead of the default 'ubuntu/devel') and it'll generate a useful diff. I went ahead and created one off your branch; if nothing else it helps my own review process since it's what I'm accustomed to: https://code.launchpad.net/~waveform/ubuntu/+source/lvm2/+git/lvm2/+merge/444199 I'll provide review feedback there. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2020464 Title: Please merge lvm 2.03.16-2 from Debian unstable Status in lvm2 package in Ubuntu: New Bug description: Please merge lvm2 2.03.16-2 from Debian unstable. Updated changelog and diff against Debian unstable to be attached below. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2020464/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018094] Re: Merge openssh from Debian unstable for mantic
** Description changed:
Scheduled-For: Backlog
Upstream: tbd
- Debian: 1:9.2p1-2
+ Debian: 1:9.2p1-2
Ubuntu: 1:9.0p1-1ubuntu8
-
- The NOT SERVER TEAM team has maintained this package in the past and may be
handling this merge.
+ The foundations team has maintained this package in the past and may be
+ handling this merge.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
-
### New Debian Changes ###
openssh (1:9.2p1-2) unstable; urgency=medium
- * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
-
- -- Colin Watson Wed, 08 Feb 2023 10:43:07 +
+ * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
+
+ -- Colin Watson Wed, 08 Feb 2023 10:43:07 +
openssh (1:9.2p1-1) unstable; urgency=medium
- * Set 'UsePAM yes' when running regression tests, to match our default
- sshd configuration.
- * Ignore Lintian error about depending on lsb-base for now, to avoid
- problems with partial upgrades on non-default init systems.
- * New upstream release (https://www.openssh.com/releasenotes.html#9.2p1):
- - [SECURITY] sshd(8): fix a pre-authentication double-free memory fault
- introduced in OpenSSH 9.1. This is not believed to be exploitable, and
- it occurs in the unprivileged pre-auth process that is subject to
- chroot(2) and is further sandboxed on most major platforms.
- - [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen
- option would ignore its first argument unless it was one of the
- special keywords 'any' or 'none', causing the permission list to fail
- open if only one permission was specified.
- - [SECURITY] ssh(1): if the CanonicalizeHostname and
- CanonicalizePermittedCNAMEs options were enabled, and the system/libc
- resolver did not check that names in DNS responses were valid, then
- use of these options could allow an attacker with control of DNS to
- include invalid characters (possibly including wildcards) in names
- added to known_hosts files when they were updated. These names would
- still have to match the CanonicalizePermittedCNAMEs allow-list, so
- practical exploitation appears unlikely.
- - ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
- controls whether the client-side ~C escape sequence that provides a
- command-line is available. Among other things, the ~C command-line
- could be used to add additional port-forwards at runtime. This option
- defaults to 'no', disabling the ~C command-line that was previously
- enabled by default.
- - sshd(8): add support for channel inactivity timeouts via a new
- sshd_config(5) ChannelTimeout directive. This allows channels that
- have not seen traffic in a configurable interval to be automatically
- closed. Different timeouts may be applied to session, X11, agent and
- TCP forwarding channels.
- - sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate
- client connections that have no open channels for a length of time.
- This complements the ChannelTimeout option above.
- - sshd(8): add a -V (version) option to sshd like the ssh client has.
- - ssh(1): add a 'Host' line to the output of ssh -G showing the original
- hostname argument. bz3343
- - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow
- control over some SFTP protocol parameters: the copy buffer length and
- the number of in-flight requests, both of which are used during
- upload/download. Previously these could be controlled in sftp(1) only.
- This makes them available in both SFTP protocol clients using the same
- option character sequence.
- - ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g.
- 'ssh-keyscan 192.168.0.0/24'. If a CIDR range is passed, then it will
- be expanded to all possible addresses in the range including the
- all-0s and all-1s addresses.
- - ssh(1): support dynamic remote port forwarding in escape
- command-line's -R processing.
- - ssh(1): when restoring non-blocking mode to stdio fds, restore exactly
- the flags that ssh started with and don't just clobber them with zero,
- as this could also remove the append flag from the set.
- - ssh(1): avoid printf('%s', NULL) if using UserKnownHostsFile=none and
- a hostkey in one of the system known hosts file changes.
- - scp(1): switch scp from using pipes to a socket-pair for communication
- with its ssh sub-processes, matching how sftp(1) operates.
- - sshd(8): clear signal mask early in main(); sshd may have been started
- with one or more signals masked (sigprocmask(2) is not cleared on
- fork/exec) and this could
[Touch-packages] [Bug 1971932] Re: error in rsync protocol data stream
** No longer affects: rsync (Ubuntu Jammy) ** No longer affects: rsync (Ubuntu Kinetic) ** No longer affects: rsync (Ubuntu Lunar) ** Changed in: rsync (Ubuntu Bionic) Status: New => Confirmed ** Changed in: rsync (Ubuntu Focal) Status: New => Confirmed ** Changed in: rsync (Ubuntu Focal) Importance: Undecided => Low ** Changed in: rsync (Ubuntu Bionic) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1971932 Title: error in rsync protocol data stream Status in rsync package in Ubuntu: Confirmed Status in rsync source package in Bionic: Confirmed Status in rsync source package in Focal: Confirmed Bug description: When synchronizing to other systems, rsync exits with "error in rsync protocol data stream (code 12)". The problem occurs since ubuntu 22.04 LTS with two different destination systems not running ubuntu but plain debian. The error did not occur under 20.04 LTS. Synchronisation runs fine for most other files, but always stops at the same (relative large) file. The file itself has also been changed on a test basis to make sure the file is not the problem itself. Log snippet: ... chunk[46131] len=46120 offset=2127561720 sum1=2f48caf4 chunk[46132] len=46120 offset=2127607840 sum1=5dfcb4ee chunk[46133] len=46120 offset=2127653960 sum1=d1037d81 chunk[46134] len=8870 offset=2127700080 sum1=6deedc97 send_files mapped /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX of size 2135722584 calling match_sums /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX built hash table hash search b=46120 len=2135722584 sum=1e1722dc k=46120 hash search s->blength=46120 len=2135722584 count=46135 potential match at 0 i=0 sum=1e1722dc match at 0 last_match=0 j=0 len=46120 n=0 potential match at 46120 i=1 sum=c482d6b6 match at 46120 last_match=46120 j=1 len=46120 n=0 potential match at 92240 i=2 sum=b21c7e11 match at 92240 last_match=92240 j=2 len=46120 n=0 potential match at 138360 i=3 sum=d066473a match at 138360 last_match=138360 j=3 len=46120 n=0 potential match at 184480 i=4 sum=a32a2984 match at 184480 last_match=184480 j=4 len=46120 n=0 potential match at 230600 i=5 sum=39cc049f match at 230600 last_match=230600 j=5 len=46120 n=0 potential match at 276720 i=6 sum=ad3de98a match at 276720 last_match=276720 j=6 len=46120 n=0 potential match at 322840 i=7 sum=83e16fa9 match at 322840 last_match=322840 j=7 len=46120 n=0 deflate on token returned 0 (8512 bytes left) rsync error: error in rsync protocol data stream (code 12) at token.c(476) [sender=3.2.3] [sender] _exit_cleanup(code=12, file=token.c, line=476): entered [sender] _exit_cleanup(code=12, file=token.c, line=476): about to call exit(12) Sender system: (rsync 3.2.3-8ubuntu3) - rsync version 3.2.3 protocol version 31 Copyright (C) 1996-2020 by Andrew Tridgell, Wayne Davison, and others. Web site: https://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, hardlink-specials, symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs, xattrs, optional protect-args, iconv, symtimes, prealloc, stop-at, no crtimes Optimizations: SIMD, no asm, openssl-crypto Checksum list: xxh128 xxh3 xxh64 (xxhash) md5 md4 none Compress list: zstd lz4 zlibx zlib none rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. Recipient systems: (rsync 3.1.3-6) -- rsync version 3.1.3 protocol version 31 Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others. Web site: http://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace, append, ACLs, xattrs, iconv, symtimes, prealloc rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1971932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993409] Re: Merge libmnl from Debian unstable for l-series
*** This bug is a duplicate of bug 2018079 *** https://bugs.launchpad.net/bugs/2018079 ** This bug has been marked a duplicate of bug 2018079 Merge libmnl from Debian unstable for mantic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/1993409 Title: Merge libmnl from Debian unstable for l-series Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/1993409/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018079] [NEW] Merge libmnl from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Affects: libmnl (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libmnl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/2018079 Title: Merge libmnl from Debian unstable for mantic Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 There is nothing yet to merge for libmnl currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/2018079/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018081] [NEW] Merge libseccomp from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/2018081 Title: Merge libseccomp from Debian unstable for mantic Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: Backlog Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu3 The NOT SERVER TEAM team has maintained this package in the past and may be handling this merge. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu3) lunar; urgency=medium * Rebuild to drop Python 3.10 extension -- Jeremy Bicha Tue, 28 Feb 2023 17:23:34 -0500 libseccomp (2.5.4-1ubuntu2) lunar; urgency=medium * No-change rebuild with Python 3.11 as supported -- Graham Inggs Wed, 02 Nov 2022 10:24:36 + libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/2018081/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018091] [NEW] Merge net-tools from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 2.10-0.1 Ubuntu: 2.10-0.1ubuntu3 There is nothing yet to merge for net-tools currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### net-tools (2.10-0.1) unstable; urgency=medium * Non-maintainer upload. * Update Martina's name and email address. * Drop DECnet support (Closes: #1024730) * Revert 'Fix d/watch to point to upstream git repository' * New upstream version 2.10 (Closes: #1000281) -- Bastian Germann Fri, 25 Nov 2022 15:15:20 +0100 net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martina Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martina Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martina Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martina Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martina Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. ### Old Ubuntu Delta ### net-tools (2.10-0.1ubuntu3) lunar; urgency=medium * Further fixes for mismerge. -- Steve Langasek Tue, 13 Dec 2022 13:49:51 -0800 net-tools (2.10-0.1ubuntu2) lunar; urgency=medium * Fix mismerge of Ubuntu units patch. -- Steve Langasek Tue, 13 Dec 2022 13:40:24 -0800 net-tools (2.10-0.1ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - Ubuntu_unit_conversion.patch: + Ubuntu Policy: output using standard SI unit multiples: KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15). Includes manpage update to remove comment about IEC units. - Add new DEP8 tests for hostname and ifconfig. -- Steve Langasek Tue, 13 Dec 2022 13:27:00 -0800 ** Affects: net-tools (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in:
[Touch-packages] [Bug 2018093] [NEW] Merge openldap from Debian unstable for mantic
Public bug reported:
Upstream: tbd
Debian: 2.5.13+dfsg-52.6.4+dfsg-1~exp1
Ubuntu: 2.6.3+dfsg-1~exp1ubuntu2
Debian new has 2.6.4+dfsg-1~exp1, which may be available for merge soon.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
### New Debian Changes ###
openldap (2.5.13+dfsg-5) unstable; urgency=medium
* Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path.
(Closes: #1030814)
* Disable flaky test test069-delta-multiprovider-starttls.
-- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800
openldap (2.5.13+dfsg-4) unstable; urgency=medium
[ Andreas Hasenack ]
* d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817)
* d/t/sha2-contrib: add test for sha2 module
-- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800
openldap (2.5.13+dfsg-3) unstable; urgency=medium
[ Ryan Tandy ]
* Disable flaky test test063-delta-multiprovider. Mitigates #1010608.
[ Gioele Barabucci ]
* slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185)
* d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style`
* d/slapd.postinst: Remove test for ancient version
* slapd.scripts-common: Remove unused `normalize_ldif`
* d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics`
-- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800
openldap (2.5.13+dfsg-2) unstable; urgency=medium
* d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
autopkgtest failure due to heimdal setting mode 700 on this directory.
(Closes: #1020442)
* d/source/lintian-overrides: Add wildcards to make overrides compatible
with both older and newer versions of lintian.
* d/slapd-contrib.lintian-overrides: Remove unused
custom-library-search-path override now that krb5-config no longer sets
-rpath.
-- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700
openldap (2.5.13+dfsg-1) unstable; urgency=medium
* d/rules: Remove get-orig-source, now unnecessary.
* Check PGP signature when running uscan.
* d/watch: Modernize watch file; use repacksuffix.
* d/copyright: Update according to DEP-5.
* d/control: Add myself to Uploaders.
* New upstream release.
-- Sergio Durigan Junior Sun, 18 Sep 2022
18:29:46 -0400
openldap (2.5.12+dfsg-2) unstable; urgency=medium
* Stop slapd explicitly in prerm as a workaround for #1006147, which caused
dpkg-reconfigure to not restart the service, so the new configuration was
not applied. See also #994204. (Closes: #1010971)
-- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700
openldap (2.5.12+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
* Update debconf translations:
- German, thanks to Helge Kreutzmann. (Closes: #1007728)
- Spanish, thanks to Camaleón. (Closes: #1008529)
- Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
-- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700
openldap (2.5.11+dfsg-1) unstable; urgency=medium
* Upload to unstable.
-- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800
openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Add openssl to Build-Depends to enable more checks in test067-tls.
* Update slapd-contrib's custom-library-search-path override to work with
current Lintian.
-- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800
openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Update slapd-contrib's custom-library-search-path override to work with
Lintian 2.108.0.
-- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700
openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
### Old Ubuntu Delta ###
openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium
* Build the passwd/sha2 contrib module with -fno-strict-aliasing to
avoid computing an incorrect SHA256 hash with some versions of the
compiler (LP: #2000817):
- d/t/{control,sha2-contrib}: test to verify the SHA256 hash
produced by passwd/sha2
- d/rules: set -fno-strict-aliasing only when building the
passwd/sha2 contrib module
* d/t/smbk5pwd: Allow the openldap user to read the Heimdal master key in the
smbk5pwd DEP8 test (LP: #2004560)
-- Andreas Hasenack Fri, 03 Feb 2023 09:33:14
-0300
openldap (2.6.3+dfsg-1~exp1ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993426). Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw
[Touch-packages] [Bug 2018094] [NEW] Merge openssh from Debian unstable for mantic
Public bug reported:
Scheduled-For: Backlog
Upstream: tbd
Debian: 1:9.2p1-2
Ubuntu: 1:9.0p1-1ubuntu8
The NOT SERVER TEAM team has maintained this package in the past and may be
handling this merge.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
### New Debian Changes ###
openssh (1:9.2p1-2) unstable; urgency=medium
* Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS.
-- Colin Watson Wed, 08 Feb 2023 10:43:07 +
openssh (1:9.2p1-1) unstable; urgency=medium
* Set 'UsePAM yes' when running regression tests, to match our default
sshd configuration.
* Ignore Lintian error about depending on lsb-base for now, to avoid
problems with partial upgrades on non-default init systems.
* New upstream release (https://www.openssh.com/releasenotes.html#9.2p1):
- [SECURITY] sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be exploitable, and
it occurs in the unprivileged pre-auth process that is subject to
chroot(2) and is further sandboxed on most major platforms.
- [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen
option would ignore its first argument unless it was one of the
special keywords 'any' or 'none', causing the permission list to fail
open if only one permission was specified.
- [SECURITY] ssh(1): if the CanonicalizeHostname and
CanonicalizePermittedCNAMEs options were enabled, and the system/libc
resolver did not check that names in DNS responses were valid, then
use of these options could allow an attacker with control of DNS to
include invalid characters (possibly including wildcards) in names
added to known_hosts files when they were updated. These names would
still have to match the CanonicalizePermittedCNAMEs allow-list, so
practical exploitation appears unlikely.
- ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime. This option
defaults to 'no', disabling the ~C command-line that was previously
enabled by default.
- sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be automatically
closed. Different timeouts may be applied to session, X11, agent and
TCP forwarding channels.
- sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate
client connections that have no open channels for a length of time.
This complements the ChannelTimeout option above.
- sshd(8): add a -V (version) option to sshd like the ssh client has.
- ssh(1): add a 'Host' line to the output of ssh -G showing the original
hostname argument. bz3343
- scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow
control over some SFTP protocol parameters: the copy buffer length and
the number of in-flight requests, both of which are used during
upload/download. Previously these could be controlled in sftp(1) only.
This makes them available in both SFTP protocol clients using the same
option character sequence.
- ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g.
'ssh-keyscan 192.168.0.0/24'. If a CIDR range is passed, then it will
be expanded to all possible addresses in the range including the
all-0s and all-1s addresses.
- ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing.
- ssh(1): when restoring non-blocking mode to stdio fds, restore exactly
the flags that ssh started with and don't just clobber them with zero,
as this could also remove the append flag from the set.
- ssh(1): avoid printf('%s', NULL) if using UserKnownHostsFile=none and
a hostkey in one of the system known hosts file changes.
- scp(1): switch scp from using pipes to a socket-pair for communication
with its ssh sub-processes, matching how sftp(1) operates.
- sshd(8): clear signal mask early in main(); sshd may have been started
with one or more signals masked (sigprocmask(2) is not cleared on
fork/exec) and this could interfere with various things, e.g. the
login grace timer. Execution environments that fail to clear the
signal mask before running sshd are clearly broken, but apparently
they do exist.
- ssh(1): warn if no host keys for hostbased auth can be loaded.
- sshd(8): Add server debugging for hostbased auth that is queued and
sent to the client after successful authentication, but also
[Touch-packages] [Bug 2018060] [NEW] Merge bridge-utils from Debian unstable for mantic
Public bug reported: Scheduled-For: Backlog Upstream: tbd Debian: 1.7.1-1 Ubuntu: 1.7.1-1ubuntu1 There is nothing yet to merge for bridge-utils currently, but this ticket is filed prospectfully for tracking purposes in case a merge does become available later this cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### bridge-utils (1.7.1-1) unstable; urgency=low * New upstream version. Only some fixes for compilation warnings and the man page. * Update standards version to 4.6.1, no changes needed. * Set debhelper-compat version in Build-Depends. * Trim trailing whitespace. -- Santiago García Mantiñán Wed, 25 Jan 2023 22:11:52 +0100 bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium ### Old Ubuntu Delta ### bridge-utils (1.7.1-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable, remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update unsettable gcint value for newer kernels * Dropped changes, no longer applicable: - debian/bridge-utils-interface.5: + Update max, default value for path cost -- Graham Inggs Thu, 23 Feb 2023 15:07:42 + ** Affects: bridge-utils (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is
[Touch-packages] [Bug 2018074] [NEW] Merge heimdal from Debian unstable for mantic
Public bug reported:
Upstream: tbd
Debian: 7.8.git20221117.28daf24+dfsg-2
Ubuntu: 7.8.git20221117.28daf24+dfsg-1ubuntu1
Debian does new releases regularly, so it's likely there will be newer
versions available before FF that we can pick up if this merge is done
later in the cycle.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
### New Debian Changes ###
heimdal (7.8.git20221117.28daf24+dfsg-2) unstable; urgency=medium
* Fix incorrect license of Debian files.
* Fix deprecated dependancies.
* gsskrb5: fix accidental logic inversions (CVE-2022-45142)
(Closes: #1030849) - change applied from NMU version
7.8.git20221117.28daf24+dfsg-1.1
* Add ro.po file. Closes: #1031897.
-- Brian May Sat, 25 Feb 2023 09:32:57 +1100
heimdal (7.8.git20221117.28daf24+dfsg-1) unstable; urgency=medium
* New upstream release.
-- Brian May Sat, 10 Dec 2022 16:29:20 +1100
heimdal (7.8.git20221115.a6cf945+dfsg-3) unstable; urgency=medium
* Source-only upload to enable migration to testingi (2nd attempt).
-- Brian May Sun, 04 Dec 2022 09:56:06 +1100
heimdal (7.8.git20221115.a6cf945+dfsg-2) unstable; urgency=medium
* Source-only upload to enable migration to testing.
-- Brian May Sun, 04 Dec 2022 09:09:44 +1100
heimdal (7.8.git20221115.a6cf945+dfsg-1) unstable; urgency=medium
* New upstream version.
* Numerous security fixes (Closes: #1024187).
* asn1: Invalid free in ASN.1 codec (CVE-2022-44640)
* krb5: PAC parse integer overflows (CVE-2022-42898)
* gsskrb5: Use constant-time memcmp() for arcfour unwrap (CVE-2022-3437)
* gsskrb5: Use constant-time memcmp() in unwrap_des3() (CVE-2022-3437)
* gsskrb5: Don't pass NULL pointers to memcpy() in DES unwrap
(CVE-2022-3437)
* gsskrb5: Avoid undefined behaviour in _gssapi_verify_pad()
(CVE-2022-3437)
* gsskrb5: Check the result of _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Check buffer length against overflow for DES{,3} unwrap
(CVE-2022-3437)
* gsskrb5: Check for overflow in _gsskrb5_get_mech() (CVE-2022-3437)
* gsskrb5: Pass correct length to _gssapi_verify_pad() (CVE-2022-3437)
* libhx509: Fix denial of service vulnerability (CVE-2022-41916)
* spnego: send_reject when no mech selected (CVE-2021-44758)
* Fix regression in _krb5_get_int64 on 32 bit systems.
https://github.com/heimdal/heimdal/pull/1025
* Increment soname for libroken.
* Increment soname for libhcrypto.
* Remove legacy shared library version requirements.
* Add symbols to libkadm5srv8.
-- Brian May Sun, 27 Nov 2022 10:44:26 +1100
heimdal (7.7.0+dfsg-6) unstable; urgency=medium
* Retry deleting dangling windc.so again. Closes: #857215.
* Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey.
Closes: #964008.
* Disable use of -rpath in krb5-config.heimdal. Closes: #868840.
-- Brian May Mon, 05 Sep 2022 08:35:33 +1000
heimdal (7.7.0+dfsg-5) unstable; urgency=medium
* Fix missing closefrom symbol. Closes: #1016884, #1017244.
* Fix spelling of dependency in changelog.
* Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/
* Remove default --parallel from dh call.
* Remove unused debian/upstream/signing-key.asc key.
* Fix Multi-Arch headers. heimdal-multidev is not co-installable, so
heimdal-dev cannot be co-installable either.
-- Brian May Fri, 02 Sep 2022 07:59:59 +1000
heimdal (7.7.0+dfsg-4) unstable; urgency=medium
* Delete dependency on install-info. Closes: #1013735.
* Non-maintainer upload.
* Reduce Build-Depends: (Closes: #980531)
+ Drop unused libhesiod-dev.
+ Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses
it.
+ Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and
x11proto-core-dev.
+ Clean generated C tables to actually rebuild them using python3.
-- Brian May Mon, 27 Jun 2022 10:36:10 +1000
heimdal (7.7.0+dfsg-3) unstable; urgency=high
* Fix CVE-2021-3671: A null pointer de-reference was found in the way
samba kerberos server handled missing sname in TGS-REQ. Closes: #996586.
* Fix autoconf 2.7 issues.
-- Brian May Wed, 17 Nov 2021 12:12:45 +1100
### Old Ubuntu Delta ###
heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/rules: Disable lto, to regain dep on roken, otherwise
dependencies on amd64 are different than i386 resulting in
different files on amd64 and i386.
(LP #1934936)
-- Steve Langasek Tue, 24 Jan 2023
19:14:54 -0800
** Affects: heimdal (Ubuntu)
Importance: Undecided
Status: New
** Tags: needs-merge upgrade-software-version
** Changed in: heimdal (Ubuntu)
Milestone: None => ubuntu-23.07
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
Thanks for reporting the bug with steps to reproduce, and identifying a possible patch from upstream. On a cursory glance, the upstream commit is longer than we usually want for SRU purposes, so I'm not sure it's going to qualify for SRU as is. The patch includes some refactoring changes but I'm not sure if untangling those would necessarily shorten the patch much. But should be straightforward to at least add the patched package to a PPA for you to check, and we can decide from there. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: New Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. --
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: New Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. -- netflix-nov6.conf: # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2015562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe :
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
** Patch added: "Proposed commit from upstream suggested as possible fix" https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2015562/+attachment/5664796/+files/fix_segfault_combining_hash_server_with_address.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: New Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. -- netflix-nov6.conf: # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: To manage notifications about this bug go to:
[Touch-packages] [Bug 1971932] Re: error in rsync protocol data stream
** Also affects: rsync (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Lunar) Importance: Low Status: Confirmed ** Also affects: rsync (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: rsync (Ubuntu Kinetic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1971932 Title: error in rsync protocol data stream Status in rsync package in Ubuntu: Confirmed Status in rsync source package in Bionic: New Status in rsync source package in Focal: New Status in rsync source package in Jammy: New Status in rsync source package in Kinetic: New Status in rsync source package in Lunar: Confirmed Bug description: When synchronizing to other systems, rsync exits with "error in rsync protocol data stream (code 12)". The problem occurs since ubuntu 22.04 LTS with two different destination systems not running ubuntu but plain debian. The error did not occur under 20.04 LTS. Synchronisation runs fine for most other files, but always stops at the same (relative large) file. The file itself has also been changed on a test basis to make sure the file is not the problem itself. Log snippet: ... chunk[46131] len=46120 offset=2127561720 sum1=2f48caf4 chunk[46132] len=46120 offset=2127607840 sum1=5dfcb4ee chunk[46133] len=46120 offset=2127653960 sum1=d1037d81 chunk[46134] len=8870 offset=2127700080 sum1=6deedc97 send_files mapped /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX of size 2135722584 calling match_sums /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX built hash table hash search b=46120 len=2135722584 sum=1e1722dc k=46120 hash search s->blength=46120 len=2135722584 count=46135 potential match at 0 i=0 sum=1e1722dc match at 0 last_match=0 j=0 len=46120 n=0 potential match at 46120 i=1 sum=c482d6b6 match at 46120 last_match=46120 j=1 len=46120 n=0 potential match at 92240 i=2 sum=b21c7e11 match at 92240 last_match=92240 j=2 len=46120 n=0 potential match at 138360 i=3 sum=d066473a match at 138360 last_match=138360 j=3 len=46120 n=0 potential match at 184480 i=4 sum=a32a2984 match at 184480 last_match=184480 j=4 len=46120 n=0 potential match at 230600 i=5 sum=39cc049f match at 230600 last_match=230600 j=5 len=46120 n=0 potential match at 276720 i=6 sum=ad3de98a match at 276720 last_match=276720 j=6 len=46120 n=0 potential match at 322840 i=7 sum=83e16fa9 match at 322840 last_match=322840 j=7 len=46120 n=0 deflate on token returned 0 (8512 bytes left) rsync error: error in rsync protocol data stream (code 12) at token.c(476) [sender=3.2.3] [sender] _exit_cleanup(code=12, file=token.c, line=476): entered [sender] _exit_cleanup(code=12, file=token.c, line=476): about to call exit(12) Sender system: (rsync 3.2.3-8ubuntu3) - rsync version 3.2.3 protocol version 31 Copyright (C) 1996-2020 by Andrew Tridgell, Wayne Davison, and others. Web site: https://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, hardlink-specials, symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs, xattrs, optional protect-args, iconv, symtimes, prealloc, stop-at, no crtimes Optimizations: SIMD, no asm, openssl-crypto Checksum list: xxh128 xxh3 xxh64 (xxhash) md5 md4 none Compress list: zstd lz4 zlibx zlib none rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. Recipient systems: (rsync 3.1.3-6) -- rsync version 3.1.3 protocol version 31 Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others. Web site: http://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace, append, ACLs, xattrs, iconv, symtimes, prealloc rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1971932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4
** Summary changed: - 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression + Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4 Status in rsync package in Ubuntu: Fix Released Status in rsync source package in Jammy: Triaged Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression
Thanks for the links Peter. Looking at the upstream patch, it looks straightforward enough, but can you also provide more detailed steps to reproduce this issue? I gather this would involve setting up a 20.04 host and 22.04 clients, running Backuppc on the latter to pull data from the former. If you can provide a reproducer that'd help accelerate progress towards getting a fix prepared for backporting. Thanks ahead of time. ** Changed in: rsync (Ubuntu Jammy) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression Status in rsync package in Ubuntu: New Status in rsync source package in Jammy: Incomplete Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression
** Also affects: rsync (Ubuntu Jammy) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #969463 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969463 ** Also affects: rsync (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969463 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: 22.04: Backport request from 3.2.4 for fix of 3.2.3 regression Status in rsync package in Ubuntu: New Status in rsync source package in Jammy: New Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1960736] Re: Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly ( NSS error code: -8018 )
Hi Bartłomiej, NSS is in the regular mozilla bugzilla at https://bugzilla.mozilla.org/home. You can file or search for bugs related to NSS by specifying "NSS" as the Product, e.g.: https://bugzilla.mozilla.org/buglist.cgi?resolution=---_format=advanced=NSS=Importance=Client%20Software=Developer%20Infrastructure=Components=Server%20Software=Other -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1960736 Title: Libnss3 doesn't log SEC_ERROR_UNKNOWN_PKCS11_ERROR properly ( NSS error code: -8018 ) Status in nss package in Ubuntu: New Bug description: I've got the issue with Google Chrome not recognizing any of SSL/TSL certificates as trusted. When I look into certificate checksums it's renders all bytes of it as NULL bytes. I'm aware Google Chrome is proprietary but it depends on ubuntu provided libnss3-package. And libnss provides very nigmatic error code -8018: `/opt/google/chrome$ google-chrome [23391:23426:0213/133531.202486:ERROR:nss_util.cc(286)] After loading Root Certs, loaded==false: NSS error code: -8018 [23434:23434:0213/133531.266711:ERROR:sandbox_linux.cc(377)] InitializeSandbox() called with multiple threads in process gpu-process. [23391:23427:0213/133531.313065:ERROR:cert_verify_proc_builtin.cc(681)] CertVerifyProcBuiltin for accounts.google.com failed: - Certificate i=3 (CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE) - ERROR: No matching issuer found ' When trying to enter this particular error code into search engine nothing is found. So my suggestion with this bug is to make it more transparent by providing information to what happened - it seems other bug codes has better error messages. To get SEC_ERROR_UNKNOWN_PKCS11_ERROR string I was force to download source code and manually calculate offsets. Another issue is if failing to initialize PKCS11 token should make whole SSL/TLS crypto invalid ? I'm not sure if this is libnss or Google Chrome issue but it behaves differently in Chromium browser with same libnss so I assume either of two is doing better - it's worth to review this from security perspective. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: libnss3 2:3.35-2ubuntu2.13 Uname: Linux 5.10.0-051000rc6-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.27 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sun Feb 13 13:33:51 2022 Dependencies: gcc-8-base 8.4.0-1ubuntu1~18.04 libc6 2.27-3ubuntu1.5 [origin: LP-PPA-ubuntu-security-proposed] libgcc1 1:8.4.0-1ubuntu1~18.04 libnspr4 2:4.18-1ubuntu1 libsqlite3-0 3.22.0-1ubuntu0.4 InstallationDate: Installed on 2015-05-08 (2473 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=pl_PL.UTF-8 SHELL=/bin/bash SourcePackage: nss UpgradeStatus: Upgraded to bionic on 2018-08-26 (1266 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1960736/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971323] Re: Merge six from Debian unstable for kinetic
** Changed in: six (Ubuntu) Milestone: later => ubuntu-22.11 ** Changed in: six (Ubuntu) Milestone: ubuntu-22.11 => kinetic-updates -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to six in Ubuntu. https://bugs.launchpad.net/bugs/1971323 Title: Merge six from Debian unstable for kinetic Status in six package in Ubuntu: Fix Released Bug description: Upstream: tbd Debian: 1.16.0-3 Ubuntu: 1.16.0-3ubuntu1 Debian typically updates six every 2 months on average, but it was last updated 21.12 and looks overdue. Check back in on this monthly. ### New Debian Changes ### six (1.16.0-3) unstable; urgency=medium [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Update standards version to 4.5.1, no changes needed. [ Colin Watson ] * Link directly to upstream in Homepage and debian/copyright. -- Colin Watson Sun, 26 Dec 2021 02:24:26 + six (1.16.0-2) unstable; urgency=medium * Team upload. [ Andreas Beckmann ] * python-six/python3-six: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18), python-iso8601 (<< 0.1.12-2~), python-pbr (<< 5.4.5) from python2.7 to ensure removal of the unversioned python packages (and some persisting obsolete Python 2 module packages) on upgrades from buster. In some upgrade scenarios (mostly involving openstack packages) these Breaks in python2.7 were ineffective because the unversioned python packages got higher scores than python2.7. python-six/python3-six are usually very high scoring Python module packages in these cases, making them ideal candidates for such copies of the Breaks. (Closes: #991433) -- Stefano Rivera Tue, 27 Jul 2021 11:44:18 -0400 six (1.16.0-1) unstable; urgency=medium * New upstream release. -- Colin Watson Sun, 09 May 2021 11:40:54 +0100 six (1.15.0-2) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Colin Watson ] * Remove Barry Warsaw from Uploaders, with thanks for their previous contributions (closes: #970181). -- Colin Watson Tue, 10 Nov 2020 00:16:45 + six (1.15.0-1) unstable; urgency=medium [ Debian Janitor ] * Update standards version to 4.5.0, no changes needed. [ Colin Watson ] * New upstream release. -- Colin Watson Sun, 24 May 2020 10:23:22 +0100 six (1.14.0-3) unstable; urgency=medium * Dont run unittests for python2 binary, to reduce pytest rdeps -- Sandro Tosi Mon, 13 Apr 2020 20:16:04 -0400 six (1.14.0-2) unstable; urgency=medium * Build-depend on python2 rather than python. -- Colin Watson Tue, 21 Jan 2020 09:44:26 + six (1.14.0-1) unstable; urgency=medium [ Debian Janitor ] * Remove unnecessary team-upload line in changelog. * Set upstream metadata fields: Bug-Database, Repository. * Set upstream metadata fields: Bug-Submit, Repository-Browse. [ Colin Watson ] * New upstream release. -- Colin Watson Mon, 20 Jan 2020 21:39:42 + six (1.13.0-1) unstable; urgency=medium [ Emmanuel Arias ] * New upstream version 1.13.0 * d/control: Bump Standard-Version to 4.4.1 * d/control: Bump debhelper-compat to 12 (from 9) [ Colin Watson ] * Replace manually-written basic autopkgtests with 'Testsuite: autopkgtest-pkg-python'. * Remove build-dependencies on python-py and python3-py, no longer used upstream. * Fix HTML paths in doc-base control file. -- Colin Watson Tue, 12 Nov 2019 08:10:54 + six (1.12.0-2) unstable; urgency=medium ### Old Ubuntu Delta ### six (1.16.0-3ubuntu1) jammy; urgency=medium * Drop Breaks on python to allow python-is-python2 to remain when upgrading from Focal (LP: #1958720) -- Robie Basak Wed, 13 Apr 2022 21:08:40 +0100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/six/+bug/1971323/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for lunar
A new Debian version for bridge-utils is available. There is also a new upstream release but it's not yet packaged by Debian. bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 There is an upstream 1.7.1 release, with just a couple cleanups: From https://kernel.googlesource.com/pub/scm/network/bridge/bridge-utils/+log/refs/tags/v1.7.1: 75d949b Chnage version to 1.7 by Stephen Hemminger · 1 year, 11 months ago v1.7.1 a1f2022 fix string overflow warnings by Stephen Hemminger · 1 year, 11 months ago 4691bf3 brctl: fix spelling on man page by Stephen Hemminger · 2 years ago ab8a2cc README: mark bridge-utils as deprecated by Stephen Hemminger · 2 years, 7 months ago v1.7 ** Changed in: bridge-utils (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1993387 Title: Merge bridge-utils from Debian unstable for lunar Status in bridge-utils package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.12 Upstream: 1.7.1 Debian: 1.7-2 Ubuntu: 1.7-1ubuntu3 ### New Debian Changes ### bridge-utils (1.7-2) unstable; urgency=medium * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils to stop disabling IPv6 on physical interfaces of vlan ports if set to no. Closes: #989162. * Update interfaces man page, IPv6 works with STP on after DAD was fixed. Closes: #980507. * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. * Update NEWS file to fix us blaming the kernel for the MAC address selection that is really overridden by systemd. -- Santiago García Mantiñán Mon, 03 Oct 2022 23:11:46 +0200 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update max, default value for path cost + Update unsettable gcint value for newer kernels -- Steve Langasek Wed, 17 Mar 2021 12:32:22 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bridge-utils/+bug/1993387/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for lunar
** Description changed: Scheduled-For: ubuntu-22.12 - Upstream: tbd - Debian: 1.7-1 + Upstream: 1.7.1 + Debian: 1.7-2 Ubuntu: 1.7-1ubuntu3 - - ### New Debian Changes ### - bridge-utils (1.7-1) unstable; urgency=medium + bridge-utils (1.7-2) unstable; urgency=medium - * New upstream version. - Only messages related changes and compilation fixes. - * Remove preserve_gcc_flags patch (in upstream now). - * Bump standards, no change needed. - * Clarify portprio and fix example. - * Update upstream url. - * Fix NEWS versioning of last entry :-? + * Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils + to stop disabling IPv6 on physical interfaces of vlan ports if set to no. + Closes: #989162. + * Update interfaces man page, IPv6 works with STP on after DAD was fixed. + Closes: #980507. + * Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627. + * Update NEWS file to fix us blaming the kernel for the MAC address + selection that is really overridden by systemd. - -- Santiago Garcia Mantinan Wed, 24 Feb 2021 - 12:34:03 +0100 - - bridge-utils (1.6-6) unstable; urgency=medium - - * Fix IPv6 address getting assigned on hotplug devices. - Closes: #980752. - * Fix waiting so that DAD works again. Closes: #982943. - * Move mac setting before brctl addif to ensure mac setting. - Closes: #980856. - * Update documentation and add examples. Closes: #765098. - * Update manpages. Closes: #981253. - * Add a note on MTU settings. Closes: #292088. - * Hook also on down to recreate the bridge so that multiple - stanzas work Ok on ifdown. Closes: #319832. - - -- Santiago Garcia Mantinan Tue, 16 Feb 2021 - 13:29:04 +0100 - - bridge-utils (1.6-5) unstable; urgency=low - - * Overload bridge_hw to allow do specify an interface as well as the - MAC address. Closes: #966244. - * Change man page for bridge-utils-interfaces and news fileto document - this overloading. - - -- Santiago Garcia Mantinan Fri, 22 Jan 2021 - 11:08:47 +0100 - - bridge-utils (1.6-4) unstable; urgency=low - - * Add en* to the device regex so that all catches them. Closes: #966319. - * Document MAC address changes on news. Closes: #980505. - - -- Santiago Garcia Mantinan Thu, 21 Jan 2021 - 10:51:31 +0100 - - bridge-utils (1.6-3) unstable; urgency=medium - - * Support VLAN aware setups where we need vlan filtering. - Thanks Benedikt Spranger for the patch. Closes: #950879. - * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. - * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. - - -- Santiago Garcia Mantinan Thu, 30 Apr 2020 - 10:06:38 +0200 - - bridge-utils (1.6-2) unstable; urgency=medium - - * Bump Standards-Version. - * Preserve gcc flags set when building the lib. - - -- Santiago Garcia Mantinan Mon, 28 Jan 2019 - 00:25:14 +0100 - - bridge-utils (1.6-1) unstable; urgency=low - - * New upstream version. - * Change default back to not hotplug. Closes: #892277. - * Allow mtu to be set on the bridge by propagating it to the bridged - interfaces. Closes: #661711. - * Remove kernel headers from the package. - - -- Santiago Garcia Mantinan Tue, 15 Jan 2019 - 13:18:33 +0100 - - bridge-utils (1.5-16) unstable; urgency=medium - - * Don't set dev globally at bridge-utils.sh. Closes: #873086. - - -- Santiago Garcia Mantinan Sun, 08 Apr 2018 - 23:06:30 +0200 - - bridge-utils (1.5-15) unstable; urgency=medium - - * Fix substrings on interfaces. Closes: #873087. - * Make it lintian clean sticking to 1.0 source format for now. - No time to properly comment all the patches right now. - - -- Santiago Garcia Mantinan Fri, 02 Mar 2018 - 22:08:20 +0100 - - bridge-utils (1.5-14) unstable; urgency=low - - * Fix a problem with some vlan interfaces not being created. - - -- Santiago Garcia Mantinan Mon, 26 Jun 2017 - 17:48:37 +0200 - - bridge-utils (1.5-13) unstable; urgency=low - - * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. - - -- Santiago Garcia Mantinan Sat, 11 Feb 2017 - 00:16:45 +0100 - - bridge-utils (1.5-12) unstable; urgency=medium - - * Add vlan support so that old setups using vlans as ports don't - break. - - -- Santiago Garcia Mantinan Sun, 22 Jan 2017 - 00:23:50 +0100 + -- Santiago García Mantiñán Mon, 03 Oct 2022 + 23:11:46 +0200 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium - * No-change rebuild for ppc64el baseline bump. + * No-change rebuild for ppc64el baseline bump. - -- Łukasz 'sil2100' Zemczak Wed, 23 Mar + -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium - * No-change rebuild to build packages with zstd compression. + * No-change rebuild to build packages with zstd compression. - -- Matthias
[Touch-packages] [Bug 2003833] [NEW] colord migration blocked by impossible depends on argyll
Public bug reported: colord recently re-enabled argyll support. Unfortunately since argyll is in universe and colord is in main, this is causing an 'impossible depends' migration error for colord. colord-sensor-argyll/amd64 in main cannot depend on argyll in universe Impossible Depends: colord -> argyll/2.3.1+repack-1ubuntu1/amd64 colord (1.4.6-2) unstable; urgency=medium * debian/control: - Build-Depend on polkitd. Fixes FTBFS (Closes: #1022355) - Bump Standards-Version to 4.6.1 (no changes needed) * debian/rules: * debian/control: * debian/not-installed: - Re-enable Argyll support. Argyll no longer appears in danger of being removed from the archive. * debian/copyright: - Fix misspelling of Richard Hughes' name - Drop no-longer-necessary Files: stanzas - Include full license details of data/profiles -- Christopher James Halse Rogers Tue, 01 Nov 2022 11:02:35 +0100 There is a MIR for argyll (LP: #821883) which could be a solution for this issue. ** Affects: colord (Ubuntu) Importance: Undecided Status: New ** Tags: update-excuses -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to colord in Ubuntu. https://bugs.launchpad.net/bugs/2003833 Title: colord migration blocked by impossible depends on argyll Status in colord package in Ubuntu: New Bug description: colord recently re-enabled argyll support. Unfortunately since argyll is in universe and colord is in main, this is causing an 'impossible depends' migration error for colord. colord-sensor-argyll/amd64 in main cannot depend on argyll in universe Impossible Depends: colord -> argyll/2.3.1+repack-1ubuntu1/amd64 colord (1.4.6-2) unstable; urgency=medium * debian/control: - Build-Depend on polkitd. Fixes FTBFS (Closes: #1022355) - Bump Standards-Version to 4.6.1 (no changes needed) * debian/rules: * debian/control: * debian/not-installed: - Re-enable Argyll support. Argyll no longer appears in danger of being removed from the archive. * debian/copyright: - Fix misspelling of Richard Hughes' name - Drop no-longer-necessary Files: stanzas - Include full license details of data/profiles -- Christopher James Halse Rogers Tue, 01 Nov 2022 11:02:35 +0100 There is a MIR for argyll (LP: #821883) which could be a solution for this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/colord/+bug/2003833/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 821883] Re: [MIR] argyll
colord recently re-enabled argyll support. Unfortunately since argyll is in universe and colord is in main, this is causing an 'impossible depends' migration error for colord. colord-sensor-argyll/amd64 in main cannot depend on argyll in universe Impossible Depends: colord -> argyll/2.3.1+repack-1ubuntu1/amd64 colord (1.4.6-2) unstable; urgency=medium * debian/control: - Build-Depend on polkitd. Fixes FTBFS (Closes: #1022355) - Bump Standards-Version to 4.6.1 (no changes needed) * debian/rules: * debian/control: * debian/not-installed: - Re-enable Argyll support. Argyll no longer appears in danger of being removed from the archive. * debian/copyright: - Fix misspelling of Richard Hughes' name - Drop no-longer-necessary Files: stanzas - Include full license details of data/profiles -- Christopher James Halse Rogers Tue, 01 Nov 2022 11:02:35 +0100 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to colord in Ubuntu. https://bugs.launchpad.net/bugs/821883 Title: [MIR] argyll Status in argyll package in Ubuntu: Incomplete Status in colord package in Ubuntu: New Bug description: Note this MIR is for both argyll and libicc2 (both packages are currently in Universe). With the most recent argyll package the binary packages of argyll and libicc2 are now all produced by the argyll source package. We followed Debian to unsplit here as the upstream source for both is argyll. The libicc2 source package in Universe can get dropped. Availability: Currently available in Universe, building on all currently supported architectures, see https://launchpad.net/ubuntu/+source/argyll Rationale: In Oneiric we want to introduce ICC-based color management on the operating system level, using the same architecture as Fedora does. argyll (support for color calibration) and libicc2 (ICC handling library) are part of this architecture. Therefore we need them in Main. This MIR is a work item of the following Blueprint: https://blueprints.launchpad.net/ubuntu/+spec/desktop-o-icc-color- management According to the Blueprint additional demand on CD space for the whole introduction of color management is around 300K only. Security: No security vulnerabilities known at CVE and Secunia for the current version (1.3.3), vulnerabilities of older versions are all fixed, no SUID components, no daemons. Quality assurance: Installs without debconf questions. The package is maintained upstream as new releases occur regularly and they get packaged for Debian by Roland Mas (see debian/changelog). UI standards: The package are a library and command line utilities. The complete upstream documentation is available in /usr/share/doc/argyll/. Each command shows a help page by calling it without parameters. Dependencies: Depends only on standard libraries for X and images. They are all in Main. Maintenance: See "Quality assurance". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/argyll/+bug/821883/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 821883] Re: [MIR] argyll
** Also affects: colord (Ubuntu) Importance: Undecided Status: New ** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to colord in Ubuntu. https://bugs.launchpad.net/bugs/821883 Title: [MIR] argyll Status in argyll package in Ubuntu: Incomplete Status in colord package in Ubuntu: New Bug description: Note this MIR is for both argyll and libicc2 (both packages are currently in Universe). With the most recent argyll package the binary packages of argyll and libicc2 are now all produced by the argyll source package. We followed Debian to unsplit here as the upstream source for both is argyll. The libicc2 source package in Universe can get dropped. Availability: Currently available in Universe, building on all currently supported architectures, see https://launchpad.net/ubuntu/+source/argyll Rationale: In Oneiric we want to introduce ICC-based color management on the operating system level, using the same architecture as Fedora does. argyll (support for color calibration) and libicc2 (ICC handling library) are part of this architecture. Therefore we need them in Main. This MIR is a work item of the following Blueprint: https://blueprints.launchpad.net/ubuntu/+spec/desktop-o-icc-color- management According to the Blueprint additional demand on CD space for the whole introduction of color management is around 300K only. Security: No security vulnerabilities known at CVE and Secunia for the current version (1.3.3), vulnerabilities of older versions are all fixed, no SUID components, no daemons. Quality assurance: Installs without debconf questions. The package is maintained upstream as new releases occur regularly and they get packaged for Debian by Roland Mas (see debian/changelog). UI standards: The package are a library and command line utilities. The complete upstream documentation is available in /usr/share/doc/argyll/. Each command shows a help page by calling it without parameters. Dependencies: Depends only on standard libraries for X and images. They are all in Main. Maintenance: See "Quality assurance". To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/argyll/+bug/821883/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1398805] Re: redshift fails to start geoclue provider after resuming network connection / hangs for 25s
This link suggests redshift may now require installing geoclue-2:
https://askubuntu.com/questions/752406/is-it-possible-to-workaround-the-redshift-geoclue-bug?rq=1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to geoclue in Ubuntu.
https://bugs.launchpad.net/bugs/1398805
Title:
redshift fails to start geoclue provider after resuming network
connection / hangs for 25s
Status in geoclue package in Ubuntu:
Confirmed
Status in redshift package in Ubuntu:
Confirmed
Bug description:
`redshift -l geoclue -p` hangs after resuming network operation.
This happens after resuming from hibernation, but can be reproduced by
disabling and re-enabling the network via network-manager.
strace shows:
sendmsg(3, {msg_name(0)=NULL,
msg_iov(2)=[{"l\1\1\1\214\0\0\0\2\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\10\0\0\0AddMatch\0\0\0\0\0\0\0\0\10\1g\0\1s\0\0",
144},
{"\207\0\0\0type='signal',sender='org.freedesktop.Geoclue.Master',path='/org/freedesktop/Geoclue/Master',interface='org.freedesktop.Geoclue.Master'\0",
140}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 284
sendmsg(3, {msg_name(0)=NULL,
msg_iov(2)=[{"l\1\1\1\256\0\0\0\3\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\10\0\0\0AddMatch\0\0\0\0\0\0\0\0\10\1g\0\1s\0\0",
144},
{"\251\0\0\0type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0='org.freedesktop.Geoclue.Master'\0",
174}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 318
sendmsg(3, {msg_name(0)=NULL,
msg_iov(2)=[{"l\1\0\1#\0\0\0\4\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/freedesktop/DBus\0\0\0\6\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\2\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\3\1s\0\f\0\0\0GetNameOwner\0\0\0\0\10\1g\0\1s\0\0",
144}, {"\36\0\0\0org.freedesktop.Geoclue.Master\0", 35}], msg_controllen=0,
msg_flags=0}, MSG_NOSIGNAL) = 179
sendmsg(3, {msg_name(0)=NULL,
msg_iov(2)=[{"l\1\0\1\0\0\0\0\5\0\0\0\207\0\0\0\1\1o\0\37\0\0\0/org/freedesktop/Geoclue/Master\0\6\1s\0\36\0\0\0org.freedesktop.Geoclue.Master\0\0\2\1s\0\36\0\0\0org.freedesktop.Geoclue.Master\0\0\3\1s\0\6\0\0\0Create\0\0",
152}, {"", 0}], msg_controllen=0, msg_flags=0}, MSG_NOSIGNAL) = 152
poll([{fd=3, events=POLLIN}], 1, 25000) = 1 ([{fd=3, revents=POLLIN}])
recvmsg(3, {msg_name(0)=NULL,
msg_iov(1)=[{"l\2\1\1\n\0\0\0\3\0\0\0=\0\0\0\6\1s\0\6\0\0\0:1.411\0\0\5\1u\0\4\0\0\0\10\1g\0\1s\0\0\7\1s\0\24\0\0\0org.freedesktop.DBus\0\0\0\0\5\0\0\0:1.43\0",
2048}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 90
write(4, "\1\0\0\0\0\0\0\0", 8) = 8
recvmsg(3, 0x7fffcd24f170, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource
temporarily unavailable)
poll([{fd=3, events=POLLIN}], 1, 25000
# Here it hangs
) = 0 (Timeout)
open("/usr/lib/x86_64-linux-gnu/charset.alias", O_RDONLY) = -1 ENOENT (No
such file or directory)
fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 56), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f3d2998c000
write(2, "Unable to obtain master client: Did not receive a reply.
Possible causes include: the remote application did not send a reply, the
message bus security policy blocked the reply, the reply timeout expired, or
the network connection was broken.\n", 243Unable to obtain master client: Did
not receive a reply. Possible causes include: the remote application did not
send a reply, the message bus security policy blocked the reply, the reply
timeout expired, or the network connection was broken.
) = 243
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f3d2998b000
read(5, "# Locale name alias data base.\n# Copyright (C)
1996-2001,2003,2007 Free Software Foundation, Inc.\n#\n# This program is free
software; you can redistribute it and/or modify\n# it under the terms of the
GNU General Public License as published by\n# the Free Software Foundation;
either version 2, or (at your option)\n# any later version.\n#\n# This program
is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY;
without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the\n# GNU General Public License for more
details.\n#\n# You should have received a copy of the GNU General Public
License\n# along with this program; if not, write to the Free Software\n#
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\n\n#
The format of this
[Touch-packages] [Bug 2000817] Re: Wrong SHA256-value computed on kinetic
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on kinetic
Status in openldap package in Ubuntu:
Triaged
Bug description:
The OpenLDAP-contrib module sha2 (located in contrib/slapd-
modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu
kinetic. This breaks our current password-authentication in ldap.
The problematic computation:
$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
The (correct) reference-value on the same system (or older ubuntu
Versions):
$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing.
so most probably the gcc-version on kinetic (v12.2.0) is the reason. The
workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing".
Then the correct value is computed. An example taken from a git-compiled
version of OpenLDAP 2.5.13:
$ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o
module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs
{SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
Ubuntu:
Description:Ubuntu 22.10
Release:22.10
OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2000817] Re: Wrong SHA256-value computed on kinetic
lunar, kinetic, and jammy all return the first result, while focal
provides the second:
triage-lunar+23.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
triage-lunar+23.04: ~$ slapd -VV
@(#) $OpenLDAP: slapd 2.6.3+dfsg-1~exp1ubuntu1 (Nov 18 2022 21:07:45) $
triage-kinetic+22.10: ~$ slappasswd -s secret -h '{SHA256}' -o
module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
triage-kinetic+22.10: ~$ slapd -VV
@(#) $OpenLDAP: slapd 2.5.13+dfsg-1ubuntu1 (Sep 20 2022 19:30:47) $
triage-jammy+22.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
triage-jammy+22.04: ~$ slapd -VV
@(#) $OpenLDAP: slapd 2.5.13+dfsg-0ubuntu0.22.04.1 (Aug 5 2022 14:51:52) $
triage-focal+20.04: ~$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
triage-focal+20.04: ~$ slapd -VV
@(#) $OpenLDAP: slapd (Ubuntu) (May 12 2022 13:11:05) $
triage-focal+20.04: ~$ apt-cache policy slapd
slapd:
Installed: 2.4.49+dfsg-2ubuntu1.9
On all releases, the openssl dgst call produces the same result,
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
Here's two other references mentioning the same problem, and same
suggested workaround:
*
https://www.mail-archive.com/search?l=openldap-techni...@openldap.org=subject:%22%22=newest=1
*
https://stackoverflow.com/questions/74928752/slappasswd-generating-a-strange-password-hash-sha256-only
I don't know whether there might be side effects from adding "-fno-
strict-aliasing". However, the patch's compilation modifications looks
like it'll affect the performance of only just the sha2 module, so for
SRU policy this seems a narrow enough fix. Since this is described in
the first link as a contrib module, that may explain why this issue
hasn't come to light earlier.
** Changed in: openldap (Ubuntu)
Status: Confirmed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817
Title:
Wrong SHA256-value computed on kinetic
Status in openldap package in Ubuntu:
Triaged
Bug description:
The OpenLDAP-contrib module sha2 (located in contrib/slapd-
modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu
kinetic. This breaks our current password-authentication in ldap.
The problematic computation:
$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=
The (correct) reference-value on the same system (or older ubuntu
Versions):
$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing.
so most probably the gcc-version on kinetic (v12.2.0) is the reason. The
workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing".
Then the correct value is computed. An example taken from a git-compiled
version of OpenLDAP 2.5.13:
$ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o
module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs
{SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
Ubuntu:
Description:Ubuntu 22.10
Release:22.10
OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993411] Re: Merge libseccomp from Debian unstable for l-series
** Changed in: libseccomp (Ubuntu) Status: Expired => New ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete ** Summary changed: - Merge libseccomp from Debian unstable for l-series + Merge libseccomp from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1993411 Title: Merge libseccomp from Debian unstable for lunar Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-later Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu1 ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1993411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for l-series
** Changed in: bridge-utils (Ubuntu) Status: Expired => New ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete ** Summary changed: - Merge bridge-utils from Debian unstable for l-series + Merge bridge-utils from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1993387 Title: Merge bridge-utils from Debian unstable for lunar Status in bridge-utils package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.7-1 Ubuntu: 1.7-1ubuntu3 ### New Debian Changes ### bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium * Fix substrings on interfaces. Closes: #873087. * Make it lintian clean sticking to 1.0 source format for now. No time to properly comment all the patches right now. -- Santiago Garcia Mantinan Fri, 02 Mar 2018 22:08:20 +0100 bridge-utils (1.5-14) unstable; urgency=low * Fix a problem with some vlan interfaces not being created. -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200 bridge-utils (1.5-13) unstable; urgency=low * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100 bridge-utils (1.5-12) unstable; urgency=medium * Add vlan support so that old setups using vlans as ports don't break. -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
I've verified the test case as written. I reproduced the issue, enabled
the -proposed package and did apt-get full-upgrade to pull in the new
openssh from -proposed. The CPU usage dropped from 100% to <1% as soon
as the operation concluded.
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521
Title:
ssh client spins if output fd closed
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Jammy:
Fix Committed
Bug description:
[Impact]
In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy. While this is an uncommon error, googling
indicates many people have run into it in several different ways. It seems
important to get this fixed in stable releases.
This is a regression in jammy presumably due to change from select()
to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by
upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream:
fix poll() spin when a channel's output fd closes..." [2].
1: https://lwn.net/Articles/885886/
2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
You can shell into the container from a second terminal and use "htop"
to verify that ssh is using 100% of one of the CPU cores:
$ lxc shell ssh-cpu
# htop
This should show one CPU pegged at 100% due to the 'ssh localhost'
process
Next, return to the first terminal, exit out of the sub-ssh session and
install the fix:
# logout
# add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
# apt-get full-upgrade -y
Now repeat the test in the first terminal window, while viewing htop in
the second terminal:
# ssh localhost 2> >({exec 1>&2})
[Where Problems Could Occur]
While the patch in question is well tested upstream, it has a
relatively high line count and as such is difficult to assure
correctness by visual code checking. However, it's not clear that the
line count could be significantly reduced without risking loss of
correctness. Thus this relies more on testing to assure robustness,
than on code review.
The code involves polling behavior, so issues to watch for would more
likely involve process handling, i.e. problems with socket polling.
Beyond that, the usual generic issues to watch for - build issues,
dependency issues during build or on upgrade, and service restarting.
[Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by
this bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its
release notes at https://www.openssh.com/txt/release-9.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993396] Re: Sync dnsmasq from Debian unstable for lunar
$ rmad dnsmasq dnsmasq | 2.86-1.1ubuntu2 | kinetic dnsmasq | 2.88-1 | lunar dnsmasq| 2.85-1 | stable dnsmasq| 2.88-1 | testing dnsmasq| 2.88-1 | unstable ** Changed in: dnsmasq (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1993396 Title: Sync dnsmasq from Debian unstable for lunar Status in dnsmasq package in Ubuntu: Fix Released Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.87-1.1 Ubuntu: 2.86-1.1ubuntu2 ### New Debian Changes ### dnsmasq (2.87-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:25 +0200 dnsmasq (2.87-1) unstable; urgency=low * New upstream. (closes: #1001209, #1003156) * Include new NFTset support in the build. * Fix crash on netboot with DNS server disabled. (closes: #996332) * Fix rare lockup in DNSSEC. (closes: #1001576) * Close old bug. (closes: #902963) -- Simon Kelley Wed, 25 Sep 2022 23:11:25 + dnsmasq (2.86-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix --address=/#/.. which was lost in 2.86. (closes: #995655) -- Michael Biebl Wed, 10 Nov 2021 22:05:45 +0100 dnsmasq (2.86-1) unstable; urgency=low * Fix debian/changelog format error. (closes: #986626) -- Simon Kelley Thu, 08 Apr 2021 22:39:00 +0100 dnsmasq (2.85-1) unstable; urgency=low * New upstream. * Includes fix to CVE-2021-3448. * Fix manpage typos. (closes: #986150) -- Simon Kelley Sat, 03 Apr 2021 22:17:23 +0100 dnsmasq (2.84-1.2) unstable; urgency=medium * Non-maintainer upload. * Bump old-version in dpkg-maintscript-helper dir_to_symlink calls to also clean up after upgrades to an earlier version in testing. -- Andreas Beckmann Thu, 01 Apr 2021 16:01:51 +0200 dnsmasq (2.84-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix symlink to directory conversion for /usr/share/doc/dnsmasq. This is achieved by directly calling dpkg-maintscript-helper in the preinst, postinst, and postrm scripts, since the package does not use debhelper. (Closes: #985282) -- Sébastien Villemot Sun, 28 Mar 2021 10:55:07 +0200 dnsmasq (2.84-1) unstable; urgency=low * New upstream. -- Simon Kelley Sun, 24 Jan 2021 22:02:01 + dnsmasq (2.83-1) unstable; urgency=high * New upstream. * Includes fixes to CVE-2020-25681 - CVE-2020-25687 inclusive. -- Simon Kelley Fri, 15 Jan 2021 22:22:41 + dnsmasq (2.82-1) unstable; urgency=low * New upstream. -- Simon Kelley Fri, 26 Jun 2020 22:22:41 + dnsmasq (2.81-4) unstable; urgency=low * Remove runit support when building for Ubuntu. (closes: #960401) -- Simon Kelley Fri, 26 Jun 2020 21:52:44 + dnsmasq (2.81-3) unstable; urgency=low * Fixes to control file for bug 958100 -- Simon Kelley Sun, 19 Apr 2020 21:44:12 + dnsmasq (2.81-2) unstable; urgency=low * Fix FTBFS on kFreeBSD. (closes: #958100) -- Simon Kelley Sat, 18 Apr 2020 18:34:15 + dnsmasq (2.81-1) unstable; urgency=low * New upstream. * Fix nodocs/nodoc confusion in rules. (closes: #922758) * Add Vcs-* fields to control. (closes: #922422) * Add systemd support for multiple daemon instances. (closes: #914305) * Add note explaining that ENABLED is SYSV-init only. (closes: #914755) ### Old Ubuntu Delta ### dnsmasq (2.86-1.1ubuntu2) kinetic; urgency=medium * src/forward.c: Do not refuse retries from client DNS queries. Behaviour to stop infinite loops when all servers return REFUSED was wrongly activated on client retries, resulting in incorrect REFUSED replies to client retries. The code added here is a cherry pick released in upstream version 2.87, originating at https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be (LP: #1981794) -- Lena Voytek Fri, 30 Sep 2022 08:42:39 -0700 dnsmasq (2.86-1.1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: Heap use after free - 03345ecefeb0d82e3c3a4c28f27c3554f0611b39: Fix write-after-free error in DHCPv6 code in src/rfc3315.c. - CVE-2022-0934 -- Leonidas Da Silva Barbosa Wed, 13 Jul 2022 12:10:53 -0300 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1993396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help :
[Touch-packages] [Bug 1993420] Re: Merge net-tools from Debian unstable for lunar
** Summary changed: - Merge net-tools from Debian unstable for l-series + Merge net-tools from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/1993420 Title: Merge net-tools from Debian unstable for lunar Status in net-tools package in Ubuntu: New Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.10-0.1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martín Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. [ Martín Ferrari ] * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière . Closes: #752584. * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com. Closes: #805377. -- Martín Ferrari Thu, 19 Nov 2015 14:48:47 + net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium ### Old Ubuntu Delta ### net-tools (1.60+git20181103.0eebece-1ubuntu5) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 17:20:48 +0100 net-tools (1.60+git20181103.0eebece-1ubuntu4) jammy; urgency=low * Add new DEP8 tests for hostname and ifconfig (LP: #1679346): - d/t/control: add hostname-set-get and ifconfig-lo-info - d/t/hostname-set-get: new test - d/t/ifconfig-lo-info: new test -- Lena Voytek Fri, 22 Oct 2021 07:49:06 -0700 net-tools (1.60+git20181103.0eebece-1ubuntu3) impish; urgency=medium * No-change rebuild to
[Touch-packages] [Bug 1993420] Re: Merge net-tools from Debian unstable for l-series
$ rmad net-tools net-tools | 1.60+git20181103.0eebece-1ubuntu5 | kinetic net-tools | 1.60+git20181103.0eebece-1ubuntu5 | lunar net-tools | 1.60+git20181103.0eebece-1 | stable net-tools | 2.10-0.1 | testing net-tools | 2.10-0.1 | unstable net-tools | 2.10-0.1 | unstable-debug A new major upstream release is available in Debian now. ** Description changed: Scheduled-For: ubuntu-22.11 Upstream: tbd - Debian: 1.60+git20181103.0eebece-1 + Debian: 2.10-0.1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 - - ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium - * New upstream version 1.60+git20181103.0eebece - - Fix nstrcmp() to prevent ifconfig from showing - duplicate interfaces. (Closes: #812886) - * Fix d/watch to point to upstream git repository - * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - - Thanks, Ben Hutchings, for the patch. - * Add patch to fix Japanese translation which uses a wrong - Kanji character. (Closes: #621752) - - Thanks, Takeshi Hamasaki, for the patch. - * Add patch to fix wrong indentation of 'collisions' in the - Japanese translation. (Closes: #653117) - - Thanks, NODA, Kai, for the patch. - * Fix Uploaders' field. - - Add myself as an uploader. - - Fix Tina's details. + * New upstream version 1.60+git20181103.0eebece + - Fix nstrcmp() to prevent ifconfig from showing + duplicate interfaces. (Closes: #812886) + * Fix d/watch to point to upstream git repository + * Add patch to fix decoding of MII vendor ids. (Closes: #549397) + - Thanks, Ben Hutchings, for the patch. + * Add patch to fix Japanese translation which uses a wrong + Kanji character. (Closes: #621752) + - Thanks, Takeshi Hamasaki, for the patch. + * Add patch to fix wrong indentation of 'collisions' in the + Japanese translation. (Closes: #653117) + - Thanks, NODA, Kai, for the patch. + * Fix Uploaders' field. + - Add myself as an uploader. + - Fix Tina's details. - -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 + -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium - * New upstream snapshot - * Refresh patches. - * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and - Dr. Tobias Quathamer for the patch. Closes: #900962. + * New upstream snapshot + * Refresh patches. + * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and + Dr. Tobias Quathamer for the patch. Closes: #900962. - -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + + -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium - * Update maintainer email address. Closes: #899617. - * Update Standards-Version with no changes. + * Update maintainer email address. Closes: #899617. + * Update Standards-Version with no changes. - -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + + -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium - * debian/control: Update Vcs-* and Standards-Version. - * debian/control: remove references to ancient package ja-trans. - * debian/gbp.conf: Update repo layout. + * debian/control: Update Vcs-* and Standards-Version. + * debian/control: remove references to ancient package ja-trans. + * debian/gbp.conf: Update repo layout. - -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + + -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium - * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. - * Add manpage for iptunnel, thanks to Sergio Durigan Junior. - Closes: #88910 - * Rename patches so CME does not choke on them. - * Automated cme fixes; packaging improvements. - * Remove unused and ancient patch. + * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. + * Add manpage for iptunnel, thanks to Sergio Durigan Junior. + Closes: #88910 + * Rename patches so CME does not choke on them. + * Automated cme fixes; packaging improvements. + * Remove unused and ancient patch. - -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + + -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium - * New upstream snapshot. - * Re-synced translations.patch. - * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the - fixes and uploads. Closes: 846509. - * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. - + Really assign CC for cross compilation. - + Use triplet prefixed pkg-config. - * Add debian/NEWS warning about changing output in
[Touch-packages] [Bug 1993426] Re: Merge openldap from Debian unstable for lunar
[This has been uploaded to -proposed, and will be in transition for a
bit]
** Summary changed:
- Merge openldap from Debian unstable for l-series
+ Merge openldap from Debian unstable for lunar
** Changed in: openldap (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1993426
Title:
Merge openldap from Debian unstable for lunar
Status in openldap package in Ubuntu:
Fix Committed
Bug description:
Scheduled-For: ubuntu-22.12
Upstream: tbd
Debian: 2.5.13+dfsg-22.6.3+dfsg-1~exp1
Ubuntu: 2.5.13+dfsg-1ubuntu1
Debian new has 2.6.3+dfsg-1~exp1
### New Debian Changes ###
openldap (2.5.13+dfsg-2) unstable; urgency=medium
* d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
autopkgtest failure due to heimdal setting mode 700 on this directory.
(Closes: #1020442)
* d/source/lintian-overrides: Add wildcards to make overrides compatible
with both older and newer versions of lintian.
* d/slapd-contrib.lintian-overrides: Remove unused
custom-library-search-path override now that krb5-config no longer sets
-rpath.
-- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700
openldap (2.5.13+dfsg-1) unstable; urgency=medium
* d/rules: Remove get-orig-source, now unnecessary.
* Check PGP signature when running uscan.
* d/watch: Modernize watch file; use repacksuffix.
* d/copyright: Update according to DEP-5.
* d/control: Add myself to Uploaders.
* New upstream release.
-- Sergio Durigan Junior Sun, 18 Sep 2022
18:29:46 -0400
openldap (2.5.12+dfsg-2) unstable; urgency=medium
* Stop slapd explicitly in prerm as a workaround for #1006147, which caused
dpkg-reconfigure to not restart the service, so the new configuration was
not applied. See also #994204. (Closes: #1010971)
-- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700
openldap (2.5.12+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
* Update debconf translations:
- German, thanks to Helge Kreutzmann. (Closes: #1007728)
- Spanish, thanks to Camaleón. (Closes: #1008529)
- Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
-- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700
openldap (2.5.11+dfsg-1) unstable; urgency=medium
* Upload to unstable.
-- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800
openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Add openssl to Build-Depends to enable more checks in test067-tls.
* Update slapd-contrib's custom-library-search-path override to work with
current Lintian.
-- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800
openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Update slapd-contrib's custom-library-search-path override to work with
Lintian 2.108.0.
-- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700
openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
yet compatible with autoconf 2.71. (Closes: #993032)
* Stop disabling automake in debian/rules now that upstream removed the
AM_INIT_AUTOMAKE invocation.
* Drop custom config.{guess,sub} handling. dh_update_autotools_config does
the right thing for us.
* Update Standards-Version to 4.6.0; no changes required.
* debian/not-installed: Add the ldapvc.1 man page.
-- Ryan Tandy Mon, 30 Aug 2021 18:54:25 -0700
openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
[ Ryan Tandy ]
* New upstream release.
* Export the cn=config database to LDIF format before upgrading from 2.4.
* slapd.README.Debian:
- Remove text about the dropped evolution-ntlm patch.
- Add guidance for recovering from upgrade failures.
* Remove the debconf warning and README text about the unsafe ACL configured
by default in versions before jessie.
* Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the
ppolicy schema. It's obsolete since the schema has been internalized.
[ Sergio Durigan Junior ]
* Implement the 'escape hatch' mechanism.
- d/po/*.po: Update PO files given the new template note.
- d/po/templates.pot: Update file.
- d/slapd.templates: Add note warning user about a postinst failure,
its possible cause and what to do.
- d/slapd.postinst: Make certain upgrade functions return failure
### Old Ubuntu Delta ###
openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1983618). Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add
[Touch-packages] [Bug 1988730] Re: package libsasl2-modules provides only unsafe SASL bind mechanims
** Also affects: cyrus-sasl2 (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977360
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1988730
Title:
package libsasl2-modules provides only unsafe SASL bind mechanims
Status in cyrus-sasl2 package in Ubuntu:
Fix Released
Status in cyrus-sasl2 source package in Jammy:
In Progress
Status in cyrus-sasl2 package in Debian:
Unknown
Bug description:
[ Impact ]
The SASL SCRAM mechanism is incorrectly part of the libsasl2-modules-
gssapi-mit package. It has nothing to do with MIT or GSSAPI, and
should be in libsasl2-modules.
Normally this would just be an annoyance, but it just so happens that
this also prevents to have the SCRAM mechanism coexist with the GSSAPI
Heimdal one, because libsasl2-modules-gssapi-{mit,heimdal} conflict
with each other.
This change is moving a file from one package to another, so
appropriate breaks/replaces changes have to be made. This move follows
case #10 from the package transition table[1].
[ Test Plan ]
This test plan revolves around dependency checking and upgrades, to make sure
we don't:
- have conflicting files which would break an upgrade
- have no loss of functionality after an upgrade (since a plugin moved
between packages)
a) SCRAM remains installed
# Install the package that provides SCRAM in jammy
$ sudo apt install libsasl2-modules-gssapi-mit
# Confirm mechanism is there and belongs to libsasl2-modules-gssapi-
mit:
$ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
lrwxrwxrwx 1 root root 18 Aug 16 20:08
/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25
$ dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
libsasl2-modules-gssapi-mit:amd64:
/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
# list installed sasl2 packages:
$ dpkg -l | grep -E "^ii.*sasl2" | awk '{print $2,$3}'
libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1
libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1
libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1
libsasl2-modules-gssapi-mit:amd64 2.1.27+dfsg2-3ubuntu1
# dist-upgrade or install the new sasl2 packages from proposed
# Confirm the same packages are installed as before the upgrade, just at
their newer versions:
libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1.1
libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1.1
libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1.1
libsasl2-modules-gssapi-mit:amd64 2.1.27+dfsg2-3ubuntu1.1
# Confirm the scram mechanism is still there, as before:
$ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
lrwxrwxrwx 1 root root 18 Aug 16 20:08
/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25
# But now it belongs to the libsasl2-modules package:
$ dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
libsasl2-modules:amd64: /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
b) Following (a), perform a release-upgrade to kinetic, and confirm
that the same sasl2 packages remain installed, but now at the kinetic
version:
$ dpkg -l | grep -E "^ii.*sasl2" | awk '{print $2,$3}'
libsasl2-2:amd64 2.1.28+dfsg-6ubuntu2
libsasl2-modules:amd64 2.1.28+dfsg-6ubuntu2
libsasl2-modules-db:amd64 2.1.28+dfsg-6ubuntu2
libsasl2-modules-gssapi-mit:amd64 2.1.28+dfsg-6ubuntu2
And that the scram mechanism is there, and still belongs to the
libsasl2-modules package:
$ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
lrwxrwxrwx 1 root root 18 Aug 16 20:08
/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25
$ dpkg -S /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
libsasl2-modules:amd64: /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
c) A jammy system WITHOUT the SCRAM mechanism available (i.e.,
libsasl2-modules-gssapi-mit is NOT installed), will get SCRAM
available after the upgrade, but without installing any new package.
# Start with these sasl2 packages installed on jammy:
libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1
libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1
libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1
# Confirm SCRAM is not installed:
$ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
ls: cannot access '/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2': No such
file or directory
# Upgrade to the packages in proposed
# Confirm no new sasl2 packages were installed:
$ dpkg -l | grep -E "^ii.*sasl2" | awk '{print $2,$3}'
libsasl2-2:amd64 2.1.27+dfsg2-3ubuntu1.1
libsasl2-modules:amd64 2.1.27+dfsg2-3ubuntu1.1
libsasl2-modules-db:amd64 2.1.27+dfsg2-3ubuntu1.1
# Verify that SCRAM is now available, and part of the libsasl2-modules
package:
$ ll /usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2
lrwxrwxrwx 1 root root 18 Aug 16 20:08
/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2 -> libscram.so.2.0.25
$ dpkg -S
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Changed in: openssh (Ubuntu Jammy)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521
Title:
ssh client spins if output fd closed
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Jammy:
In Progress
Bug description:
[Impact]
In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy. While this is an uncommon error, googling
indicates many people have run into it in several different ways. It seems
important to get this fixed in stable releases.
This is a regression in jammy presumably due to change from select()
to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by
upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream:
fix poll() spin when a channel's output fd closes..." [2].
1: https://lwn.net/Articles/885886/
2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
You can shell into the container from a second terminal and use "htop"
to verify that ssh is using 100% of one of the CPU cores:
$ lxc shell ssh-cpu
# htop
This should show one CPU pegged at 100% due to the 'ssh localhost'
process
Next, return to the first terminal, exit out of the sub-ssh session and
install the fix:
# logout
# add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
# apt-get full-upgrade -y
Now repeat the test in the first terminal window, while viewing htop in
the second terminal:
# ssh localhost 2> >({exec 1>&2})
[Where Problems Could Occur]
While the patch in question is well tested upstream, it has a
relatively high line count and as such is difficult to assure
correctness by visual code checking. However, it's not clear that the
line count could be significantly reduced without risking loss of
correctness. Thus this relies more on testing to assure robustness,
than on code review.
The code involves polling behavior, so issues to watch for would more
likely involve process handling, i.e. problems with socket polling.
Beyond that, the usual generic issues to watch for - build issues,
dependency issues during build or on upgrade, and service restarting.
[Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by
this bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its
release notes at https://www.openssh.com/txt/release-9.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Description changed:
[Impact]
- In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy.
+ In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy. While this is an uncommon error, googling
indicates many people have run into it in several different ways. It seems
important to get this fixed in stable releases.
This is a regression in jammy presumably due to change from select() to
poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream
commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll()
spin when a channel's output fd closes..." [2].
1: https://lwn.net/Articles/885886/
2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
You can shell into the container from a second terminal and use "htop"
to verify that ssh is using 100% of one of the CPU cores:
$ lxc shell ssh-cpu
# htop
This should show one CPU pegged at 100% due to the 'ssh localhost'
process
Next, return to the first terminal, exit out of the sub-ssh session and
install the fix:
# logout
# add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
# apt-get full-upgrade -y
Now repeat the test in the first terminal window, while viewing htop in
the second terminal:
# ssh localhost 2> >({exec 1>&2})
[Where Problems Could Occur]
While the patch in question is well tested upstream, it has a relatively
high line count and as such is difficult to assure correctness by visual
code checking. However, it's not clear that the line count could be
significantly reduced without risking loss of correctness. Thus this
relies more on testing to assure robustness, than on code review.
The code involves polling behavior, so issues to watch for would more
likely involve process handling, i.e. problems with socket polling.
Beyond that, the usual generic issues to watch for - build issues,
dependency issues during build or on upgrade, and service restarting.
-
[Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by this
bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release
notes at https://www.openssh.com/txt/release-9.0
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521
Title:
ssh client spins if output fd closed
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Jammy:
Triaged
Bug description:
[Impact]
In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy. While this is an uncommon error, googling
indicates many people have run into it in several different ways. It seems
important to get this fixed in stable releases.
This is a regression in jammy presumably due to change from select()
to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by
upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream:
fix poll() spin when a channel's output fd closes..." [2].
1: https://lwn.net/Articles/885886/
2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
#
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Description changed:
+ [Impact]
+ In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy.
+
+ This is a regression in jammy presumably due to change from select() to
+ poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by upstream
+ commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream: fix poll()
+ spin when a channel's output fd closes..." [2].
+
+ 1: https://lwn.net/Articles/885886/
+ 2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
+
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
-
You can shell into the container from a second terminal and use "htop"
to verify that ssh is using 100% of one of the CPU cores:
$ lxc shell ssh-cpu
# htop
This should show one CPU pegged at 100% due to the 'ssh localhost'
process
Next, return to the first terminal, exit out of the sub-ssh session and
install the fix:
# logout
# add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
# apt-get full-upgrade -y
Now repeat the test in the first terminal window, while viewing htop in
the second terminal:
# ssh localhost 2> >({exec 1>&2})
+ [Where Problems Could Occur]
+
+ While the patch in question is well tested upstream, it has a relatively
+ high line count and as such is difficult to assure correctness by visual
+ code checking. However, it's not clear that the line count could be
+ significantly reduced without risking loss of correctness. Thus this
+ relies more on testing to assure robustness, than on code review.
+
+ The code involves polling behavior, so issues to watch for would more
+ likely involve process handling, i.e. problems with socket polling.
+
+ Beyond that, the usual generic issues to watch for - build issues,
+ dependency issues during build or on upgrade, and service restarting.
+
+
[Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by this
bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release
notes at https://www.openssh.com/txt/release-9.0
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521
Title:
ssh client spins if output fd closed
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Jammy:
Triaged
Bug description:
[Impact]
In certain edge cases where the terminal goes away while an ssh process is
running, ssh can be left consuming 100% CPU. This increases processing costs
for cloud users and wastes energy. While this is an uncommon error, googling
indicates many people have run into it in several different ways. It seems
important to get this fixed in stable releases.
This is a regression in jammy presumably due to change from select()
to poll() (see OpennSSH 8.9 Release Announcement [1] ), fixed by
upstream commit d6556de1db0822c76ba2745cf5c097d9472adf7c "upstream:
fix poll() spin when a channel's output fd closes..." [2].
1: https://lwn.net/Articles/885886/
2.
https://github.com/openssh/openssh-portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
You can
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
I've reproduced the issue and confirmed the PPA fixes it, as expected.
** Description changed:
+ [Test Case]
+ $ lxc launch ubuntu-daily:jammy ssh-cpu
+ $ lxc shell ssh-cpu
+
+ # passwd -d root
+ # ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
+
+ # cat << EOF >>/etc/ssh/ssh_config
+ StrictHostKeyChecking accept-new
+ EOF
+
+ # sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
+ # cat << EOF >>/etc/ssh/sshd_config
+ PermitRootLogin yes
+ PubkeyAuthentication yes
+ PermitEmptyPasswords yes
+ PasswordAuthentication yes
+ ChallengeResponseAuthentication no
+ UsePAM no
+ EOF
+
+ # systemctl restart sshd
+
+ # ssh localhost 2> >({exec 1>&2})
+
+
+ You can shell into the container from a second terminal and use "htop"
+ to verify that ssh is using 100% of one of the CPU cores:
+
+ $ lxc shell ssh-cpu
+ # htop
+
+ This should show one CPU pegged at 100% due to the 'ssh localhost'
+ process
+
+ Next, return to the first terminal, exit out of the sub-ssh session and
+ install the fix:
+
+ # logout
+ # add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
+ # apt-get full-upgrade -y
+
+ Now repeat the test in the first terminal window, while viewing htop in
+ the second terminal:
+
+ # ssh localhost 2> >({exec 1>&2})
+
+ [Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by this
bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release
notes at https://www.openssh.com/txt/release-9.0
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521
Title:
ssh client spins if output fd closed
Status in portable OpenSSH:
Unknown
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Jammy:
Triaged
Bug description:
[Test Case]
$ lxc launch ubuntu-daily:jammy ssh-cpu
$ lxc shell ssh-cpu
# passwd -d root
# ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa
# cat << EOF >>/etc/ssh/ssh_config
StrictHostKeyChecking accept-new
EOF
# sed -ri 's/^PasswordAuthentication/#PasswordAuthentication/'
/etc/ssh/sshd_config
# cat << EOF >>/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication yes
PermitEmptyPasswords yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
EOF
# systemctl restart sshd
# ssh localhost 2> >({exec 1>&2})
You can shell into the container from a second terminal and use "htop"
to verify that ssh is using 100% of one of the CPU cores:
$ lxc shell ssh-cpu
# htop
This should show one CPU pegged at 100% due to the 'ssh localhost'
process
Next, return to the first terminal, exit out of the sub-ssh session and
install the fix:
# logout
# add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521
# apt-get full-upgrade -y
Now repeat the test in the first terminal window, while viewing htop in
the second terminal:
# ssh localhost 2> >({exec 1>&2})
[Original Report]
The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the
bug described at
https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and
https://bugzilla.mindrot.org/show_bug.cgi?id=3405
A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
an xterm, ask for whatever authentication is needed, close the xterm,
and leave the ssh client spinning consuming CPU time for 60 seconds
before it exits. It should leave the ssh client idle for 60 seconds.
Many uses of ssh to launch graphical applications will be caught by
this bug.
This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its
release notes at https://www.openssh.com/txt/release-9.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
I've posted a PPA with the patch to fix this issue here: https://launchpad.net/~bryce/+archive/ubuntu/openssh-sru-lp1986521 This can be installed via: $ sudo add-apt-repository -yus ppa:bryce/openssh-sru-lp1986521 $ sudo apt-get install openssh Can you please upgrade to this and verify it fixes the reported issue? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: Triaged Bug description: The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993427] Re: Merge openssh from Debian unstable for l-series
There is a 9.1 release available for merge now
openssh | 1:9.0p1-1ubuntu7 | kinetic
openssh | 1:9.0p1-1ubuntu7 | lunar
openssh | 1:9.0p1-1ubuntu7.1 | kinetic-updates
openssh | 1:9.0p1-1ubuntu8 | lunar-proposed
openssh| 1:9.1p1-1 | unstable
openssh| 1:9.1p1-1 | unstable-debug
** Changed in: openssh (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1993427
Title:
Merge openssh from Debian unstable for l-series
Status in openssh package in Ubuntu:
New
Bug description:
Scheduled-For: ubuntu-later
Upstream: tbd
Debian: 1:9.0p1-1
Ubuntu: 1:9.0p1-1ubuntu7
### New Debian Changes ###
openssh (1:9.0p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
- scp(1): Use the SFTP protocol by default (closes: #144579, #204546,
#327019). This changes scp's quoting semantics by no longer performing
wildcard expansion using the remote shell, and (with some server
versions) no longer expanding ~user paths. The -O option is available
to use the old protocol. See NEWS.Debian for more details.
- ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ('sntrup761x25519-sha...@openssh.com').
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange (the
previous default) as a backstop against any weaknesses in NTRU Prime
that may be discovered in the future. The combination ensures that the
hybrid exchange offers at least as good security as the status quo.
- sftp-server(8): support the 'copy-data' extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00.
- sftp(1): add a 'cp' command to allow the sftp client to perform
server-side file copies.
- ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd
closes without data in the channel buffer (closes: #1007822).
- sshd(8): pack pollfd array in server listen/accept loop. Could cause
the server to hang/spin when MaxStartups > RLIMIT_NOFILE.
- ssh-keygen(1): avoid NULL deref via the find-principals and
check-novalidate operations. bz3409 and GHPR307 respectively.
- scp(1): fix a memory leak in argument processing.
- sshd(8): don't try to resolve ListenAddress directives in the sshd
re-exec path. They are unused after re-exec and parsing errors
(possible for example if the host's network configuration changed)
could prevent connections from being accepted.
- sshd(8): when refusing a public key authentication request from a
client for using an unapproved or unsupported signature algorithm
include the algorithm name in the log message to make debugging
easier.
- ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
parsing of K/M/G/etc quantities.
- sshd(8): default to not using sandbox when cross compiling. On most
systems poll(2) does not work when the number of FDs is reduced with
setrlimit, so assume it doesn't when cross compiling and we can't run
the test.
* Remove obsolete FAQ, removed from openssh.com in 2016.
-- Colin Watson Sat, 09 Apr 2022 14:14:10
+0100
openssh (1:8.9p1-3) unstable; urgency=medium
* Allow ppoll_time64 in seccomp filter (closes: #1006445).
-- Colin Watson Fri, 25 Feb 2022 23:30:49
+
openssh (1:8.9p1-2) unstable; urgency=medium
* Improve detection of -fzero-call-used-regs=all support.
-- Colin Watson Thu, 24 Feb 2022 16:09:56
+
openssh (1:8.9p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#8.9p1):
- sshd(8): fix an integer overflow in the user authentication path that,
in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
- sshd(8), portable OpenSSH only: this release removes in-built support
for MD5-hashed passwords.
- ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1).
- ssh(1), sshd(8): add the sntrup761x25519-sha...@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default
KEXAlgorithms list (after the ECDH methods but before the prime-group
DH ones). The next release of OpenSSH is likely to make this key
exchange the default method.
- ssh-keygen(1): when downloading resident keys from a FIDO token,
[Touch-packages] [Bug 1993403] Re: Merge heimdal from Debian unstable for lunar
tim debdiff from Heinrich Schuchardt (xypron). (LP #1945787) -- Bryce Harrington Wed, 20 Jul 2022 16:52:39 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1993403/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993403] Re: Merge heimdal from Debian unstable for lunar
** Changed in: heimdal (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/1993403 Title: Merge heimdal from Debian unstable for lunar Status in heimdal package in Ubuntu: In Progress Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 7.7.0+dfsg-6 Ubuntu: 7.7.0+dfsg-4ubuntu1 ### New Debian Changes ### heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #577229. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 heimdal (7.7.0+dfsg-5) unstable; urgency=medium * Fix missing closefrom symbol. Closes: #1016884, #1017244. * Fix spelling of dependency in changelog. * Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/ * Remove default --parallel from dh call. * Remove unused debian/upstream/signing-key.asc key. * Fix Multi-Arch headers. heimdal-multidev is not co-installable, so heimdal-dev cannot be co-installable either. -- Brian May Fri, 02 Sep 2022 07:59:59 +1000 heimdal (7.7.0+dfsg-4) unstable; urgency=medium * Delete dependency on install-info. Closes: #1013735. * Non-maintainer upload. * Reduce Build-Depends: (Closes: #980531) + Drop unused libhesiod-dev. + Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses it. + Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and x11proto-core-dev. + Clean generated C tables to actually rebuild them using python3. -- Brian May Mon, 27 Jun 2022 10:36:10 +1000 heimdal (7.7.0+dfsg-3) unstable; urgency=high * Fix CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ. Closes: #996586. * Fix autoconf 2.7 issues. -- Brian May Wed, 17 Nov 2021 12:12:45 +1100 heimdal (7.7.0+dfsg-2) unstable; urgency=medium * Build using python3. Closes: #936695, #960032. -- Brian May Tue, 12 May 2020 06:56:04 +1000 heimdal (7.7.0+dfsg-1) unstable; urgency=medium * New upstream version. * Fix CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC. Closes: #946786. -- Brian May Tue, 17 Dec 2019 20:23:41 +1100 heimdal (7.5.0+dfsg-3) unstable; urgency=high * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. Closes: #928966. * CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT. Closes: #929064. * Update test certificates to pre 2038 expiry. Closes: #923930. -- Brian May Tue, 21 May 2019 18:04:35 +1000 heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload * Add patch to create headers before building (Closes: 906623) -- Hilko Bengen Sun, 28 Oct 2018 15:10:44 +0100 heimdal (7.5.0+dfsg-2) unstable; urgency=medium * Replace 'MAXHOSTNAMELEN' with 'MaxHostNameLen' in kdc/kx509.c for The Hurd. Closes: #900079. -- Brian May Sat, 02 Jun 2018 10:01:46 +1000 heimdal (7.5.0+dfsg-1) unstable; urgency=high * New upstream version. (Closes: #850723) + CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.4 (Closes: #878144, #868157) + Refresh patches. * Bump Standards-Version to 4.1.2 and compat level to 10. + Remove explicit reference to dh-autoreconf. * Use uscan to get orig source. + Refrain from mangling some bundled RFC texts; just exclude the mas they are not installed into any binary anyway. + Update d/copyright to DEP-5. + Can now use standard uscan/gbp/pristine-tar workflow. * Fix some lintian errors/warnings. + Strip trailing whitespace from changelog. + Fix some duplicate long descriptions. + Use optional priority everywhere. + Update/remove some overrides. ### Old Ubuntu Delta ### heimdal (7.7.0+dfsg-4ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1971280). Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. (LP #1934936) - d/libroken18-heimdal.symbols: Remove symbol rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226 Applied verbatim debdiff from Heinrich Schuchardt (xypron). (LP #1945787) -- Bryce Harrington Wed, 20 Jul 2022 16:52:39 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1993403/+subscripti
[Touch-packages] [Bug 1993403] Re: Merge heimdal from Debian unstable for lunar
** Summary changed: - Merge heimdal from Debian unstable for l-series + Merge heimdal from Debian unstable for lunar ** Changed in: heimdal (Ubuntu) Milestone: None => ubuntu-22.11 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/1993403 Title: Merge heimdal from Debian unstable for lunar Status in heimdal package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 7.7.0+dfsg-6 Ubuntu: 7.7.0+dfsg-4ubuntu1 ### New Debian Changes ### heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #577229. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 heimdal (7.7.0+dfsg-5) unstable; urgency=medium * Fix missing closefrom symbol. Closes: #1016884, #1017244. * Fix spelling of dependency in changelog. * Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/ * Remove default --parallel from dh call. * Remove unused debian/upstream/signing-key.asc key. * Fix Multi-Arch headers. heimdal-multidev is not co-installable, so heimdal-dev cannot be co-installable either. -- Brian May Fri, 02 Sep 2022 07:59:59 +1000 heimdal (7.7.0+dfsg-4) unstable; urgency=medium * Delete dependency on install-info. Closes: #1013735. * Non-maintainer upload. * Reduce Build-Depends: (Closes: #980531) + Drop unused libhesiod-dev. + Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses it. + Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and x11proto-core-dev. + Clean generated C tables to actually rebuild them using python3. -- Brian May Mon, 27 Jun 2022 10:36:10 +1000 heimdal (7.7.0+dfsg-3) unstable; urgency=high * Fix CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ. Closes: #996586. * Fix autoconf 2.7 issues. -- Brian May Wed, 17 Nov 2021 12:12:45 +1100 heimdal (7.7.0+dfsg-2) unstable; urgency=medium * Build using python3. Closes: #936695, #960032. -- Brian May Tue, 12 May 2020 06:56:04 +1000 heimdal (7.7.0+dfsg-1) unstable; urgency=medium * New upstream version. * Fix CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC. Closes: #946786. -- Brian May Tue, 17 Dec 2019 20:23:41 +1100 heimdal (7.5.0+dfsg-3) unstable; urgency=high * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. Closes: #928966. * CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT. Closes: #929064. * Update test certificates to pre 2038 expiry. Closes: #923930. -- Brian May Tue, 21 May 2019 18:04:35 +1000 heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload * Add patch to create headers before building (Closes: 906623) -- Hilko Bengen Sun, 28 Oct 2018 15:10:44 +0100 heimdal (7.5.0+dfsg-2) unstable; urgency=medium * Replace 'MAXHOSTNAMELEN' with 'MaxHostNameLen' in kdc/kx509.c for The Hurd. Closes: #900079. -- Brian May Sat, 02 Jun 2018 10:01:46 +1000 heimdal (7.5.0+dfsg-1) unstable; urgency=high * New upstream version. (Closes: #850723) + CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.4 (Closes: #878144, #868157) + Refresh patches. * Bump Standards-Version to 4.1.2 and compat level to 10. + Remove explicit reference to dh-autoreconf. * Use uscan to get orig source. + Refrain from mangling some bundled RFC texts; just exclude the mas they are not installed into any binary anyway. + Update d/copyright to DEP-5. + Can now use standard uscan/gbp/pristine-tar workflow. * Fix some lintian errors/warnings. + Strip trailing whitespace from changelog. + Fix some duplicate long descriptions. + Use optional priority everywhere. + Update/remove some overrides. ### Old Ubuntu Delta ### heimdal (7.7.0+dfsg-4ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1971280). Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. (LP #1934936) - d/libroken18-heimdal.symbols: Remove symbol rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226 Applied verbatim debdiff from Heinrich Schuchardt (xypron). (LP #1945787) -- Bryce Harrington Wed, 20 Jul 2022 16:52:39 -0700 To man
[Touch-packages] [Bug 1993437] Re: Merge python-oauthlib from Debian unstable for l-series
This bug was fixed in the package python-oauthlib - 3.2.1-2 --- python-oauthlib (3.2.1-2) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) -- Jelmer Vernooij Sun, 16 Oct 2022 18:31:39 +0100 python-oauthlib (3.2.1-1) unstable; urgency=medium * New upstream version 3.2.1 - Fixes CVE-2022-36087 (Closes: #1019710) * debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch - Cherry pick upstream fix and tests for CVE-2022-36087. Many thanks to Salvatore Bonaccorso for the report. * debian/control - Bump Standards-Version to 4.6.1, no changes required. -- Daniele Tricoli Wed, 14 Sep 2022 15:08:45 +0200 ** Changed in: python-oauthlib (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-oauthlib in Ubuntu. https://bugs.launchpad.net/bugs/1993437 Title: Merge python-oauthlib from Debian unstable for l-series Status in python-oauthlib package in Ubuntu: Fix Released Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 3.2.1-2 Ubuntu: 3.2.0-1ubuntu1 ### New Debian Changes ### python-oauthlib (3.2.1-2) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) -- Jelmer Vernooij Sun, 16 Oct 2022 18:31:39 +0100 python-oauthlib (3.2.1-1) unstable; urgency=medium * New upstream version 3.2.1 - Fixes CVE-2022-36087 (Closes: #1019710) * debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch - Cherry pick upstream fix and tests for CVE-2022-36087. Many thanks to Salvatore Bonaccorso for the report. * debian/control - Bump Standards-Version to 4.6.1, no changes required. -- Daniele Tricoli Wed, 14 Sep 2022 15:08:45 +0200 python-oauthlib (3.2.0-1) unstable; urgency=medium * New upstream version 3.2.0. (Closes: #1005931) * debian/copyright - Update copyright years. -- Daniele Tricoli Fri, 18 Feb 2022 02:46:03 +0100 python-oauthlib (3.1.1-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Daniele Tricoli ] * New upstream version 3.1.1 * Enable Salsa pipeline. * debian/control - Bump debhelper compat version to 13. - Bump Standards-Version to 4.6.0, no changes required. * debian/copyright - Update copyright years. * debian/patches/0001-Use-unittest.mock-instead-of-external-mock.patch - Drop since it was backported from upstream and it's included in this release. * debian/watch - Bump debian/watch to version 4. -- Daniele Tricoli Wed, 25 Aug 2021 16:51:46 +0200 python-oauthlib (3.1.0-2) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.5.0, no changes needed. [ Daniele Tricoli ] * Add upstream patch to use unittest.mock instead of external mock. Thanks to Ondřej Nový for the report. (Closes: #962937) * Remove python3-mock dependency. * Fix lintian runtime-test-file-uses-installed-python-versions. -- Daniele Tricoli Wed, 17 Jun 2020 02:52:07 +0200 python-oauthlib (3.1.0-1) unstable; urgency=medium * New upstream version 3.1.0 (Closes: #919533) * Use python-pytest for testing as upstream. * debian/control - Bump compat version to 12. - Specify Rules-Requires-Root: no. * debian/copyright - Update copyright years. -- Daniele Tricoli Sun, 27 Oct 2019 20:22:14 +0100 python-oauthlib (2.1.0-2) unstable; urgency=medium * Team upload. * Use debhelper-compat instead of debian/compat. * Bump Standards-Version to 4.4.1. * Drop Python 2 support (Closes: #937964). -- Ondřej Nový Mon, 14 Oct 2019 10:42:07 +0200 python-oauthlib (2.1.0-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org * d/control: Remove ancient X-Python-Version field * d/control: Remove ancient X-Python3-Version field * Convert git repository from git-dpm to gbp layout [ Daniele Tricoli ] * New upstream release. * Add debian/gbp.conf. * Make sure autopkgtests test the installed version of oauthlib. ### Old Ubuntu Delta ### python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: DoS via malicious redirect uri - debian/patches/CVE-2022-36087-1.patch: add check of performance of ipv6 check in
[Touch-packages] [Bug 1993396] Re: Merge dnsmasq from Debian unstable for l-series
This has been sync'd from Debian: dnsmasq | 2.86-1.1ubuntu2 | kinetic dnsmasq | 2.86-1.1ubuntu2 | lunar dnsmasq | 2.87-1.1| lunar-proposed dnsmasq| 2.85-1 | stable dnsmasq| 2.87-1.1 | testing dnsmasq| 2.87-1.1 | unstable Looks like it's awaiting tests to run in -proposed; there are no errors shown yet, and none are expected. I've verified all the ubuntu changes in kinetic are included in the new upstream release. dnsmasq (2.86-1.1ubuntu2) kinetic; urgency=medium * src/forward.c: Do not refuse retries from client DNS queries. Behaviour to stop infinite loops when all servers return REFUSED was wrongly activated on client retries, resulting in incorrect REFUSED replies to client retries. The code added here is a cherry pick released in upstream version 2.87, originating at https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be (LP: #1981794) -- Lena Voytek Fri, 30 Sep 2022 08:42:39 -0700 dnsmasq (2.86-1.1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: Heap use after free - 03345ecefeb0d82e3c3a4c28f27c3554f0611b39: Fix write-after-free error in DHCPv6 code in src/rfc3315.c. - CVE-2022-0934 -- Leonidas Da Silva Barbosa Wed, 13 Jul 2022 12:10:53 -0300 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0934 ** Changed in: dnsmasq (Ubuntu) Status: New => Fix Committed ** Summary changed: - Merge dnsmasq from Debian unstable for l-series + Sync dnsmasq from Debian unstable for lunar -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1993396 Title: Sync dnsmasq from Debian unstable for lunar Status in dnsmasq package in Ubuntu: Fix Committed Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.87-1.1 Ubuntu: 2.86-1.1ubuntu2 ### New Debian Changes ### dnsmasq (2.87-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:25 +0200 dnsmasq (2.87-1) unstable; urgency=low * New upstream. (closes: #1001209, #1003156) * Include new NFTset support in the build. * Fix crash on netboot with DNS server disabled. (closes: #996332) * Fix rare lockup in DNSSEC. (closes: #1001576) * Close old bug. (closes: #902963) -- Simon Kelley Wed, 25 Sep 2022 23:11:25 + dnsmasq (2.86-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix --address=/#/.. which was lost in 2.86. (closes: #995655) -- Michael Biebl Wed, 10 Nov 2021 22:05:45 +0100 dnsmasq (2.86-1) unstable; urgency=low * Fix debian/changelog format error. (closes: #986626) -- Simon Kelley Thu, 08 Apr 2021 22:39:00 +0100 dnsmasq (2.85-1) unstable; urgency=low * New upstream. * Includes fix to CVE-2021-3448. * Fix manpage typos. (closes: #986150) -- Simon Kelley Sat, 03 Apr 2021 22:17:23 +0100 dnsmasq (2.84-1.2) unstable; urgency=medium * Non-maintainer upload. * Bump old-version in dpkg-maintscript-helper dir_to_symlink calls to also clean up after upgrades to an earlier version in testing. -- Andreas Beckmann Thu, 01 Apr 2021 16:01:51 +0200 dnsmasq (2.84-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix symlink to directory conversion for /usr/share/doc/dnsmasq. This is achieved by directly calling dpkg-maintscript-helper in the preinst, postinst, and postrm scripts, since the package does not use debhelper. (Closes: #985282) -- Sébastien Villemot Sun, 28 Mar 2021 10:55:07 +0200 dnsmasq (2.84-1) unstable; urgency=low * New upstream. -- Simon Kelley Sun, 24 Jan 2021 22:02:01 + dnsmasq (2.83-1) unstable; urgency=high * New upstream. * Includes fixes to CVE-2020-25681 - CVE-2020-25687 inclusive. -- Simon Kelley Fri, 15 Jan 2021 22:22:41 + dnsmasq (2.82-1) unstable; urgency=low * New upstream. -- Simon Kelley Fri, 26 Jun 2020 22:22:41 + dnsmasq (2.81-4) unstable; urgency=low * Remove runit support when building for Ubuntu. (closes: #960401) -- Simon Kelley Fri, 26 Jun 2020 21:52:44 + dnsmasq (2.81-3) unstable; urgency=low * Fixes to control file for bug 958100 -- Simon Kelley Sun, 19 Apr 2020 21:44:12 + dnsmasq (2.81-2) unstable; urgency=low * Fix FTBFS on kFreeBSD. (closes: #958100) -- Simon Kelley Sat, 18 Apr 2020 18:34:15 + dnsmasq (2.81-1) unstable; urgency=low * New upstream. * Fix nodocs/nodoc confusion in rules. (closes: #922758) * Add Vcs-* fields to control. (closes: #922422) * Add systemd support for multiple daemon instances. (closes: #914305) * Add note
[Touch-packages] [Bug 1993420] Re: Merge net-tools from Debian unstable for l-series
No newer merge is available yet ** Changed in: net-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/1993420 Title: Merge net-tools from Debian unstable for l-series Status in net-tools package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 1.60+git20181103.0eebece-1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martín Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. [ Martín Ferrari ] * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière . Closes: #752584. * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com. Closes: #805377. -- Martín Ferrari Thu, 19 Nov 2015 14:48:47 + net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium ### Old Ubuntu Delta ### net-tools (1.60+git20181103.0eebece-1ubuntu5) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 17:20:48 +0100 net-tools (1.60+git20181103.0eebece-1ubuntu4) jammy; urgency=low * Add new DEP8 tests for hostname and ifconfig (LP: #1679346): - d/t/control: add hostname-set-get and ifconfig-lo-info - d/t/hostname-set-get: new test - d/t/ifconfig-lo-info: new test -- Lena Voytek Fri, 22 Oct 2021 07:49:06 -0700 net-tools (1.60+git20181103.0eebece-1ubuntu3) impish; urgency=medium *
[Touch-packages] [Bug 1946878] Re: Merge net-tools from Debian unstable for 22.04
*** This bug is a duplicate of bug 1993420 *** https://bugs.launchpad.net/bugs/1993420 ** This bug is no longer a duplicate of bug 1971296 Merge net-tools from Debian unstable for kinetic ** This bug has been marked a duplicate of bug 1993420 Merge net-tools from Debian unstable for l-series -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/1946878 Title: Merge net-tools from Debian unstable for 22.04 Status in net-tools package in Ubuntu: Incomplete Bug description: Upstream: 1.60+git20210422.dfc41e0 Debian: 1.60+git20181103.0eebece-1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu2 Debian updates this package infrequently, and last updated it 20.10. There is a new upstream version, however, so may be worth going ahead of debian and/or updating it in Debian and syncing it. ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martín Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. [ Martín Ferrari ] * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière . Closes: #752584. * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com. Closes: #805377. -- Martín Ferrari Thu, 19 Nov 2015 14:48:47 + net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium ### Old Ubuntu Delta ### net-tools (1.60+git20181103.0eebece-1ubuntu2) hirsute; urgency=medium * No change rebuild with fixed ownership. -- Dimitri John Ledkov Tue, 16 Feb 2021 15:18:30 + net-tools
[Touch-packages] [Bug 1971296] Re: Merge net-tools from Debian unstable for kinetic
*** This bug is a duplicate of bug 1993420 *** https://bugs.launchpad.net/bugs/1993420 ** This bug has been marked a duplicate of bug 1993420 Merge net-tools from Debian unstable for l-series -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to net-tools in Ubuntu. https://bugs.launchpad.net/bugs/1971296 Title: Merge net-tools from Debian unstable for kinetic Status in net-tools package in Ubuntu: Incomplete Bug description: Upstream: tbd Debian: 1.60+git20181103.0eebece-1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martín Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. [ Martín Ferrari ] * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière . Closes: #752584. * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com. Closes: #805377. -- Martín Ferrari Thu, 19 Nov 2015 14:48:47 + net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium ### Old Ubuntu Delta ### net-tools (1.60+git20181103.0eebece-1ubuntu5) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 17:20:48 +0100 net-tools (1.60+git20181103.0eebece-1ubuntu4) jammy; urgency=low * Add new DEP8 tests for hostname and ifconfig (LP: #1679346): - d/t/control: add hostname-set-get and ifconfig-lo-info - d/t/hostname-set-get: new test - d/t/ifconfig-lo-info: new test -- Lena Voytek Fri, 22 Oct 2021 07:49:06 -0700 net-tools
[Touch-packages] [Bug 1946847] Re: Merge bridge-utils from Debian unstable for 22.04
*** This bug is a duplicate of bug 1993387 *** https://bugs.launchpad.net/bugs/1993387 ** This bug is no longer a duplicate of bug 1971264 Merge bridge-utils from Debian unstable for kinetic ** This bug has been marked a duplicate of bug 1993387 Merge bridge-utils from Debian unstable for l-series -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1946847 Title: Merge bridge-utils from Debian unstable for 22.04 Status in bridge-utils package in Ubuntu: Incomplete Bug description: Upstream: 1.7.1 Debian: 1.7-1 Ubuntu: 1.7-1ubuntu2 Debian typically updates bridge-utils every 4 months on average, but it was last updated 21.02 and looks overdue. Check back in on this monthly. ### New Debian Changes ### bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium * Fix substrings on interfaces. Closes: #873087. * Make it lintian clean sticking to 1.0 source format for now. No time to properly comment all the patches right now. -- Santiago Garcia Mantinan Fri, 02 Mar 2018 22:08:20 +0100 bridge-utils (1.5-14) unstable; urgency=low * Fix a problem with some vlan interfaces not being created. -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200 bridge-utils (1.5-13) unstable; urgency=low * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100 bridge-utils (1.5-12) unstable; urgency=medium * Add vlan support so that old setups using vlans as ports don't break. -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and
[Touch-packages] [Bug 1971264] Re: Merge bridge-utils from Debian unstable for kinetic
*** This bug is a duplicate of bug 1993387 *** https://bugs.launchpad.net/bugs/1993387 ** This bug has been marked a duplicate of bug 1993387 Merge bridge-utils from Debian unstable for l-series -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1971264 Title: Merge bridge-utils from Debian unstable for kinetic Status in bridge-utils package in Ubuntu: Incomplete Bug description: Upstream: tbd Debian: 1.7-1 Ubuntu: 1.7-1ubuntu3 Debian typically updates bridge-utils every 4 months on average, but it was last updated 21.02 and looks overdue. Check back in on this monthly. Based on Upstream's release history for bridge-utils we should have expected a new upstream update around 2022.03. Presumably it could come any time now. ### New Debian Changes ### bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium * Fix substrings on interfaces. Closes: #873087. * Make it lintian clean sticking to 1.0 source format for now. No time to properly comment all the patches right now. -- Santiago Garcia Mantinan Fri, 02 Mar 2018 22:08:20 +0100 bridge-utils (1.5-14) unstable; urgency=low * Fix a problem with some vlan interfaces not being created. -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200 bridge-utils (1.5-13) unstable; urgency=low * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100 bridge-utils (1.5-12) unstable; urgency=medium * Add vlan support so that old setups using vlans as ports don't break. -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from
[Touch-packages] [Bug 1993437] Re: Merge python-oauthlib from Debian unstable for l-series
python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: DoS via malicious redirect uri - debian/patches/CVE-2022-36087-1.patch: add check of performance of ipv6 check in tests/test_uri_validate.py. - debian/patches/CVE-2022-36087-2.patch: fix IPV6 regex used to check redirect_uri in oauthlib/uri_validate.py, tests/test_uri_validate.py. - CVE-2022-36087 -- Marc Deslauriers Fri, 16 Sep 2022 10:26:11 -0400 Ubuntu delta is just this CVE fix. Presumably that's already upstream, so this can be a sync. ** Changed in: python-oauthlib (Ubuntu) Assignee: (unassigned) => Bryce Harrington (bryce) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-36087 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-oauthlib in Ubuntu. https://bugs.launchpad.net/bugs/1993437 Title: Merge python-oauthlib from Debian unstable for l-series Status in python-oauthlib package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 3.2.1-2 Ubuntu: 3.2.0-1ubuntu1 ### New Debian Changes ### python-oauthlib (3.2.1-2) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) -- Jelmer Vernooij Sun, 16 Oct 2022 18:31:39 +0100 python-oauthlib (3.2.1-1) unstable; urgency=medium * New upstream version 3.2.1 - Fixes CVE-2022-36087 (Closes: #1019710) * debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch - Cherry pick upstream fix and tests for CVE-2022-36087. Many thanks to Salvatore Bonaccorso for the report. * debian/control - Bump Standards-Version to 4.6.1, no changes required. -- Daniele Tricoli Wed, 14 Sep 2022 15:08:45 +0200 python-oauthlib (3.2.0-1) unstable; urgency=medium * New upstream version 3.2.0. (Closes: #1005931) * debian/copyright - Update copyright years. -- Daniele Tricoli Fri, 18 Feb 2022 02:46:03 +0100 python-oauthlib (3.1.1-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Daniele Tricoli ] * New upstream version 3.1.1 * Enable Salsa pipeline. * debian/control - Bump debhelper compat version to 13. - Bump Standards-Version to 4.6.0, no changes required. * debian/copyright - Update copyright years. * debian/patches/0001-Use-unittest.mock-instead-of-external-mock.patch - Drop since it was backported from upstream and it's included in this release. * debian/watch - Bump debian/watch to version 4. -- Daniele Tricoli Wed, 25 Aug 2021 16:51:46 +0200 python-oauthlib (3.1.0-2) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.5.0, no changes needed. [ Daniele Tricoli ] * Add upstream patch to use unittest.mock instead of external mock. Thanks to Ondřej Nový for the report. (Closes: #962937) * Remove python3-mock dependency. * Fix lintian runtime-test-file-uses-installed-python-versions. -- Daniele Tricoli Wed, 17 Jun 2020 02:52:07 +0200 python-oauthlib (3.1.0-1) unstable; urgency=medium * New upstream version 3.1.0 (Closes: #919533) * Use python-pytest for testing as upstream. * debian/control - Bump compat version to 12. - Specify Rules-Requires-Root: no. * debian/copyright - Update copyright years. -- Daniele Tricoli Sun, 27 Oct 2019 20:22:14 +0100 python-oauthlib (2.1.0-2) unstable; urgency=medium * Team upload. * Use debhelper-compat instead of debian/compat. * Bump Standards-Version to 4.4.1. * Drop Python 2 support (Closes: #937964). -- Ondřej Nový Mon, 14 Oct 2019 10:42:07 +0200 python-oauthlib (2.1.0-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org * d/control: Remove ancient X-Python-Version field * d/control: Remove ancient X-Python3-Version field * Convert git repository from git-dpm to gbp layout [ Daniele Tricoli ] * New upstream release. * Add debian/gbp.conf. * Make sure autopkgtests test the installed version of oauthlib. ### Old Ubuntu Delta ### python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: DoS via malicious redirect uri - debian/patches/CVE-2022-36087-1.patch: add check of performance of ipv6 check in tests/test_uri_validate.py. - debian/patches/CVE-2022-36087-2.patch: fix IPV6 regex used to check redirect_uri in oauthlib/uri_validate.py, te
[Touch-packages] [Bug 1993396] Re: Merge dnsmasq from Debian unstable for l-series
** Changed in: dnsmasq (Ubuntu) Assignee: (unassigned) => Bryce Harrington (bryce) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1993396 Title: Merge dnsmasq from Debian unstable for l-series Status in dnsmasq package in Ubuntu: New Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.87-1.1 Ubuntu: 2.86-1.1ubuntu2 ### New Debian Changes ### dnsmasq (2.87-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:25 +0200 dnsmasq (2.87-1) unstable; urgency=low * New upstream. (closes: #1001209, #1003156) * Include new NFTset support in the build. * Fix crash on netboot with DNS server disabled. (closes: #996332) * Fix rare lockup in DNSSEC. (closes: #1001576) * Close old bug. (closes: #902963) -- Simon Kelley Wed, 25 Sep 2022 23:11:25 + dnsmasq (2.86-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix --address=/#/.. which was lost in 2.86. (closes: #995655) -- Michael Biebl Wed, 10 Nov 2021 22:05:45 +0100 dnsmasq (2.86-1) unstable; urgency=low * Fix debian/changelog format error. (closes: #986626) -- Simon Kelley Thu, 08 Apr 2021 22:39:00 +0100 dnsmasq (2.85-1) unstable; urgency=low * New upstream. * Includes fix to CVE-2021-3448. * Fix manpage typos. (closes: #986150) -- Simon Kelley Sat, 03 Apr 2021 22:17:23 +0100 dnsmasq (2.84-1.2) unstable; urgency=medium * Non-maintainer upload. * Bump old-version in dpkg-maintscript-helper dir_to_symlink calls to also clean up after upgrades to an earlier version in testing. -- Andreas Beckmann Thu, 01 Apr 2021 16:01:51 +0200 dnsmasq (2.84-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix symlink to directory conversion for /usr/share/doc/dnsmasq. This is achieved by directly calling dpkg-maintscript-helper in the preinst, postinst, and postrm scripts, since the package does not use debhelper. (Closes: #985282) -- Sébastien Villemot Sun, 28 Mar 2021 10:55:07 +0200 dnsmasq (2.84-1) unstable; urgency=low * New upstream. -- Simon Kelley Sun, 24 Jan 2021 22:02:01 + dnsmasq (2.83-1) unstable; urgency=high * New upstream. * Includes fixes to CVE-2020-25681 - CVE-2020-25687 inclusive. -- Simon Kelley Fri, 15 Jan 2021 22:22:41 + dnsmasq (2.82-1) unstable; urgency=low * New upstream. -- Simon Kelley Fri, 26 Jun 2020 22:22:41 + dnsmasq (2.81-4) unstable; urgency=low * Remove runit support when building for Ubuntu. (closes: #960401) -- Simon Kelley Fri, 26 Jun 2020 21:52:44 + dnsmasq (2.81-3) unstable; urgency=low * Fixes to control file for bug 958100 -- Simon Kelley Sun, 19 Apr 2020 21:44:12 + dnsmasq (2.81-2) unstable; urgency=low * Fix FTBFS on kFreeBSD. (closes: #958100) -- Simon Kelley Sat, 18 Apr 2020 18:34:15 + dnsmasq (2.81-1) unstable; urgency=low * New upstream. * Fix nodocs/nodoc confusion in rules. (closes: #922758) * Add Vcs-* fields to control. (closes: #922422) * Add systemd support for multiple daemon instances. (closes: #914305) * Add note explaining that ENABLED is SYSV-init only. (closes: #914755) ### Old Ubuntu Delta ### dnsmasq (2.86-1.1ubuntu2) kinetic; urgency=medium * src/forward.c: Do not refuse retries from client DNS queries. Behaviour to stop infinite loops when all servers return REFUSED was wrongly activated on client retries, resulting in incorrect REFUSED replies to client retries. The code added here is a cherry pick released in upstream version 2.87, originating at https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be (LP: #1981794) -- Lena Voytek Fri, 30 Sep 2022 08:42:39 -0700 dnsmasq (2.86-1.1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: Heap use after free - 03345ecefeb0d82e3c3a4c28f27c3554f0611b39: Fix write-after-free error in DHCPv6 code in src/rfc3315.c. - CVE-2022-0934 -- Leonidas Da Silva Barbosa Wed, 13 Jul 2022 12:10:53 -0300 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1993396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993403] Re: Merge heimdal from Debian unstable for l-series
** Changed in: heimdal (Ubuntu) Assignee: (unassigned) => Bryce Harrington (bryce) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/1993403 Title: Merge heimdal from Debian unstable for l-series Status in heimdal package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 7.7.0+dfsg-6 Ubuntu: 7.7.0+dfsg-4ubuntu1 ### New Debian Changes ### heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #577229. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 heimdal (7.7.0+dfsg-5) unstable; urgency=medium * Fix missing closefrom symbol. Closes: #1016884, #1017244. * Fix spelling of dependency in changelog. * Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/ * Remove default --parallel from dh call. * Remove unused debian/upstream/signing-key.asc key. * Fix Multi-Arch headers. heimdal-multidev is not co-installable, so heimdal-dev cannot be co-installable either. -- Brian May Fri, 02 Sep 2022 07:59:59 +1000 heimdal (7.7.0+dfsg-4) unstable; urgency=medium * Delete dependency on install-info. Closes: #1013735. * Non-maintainer upload. * Reduce Build-Depends: (Closes: #980531) + Drop unused libhesiod-dev. + Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses it. + Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and x11proto-core-dev. + Clean generated C tables to actually rebuild them using python3. -- Brian May Mon, 27 Jun 2022 10:36:10 +1000 heimdal (7.7.0+dfsg-3) unstable; urgency=high * Fix CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ. Closes: #996586. * Fix autoconf 2.7 issues. -- Brian May Wed, 17 Nov 2021 12:12:45 +1100 heimdal (7.7.0+dfsg-2) unstable; urgency=medium * Build using python3. Closes: #936695, #960032. -- Brian May Tue, 12 May 2020 06:56:04 +1000 heimdal (7.7.0+dfsg-1) unstable; urgency=medium * New upstream version. * Fix CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC. Closes: #946786. -- Brian May Tue, 17 Dec 2019 20:23:41 +1100 heimdal (7.5.0+dfsg-3) unstable; urgency=high * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. Closes: #928966. * CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT. Closes: #929064. * Update test certificates to pre 2038 expiry. Closes: #923930. -- Brian May Tue, 21 May 2019 18:04:35 +1000 heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload * Add patch to create headers before building (Closes: 906623) -- Hilko Bengen Sun, 28 Oct 2018 15:10:44 +0100 heimdal (7.5.0+dfsg-2) unstable; urgency=medium * Replace 'MAXHOSTNAMELEN' with 'MaxHostNameLen' in kdc/kx509.c for The Hurd. Closes: #900079. -- Brian May Sat, 02 Jun 2018 10:01:46 +1000 heimdal (7.5.0+dfsg-1) unstable; urgency=high * New upstream version. (Closes: #850723) + CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.4 (Closes: #878144, #868157) + Refresh patches. * Bump Standards-Version to 4.1.2 and compat level to 10. + Remove explicit reference to dh-autoreconf. * Use uscan to get orig source. + Refrain from mangling some bundled RFC texts; just exclude the mas they are not installed into any binary anyway. + Update d/copyright to DEP-5. + Can now use standard uscan/gbp/pristine-tar workflow. * Fix some lintian errors/warnings. + Strip trailing whitespace from changelog. + Fix some duplicate long descriptions. + Use optional priority everywhere. + Update/remove some overrides. ### Old Ubuntu Delta ### heimdal (7.7.0+dfsg-4ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1971280). Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. (LP #1934936) - d/libroken18-heimdal.symbols: Remove symbol rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226 Applied verbatim debdiff from Heinrich Schuchardt (xypron). (LP #1945787) -- Bryce Harrington Wed, 20 Jul 2022 16:52:39 -0700 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1993
[Touch-packages] [Bug 1993420] [NEW] Merge net-tools from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 1.60+git20181103.0eebece-1 Ubuntu: 1.60+git20181103.0eebece-1ubuntu5 ### New Debian Changes ### net-tools (1.60+git20181103.0eebece-1) unstable; urgency=medium * New upstream version 1.60+git20181103.0eebece - Fix nstrcmp() to prevent ifconfig from showing duplicate interfaces. (Closes: #812886) * Fix d/watch to point to upstream git repository * Add patch to fix decoding of MII vendor ids. (Closes: #549397) - Thanks, Ben Hutchings, for the patch. * Add patch to fix Japanese translation which uses a wrong Kanji character. (Closes: #621752) - Thanks, Takeshi Hamasaki, for the patch. * Add patch to fix wrong indentation of 'collisions' in the Japanese translation. (Closes: #653117) - Thanks, NODA, Kai, for the patch. * Fix Uploaders' field. - Add myself as an uploader. - Fix Tina's details. -- Utkarsh Gupta Fri, 02 Oct 2020 15:01:04 +0530 net-tools (1.60+git20180626.aebd88e-1) unstable; urgency=medium * New upstream snapshot * Refresh patches. * Fix typos in German manpages. Thanks to Prof. Dr. Steffen Wendzel and Dr. Tobias Quathamer for the patch. Closes: #900962. -- Martín Ferrari Mon, 24 Sep 2018 19:08:57 + net-tools (1.60+git20161116.90da8a0-4) unstable; urgency=medium * Update maintainer email address. Closes: #899617. * Update Standards-Version with no changes. -- Martín Ferrari Mon, 24 Sep 2018 17:16:31 + net-tools (1.60+git20161116.90da8a0-3) unstable; urgency=medium * debian/control: Update Vcs-* and Standards-Version. * debian/control: remove references to ancient package ja-trans. * debian/gbp.conf: Update repo layout. -- Martín Ferrari Tue, 31 Jul 2018 19:09:00 + net-tools (1.60+git20161116.90da8a0-2) unstable; urgency=medium * Fix typo in French manpage. Thanks to Michel Grigaut for the patch. * Add manpage for iptunnel, thanks to Sergio Durigan Junior. Closes: #88910 * Rename patches so CME does not choke on them. * Automated cme fixes; packaging improvements. * Remove unused and ancient patch. -- Martín Ferrari Sun, 11 Feb 2018 17:29:24 + net-tools (1.60+git20161116.90da8a0-1) unstable; urgency=medium * New upstream snapshot. * Re-synced translations.patch. * Acknowledge NMUs. Thanks a lot to Andrey Rahmatullin for the fixes and uploads. Closes: 846509. * Fix FTCBFS, thanks to Helmut Grohne for the patch. Closes: #811561. + Really assign CC for cross compilation. + Use triplet prefixed pkg-config. * Add debian/NEWS warning about changing output in net-tools commands. Closing bugs that reported problems in 3rd-party scripts arising from these changes. Closes: #845153, #843892, #820212. * Update Standards-Version, with no changes. -- Martín Ferrari Mon, 26 Dec 2016 05:58:42 + net-tools (1.60+git20150829.73cef8a-2.2) unstable; urgency=medium * Non-maintainer upload. * Apply an additional fix for the previous FTBFS for some architectures. -- Andrey Rahmatullin Thu, 01 Dec 2016 22:49:27 +0500 net-tools (1.60+git20150829.73cef8a-2.1) unstable; urgency=medium * Non-maintainer upload. * Fix FTBFS by applying the upstream patch (Closes: #844073). -- Andrey Rahmatullin Sun, 20 Nov 2016 15:23:12 +0500 net-tools (1.60+git20150829.73cef8a-2) unstable; urgency=medium [ Laurent Bigonville ] * Enable SELinux support. Closes: #666204. [ Martín Ferrari ] * Mark the package 'Multi-Arch: foreign', thanks to Frédéric Brière . Closes: #752584. * Fix bug in Portuguese man page, thanks to julianofisc...@gmail.com. Closes: #805377. -- Martín Ferrari Thu, 19 Nov 2015 14:48:47 + net-tools (1.60+git20150829.73cef8a-1) unstable; urgency=medium ### Old Ubuntu Delta ### net-tools (1.60+git20181103.0eebece-1ubuntu5) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 17:20:48 +0100 net-tools (1.60+git20181103.0eebece-1ubuntu4) jammy; urgency=low * Add new DEP8 tests for hostname and ifconfig (LP: #1679346): - d/t/control: add hostname-set-get and ifconfig-lo-info - d/t/hostname-set-get: new test - d/t/ifconfig-lo-info: new test -- Lena Voytek Fri, 22 Oct 2021 07:49:06 -0700 net-tools (1.60+git20181103.0eebece-1ubuntu3) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:21:22 +0200 net-tools (1.60+git20181103.0eebece-1ubuntu2) hirsute; urgency=medium * No change rebuild with fixed ownership. -- Dimitri John Ledkov Tue, 16 Feb 2021 15:18:30 + net-tools (1.60+git20181103.0eebece-1ubuntu1) hirsute; urgency=low * Merge from Debian unstable. Remaining changes: - Ubuntu_unit_conversion.patch: + Ubuntu Policy: output using standard SI unit multiples: KB (10^3), MB (10^6), GB (10^9), TB (10^12) and PB (10^15). Includes manpage
[Touch-packages] [Bug 1993426] [NEW] Merge openldap from Debian unstable for l-series
Public bug reported:
Scheduled-For: ubuntu-22.12
Upstream: tbd
Debian: 2.5.13+dfsg-22.6.3+dfsg-1~exp1
Ubuntu: 2.5.13+dfsg-1ubuntu1
Debian new has 2.6.3+dfsg-1~exp1
### New Debian Changes ###
openldap (2.5.13+dfsg-2) unstable; urgency=medium
* d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the
autopkgtest failure due to heimdal setting mode 700 on this directory.
(Closes: #1020442)
* d/source/lintian-overrides: Add wildcards to make overrides compatible
with both older and newer versions of lintian.
* d/slapd-contrib.lintian-overrides: Remove unused
custom-library-search-path override now that krb5-config no longer sets
-rpath.
-- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700
openldap (2.5.13+dfsg-1) unstable; urgency=medium
* d/rules: Remove get-orig-source, now unnecessary.
* Check PGP signature when running uscan.
* d/watch: Modernize watch file; use repacksuffix.
* d/copyright: Update according to DEP-5.
* d/control: Add myself to Uploaders.
* New upstream release.
-- Sergio Durigan Junior Sun, 18 Sep 2022
18:29:46 -0400
openldap (2.5.12+dfsg-2) unstable; urgency=medium
* Stop slapd explicitly in prerm as a workaround for #1006147, which caused
dpkg-reconfigure to not restart the service, so the new configuration was
not applied. See also #994204. (Closes: #1010971)
-- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700
openldap (2.5.12+dfsg-1) unstable; urgency=medium
* New upstream release.
- Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155)
* Update debconf translations:
- German, thanks to Helge Kreutzmann. (Closes: #1007728)
- Spanish, thanks to Camaleón. (Closes: #1008529)
- Dutch, thanks to Frans Spiesschaert. (Closes: #1010034)
-- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700
openldap (2.5.11+dfsg-1) unstable; urgency=medium
* Upload to unstable.
-- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800
openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Add openssl to Build-Depends to enable more checks in test067-tls.
* Update slapd-contrib's custom-library-search-path override to work with
current Lintian.
-- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800
openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Update slapd-contrib's custom-library-search-path override to work with
Lintian 2.108.0.
-- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700
openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium
* New upstream release.
* Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not
yet compatible with autoconf 2.71. (Closes: #993032)
* Stop disabling automake in debian/rules now that upstream removed the
AM_INIT_AUTOMAKE invocation.
* Drop custom config.{guess,sub} handling. dh_update_autotools_config does
the right thing for us.
* Update Standards-Version to 4.6.0; no changes required.
* debian/not-installed: Add the ldapvc.1 man page.
-- Ryan Tandy Mon, 30 Aug 2021 18:54:25 -0700
openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium
[ Ryan Tandy ]
* New upstream release.
* Export the cn=config database to LDIF format before upgrading from 2.4.
* slapd.README.Debian:
- Remove text about the dropped evolution-ntlm patch.
- Add guidance for recovering from upgrade failures.
* Remove the debconf warning and README text about the unsafe ACL configured
by default in versions before jessie.
* Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the
ppolicy schema. It's obsolete since the schema has been internalized.
[ Sergio Durigan Junior ]
* Implement the 'escape hatch' mechanism.
- d/po/*.po: Update PO files given the new template note.
- d/po/templates.pot: Update file.
- d/slapd.templates: Add note warning user about a postinst failure,
its possible cause and what to do.
- d/slapd.postinst: Make certain upgrade functions return failure
### Old Ubuntu Delta ###
openldap (2.5.13+dfsg-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1983618). Remaining changes:
- Enable AppArmor support:
+ d/apparmor-profile: add AppArmor profile
+ d/rules: use dh_apparmor
+ d/control: Build-Depends on dh-apparmor
+ d/slapd.README.Debian: add note about AppArmor
- Enable ufw support:
+ d/control: suggest ufw.
+ d/rules: install ufw profile.
+ d/slapd.ufw.profile: add ufw profile.
- d/{rules,slapd.py}: Add apport hook.
- d/rules: better regexp to match the Maintainer tag in d/control,
needed in the Ubuntu case because of XSBC-Original-Maintainer
(Closes #960448, LP #1875697)
- Enable SASL/GSSAPI tests. (LP #1976508)
+ d/control: Update B-D to include required dependencies needed to run
SASL/GSSAPI tests during build time, and mark them '!nocheck'.
Thanks: Andreas Hasenack
[Touch-packages] [Bug 1993427] [NEW] Merge openssh from Debian unstable for l-series
Public bug reported:
Scheduled-For: ubuntu-later
Upstream: tbd
Debian: 1:9.0p1-1
Ubuntu: 1:9.0p1-1ubuntu7
### New Debian Changes ###
openssh (1:9.0p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
- scp(1): Use the SFTP protocol by default (closes: #144579, #204546,
#327019). This changes scp's quoting semantics by no longer performing
wildcard expansion using the remote shell, and (with some server
versions) no longer expanding ~user paths. The -O option is available
to use the old protocol. See NEWS.Debian for more details.
- ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ('sntrup761x25519-sha...@openssh.com').
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange (the
previous default) as a backstop against any weaknesses in NTRU Prime
that may be discovered in the future. The combination ensures that the
hybrid exchange offers at least as good security as the status quo.
- sftp-server(8): support the 'copy-data' extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00.
- sftp(1): add a 'cp' command to allow the sftp client to perform
server-side file copies.
- ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd
closes without data in the channel buffer (closes: #1007822).
- sshd(8): pack pollfd array in server listen/accept loop. Could cause
the server to hang/spin when MaxStartups > RLIMIT_NOFILE.
- ssh-keygen(1): avoid NULL deref via the find-principals and
check-novalidate operations. bz3409 and GHPR307 respectively.
- scp(1): fix a memory leak in argument processing.
- sshd(8): don't try to resolve ListenAddress directives in the sshd
re-exec path. They are unused after re-exec and parsing errors
(possible for example if the host's network configuration changed)
could prevent connections from being accepted.
- sshd(8): when refusing a public key authentication request from a
client for using an unapproved or unsupported signature algorithm
include the algorithm name in the log message to make debugging
easier.
- ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
parsing of K/M/G/etc quantities.
- sshd(8): default to not using sandbox when cross compiling. On most
systems poll(2) does not work when the number of FDs is reduced with
setrlimit, so assume it doesn't when cross compiling and we can't run
the test.
* Remove obsolete FAQ, removed from openssh.com in 2016.
-- Colin Watson Sat, 09 Apr 2022 14:14:10 +0100
openssh (1:8.9p1-3) unstable; urgency=medium
* Allow ppoll_time64 in seccomp filter (closes: #1006445).
-- Colin Watson Fri, 25 Feb 2022 23:30:49 +
openssh (1:8.9p1-2) unstable; urgency=medium
* Improve detection of -fzero-call-used-regs=all support.
-- Colin Watson Thu, 24 Feb 2022 16:09:56 +
openssh (1:8.9p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#8.9p1):
- sshd(8): fix an integer overflow in the user authentication path that,
in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
- sshd(8), portable OpenSSH only: this release removes in-built support
for MD5-hashed passwords.
- ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1).
- ssh(1), sshd(8): add the sntrup761x25519-sha...@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default
KEXAlgorithms list (after the ECDH methods but before the prime-group
DH ones). The next release of OpenSSH is likely to make this key
exchange the default method.
- ssh-keygen(1): when downloading resident keys from a FIDO token, pass
back the user ID that was used when the key was created and append it
to the filename the key is written to (if it is not the default).
Avoids keys being clobbered if the user created multiple resident keys
with the same application string but different user IDs.
- ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on
tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
- ssh-keygen(1): add 'ssh-keygen -Y match-principals' operation to
perform matching of principals names against an allowed signers file.
To be used towards a TOFU model for SSH signatures in git.
- ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to
ssh-agent(1). $SSH_ASKPASS will be
[Touch-packages] [Bug 1993437] [NEW] Merge python-oauthlib from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 3.2.1-2 Ubuntu: 3.2.0-1ubuntu1 ### New Debian Changes ### python-oauthlib (3.2.1-2) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) -- Jelmer Vernooij Sun, 16 Oct 2022 18:31:39 +0100 python-oauthlib (3.2.1-1) unstable; urgency=medium * New upstream version 3.2.1 - Fixes CVE-2022-36087 (Closes: #1019710) * debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch - Cherry pick upstream fix and tests for CVE-2022-36087. Many thanks to Salvatore Bonaccorso for the report. * debian/control - Bump Standards-Version to 4.6.1, no changes required. -- Daniele Tricoli Wed, 14 Sep 2022 15:08:45 +0200 python-oauthlib (3.2.0-1) unstable; urgency=medium * New upstream version 3.2.0. (Closes: #1005931) * debian/copyright - Update copyright years. -- Daniele Tricoli Fri, 18 Feb 2022 02:46:03 +0100 python-oauthlib (3.1.1-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Daniele Tricoli ] * New upstream version 3.1.1 * Enable Salsa pipeline. * debian/control - Bump debhelper compat version to 13. - Bump Standards-Version to 4.6.0, no changes required. * debian/copyright - Update copyright years. * debian/patches/0001-Use-unittest.mock-instead-of-external-mock.patch - Drop since it was backported from upstream and it's included in this release. * debian/watch - Bump debian/watch to version 4. -- Daniele Tricoli Wed, 25 Aug 2021 16:51:46 +0200 python-oauthlib (3.1.0-2) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Update standards version to 4.5.0, no changes needed. [ Daniele Tricoli ] * Add upstream patch to use unittest.mock instead of external mock. Thanks to Ondřej Nový for the report. (Closes: #962937) * Remove python3-mock dependency. * Fix lintian runtime-test-file-uses-installed-python-versions. -- Daniele Tricoli Wed, 17 Jun 2020 02:52:07 +0200 python-oauthlib (3.1.0-1) unstable; urgency=medium * New upstream version 3.1.0 (Closes: #919533) * Use python-pytest for testing as upstream. * debian/control - Bump compat version to 12. - Specify Rules-Requires-Root: no. * debian/copyright - Update copyright years. -- Daniele Tricoli Sun, 27 Oct 2019 20:22:14 +0100 python-oauthlib (2.1.0-2) unstable; urgency=medium * Team upload. * Use debhelper-compat instead of debian/compat. * Bump Standards-Version to 4.4.1. * Drop Python 2 support (Closes: #937964). -- Ondřej Nový Mon, 14 Oct 2019 10:42:07 +0200 python-oauthlib (2.1.0-1) unstable; urgency=medium [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org * d/control: Remove ancient X-Python-Version field * d/control: Remove ancient X-Python3-Version field * Convert git repository from git-dpm to gbp layout [ Daniele Tricoli ] * New upstream release. * Add debian/gbp.conf. * Make sure autopkgtests test the installed version of oauthlib. ### Old Ubuntu Delta ### python-oauthlib (3.2.0-1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: DoS via malicious redirect uri - debian/patches/CVE-2022-36087-1.patch: add check of performance of ipv6 check in tests/test_uri_validate.py. - debian/patches/CVE-2022-36087-2.patch: fix IPV6 regex used to check redirect_uri in oauthlib/uri_validate.py, tests/test_uri_validate.py. - CVE-2022-36087 -- Marc Deslauriers Fri, 16 Sep 2022 10:26:11 -0400 ** Affects: python-oauthlib (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-oauthlib in Ubuntu. https://bugs.launchpad.net/bugs/1993437 Title: Merge python-oauthlib from Debian unstable for l-series Status in python-oauthlib package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 3.2.1-2 Ubuntu: 3.2.0-1ubuntu1 ### New Debian Changes ### python-oauthlib (3.2.1-2) unstable; urgency=medium [ Debian Janitor ] * Remove constraints unnecessary since buster (oldstable) -- Jelmer Vernooij Sun, 16 Oct 2022 18:31:39 +0100 python-oauthlib (3.2.1-1) unstable; urgency=medium * New upstream version 3.2.1 - Fixes CVE-2022-36087 (Closes: #1019710) * debian/patches/0001-Add-check-of-performance-of-ipv6-check.patch debian/patches/0002-Fix-IPV6-regex-used-to-check-redirect_uri.patch - Cherry pick upstream fix and tests for
[Touch-packages] [Bug 1993395] [NEW] Merge cyrus-sasl2 from Debian unstable for l-series
Public bug reported:
Scheduled-For: ubuntu-23.01
Upstream: tbd
Debian: 2.1.28+dfsg-8
Ubuntu: 2.1.28+dfsg-6ubuntu2
### New Debian Changes ###
cyrus-sasl2 (2.1.28+dfsg-8) unstable; urgency=medium
[ Andreas Hasenack ]
* Add SASL channel binding support for GSSAPI and GSS-SPNEGO
(LP: #1912256):
- d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL channel
binding support for GSSAPI and GSS-SPNEGO
- d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-1.patch:
allow setting maxssf to 0 when using GSS-SPNEGO inside SSL/TLS
- d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-2.patch:
be more conformant to RFC4752
-- Bastian Germann Mon, 05 Sep 2022 14:30:39 +0200
cyrus-sasl2 (2.1.28+dfsg-7) unstable; urgency=medium
* d/tests: Relicense to GPL-3
* Patch: honor log level option on clients (LP: #827151)
-- Bastian Germann Thu, 18 Aug 2022 23:24:01 +0200
cyrus-sasl2 (2.1.28+dfsg-6) unstable; urgency=high
* d/copyright: Add debian/tests info
[ Andreas Hasenack ]
* d/p/0026-Gracefully-handle-failed-init.patch (Closes: #1011249)
* d/p/0027-Catch-errors-from-EVP_Digest-functions.patch
* d/p/0029-Load-OpenSSL3-legacy-provider-digestmd5.patch
* d/t/{control,shared-secret-mechs}: test shared secret mechanisms
-- Bastian Germann Thu, 19 May 2022 22:10:49 +0200
cyrus-sasl2 (2.1.28+dfsg-5) unstable; urgency=medium
* Recover upstream-compatible debian/* license
* debian/po: Convert non-UTF-8 to UTF-8
* Patch: Fix time.h check (fixes implicit-function-declarations)
[ Andreas Hasenack ]
* d/t/{control,pluginviewer}: test available mechanisms
* d/t/{control,saslauthd}: saslauthd tests with multiple mechanisms
* d/t/{control,gssapi}: test for SASL GSSAPI using OpenLDAP
-- Bastian Germann Sat, 14 May 2022 14:32:58 +0200
cyrus-sasl2 (2.1.28+dfsg-4) unstable; urgency=medium
* d/copyright: java/* files were removed upstream
* d/copyright: Reformat the default license's margin
* d/copyright: Add project's license to include/makemd5.c
* Move SCRAM to libsasl2-modules (Closes: #977360)
* Install additional GS2 module for Heimdal
* Remove Roberto from the Uploaders
* Drop 0005-Fixes-in-library-mutexes.patch
* Drop 0021-Fix-keytab-option-for-MIT-Kerberos.patch
* Remove former logcheck conffile (Closes: #1009851)
* lintian: Fix excessive-priority-for-library-package
* lintian: Fix package-contains-empty-directory
-- Bastian Germann Wed, 20 Apr 2022 01:01:01 +0200
cyrus-sasl2 (2.1.28+dfsg-3) unstable; urgency=high
* Set MIT/Heimdal CFLAGS instead of CPPFLAGS
* Drop unnecessary 0027-properly-create-libsasl2.pc.patch
* Prevent installing outdated ChangeLog (Closes: #1009681)
* Remove debug log message and its logcheck rule (Closes: #805310)
* Self-reference pluginviewer man as saslpluginviewer (Closes: #1009380)
* Get rid of broken README.configure-options
* Add sasldbconverter2.8 manpage
* d/copyright: Add missing KTH license
* Install libsasl.5 manpage
[ Debian Janitor ]
* Remove constraints unnecessary since buster
-- Bastian Germann Fri, 15 Apr 2022 12:02:13 +0200
cyrus-sasl2 (2.1.28+dfsg-2) unstable; urgency=medium
* Remove cruft
-- Bastian Germann Fri, 25 Feb 2022 18:58:54 +0100
cyrus-sasl2 (2.1.28+dfsg-1) experimental; urgency=medium
* Drop upstream patches
* Import new release signing key
* Reset repacksuffix
* New upstream version 2.1.28+dfsg (CVE-2022-24407)
* Rebase 0027-properly-create-libsasl2.pc.patch
-- Bastian Germann Tue, 22 Feb 2022 23:40:47 +0100
cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium
[ Andreas Hasenack ]
* Fix configure.ac for autoconf 2.70 (Closes: #1003355, #1000152)
### Old Ubuntu Delta ###
cyrus-sasl2 (2.1.28+dfsg-6ubuntu2) kinetic; urgency=medium
* Add SASL channel binding support for GSSAPI and GSS-SPNEGO
(LP: #1912256):
- d/p/0034-channel-binding-gssapi-gss-spnego.patch: add SASL channel
binding support for GSSAPI and GSS-SPNEGO
- d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-1.patch:
allow setting maxssf to 0 when using GSS-SPNEGO inside SSL/TLS
- d/p/0035-Add-support-for-setting-max-ssf-0-to-GSS-SPNEGO-2.patch:
be more conformant to RFC4752
-- Andreas Hasenack Tue, 16 Aug 2022 17:08:44
-0300
cyrus-sasl2 (2.1.28+dfsg-6ubuntu1) kinetic; urgency=medium
* d/p/0033-honor-log_level-option-on-clients-too.patch: honor log
level option on clients (LP: #827151)
-- Andreas Hasenack Wed, 25 May 2022 16:41:43
-0300
** Affects: cyrus-sasl2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: needs-merge upgrade-software-version
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.
https://bugs.launchpad.net/bugs/1993395
Title:
Merge cyrus-sasl2 from Debian unstable for l-series
Status in cyrus-sasl2 package in Ubuntu:
New
Bug
[Touch-packages] [Bug 1993396] [NEW] Merge dnsmasq from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.87-1.1 Ubuntu: 2.86-1.1ubuntu2 ### New Debian Changes ### dnsmasq (2.87-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:25 +0200 dnsmasq (2.87-1) unstable; urgency=low * New upstream. (closes: #1001209, #1003156) * Include new NFTset support in the build. * Fix crash on netboot with DNS server disabled. (closes: #996332) * Fix rare lockup in DNSSEC. (closes: #1001576) * Close old bug. (closes: #902963) -- Simon Kelley Wed, 25 Sep 2022 23:11:25 + dnsmasq (2.86-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix --address=/#/.. which was lost in 2.86. (closes: #995655) -- Michael Biebl Wed, 10 Nov 2021 22:05:45 +0100 dnsmasq (2.86-1) unstable; urgency=low * Fix debian/changelog format error. (closes: #986626) -- Simon Kelley Thu, 08 Apr 2021 22:39:00 +0100 dnsmasq (2.85-1) unstable; urgency=low * New upstream. * Includes fix to CVE-2021-3448. * Fix manpage typos. (closes: #986150) -- Simon Kelley Sat, 03 Apr 2021 22:17:23 +0100 dnsmasq (2.84-1.2) unstable; urgency=medium * Non-maintainer upload. * Bump old-version in dpkg-maintscript-helper dir_to_symlink calls to also clean up after upgrades to an earlier version in testing. -- Andreas Beckmann Thu, 01 Apr 2021 16:01:51 +0200 dnsmasq (2.84-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix symlink to directory conversion for /usr/share/doc/dnsmasq. This is achieved by directly calling dpkg-maintscript-helper in the preinst, postinst, and postrm scripts, since the package does not use debhelper. (Closes: #985282) -- Sébastien Villemot Sun, 28 Mar 2021 10:55:07 +0200 dnsmasq (2.84-1) unstable; urgency=low * New upstream. -- Simon Kelley Sun, 24 Jan 2021 22:02:01 + dnsmasq (2.83-1) unstable; urgency=high * New upstream. * Includes fixes to CVE-2020-25681 - CVE-2020-25687 inclusive. -- Simon Kelley Fri, 15 Jan 2021 22:22:41 + dnsmasq (2.82-1) unstable; urgency=low * New upstream. -- Simon Kelley Fri, 26 Jun 2020 22:22:41 + dnsmasq (2.81-4) unstable; urgency=low * Remove runit support when building for Ubuntu. (closes: #960401) -- Simon Kelley Fri, 26 Jun 2020 21:52:44 + dnsmasq (2.81-3) unstable; urgency=low * Fixes to control file for bug 958100 -- Simon Kelley Sun, 19 Apr 2020 21:44:12 + dnsmasq (2.81-2) unstable; urgency=low * Fix FTBFS on kFreeBSD. (closes: #958100) -- Simon Kelley Sat, 18 Apr 2020 18:34:15 + dnsmasq (2.81-1) unstable; urgency=low * New upstream. * Fix nodocs/nodoc confusion in rules. (closes: #922758) * Add Vcs-* fields to control. (closes: #922422) * Add systemd support for multiple daemon instances. (closes: #914305) * Add note explaining that ENABLED is SYSV-init only. (closes: #914755) ### Old Ubuntu Delta ### dnsmasq (2.86-1.1ubuntu2) kinetic; urgency=medium * src/forward.c: Do not refuse retries from client DNS queries. Behaviour to stop infinite loops when all servers return REFUSED was wrongly activated on client retries, resulting in incorrect REFUSED replies to client retries. The code added here is a cherry pick released in upstream version 2.87, originating at https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be (LP: #1981794) -- Lena Voytek Fri, 30 Sep 2022 08:42:39 -0700 dnsmasq (2.86-1.1ubuntu1) kinetic; urgency=medium * SECURITY UPDATE: Heap use after free - 03345ecefeb0d82e3c3a4c28f27c3554f0611b39: Fix write-after-free error in DHCPv6 code in src/rfc3315.c. - CVE-2022-0934 -- Leonidas Da Silva Barbosa Wed, 13 Jul 2022 12:10:53 -0300 ** Affects: dnsmasq (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1993396 Title: Merge dnsmasq from Debian unstable for l-series Status in dnsmasq package in Ubuntu: New Bug description: Scheduled-For: ubuntu-23.01 Upstream: tbd Debian: 2.87-1.1 Ubuntu: 2.86-1.1ubuntu2 ### New Debian Changes ### dnsmasq (2.87-1.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:25 +0200 dnsmasq (2.87-1) unstable; urgency=low * New upstream. (closes: #1001209, #1003156) * Include new NFTset support in the build. * Fix crash on netboot with DNS server disabled. (closes: #996332) * Fix rare lockup in DNSSEC. (closes: #1001576) * Close old bug. (closes: #902963) -- Simon Kelley Wed, 25 Sep 2022 23:11:25
[Touch-packages] [Bug 1993403] [NEW] Merge heimdal from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 7.7.0+dfsg-6 Ubuntu: 7.7.0+dfsg-4ubuntu1 ### New Debian Changes ### heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again. Closes: #577229. * Create /var/lib/heimdal-kdc/m-key not /var/lib/heimdal-kdc/heimdal.mkey. Closes: #964008. * Disable use of -rpath in krb5-config.heimdal. Closes: #868840. -- Brian May Mon, 05 Sep 2022 08:35:33 +1000 heimdal (7.7.0+dfsg-5) unstable; urgency=medium * Fix missing closefrom symbol. Closes: #1016884, #1017244. * Fix spelling of dependency in changelog. * Fix override_dh_fixperms typo, use 700 for /var/lib/heimdal-kdc/ * Remove default --parallel from dh call. * Remove unused debian/upstream/signing-key.asc key. * Fix Multi-Arch headers. heimdal-multidev is not co-installable, so heimdal-dev cannot be co-installable either. -- Brian May Fri, 02 Sep 2022 07:59:59 +1000 heimdal (7.7.0+dfsg-4) unstable; urgency=medium * Delete dependency on install-info. Closes: #1013735. * Non-maintainer upload. * Reduce Build-Depends: (Closes: #980531) + Drop unused libhesiod-dev. + Drop unused libperl4-corelibs-perl as cf/make-proto.pl no longer uses it. + Drop unused libx11-dev, libxau-dev, libxt-dev, ss-dev, and x11proto-core-dev. + Clean generated C tables to actually rebuild them using python3. -- Brian May Mon, 27 Jun 2022 10:36:10 +1000 heimdal (7.7.0+dfsg-3) unstable; urgency=high * Fix CVE-2021-3671: A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ. Closes: #996586. * Fix autoconf 2.7 issues. -- Brian May Wed, 17 Nov 2021 12:12:45 +1100 heimdal (7.7.0+dfsg-2) unstable; urgency=medium * Build using python3. Closes: #936695, #960032. -- Brian May Tue, 12 May 2020 06:56:04 +1000 heimdal (7.7.0+dfsg-1) unstable; urgency=medium * New upstream version. * Fix CVE-2019-14870: The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC. Closes: #946786. -- Brian May Tue, 17 Dec 2019 20:23:41 +1100 heimdal (7.5.0+dfsg-3) unstable; urgency=high * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. Closes: #928966. * CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT. Closes: #929064. * Update test certificates to pre 2038 expiry. Closes: #923930. -- Brian May Tue, 21 May 2019 18:04:35 +1000 heimdal (7.5.0+dfsg-2.1) unstable; urgency=medium * Non-maintainer upload * Add patch to create headers before building (Closes: 906623) -- Hilko Bengen Sun, 28 Oct 2018 15:10:44 +0100 heimdal (7.5.0+dfsg-2) unstable; urgency=medium * Replace 'MAXHOSTNAMELEN' with 'MaxHostNameLen' in kdc/kx509.c for The Hurd. Closes: #900079. -- Brian May Sat, 02 Jun 2018 10:01:46 +1000 heimdal (7.5.0+dfsg-1) unstable; urgency=high * New upstream version. (Closes: #850723) + CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.4 (Closes: #878144, #868157) + Refresh patches. * Bump Standards-Version to 4.1.2 and compat level to 10. + Remove explicit reference to dh-autoreconf. * Use uscan to get orig source. + Refrain from mangling some bundled RFC texts; just exclude the mas they are not installed into any binary anyway. + Update d/copyright to DEP-5. + Can now use standard uscan/gbp/pristine-tar workflow. * Fix some lintian errors/warnings. + Strip trailing whitespace from changelog. + Fix some duplicate long descriptions. + Use optional priority everywhere. + Update/remove some overrides. ### Old Ubuntu Delta ### heimdal (7.7.0+dfsg-4ubuntu1) kinetic; urgency=medium * Merge with Debian unstable (LP: #1971280). Remaining changes: - d/rules: Disable lto, to regain dep on roken, otherwise dependencies on amd64 are different than i386 resulting in different files on amd64 and i386. (LP #1934936) - d/libroken18-heimdal.symbols: Remove symbol rk_closefrom@HEIMDAL_ROKEN_1.0 1.4.0+git20110226 Applied verbatim debdiff from Heinrich Schuchardt (xypron). (LP #1945787) -- Bryce Harrington Wed, 20 Jul 2022 16:52:39 -0700 ** Affects: heimdal (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/1993403 Title: Merge heimdal from Debian unstable for l-series Status in heimdal package in Ubuntu: New Bug description: Scheduled-For: ubuntu-22.11 Upstream: tbd Debian: 7.7.0+dfsg-6 Ubuntu: 7.7.0+dfsg-4ubuntu1 ### New Debian Changes ### heimdal (7.7.0+dfsg-6) unstable; urgency=medium * Retry deleting dangling windc.so again
[Touch-packages] [Bug 1993409] [NEW] Merge libmnl from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 ** Affects: libmnl (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libmnl (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libmnl in Ubuntu. https://bugs.launchpad.net/bugs/1993409 Title: Merge libmnl from Debian unstable for l-series Status in libmnl package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.0.4-3 Ubuntu: 1.0.4-3ubuntu1 ### Old Ubuntu Delta ### libmnl (1.0.4-3ubuntu1) kinetic; urgency=medium * Static build does not work for libmnl (-lmnl) (LP: #1971523) -- Michal Maloszewski Thu, 21 Jul 2022 14:02:16 +0200 libmnl (1.0.4-3build2) jammy; urgency=high * No change rebuild for ppc64el baseline bump. -- Julian Andres Klode Thu, 24 Mar 2022 13:13:28 +0100 libmnl (1.0.4-3build1) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:16:42 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/1993409/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993411] [NEW] Merge libseccomp from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-later Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu1 ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 ** Affects: libseccomp (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: libseccomp (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1993411 Title: Merge libseccomp from Debian unstable for l-series Status in libseccomp package in Ubuntu: Incomplete Bug description: Scheduled-For: ubuntu-later Upstream: tbd Debian: 2.5.4-1 Ubuntu: 2.5.4-1ubuntu1 ### Old Ubuntu Delta ### libseccomp (2.5.4-1ubuntu1) kinetic; urgency=medium * Merge from Debian unstable; remaining changes: - Add autopkgtests -- Alex Murray Tue, 03 May 2022 11:43:10 +0930 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1993411/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1993387] [NEW] Merge bridge-utils from Debian unstable for l-series
Public bug reported: Scheduled-For: ubuntu-22.12 Upstream: tbd Debian: 1.7-1 Ubuntu: 1.7-1ubuntu3 ### New Debian Changes ### bridge-utils (1.7-1) unstable; urgency=medium * New upstream version. Only messages related changes and compilation fixes. * Remove preserve_gcc_flags patch (in upstream now). * Bump standards, no change needed. * Clarify portprio and fix example. * Update upstream url. * Fix NEWS versioning of last entry :-? -- Santiago Garcia Mantinan Wed, 24 Feb 2021 12:34:03 +0100 bridge-utils (1.6-6) unstable; urgency=medium * Fix IPv6 address getting assigned on hotplug devices. Closes: #980752. * Fix waiting so that DAD works again. Closes: #982943. * Move mac setting before brctl addif to ensure mac setting. Closes: #980856. * Update documentation and add examples. Closes: #765098. * Update manpages. Closes: #981253. * Add a note on MTU settings. Closes: #292088. * Hook also on down to recreate the bridge so that multiple stanzas work Ok on ifdown. Closes: #319832. -- Santiago Garcia Mantinan Tue, 16 Feb 2021 13:29:04 +0100 bridge-utils (1.6-5) unstable; urgency=low * Overload bridge_hw to allow do specify an interface as well as the MAC address. Closes: #966244. * Change man page for bridge-utils-interfaces and news fileto document this overloading. -- Santiago Garcia Mantinan Fri, 22 Jan 2021 11:08:47 +0100 bridge-utils (1.6-4) unstable; urgency=low * Add en* to the device regex so that all catches them. Closes: #966319. * Document MAC address changes on news. Closes: #980505. -- Santiago Garcia Mantinan Thu, 21 Jan 2021 10:51:31 +0100 bridge-utils (1.6-3) unstable; urgency=medium * Support VLAN aware setups where we need vlan filtering. Thanks Benedikt Spranger for the patch. Closes: #950879. * Clarify on manual page that stp will get IPv6 lost. Closes: #736336. * Add a 1 second sleep if hw address needs to be changed. Closes: #945466. -- Santiago Garcia Mantinan Thu, 30 Apr 2020 10:06:38 +0200 bridge-utils (1.6-2) unstable; urgency=medium * Bump Standards-Version. * Preserve gcc flags set when building the lib. -- Santiago Garcia Mantinan Mon, 28 Jan 2019 00:25:14 +0100 bridge-utils (1.6-1) unstable; urgency=low * New upstream version. * Change default back to not hotplug. Closes: #892277. * Allow mtu to be set on the bridge by propagating it to the bridged interfaces. Closes: #661711. * Remove kernel headers from the package. -- Santiago Garcia Mantinan Tue, 15 Jan 2019 13:18:33 +0100 bridge-utils (1.5-16) unstable; urgency=medium * Don't set dev globally at bridge-utils.sh. Closes: #873086. -- Santiago Garcia Mantinan Sun, 08 Apr 2018 23:06:30 +0200 bridge-utils (1.5-15) unstable; urgency=medium * Fix substrings on interfaces. Closes: #873087. * Make it lintian clean sticking to 1.0 source format for now. No time to properly comment all the patches right now. -- Santiago Garcia Mantinan Fri, 02 Mar 2018 22:08:20 +0100 bridge-utils (1.5-14) unstable; urgency=low * Fix a problem with some vlan interfaces not being created. -- Santiago Garcia Mantinan Mon, 26 Jun 2017 17:48:37 +0200 bridge-utils (1.5-13) unstable; urgency=low * Fix a hardcoded interface name on bridge-utils.sh. Closes: #854841. -- Santiago Garcia Mantinan Sat, 11 Feb 2017 00:16:45 +0100 bridge-utils (1.5-12) unstable; urgency=medium * Add vlan support so that old setups using vlans as ports don't break. -- Santiago Garcia Mantinan Sun, 22 Jan 2017 00:23:50 +0100 ### Old Ubuntu Delta ### bridge-utils (1.7-1ubuntu3) jammy; urgency=medium * No-change rebuild for ppc64el baseline bump. -- Łukasz 'sil2100' Zemczak Wed, 23 Mar 2022 10:44:35 +0100 bridge-utils (1.7-1ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:09:41 +0200 bridge-utils (1.7-1ubuntu1) impish; urgency=low * Merge from Debian unstable. Remaining changes: - Don't call ifup from bridge-network-interface, instead just call brctl and let udev/upstart bring the interface up. - debian/ifupdown.sh: Handle bridge params which use port and value - debian/bridge-utils-interface.5: + Update max, default value for path cost + Update unsettable gcint value for newer kernels -- Steve Langasek Wed, 17 Mar 2021 12:32:22 -0700 ** Affects: bridge-utils (Ubuntu) Importance: Undecided Status: Incomplete ** Tags: needs-merge upgrade-software-version ** Changed in: bridge-utils (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1993387 Title: Merge bridge-utils from Debian unstable for l-series Status in bridge-utils package in Ubuntu: Incomplete Bug description: Scheduled-For:
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: Triaged Bug description: The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971323] Re: Merge six from Debian unstable for kinetic
** Changed in: six (Ubuntu) Milestone: ubuntu-22.06 => later -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to six in Ubuntu. https://bugs.launchpad.net/bugs/1971323 Title: Merge six from Debian unstable for kinetic Status in six package in Ubuntu: New Bug description: Upstream: tbd Debian: 1.16.0-3 Ubuntu: 1.16.0-3ubuntu1 Debian typically updates six every 2 months on average, but it was last updated 21.12 and looks overdue. Check back in on this monthly. ### New Debian Changes ### six (1.16.0-3) unstable; urgency=medium [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Update standards version to 4.5.1, no changes needed. [ Colin Watson ] * Link directly to upstream in Homepage and debian/copyright. -- Colin Watson Sun, 26 Dec 2021 02:24:26 + six (1.16.0-2) unstable; urgency=medium * Team upload. [ Andreas Beckmann ] * python-six/python3-six: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18), python-iso8601 (<< 0.1.12-2~), python-pbr (<< 5.4.5) from python2.7 to ensure removal of the unversioned python packages (and some persisting obsolete Python 2 module packages) on upgrades from buster. In some upgrade scenarios (mostly involving openstack packages) these Breaks in python2.7 were ineffective because the unversioned python packages got higher scores than python2.7. python-six/python3-six are usually very high scoring Python module packages in these cases, making them ideal candidates for such copies of the Breaks. (Closes: #991433) -- Stefano Rivera Tue, 27 Jul 2021 11:44:18 -0400 six (1.16.0-1) unstable; urgency=medium * New upstream release. -- Colin Watson Sun, 09 May 2021 11:40:54 +0100 six (1.15.0-2) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Colin Watson ] * Remove Barry Warsaw from Uploaders, with thanks for their previous contributions (closes: #970181). -- Colin Watson Tue, 10 Nov 2020 00:16:45 + six (1.15.0-1) unstable; urgency=medium [ Debian Janitor ] * Update standards version to 4.5.0, no changes needed. [ Colin Watson ] * New upstream release. -- Colin Watson Sun, 24 May 2020 10:23:22 +0100 six (1.14.0-3) unstable; urgency=medium * Dont run unittests for python2 binary, to reduce pytest rdeps -- Sandro Tosi Mon, 13 Apr 2020 20:16:04 -0400 six (1.14.0-2) unstable; urgency=medium * Build-depend on python2 rather than python. -- Colin Watson Tue, 21 Jan 2020 09:44:26 + six (1.14.0-1) unstable; urgency=medium [ Debian Janitor ] * Remove unnecessary team-upload line in changelog. * Set upstream metadata fields: Bug-Database, Repository. * Set upstream metadata fields: Bug-Submit, Repository-Browse. [ Colin Watson ] * New upstream release. -- Colin Watson Mon, 20 Jan 2020 21:39:42 + six (1.13.0-1) unstable; urgency=medium [ Emmanuel Arias ] * New upstream version 1.13.0 * d/control: Bump Standard-Version to 4.4.1 * d/control: Bump debhelper-compat to 12 (from 9) [ Colin Watson ] * Replace manually-written basic autopkgtests with 'Testsuite: autopkgtest-pkg-python'. * Remove build-dependencies on python-py and python3-py, no longer used upstream. * Fix HTML paths in doc-base control file. -- Colin Watson Tue, 12 Nov 2019 08:10:54 + six (1.12.0-2) unstable; urgency=medium ### Old Ubuntu Delta ### six (1.16.0-3ubuntu1) jammy; urgency=medium * Drop Breaks on python to allow python-is-python2 to remain when upgrading from Focal (LP: #1958720) -- Robie Basak Wed, 13 Apr 2022 21:08:40 +0100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/six/+bug/1971323/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971323] Re: Merge six from Debian unstable for kinetic
six 1.16.0-4 1.16.0-3ubuntu1 ** Changed in: six (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to six in Ubuntu. https://bugs.launchpad.net/bugs/1971323 Title: Merge six from Debian unstable for kinetic Status in six package in Ubuntu: New Bug description: Upstream: tbd Debian: 1.16.0-3 Ubuntu: 1.16.0-3ubuntu1 Debian typically updates six every 2 months on average, but it was last updated 21.12 and looks overdue. Check back in on this monthly. ### New Debian Changes ### six (1.16.0-3) unstable; urgency=medium [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Update standards version to 4.5.1, no changes needed. [ Colin Watson ] * Link directly to upstream in Homepage and debian/copyright. -- Colin Watson Sun, 26 Dec 2021 02:24:26 + six (1.16.0-2) unstable; urgency=medium * Team upload. [ Andreas Beckmann ] * python-six/python3-six: Copy Breaks: python (<< 2.7.18), python-minimal (<< 2.7.18), libpython-stdlib (<< 2.7.18), python-iso8601 (<< 0.1.12-2~), python-pbr (<< 5.4.5) from python2.7 to ensure removal of the unversioned python packages (and some persisting obsolete Python 2 module packages) on upgrades from buster. In some upgrade scenarios (mostly involving openstack packages) these Breaks in python2.7 were ineffective because the unversioned python packages got higher scores than python2.7. python-six/python3-six are usually very high scoring Python module packages in these cases, making them ideal candidates for such copies of the Breaks. (Closes: #991433) -- Stefano Rivera Tue, 27 Jul 2021 11:44:18 -0400 six (1.16.0-1) unstable; urgency=medium * New upstream release. -- Colin Watson Sun, 09 May 2021 11:40:54 +0100 six (1.15.0-2) unstable; urgency=medium [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Colin Watson ] * Remove Barry Warsaw from Uploaders, with thanks for their previous contributions (closes: #970181). -- Colin Watson Tue, 10 Nov 2020 00:16:45 + six (1.15.0-1) unstable; urgency=medium [ Debian Janitor ] * Update standards version to 4.5.0, no changes needed. [ Colin Watson ] * New upstream release. -- Colin Watson Sun, 24 May 2020 10:23:22 +0100 six (1.14.0-3) unstable; urgency=medium * Dont run unittests for python2 binary, to reduce pytest rdeps -- Sandro Tosi Mon, 13 Apr 2020 20:16:04 -0400 six (1.14.0-2) unstable; urgency=medium * Build-depend on python2 rather than python. -- Colin Watson Tue, 21 Jan 2020 09:44:26 + six (1.14.0-1) unstable; urgency=medium [ Debian Janitor ] * Remove unnecessary team-upload line in changelog. * Set upstream metadata fields: Bug-Database, Repository. * Set upstream metadata fields: Bug-Submit, Repository-Browse. [ Colin Watson ] * New upstream release. -- Colin Watson Mon, 20 Jan 2020 21:39:42 + six (1.13.0-1) unstable; urgency=medium [ Emmanuel Arias ] * New upstream version 1.13.0 * d/control: Bump Standard-Version to 4.4.1 * d/control: Bump debhelper-compat to 12 (from 9) [ Colin Watson ] * Replace manually-written basic autopkgtests with 'Testsuite: autopkgtest-pkg-python'. * Remove build-dependencies on python-py and python3-py, no longer used upstream. * Fix HTML paths in doc-base control file. -- Colin Watson Tue, 12 Nov 2019 08:10:54 + six (1.12.0-2) unstable; urgency=medium ### Old Ubuntu Delta ### six (1.16.0-3ubuntu1) jammy; urgency=medium * Drop Breaks on python to allow python-is-python2 to remain when upgrading from Focal (LP: #1958720) -- Robie Basak Wed, 13 Apr 2022 21:08:40 +0100 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/six/+bug/1971323/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
