[Touch-packages] [Bug 2003266] Re: 22.04 package lacks GSSAPI support
** Also affects: neon27 (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to neon27 in Ubuntu. https://bugs.launchpad.net/bugs/2003266 Title: 22.04 package lacks GSSAPI support Status in neon27 package in Ubuntu: Confirmed Status in neon27 source package in Jammy: New Bug description: [ Impact ] * GSSAPI was disabled by accident as a side-effect of packaging a new release. Upstream renamed the environment variable used to setup the feature and the flag was not updated in d/rules. * Users get caught off-guard when updating from 20.04 to 22.04, 24.04 is not affected. [ Test Plan ] * Did not test the binary, confirmed the fix is effective by analyzing the build logs. * I've confirmed that the issue is solved by checking for the presence of the following string in the build logs: checking for krb5-config... /usr/bin/krb5-config.mit Whereas a build with the issue will instead output: checking for krb5-config... none * I believe the fix is non-intrusive enough that no further testing is needed. [ Where problems could occur ] * Enabling a new feature could have a side effect of disabling another mutually-exclusive feature, but I did not identify any. * Enabling a new feature could break a different feature which changes its behavior when this new feature is present, I also did not identify any such case. [ Other Info ] * Upstream bug reports: - https://github.com/notroj/neon/issues/102 - https://github.com/notroj/neon/issues/52 * Upstream breaking change: - https://github.com/notroj/neon/commit/b9b7425de38b35249e689c03c30c8fd8adfae806 * Upstream change to avoid this from happening again: - https://github.com/notroj/neon/commit/4fdcff4a0ccbb0924f7dabcf8d213452aa33ab82 * Launchpad bug: - https://bugs.launchpad.net/ubuntu/+source/neon27/+bug/2003266 [ Original description ] For more information, please see https://github.com/notroj/neon/issues/102. The 22.04 built package of neon lacks GSSAPI support, whereas previous versions (e.g. 18.04) had this support built-in. This appears to be due to a recent-ish change in the build logic for neon, which changes when GSSAPI is compiled in to the library (https://github.com/notroj/neon/commit/b9b7425de38b35249e689c03c30c8fd8adfae806) We were able to get a work around building from source with the following envvar during build-time: KRB5_CONF_TOOL=/usr/bin/krb5-config.mit ./configure. TL;DR: KRB5_CONFIG became KRB5_CONF_TOOL. Version information: $ lsb_release -rd Description: Ubuntu 22.04.1 LTS Release: 22.04 $ apt show libneon27 Package: libneon27 Version: 0.32.2-1 Priority: optional Section: universe/libs Source: neon27 Origin: Ubuntu Maintainer: Ubuntu Developers Original-Maintainer: Laszlo Boszormenyi (GCS) Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 233 kB Depends: libc6 (>= 2.33), libssl3 (>= 3.0.0~~alpha1), libxml2 (>= 2.7.4), zlib1g (>= 1:1.1.4) Homepage: https://notroj.github.io/neon/ Download-Size: 102 kB APT-Manual-Installed: no APT-Sources: [corporate Launchpad mirror] Description: HTTP and WebDAV client library To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neon27/+bug/2003266/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2079970] Re: Debug symbols are unavailable for 3.0.2-0ubuntu1.18 (security update)
Marking as Fix Released. ** Changed in: openssl (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2079970 Title: Debug symbols are unavailable for 3.0.2-0ubuntu1.18 (security update) Status in openssl package in Ubuntu: Fix Released Bug description: The latest debug symbols (libssl3-dbgsym) available are for 3.0.2-0ubuntu1.17. Since they have a hard dependency on that version of the library, the installation currently fails with: libssl3-dbgsym : Depends: libssl3 (= 3.0.2-0ubuntu1.17) but 3.0.2-0ubuntu1.18 is to be installed Should there be an updated package in a (currently non-existing) jammy-security repository on http://ddebs.ubuntu.com/? Or should an updated package be in jammy-updates but is missing for some reason? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2079970/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078771] Re: ssh-add fails with "Error loading key "/home/x/.ssh/x.pub": error in libcrypto
Hey Thomas, I think the issue is happening because you're trying to add a public key to the agent. I can reproduce the failure here all the way back to Jammy if I try to do the same. However, ssh-add expects to receive the private key to be added. I'm marking this bug as Incomplete because it seems to be a local thing, but please revert its status back to New if you really think there's an issue here. Cheers. ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2078771 Title: ssh-add fails with "Error loading key "/home/x/.ssh/x.pub": error in libcrypto Status in openssh package in Ubuntu: Incomplete Bug description: I upgraded recenty from Noble to Oracular and since then, I can no longer add my ssh key to the ssh-agent with ssh-add. The error is: $ ssh-add ~/.ssh/x.pub Error loading key "/home/x/.ssh/.xpub": error in libcrypto Adding other keys works fine. ProblemType: Bug DistroRelease: Ubuntu 24.10 Package: openssh-client 1:9.7p1-7ubuntu3 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.30.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Tue Sep 3 06:55:32 2024 InstallationDate: Installed on 2024-07-18 (47 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/usr/bin/zsh TERM=xterm-256color XDG_RUNTIME_DIR= RelatedPackageVersions: ssh-askpass N/A libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_9.7p1 Ubuntu-7ubuntu3, OpenSSL 3.3.1 4 Jun 2024 SourcePackage: openssh UpgradeStatus: Upgraded to oracular on 2024-08-26 (8 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2078771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078261] [NEW] Merge openldap from Debian experimental for oracular
Public bug reported: Merge openldap 2.6.8+dfsg-1~exp4 from Debian experimental, which also fixes an FTBFS with i386. ** Affects: openldap (Ubuntu) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Tags: ftbfs needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2078261 Title: Merge openldap from Debian experimental for oracular Status in openldap package in Ubuntu: In Progress Bug description: Merge openldap 2.6.8+dfsg-1~exp4 from Debian experimental, which also fixes an FTBFS with i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2078261/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2073316] Re: Backport of openldap for focal, jammy and noble
** No longer affects: openldap (Ubuntu Focal) ** No longer affects: openldap (Ubuntu Noble) ** Summary changed: - Backport of openldap for focal, jammy and noble + Backport of openldap for noble ** Summary changed: - Backport of openldap for noble + Backport of openldap for Jammy ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2073316 Title: Backport of openldap for Jammy Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: New Bug description: Backport openldap to focal, jammy and noble once the update for oracular has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2073316/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
The problem was the new ELF_PACKAGE_METADATA interacting weirdly with the PPC cross linker. I don't exactly know why, and IMHO this shouldn't really happen, but I will mark this bug as Invalid for both gcc and binutils because it's fixed in QEMU. ** Changed in: qemu (Ubuntu) Status: New => Fix Committed ** Changed in: gcc-14 (Ubuntu) Status: New => Invalid ** Changed in: binutils (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: Invalid Status in gcc-14 package in Ubuntu: Invalid Status in qemu package in Ubuntu: Fix Committed Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 0
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
** Tags added: server-todo ** Changed in: qemu (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: New Status in gcc-14 package in Ubuntu: New Status in qemu package in Ubuntu: New Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 0
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
I think I found the reason for this failure. I'm doing a test build and will post the results here soon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: New Status in gcc-14 package in Ubuntu: New Status in qemu package in Ubuntu: New Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 00 00 0 0 0 [19] NULL00
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
Adding gcc-14 as a task just in case. Adding qemu as a task to make sure we track the impact of this bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: New Status in gcc-14 package in Ubuntu: New Status in qemu package in Ubuntu: New Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 00 00 0 0 0 [19] NULL0
[Touch-packages] [Bug 2077036] [NEW] powerpc cross tools generate bogus string table
Public bug reported: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 00 00 0 0 0 [19] NULL 00 00 00 0 0 0 [20] NULL 00 00 00 0 0 0 [21] NULL 00 00 00 0 0 0 [22] NULL 00 00 00 0 0 0 ** Affects: binutils (Ubuntu) Importance: High Status: New ** Affects: gcc-14 (Ubuntu) Importance: Undecided Status: New ** Affects: qemu (Ubuntu) Importance: Undecided Status: New ** Also affects: gcc-14 (Ubuntu) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu) Importance: Undecided Status: New -- You received this
[Touch-packages] [Bug 2064434] Re: Merge openldap from Debian unstable for oracular
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2064434 Title: Merge openldap from Debian unstable for oracular Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.17+dfsg-12.6.7+dfsg-1~exp1 Ubuntu: 2.6.7+dfsg-1~exp1ubuntu8 Debian new has 2.6.7+dfsg-1~exp1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### openldap (2.5.17+dfsg-1) unstable; urgency=medium * New upstream release. - fixed slapo-dynlist so it can't be global (ITS#10091) (Closes: #1040382) * debian/copyright: Exclude doc/guide/admin/guide.html from the upstream source, because the tool required to build it from source is not packaged in Debian. Fixes a Lintian error (source-is-missing). * Update Swedish debconf translation. (Closes: #1056955) Thanks to Martin Bagge and Anders Jonsson. * debian/salsa-ci.yml: Enable Salsa CI pipeline. -- Ryan Tandy Fri, 26 Apr 2024 16:09:29 -0700 openldap (2.5.16+dfsg-2) unstable; urgency=medium * debian/patches/64-bit-time-t-compat: handle sizeof(time_t) > sizeof(long) in format strings. -- Steve Langasek Tue, 12 Mar 2024 06:26:07 + openldap (2.5.16+dfsg-1) unstable; urgency=medium [ Ryan Tandy ] * New upstream release. - fixed possible null pointer dereferences if strdup fails (ITS#9904) (Closes: #1036995, CVE-2023-2953) - fixed unaligned accesses in LMDB on sparc64 (ITS#9916) (Closes: #1020319) * Update Turkish debconf translation. (Closes: #1029758) Thanks to Atila KOÇ. * Add Romanian debconf translation. (Closes: #1033177) Thanks to Remus-Gabriel Chelu. * Create an autopkgtest covering basic TLS functionality. Thanks to John Scott. * Drop transitional package slapd-smbk5pwd. (Closes: #1032742) * Drop dbgsym migration for slapd-dbg. * Build and install the ppm module in slapd-contrib. (Closes: #1039740) * Fix implicit declaration of kadm5_s_init_with_password_ctx. (Closes: #1065633) [ Sergio Durigan Junior ] * d/control: Bump Standards-Version to 4.6.2; no changes needed. * d/control: Bump debhelper-compat to 13. * d/control: Drop lsb-base from slapd's Depends. * Enable SASL/GSSAPI tests. Thanks to Andreas Hasenack -- Ryan Tandy Fri, 08 Mar 2024 21:46:26 -0800 openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. ### Old Ubuntu Delta ### openldap (2.6.
[Touch-packages] [Bug 2064457] Re: Merge rsync from Debian unstable for oracular
** Changed in: rsync (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2064457 Title: Merge rsync from Debian unstable for oracular Status in rsync package in Ubuntu: New Bug description: Upstream: tbd Debian: 3.3.0-1 Ubuntu: 3.2.7-1ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### rsync (3.3.0-1) unstable; urgency=medium [ Aquila Macedo Costa ] * d/control: Bump Standards-Version to 4.6.2 [ Samuel Henrique ] * New upstream version 3.3.0 (closes: #1068630) * Bump Standards-Version to 4.7.0 * Update patches * d/patches: Drop merged patches * d/control: Drop dependency on lsb-base * d/rsync.lintian-overrides: Update overrides -- Samuel Henrique Fri, 12 Apr 2024 00:28:29 +0100 rsync (3.2.7-1) unstable; urgency=medium [ Juri Grabowski ] * New upstream version 3.2.7 * Remove patches included in new release [ Helmut Grohne ] * Fix FTCBFS: Use native instances for python build depends (closes: #1022988). [ Samuel Henrique ] * d/rsync.lintian-overrides: Update findings as per lintian changes * d/patches: Add two upstream patches to fix issues post 3.2.7 release: - trust_the_sender_on_a_local_transfer.patch - avoid_quoting_of_tilde_when_its_a_destination_arg.patch -- Samuel Henrique Sun, 18 Dec 2022 14:10:54 + rsync (3.2.6-4) unstable; urgency=medium * Upload to unstable - d/patches: ~ fix_files_from.patch: Upstream patch to address the files-from issue. ~ fix_relative.patch: Upstream patch to fix exclusion of /. with --relative. ~ fix_remote_filter_rules_validation.patch: Upstream patch to fix bug with validating remote filter rules. (closes: #1018296, #1019561) -- Samuel Henrique Wed, 21 Sep 2022 18:58:57 +0100 rsync (3.2.6-3) experimental; urgency=medium * d/patches: - fix_files_from.patch: Upstream patch to address the files-from issue, likely to also be related to #1019561 and #1018296 - fix_relative.patch: Upstream patch to fix exclusion of /. with --relative -- Samuel Henrique Wed, 14 Sep 2022 19:25:19 +0100 rsync (3.2.6-2) experimental; urgency=medium * d/p/fix_remote_filter_rules_validation.patch: New upstream patch to try to fix #1019561 and #1018296 -- Samuel Henrique Tue, 13 Sep 2022 20:55:01 +0100 rsync (3.2.6-1) unstable; urgency=medium * New upstream version 3.2.6 - Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical (closes: #1016102) * Bump Standards-Version to 4.6.1 -- Samuel Henrique Sat, 10 Sep 2022 20:03:51 +0100 rsync (3.2.5-1) unstable; urgency=medium * New upstream version 3.2.5 - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host) (closes: #1016543, CVE-2022-29154). - The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date (closes: #1009981) -- Samuel Henrique Tue, 16 Aug 2022 11:03:48 +0100 rsync (3.2.4-1) unstable; urgency=medium [ Samuel Henrique ] * New upstream version 3.2.4 - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc mounted (closes: #995046). - rsync.1: remove prepended backticks which broke --stop-after and --stop-at formatting (closes: #1007990). ### Old Ubuntu Delta ###
[Touch-packages] [Bug 2064096] Re: rsyslog service timeout on noble numbat
Andreas and I spent some time this afternoon investigating this issue. Here are our findings. First, we noticed that the paths being reported by apparmor on dmesg appear to be relative to /run. This is just an impression, though: I believe that, for some reason, apparmor/systemd/something-else is actually seeing the paths as "/systemd/notify" instead of "/run/systemd/notify". Therefore, we decided to try to list those paths inside the apparmor profile, like: /systemd/journal/dev-log rwkl, /systemd/notify rwkl, Note that we're using "rwkl" just because we don't want to deal with limiting the scope of each access. After adding these paths to /etc/apparmor.d/usr.sbin.rsyslogd and reloading the profile, the service can finally be (re)started. This indicates that there's a discrepancy between the paths seeing by apparmor/systemd/Linux and those seeing by the userspace application. With that in mind, our next idea was to try to use "systemd-run" to mimic what's happening with rsyslogd. This could help us determine which component is problematic, but unfortunately we were unable to make the failure happen. We tried many combinations of commands; some of them are listed below: # Try to "ls" the notify socket using different paths systemd-run -p AppArmorProfile=rsyslogd ls /run/systemd/notify systemd-run -p AppArmorProfile=rsyslogd ls /systemd/notify # Likewise, but running the command using the syslog user systemd-run --uid 102 -p AppArmorProfile=rsyslogd ls /run/systemd/notify systemd-run --uid 102 -p AppArmorProfile=rsyslogd ls /systemd/notify Strangely, "ls" was able to properly list the contents of /run/systemd/notify on both cases (which it shouldn't, because the apparmor profile doesn't allow it). It also reported that "/systemd/notify", which is correct but unexpected (because we thought that systemd might be the problematic component which doesn't use "/run" in the paths). We also double checked and confirmed that the processes started by "systemd-run" have "systemd" as their parent, so in theory we should have seen the same problem here. There is also the fact that these file accesses are being denied even when the apparmor profile is running in complain mode. AFAIU, this shouldn't happen. Unless apparmor is affecting the path resolution that happens when the service tries to connect to the socket, effectively mangling the final path... but that would be very weird, I believe. Either way, it is unclear: 1) Why we're seeing these "partial" paths in the logs. 2) Why these accesses are being denied even when the apparmor profile is in complain mode. 3) Why "systemd-run" can't seem to reproduce the problem. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/2064096 Title: rsyslog service timeout on noble numbat Status in rsyslog package in Ubuntu: Confirmed Bug description: This might be related to #2064088 The rsyslog service is continually timing out and restarting. If I use a service drop-in file and change the 'Type' from 'notify' to 'simple', the service starts and appears to work normally. In the journal, I can see the attached apparmor errors. I can't make sense of them, but if it's a similar issue to #2064088, then I suspect apparmor is preventing the systemd notify function from alerting systemd that the service is up and running. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: rsyslog 8.2312.0-3ubuntu9 ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1 Uname: Linux 6.8.0-31-generic x86_64 ApportVersion: 2.28.1-0ubuntu2 Architecture: amd64 CasperMD5CheckMismatches: ./boot/grub/grub.cfg CasperMD5CheckResult: fail CurrentDesktop: ubuntu:GNOME Date: Mon Apr 29 10:37:46 2024 ProcEnviron: LANG=en_GB.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= SourcePackage: rsyslog UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2064096/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I talked to Marc to understand whether the security team had any plans to "fix" this problem, and he raised a valid point: from his perspective (and the Security team's as well, I gather), this is not a bug because we have two services trying to listen on the same port. The "fix" here is to adjust the local configuration, as mentioned in the comments above. I'm reverting this bug's state to Invalid, then. ** Changed in: dnsmasq (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Confirmed Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I was able to reproduce the bug on Focal, and since we seem to carry the same version on Jammy/Mantic (and likely Noble), it's probable that the bug also happens in those releases. For future reference: # apt install -y libvirt-daemon-system bind9 dnsmasq Reboot, and try bringing up the "default" network on libvirt: # virsh net-start default error: Failed to start network default error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper) unexpected exit status 2: dnsmasq: failed to create listening socket for 192.168.122.1: Address already in use -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Confirmed Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon
[Touch-packages] [Bug 2056152] Re: errors when starting thunderbird, directly after boot. error message: package dnsmasq 2.90-0ubuntu0.22.04.1 failed to install/upgrade: end of file on stdin at conffi
Thank you for taking the time to file a bug report. >From DpkgTerminalLog.txt, we see the following message: *** dnsmasq.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package dnsmasq (--configure): end of file on stdin at conffile prompt This indicates that there was no reply to the question posed by dpkg (debconf). The upgrade process had to ask the question because there is some local modification on your /etc/dnsmasq.conf, and it could not figure out how to merge your modifications with the new configuration file provided by the package. As such, it expects you to answer how the conflict should be resolved. Since the answer provided was an EOF, it errored out. In other words, you have to be able to properly answer dpkg's question in order to proceed with the upgrade. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: dnsmasq (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2056152 Title: errors when starting thunderbird, directly after boot. error message: package dnsmasq 2.90-0ubuntu0.22.04.1 failed to install/upgrade: end of file on stdin at conffile prompt Status in dnsmasq package in Ubuntu: Incomplete Bug description: see summary. after skipping the error message, thunderbird seems to work well ProblemType: Package DistroRelease: Ubuntu 22.04 Package: dnsmasq 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 6.5.0-21.21~22.04.1-generic 6.5.8 Uname: Linux 6.5.0-21-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu82.5 AptOrdering: dnsmasq:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: pass Date: Tue Mar 5 09:50:12 2024 DpkgHistoryLog: Start-Date: 2024-03-05 09:50:11 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq:amd64 (2.86-1.1ubuntu0.5, 2.90-0ubuntu0.22.04.1) ErrorMessage: end of file on stdin at conffile prompt InstallationDate: Installed on 2022-11-08 (482 days ago) InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1) PackageArchitecture: all Python3Details: /usr/bin/python3.10, Python 3.10.12, python3-minimal, 3.10.6-1~22.04 PythonDetails: N/A RelatedPackageVersions: dpkg 1.21.1ubuntu2.2 apt 2.4.11 SourcePackage: dnsmasq Title: package dnsmasq 2.90-0ubuntu0.22.04.1 failed to install/upgrade: end of file on stdin at conffile prompt UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.dnsmasq: 2022-11-15T02:41:03.690882 mtime.conffile..etc.dnsmasq.conf: 2022-11-15T02:41:10.043282 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2056152/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040465] Re: New upstream microrelease 2.5.17
As is usual with these MREs, the verification phase is considered done when all dep8 tests pass. This is now true for the Jammy upload. Therefore, tagging the bug accordingly. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 - https://pad.lv/2027079 - https://pad.lv/2029170 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Changed in: openldap (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: Fix Committed Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw prof
[Touch-packages] [Bug 2040465] Re: New upstream microrelease 2.5.17
dep8 results: Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/?format=plain) openldap @ amd64: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/amd64/o/openldap/20240209_225823_2ec27@/log.gz 09.02.24 22:58:23 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ arm64: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/arm64/o/openldap/20240209_230358_34851@/log.gz 09.02.24 23:03:58 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ armhf: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/armhf/o/openldap/20240209_230114_34851@/log.gz 09.02.24 23:01:14 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ ppc64el: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/ppc64el/o/openldap/20240209_231213_2ec27@/log.gz 09.02.24 23:12:13 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ s390x: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/s390x/o/openldap/20240209_225840_2ec27@/log.gz 09.02.24 22:58:40 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 ** Changed in: openldap (Ubuntu Jammy) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 - https://pad.lv/2027079 - https://pad.lv/2029170 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040465] Re: New upstream microrelease 2.5.17
As per Steve's reply here: https://lists.ubuntu.com/archives/ubuntu-devel/2023-December/042854.html I'm not going to run autopkgtest against all reverse dependencies of the package. Instead, I will rely on the results from the archive and act accordingly. Therefore, I've just uploaded the package to Jammy unapproved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 - https://pad.lv/2027079 - https://pad.lv/2029170 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040465] Re: MRE updates of openldap for noble
** Description changed: - Backport openldap as MRE to noble once the update for noble has been - completed. + [ Impact ] - + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. - [Impact] - TBD + This update includes bugfixes only following the SRU policy exception + defined at https://wiki.ubuntu.com/OpenLDAPUpdates. - [Major Changes] - TBD + [ Major Changes ] - [Test Plan] - TBD + * See the list of bugs fixed in this release here: - [Regression Potential] - Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. - + https://lists.openldap.org/hyperkitty/list/openldap- + annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ + + [ Test Plan ] + + * Upstream gitlab pipeline results: + + https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 + + * Upstream "call for testing": + + https://lists.openldap.org/hyperkitty/list/openldap- + techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ + + * As described in the MRE wiki page for OpenLDAP, the test plan is to + build the package in a PPA and make sure that (1) all build-time tests + pass and (2) all autopkgtest runs (from reverse dependencies) also pass. + + * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: + - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz + + [ Where problems could occur ] + + * Upstream tests are always executed during build-time. There are many + reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage + is good. Nevertheless, there is always a risk for something to break + since we are dealing with a microrelease upgrade. Whenever a test + failure is detected, we will be on top of it and make sure it doesn't + affect existing users. + + [ Other Info ] + + * This is a reoccurring MRE. See below for links to previous OpenLDAP + MREs. + + * CVEs fixed by this release: +- None. + + Current versions in supported releases that got updates: + openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source + + Special cases: + - None. + + Previous MREs for OpenLDAP: + - https://pad.lv/1977627 + - https://pad.lv/1983618 + - https://pad.lv/2007625 + - https://pad.lv/2027079 + - https://pad.lv/2029170 + + As usual we test and prep from the PPA and then push through + SRU/Security as applicable. ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** No longer affects: openldap (Ubuntu Noble) ** Changed in: openldap (Ubuntu) Status: New => Invalid ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Summary changed: - MRE updates of openldap for noble + New upstream microrelease 2.5.17 ** Changed in: openldap (Ubuntu Jammy) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Triaged Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a r
[Touch-packages] [Bug 2051895] Re: Lenovo XT99 BT headset can't work in HFP profile
Hello Hui, The changes look good to me, but I have a few minor requests: - Could you please expand the changelog entry and explain what the patch fixes? It doesn't need to be a long text or anything like that; just a small sentence is enough. - Could you add DEP-3 headers to the patch, please? You can find more information here: https://dep-team.pages.debian.net/deps/dep3/ but basically, I'm looking for something like: Origin: upstream, https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/d7dc04e8f5c404b1fa16409f69dcde7c56312f02 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2051895 I'm unsubscribing ubuntu-sponsors from the bug for now. Please resubscribe it once you've addressed the points above. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2051895 Title: Lenovo XT99 BT headset can't work in HFP profile Status in HWE Next: New Status in pulseaudio package in Ubuntu: In Progress Status in pulseaudio source package in Jammy: In Progress Status in pulseaudio source package in Mantic: In Progress Status in pulseaudio source package in Noble: In Progress Bug description: [Summary] When use the ThinkPluse xt99 bluetooth head set to run the test com.canonical.certification::bluetooth/audio_record_playback, it cannot record the sound and playback. It seems this device cannot switch to Hand free mode in this platform. [Steps to reproduce] Connect the ThinkPluse xt99, use the Handfree mode, then try to record some voice. [Expected result] The bluetooth headset ThinkPluse xt99 can use as a MIC to input sound. [Actual result] The bluetooth headset xt99 cannot work in the Handfree mode. [Failure rate] 100% [Impact] With the current Ubuntu 22.04 oem image, we try to connect the LENOVO XT99 bt headset and let it work in HFP mode, we select HFP profile from gnome sound-setting, but the microphone will not auto change to bt microphone and the bt output could not work too. So this BT headset could only work in A2DP mode with the current 22.04 OEM image. And we tried ubuntu 22.04 generic image, mantic image and noble image, none of them could make the headset work in HFP mode. [Fix] Cherry-pick a pulseaudio commit from upstream. [Test] Install the patched pulseaudio and reboot, connect to the LENOVO XT99 bt headset, select it to work in HFP mode, tested playback and capture, all worked well. [Where problems could occur] This change will impact bt headset negotiation process in the pulseaudio, so the possiblity of regression is limited to bt headset, it could make the bt headset fail to connect, but this possibility is very low, we tested the patch with different bt headset and bt speaker, all worked well. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/2051895/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2052482] Re: Bad packet length 2424479189 Connection corrupted
Thank you for taking the time to report a bug and make Ubuntu better. I tried reproducing the bug locally using an Oracle 8 container and an Ubuntu container. Here are the versions of the packages: Oracle: # rpm -qa | grep ssh openssh-server-8.0p1-19.el8_8.x86_64 openssh-8.0p1-19.el8_8.x86_64 openssh-clients-8.0p1-19.el8_8.x86_64 libssh-config-0.9.6-13.el8_9.noarch libssh-0.9.6-13.el8_9.x86_64 Ubuntu: # dpkg -l | grep ssh ii openssh-client 1:8.9p1-3ubuntu0.6 amd64 secure shell (SSH) client, for secure access to remote machines Everything worked as expected and I was able to ssh into the Oracle container. After some research, I found that this specific error you're getting might be related to CVE-2023-48795 (Terrapin attack). More specifically, it has to do with the cipher suites being chosen by the client/server at the time of the login: https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error https://unix.stackexchange.com/questions/765347/how-do-you-mitigate-the-terrapin-ssh-attack Even when I explicitly disable the use of CHACHA20 on the server, I still can login successfully and I see that another cipher has been chosen during the key exchange: ... debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: aes128-ctr MAC: umac-...@openssh.com compression: none debug1: kex: client->server cipher: aes128-ctr MAC: umac-...@openssh.com compression: none ... This leads me to believe that there might be some local configuration on your system that's affecting the choice of a suitable cipher. Another option would be some bogus configuration on the server side, I think. Could you please tell us more details about your environment? Did you explicitly configure your ssh client to require CHACHA20 when connecting to this specific server? I'm going to mark this bug as Incomplete for to reflect the fact that we're waiting on more details from you. Please set it back to New when you provide the requested information. Thanks. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795 ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052482 Title: Bad packet length 2424479189 Connection corrupted Status in openssh package in Ubuntu: Incomplete Bug description: ssh-clent: uname -a :5.15.0-48-generic #54-Ubuntu ``` Ubuntu 22.04.3 LTS OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 ``` ssh-server: ``` OracleLinux 8.9 OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 ``` ``` userxxx@userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/userxxx/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/userxxx/.ssh/known_hosts2' debug3: ssh_connect_direct: entering debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/userxxx/.ssh/id_rsa type 0 debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2 debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_xmss type -1 debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1 debug1: identity file /home/userxxx/.ssh/id_dsa type -1 debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx' debug3: record_hostkey: found key type ED25519 in file /home/userxxx
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/460126 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile.
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Changed in: openldap (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw profile. - d/{
[Touch-packages] [Bug 2050874] Re: "Illegal characters in username" breaks sftp upload
Thank you for taking the time to report a bug. As you mentioned yourself, this is indeed a security feature and not a bug. It would be wrong for Ubuntu (or any other GNU/Linux distro out there, IMHO) to revert this change. It also seems to me that your request less a "bug report" and more a "request for help". As such, I am taking the liberty of marking this bug as Invalid. My suggestion would be to look for help on the appropriate technical forums (either Ubuntu's or upstream's). Finally, you mentioned that using ~/.ssh/config is not ideal because there's no obvious way to set the password. I would strongly recommend using key-based authentication instead. Thank you. ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2050874 Title: "Illegal characters in username" breaks sftp upload Status in openssh package in Ubuntu: Invalid Bug description: A new error message appeared in 1:8.2p1-4ubuntu0.11, "remote username contains invalid characters". The underlying commit seems to be this: https://github.com/openbsd/src/commit/ba05a7aae989020b8d05cc93cc6200109bba5a7b I need to work with an sftp connection where the username includes "|". The lftp client uses ssh to connect, triggering the error. It's possible to whitelist the username by adding it to a config file (e.g. ~/.ssh/config), but in that case, there's no obvious way to set the password. I suppose this is in fact a feature more than it is a bug, but it is really inconvenient. Any hints on how to handle it would be welcome. Regards, Jakob Lund Ubuntu 20.04.3 LTS openssh-client: Installed: 1:8.2p1-4ubuntu0.11 lftp: Installed: 4.8.4-2build3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2050874/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2030684] Re: tzname[1] empty after tzset() with env TZ="UTC"
postgresql-15 has been Fix Released a while ago. Marking the task accordingly. ** Changed in: postgresql-15 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2030684 Title: tzname[1] empty after tzset() with env TZ="UTC" Status in django-mailman3 package in Ubuntu: Fix Released Status in php8.2 package in Ubuntu: Triaged Status in postgresql-15 package in Ubuntu: Fix Released Status in python-django package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Invalid Status in tzdata package in Ubuntu: Fix Released Status in tzdata package in Debian: Fix Released Bug description: The following program prints different output when run with tzdata 2023c-7ubuntu1 from mantic, versus tzdata 2023c-8ubuntu1 from mantic- proposed: root@mantic:~# cat bug.c #include #include #include #include #include int main(void) { int r; r = setenv("TZ", ":UTC", 1); if (r < 0) { printf("Failed to set TZ env var: %s\n", strerror(errno)); return 1; } tzset(); printf("timezone = %lu, daylight = %d\n", timezone, daylight); printf("tzname[0] = %s, tzname[1] = %s\n", tzname[0], tzname[1]); } root@mantic:~# gcc bug.c root@mantic:~# ./a.out timezone = 0, daylight = 0 tzname[0] = UTC, tzname[1] = UTC root@mantic:~# apt-cache policy tzdata tzdata: Installed: 2023c-7ubuntu1 Candidate: 2023c-7ubuntu1 Version table: *** 2023c-7ubuntu1 500 500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages 100 /var/lib/dpkg/status If I install tzdata from mantic-proposed, I get different output: root@mantic:~# vi /etc/apt/sources.list root@mantic:~# apt update && apt install tzdata Hit:1 http://archive.ubuntu.com/ubuntu mantic InRelease Hit:2 http://security.ubuntu.com/ubuntu mantic-security InRelease Get:3 http://archive.ubuntu.com/ubuntu mantic-proposed InRelease [118 kB] Hit:4 http://archive.ubuntu.com/ubuntu mantic-updates InRelease Hit:5 http://archive.ubuntu.com/ubuntu mantic-backports InRelease Get:6 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages [35.9 kB] Get:7 http://archive.ubuntu.com/ubuntu mantic-proposed/main Translation-en [14.8 kB] Get:8 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 DEP-11 Metadata [2376 B] Get:9 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 c-n-f Metadata [1004 B] Get:10 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 Packages [15.9 kB] Get:11 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted Translation-en [3564 B] Get:12 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 c-n-f Metadata [336 B] Fetched 192 kB in 1s (324 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 72 packages can be upgraded. Run 'apt list --upgradable' to see them. root@mantic:~# apt install tzdata=2023c-8ubuntu1 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libefiboot1 libefivar1 Use 'apt autoremove' to remove them. The following packages will be upgraded: tzdata 1 upgraded, 0 newly installed, 0 to remove and 72 not upgraded. Need to get 269 kB of archives. After this operation, 142 kB disk space will be freed. Get:1 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 tzdata all 2023c-8ubuntu1 [269 kB] Fetched 269 kB in 0s (867 kB/s) Preconfiguring packages ... (Reading database ... 39935 files and directories currently installed.) Preparing to unpack .../tzdata_2023c-8ubuntu1_all.deb ... Unpacking tzdata (2023c-8ubuntu1) over (2023c-7ubuntu1) ... Setting up tzdata (2023c-8ubuntu1) ... Current default time zone: 'Etc/UTC' Local time is now: Mon Aug 7 21:18:35 UTC 2023. Universal Time is now: Mon Aug 7 21:18:35 UTC 2023. Run 'dpkg-reconfigure tzdata' if you wish to change it. Scanning processes... Scanning candidates... Restarting services... Service restarts being deferred: systemctl restart systemd-logind.service systemctl restart unattended-upgrades.service No containers need
[Touch-packages] [Bug 2003756] Re: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142."
I'm changing my opinion here. I feel like this is indeed a problem with how init-system-helpers (more specifically, deb-systemd-invoke) warns users about errors. Since it uses "--quiet" when invoking systemctl, I believe it needs to be a bit more verbose to explain what happened. What's interesting that I can't reproduce the apt failure. For example, "apt install proftpd" will warn me about deb-systemd-invoke, but the command will finish successfully. ISTR having seen this behaviour before, but I don't remember my conclusion at the time. Anyway, this needs to be forwarded to Debian. I don't believe Ubuntu should diverge from Debian in this case. ** Changed in: init-system-helpers (Ubuntu) Status: Confirmed => Triaged ** Changed in: krb5 (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: Triaged Status in krb5 package in Ubuntu: Triaged Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2020913] Re: /etc/profile.d/debuginfd.{sh, csh} are created with 600 permissions
** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/2020913 Title: /etc/profile.d/debuginfd.{sh,csh} are created with 600 permissions Status in elfutils package in Ubuntu: Fix Released Status in elfutils source package in Jammy: Incomplete Bug description: [ Impact ] Users installing libdebuginfod-common (the package that ships the shell snippets responsible for configuring the DEBUGINFOD_URLS environment variable, which will ultimately be used by GDB to contact the Ubuntu debuginfod service) experience a problem caused by permissions being set too tightly for /etc/profile.d/debuginfod.{sh,csh}. This results in DEBUGINFOD_URLS not being set for non-root users. [ Test Plan ] Inside a Jammy container: # apt install -y libdebuginfod-common # ls -lah /etc/profile.d/debuginfod* Verify that the permission of both files allow them to be world- readable. [ Where problems could occur ] Care has been taken to not modify existing file permissions unnecessarily by using "g+r,o+r" when invoking chmod, but it is still possible to conceive a scenario where upgrading the package would make the files world-readable when the user is actually expecting otherwise. However, such "regression" would arguably not be something supported because if the intention is to prevent non-root users from making use of debuginfod, there are better ways to achieve it. [ Original Description ] In a fresh container, installing libdebuginfod-common gives a /etc/profile.d that looks like this: ``` root@32f34f7e271e:/etc/profile.d# ls -lah total 24K drwxr-xr-x 1 root root 4.0K May 26 17:23 . drwxr-xr-x 1 root root 4.0K May 26 17:23 .. -rw-r--r-- 1 root root 96 Oct 15 2021 01-locale-fix.sh -rw--- 1 root root 677 May 26 17:23 debuginfod.csh -rw--- 1 root root 692 May 26 17:23 debuginfod.sh ``` when I login as a nonprivledged user, DEBUGINFOD_URLS is not set because the permissions are incorrect on the profile files. ``` # dpkg -l | grep libdebug ii libdebuginfod-common0.186-1build1 all configuration to enable the Debian debug info server ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/2020913/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 2015562] Re: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
On Friday, December 08 2023, Timo Aaltonen wrote: > man/dnsmasq.8.orig | 2582 > + > > this must be a leftover from applying the commit? Hm, I don't see this difference. In fact, if I look at the dnsmasq package that's currently shipped in Jammy, man/dnsmasq.8.orig already exists there. -- Sergio GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: In Progress Bug description: [ Impact ] Some users may face an unpleasant segmentation fault if they combine configurations options like server=/domain/# with server|address=/domain/ since the domain matching functionality was rewritten in version 2.86. The special server address ’#’ means "use the standard servers". The SEGV occurs due to the struct server datastructure associated with it is passed to forward_query() call without been properly reserved and filled due to resolvconf servers didn't belong to the priority list. Without resolving this, dnsmasq stops running due to the SEGV and (non-experienced) users might not notice it. [ Test Plan ] #0.Prepare a VM or Container. i.e: # lxc launch ubuntu-daily:jammy Jdnsmasq #1. Install dnsmasq # apt update && apt upgrade -y # apt install -y dnsmasq #2. Disable systemd-resolved service and enabling resolution through dnsmasq, configuring DNS servers through it. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 127.0.0.1 __EOF__ # echo "server=8.8.8.8" >> /etc/dnsmasq.conf (or edit the file to add it if you prefer) # (Optional) echo "log-queries" >> /etc/dnsmasq.conf # (optional) echo "log-debug" >> /etc/dnsmasq.conf # systemctl start dnsmasq.service 3. Copy netflix-nov6.conf into /etc/dnsmasq.d/ # cat > /etc/dnsmasq.d/netflix-nov6.conf << __EOF__ # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: server=/example.com/# address=/example.com/:: __EOF__ #4. Restart/reload dnsmasq # systemctl restart dnsmasq #5. Verify that dnsmasq resolves domains correctly: root@Jdnsmasq:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@Jdnsmasq:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 #6. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server twice: root@Jdnsmasq:~# dig A netflix.com @127.0.0.1 ; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48730 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 23 (Network Error) ;; QUESTION SECTION: ;netflix.com. IN A ;; Query time: 23 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 15 16:46:19 UTC 2023 ;; MSG SIZE rcvd: 46 root@Jdnsmasq-checking:~# dig A netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused #7. Check logs to verify segfault: # journalctl -u dnsmasq Apr 27 11:22:52 Jdnsmasq systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 27 11:22:53 Jdnsmasq dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 27 11:22:53 Jdnsmasq dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 27 11:22:54 Jdnsmasq dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 27 11:22:54 Jdnsmasq systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 27 11:22:54 Jdnsmasq systemd[1]: dnsmasq.service: Failed with result 'core-dump'. [ Where problems could occur ] This cherry picked commit from upstream incorporates a rewrite of the server priority list in the dnsmasq header file. Fortunately, that headers are not exported outside dnsmasq, so it cannot impact other third-party pieces of software. However, it can lend to think about the matching domain functionality that is being patched: could it be affect in some way to other types of server displaced on that list? Does anything change for the rest? In other words... Is the matching domain functionality working as expected,
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
Nothing to merge yet. ** Changed in: openldap (Ubuntu) Milestone: ubuntu-23.12 => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile:
[Touch-packages] [Bug 2044654] Re: No debugging symbols found in libgdk-3.so.0
I've added ubuntu-debuginfod as an affected project and marked the bug as Invalid for gtk-3. BTW, this is a known issue that's being worked on. Hopefully it should be resolved in the next days. Thanks for reporting the bug! ** Also affects: ubuntu-debuginfod Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/2044654 Title: No debugging symbols found in libgdk-3.so.0 Status in ubuntu-debuginfod: New Status in gtk+3.0 package in Ubuntu: Invalid Bug description: Attach gdb to a running yelp process! (gdb) share libgdk Reading symbols from /lib/x86_64-linux-gnu/libgdk-3.so.0... (No debugging symbols found in /lib/x86_64-linux-gnu/libgdk-3.so.0) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgtk-3-0 3.24.33-1ubuntu2 ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-azure 6.2.16 Uname: Linux 6.2.0-1016-azure x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Sun Nov 26 13:11:15 2023 ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=pl_PL.UTF-8 SHELL=/bin/bash SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-debuginfod/+bug/2044654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2030684] Re: tzname[1] empty after tzset() with env TZ="UTC"
According to comment #10 from Athos, the php8.2 task has been added to this bug only to serve as a reminder for a future investigation when time permits. Since everything else affected by the bug has been marked as Fix Released, I removed the update-excuses tag. ** Tags removed: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2030684 Title: tzname[1] empty after tzset() with env TZ="UTC" Status in django-mailman3 package in Ubuntu: Fix Released Status in php8.2 package in Ubuntu: Triaged Status in postgresql-15 package in Ubuntu: Fix Committed Status in python-django package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Invalid Status in tzdata package in Ubuntu: Fix Released Status in tzdata package in Debian: Fix Released Bug description: The following program prints different output when run with tzdata 2023c-7ubuntu1 from mantic, versus tzdata 2023c-8ubuntu1 from mantic- proposed: root@mantic:~# cat bug.c #include #include #include #include #include int main(void) { int r; r = setenv("TZ", ":UTC", 1); if (r < 0) { printf("Failed to set TZ env var: %s\n", strerror(errno)); return 1; } tzset(); printf("timezone = %lu, daylight = %d\n", timezone, daylight); printf("tzname[0] = %s, tzname[1] = %s\n", tzname[0], tzname[1]); } root@mantic:~# gcc bug.c root@mantic:~# ./a.out timezone = 0, daylight = 0 tzname[0] = UTC, tzname[1] = UTC root@mantic:~# apt-cache policy tzdata tzdata: Installed: 2023c-7ubuntu1 Candidate: 2023c-7ubuntu1 Version table: *** 2023c-7ubuntu1 500 500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages 100 /var/lib/dpkg/status If I install tzdata from mantic-proposed, I get different output: root@mantic:~# vi /etc/apt/sources.list root@mantic:~# apt update && apt install tzdata Hit:1 http://archive.ubuntu.com/ubuntu mantic InRelease Hit:2 http://security.ubuntu.com/ubuntu mantic-security InRelease Get:3 http://archive.ubuntu.com/ubuntu mantic-proposed InRelease [118 kB] Hit:4 http://archive.ubuntu.com/ubuntu mantic-updates InRelease Hit:5 http://archive.ubuntu.com/ubuntu mantic-backports InRelease Get:6 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages [35.9 kB] Get:7 http://archive.ubuntu.com/ubuntu mantic-proposed/main Translation-en [14.8 kB] Get:8 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 DEP-11 Metadata [2376 B] Get:9 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 c-n-f Metadata [1004 B] Get:10 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 Packages [15.9 kB] Get:11 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted Translation-en [3564 B] Get:12 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 c-n-f Metadata [336 B] Fetched 192 kB in 1s (324 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 72 packages can be upgraded. Run 'apt list --upgradable' to see them. root@mantic:~# apt install tzdata=2023c-8ubuntu1 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libefiboot1 libefivar1 Use 'apt autoremove' to remove them. The following packages will be upgraded: tzdata 1 upgraded, 0 newly installed, 0 to remove and 72 not upgraded. Need to get 269 kB of archives. After this operation, 142 kB disk space will be freed. Get:1 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 tzdata all 2023c-8ubuntu1 [269 kB] Fetched 269 kB in 0s (867 kB/s) Preconfiguring packages ... (Reading database ... 39935 files and directories currently installed.) Preparing to unpack .../tzdata_2023c-8ubuntu1_all.deb ... Unpacking tzdata (2023c-8ubuntu1) over (2023c-7ubuntu1) ... Setting up tzdata (2023c-8ubuntu1) ... Current default time zone: 'Etc/UTC' Local time is now: Mon Aug 7 21:18:35 UTC 2023. Universal Time is now: Mon Aug 7 21:18:35 UTC 2023. Run 'dpkg-reconfigure tzdata' if you wish to change it. Scanning processes... Scanning candidates... Restarting services... Service restart
[Touch-packages] [Bug 2038834] Re: GPU acceleration via VirGL is broken in qemu
Hello Mate, I see that the debdiff you provided applies to Noble, but this bug is also marked as affecting Mantic. Could you provide an updated debdiff for the Mantic version? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/2038834 Title: GPU acceleration via VirGL is broken in qemu Status in Release Notes for Ubuntu: New Status in mesa package in Ubuntu: Fix Released Status in mesa source package in Mantic: New Status in mesa source package in Noble: Fix Released Bug description: [ Impact ] * Enabling GPU acceleration can cause host-side crashes on mantic/noble VMs * This was reported by someone else upstream and is already fixed by https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/25580. [ Test Plan ] * I've tested the patch on an affected macOS host running Ubuntu in UTM with OpenGL enabled on both Mantic and Noble VMs. * Anyone else can do the same on an affected host by simply installing the patched package and booting to the desktop. [ Where problems could occur ] * This patch fixes an upstream mesa regression which caused libvirglrendrer to crash on the host side. * This makes a non-working use case work, VirGL on affected hosts cannot regress as it simply didn't work before. * Risk of breakage is mainly from other packages possible affected by a mesa rebuild. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/2038834/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2043114] Re: sshd segmentation fault on 20.04.6 (focal)
Thank you for providing more information. Unfortunately I am still unable to reproduce the problem. I tried using a container and a VM, to no avail. But I did open the coredump: (gdb) bt #0 _int_free (av=av@entry=0x7fcbaccd8b80 , p=p@entry=0x558afb81e0c0, have_lock=, have_lock@entry=1) at malloc.c:4341 #1 0x7fcbacb84f22 in _int_realloc (av=av@entry=0x7fcbaccd8b80 , oldp=oldp@entry=0x558afb81e070, oldsize=oldsize@entry=8208, nb=80) at malloc.c:4644 #2 0x7fcbacb86fb6 in __GI___libc_realloc (oldmem=0x558afb81e080, bytes=64) at malloc.c:3226 #3 0x7fcbacb77748 in _IO_mem_finish (fp=0x558afb805e80, dummy=) at memstream.c:131 #4 0x7fcbacb6de41 in _IO_new_fclose (fp=fp@entry=0x558afb805e80) at libioP.h:948 #5 0x7fcbacc03ddb in __vsyslog_internal (pri=, fmt=0x558afa13ac80 "%.500s", ap=0x7ffd8170e5c0, mode_flags=2) at ../misc/syslog.c:237 #6 0x7fcbacc04363 in __syslog_chk (pri=pri@entry=7, flag=flag@entry=1, fmt=fmt@entry=0x558afa13ac80 "%.500s") at ../misc/syslog.c:136 #7 0x558afa0f8b78 in syslog (__fmt=0x558afa13ac80 "%.500s", __pri=7) at /usr/include/x86_64-linux-gnu/bits/syslog.h:31 #8 do_log (level=level@entry=SYSLOG_LEVEL_DEBUG1, fmt=, args=args@entry=0x7ffd8170ef00) at ../../log.c:476 #9 0x558afa0f8ff8 in debug (fmt=) at ../../log.c:229 #10 0x558afa0ae3fe in server_accept_loop (config_s=0x7ffd8170f050, newsock=, sock_out=, sock_in=) at ../../sshd.c:1338 #11 main (ac=, av=) at ../../sshd.c:2040 This stack trace is a bit intriguing. It's realloc that is crashing, way too deep into glibc. It seems to point at some weird interaction between your setup and the memory management involved in syslog. I spent time trying to find upstream bugs to see if there was anything remotely similar, but couldn't find anything either. Can you provide more details on the setup you're using to reproduce the problem? For example, are you using a VM, a container, bare metal? How many (v)CPUs? What about memory? If it's a container/VM, what's the underlying host? Also, since you can reproduce the issue pretty reliably, could you perhaps check if the same crash happens on Jammy? Thank you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2043114 Title: sshd segmentation fault on 20.04.6 (focal) Status in openssh package in Ubuntu: Confirmed Bug description: We have a physical server running Ubuntu 20.04.6 LTS (amd64) and openssh-server 1:8.2p1-4ubuntu0.9. Sometimes sshd crashes with a segmentation fault on remote login with key authentication: [193107.651745] sshd[1229630]: segfault at 5557eba6a008 ip 7f2326a2ca53 sp 7ffcba40c510 error 4 in libc-2.31.so[7f23269b8000+178000] We’ve changed only the following values in the stock sshd_config file: LogLevel DEBUG PasswordAuthentication no MaxStartups 100:30:100 The server is used for automated software testing, and sometimes our test suite might make a large amount of SSH connections in a short period of time, which seems to be correlated with the crashes. But at the same time, I have to note that the connection count was not near the MaxStartups limit, and we’ve had crashes before adding that setting. Since the backtrace shows the debug logging function in the stack, we’re currently experimenting with using `LogLevel INFO` to try and isolate the issue. I am attaching the backtrace. I could provide the full dump file, although I am hesitant due to the possibility of private keys or other sensitive information leaking. # apt-cache policy openssh-server openssh-server: Installed: 1:8.2p1-4ubuntu0.9 Candidate: 1:8.2p1-4ubuntu0.9 Version table: *** 1:8.2p1-4ubuntu0.9 500 500 http://mirrors.storpool.com/ubuntu/archive focal-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 100 /var/lib/dpkg/status 1:8.2p1-4 500 500 http://mirrors.storpool.com/ubuntu/archive focal/main amd64 Packages --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu27.27 Architecture: amd64 CasperMD5CheckResult: skip DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.9 PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 5.4.0-128.144-generic 5.4.210 Tags: focal Uname: Linux 5.4.0-128-generic x86_64 UpgradeStatus: Upgraded to focal on 2021-01-13 (1030 days ago) UserGroups: N/A _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2043114/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2041396] Re: gdb 12.1 generates SIGILL on armhf
After several hours trying to obtain access to an ARM64 machine where I could test the fix, vorlon kindly provided me with credentials to a machine that's capable of launching an armhf container. I could reproduce the bug: # gdb -q ./a.out -ex 'b 3' -ex r -ex c Reading symbols from ./a.out... Breakpoint 1, thumb_func () at 1.c:3 3 return 42; Continuing. Program received signal SIGILL, Illegal instruction. 0x00401004 in ?? () ... And also verify that Liu's package fixes the problem: # gdb -q ./a.out -ex 'b 3' -ex r -ex c Reading symbols from ./a.out... Breakpoint 1 at 0x4d8: file 1.c, line 3. Starting program: /root/a.out [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1". Breakpoint 1, thumb_func () at 1.c:3 3 return 42; Continuing. [Inferior 1 (process 2666) exited with code 052] Therefore, I sponsored the upload for him. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdb in Ubuntu. https://bugs.launchpad.net/bugs/2041396 Title: gdb 12.1 generates SIGILL on armhf Status in gdb: Fix Released Status in gdb package in Ubuntu: New Status in gdb source package in Jammy: New Bug description: [ Impact ] * GDB 12.1 introduced a regression where it will break program execution when the program contains mixed ARM code and THUMB code. * Upstream stated they tested the changes on Ubuntu 20.04 and it went okay. [ Test Plan ] Considering the following C program: ``` __attribute__((target("arm"), noinline)) int thumb_func() { return 42; } __attribute__((target("thumb"))) int main() { return thumb_func(); } ``` If you build it using `gcc repro.c -ggdb3 -Og -o repro` and run the GDB using the following commands ... ``` b 3 r c ``` (you can save the contents above to a file and run GDB using `gdb -x script ./repro`) ... you will notice GDB broke the program and threw SIGILL. If you run the program without GDB, the program exits normally. [ Where problems could occur ] * GDB is a complex software. As the patch suggests, it may break other use cases (like single-stepping) entirely. * Since this is an ARM-only patch, it's unlikely to affect other CPU architectures. However, it is possible that this fix may break ARM64 execution. [ Other Info ] * This bug has been fixed in GDB 13, but the fix was never backported to GDB 12. You can find the upstream bug in the remote bug watch. To manage notifications about this bug go to: https://bugs.launchpad.net/gdb/+bug/2041396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2041396] Re: gdb 12.1 generates SIGILL on armhf
** Merge proposal linked: https://code.launchpad.net/~liushuyu-011/ubuntu/+source/gdb/+git/gdb/+merge/454654 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdb in Ubuntu. https://bugs.launchpad.net/bugs/2041396 Title: gdb 12.1 generates SIGILL on armhf Status in gdb: Fix Released Status in gdb package in Ubuntu: New Status in gdb source package in Jammy: New Bug description: [ Impact ] * GDB 12.1 introduced a regression where it will break program execution when the program contains mixed ARM code and THUMB code. * Upstream stated they tested the changes on Ubuntu 20.04 and it went okay. [ Test Plan ] Considering the following C program: ``` __attribute__((target("arm"), noinline)) int thumb_func() { return 42; } __attribute__((target("thumb"))) int main() { return thumb_func(); } ``` If you build it using `gcc repro.c -ggdb3 -Og -o repro` and run the GDB using the following commands ... ``` b 3 r c ``` (you can save the contents above to a file and run GDB using `gdb -x script ./repro`) ... you will notice GDB broke the program and threw SIGILL. If you run the program without GDB, the program exits normally. [ Where problems could occur ] * GDB is a complex software. As the patch suggests, it may break other use cases (like single-stepping) entirely. * Since this is an ARM-only patch, it's unlikely to affect other CPU architectures. However, it is possible that this fix may break ARM64 execution. [ Other Info ] * This bug has been fixed in GDB 13, but the fix was never backported to GDB 12. You can find the upstream bug in the remote bug watch. To manage notifications about this bug go to: https://bugs.launchpad.net/gdb/+bug/2041396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add u
[Touch-packages] [Bug 1994165] Re: CMS_final: do not ignore CMS_dataFinal result
Ah, I noticed that this is part of a big SRU that's being completed on bug #2033422. Just leaving a comment here for the record. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1994165 Title: CMS_final: do not ignore CMS_dataFinal result Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: Won't Fix Status in openssl source package in Lunar: Fix Released Bug description: === SRU information === [Meta] This bug is part of a series of four bugs for a single SRU. The "central" bug with the global information and debdiff is http://pad.lv/2033422 [Impact] S/MIME signature can fail silently The commit by upstream propagates the return code of some functions rather than ignore it. [Test plan] This issue is not very simple to reproduce because "openssl cms" cannot be used to do so. This has to be done with the openssl API instead. At least the bug reportere here and the one on openssl's bug tracker have confirmed the patch solves the issue. Additionally, the bug reporter here has tested the PPA that contains the patche and validated it. Finally, I read through the patch attentively. [Where problems could occur] At this point it is unlikely an error would appear. The openssl bug tracker mentions nothing related to this patch which landed more than a year ago. The patch is simple and doesn't change the code logic. [Patches] The patches come directly from upstream and apply cleanly. https://github.com/openssl/openssl/pull/18876 * https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-sru-0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0 * https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-sru-0002-Handle-SMIME_crlf_copy-return-code.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0 === Original description === https://github.com/openssl/openssl/pull/18876 The CMS_dataFinal result is important as signature may fail, however, it is ignored while returning success from CMS_final. Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)" Thanks Upstream commit: ``` commit 67c0460b89cc1b0644a1a59af78284dfd8d720af Author: Alon Bar-Lev Date: Tue Jul 26 15:17:06 2022 +0300 Handle SMIME_crlf_copy return code Currently the SMIME_crlf_copy result is ignored in all usages. It does return failure when memory allocation fails. This patch handles the SMIME_crlf_copy return code in all occurrences. Signed-off-by: Alon Bar-Lev Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18876) ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1994165/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy
Ah, I noticed that this is part of a big SRU that's being completed on bug #2033422. Just leaving a comment here for the record. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1990216 Title: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: In Progress Status in openssl source package in Lunar: Fix Released Bug description: === SRU information === [Meta] This bug is part of a series of four bugs for a single SRU. The "central" bug with the global information and debdiff is http://pad.lv/2033422 [Impact] Decryption for Blowfish with OFB and CFB modes fails due to using a key shorter than expected by default. Encryption will also use a key shorter than expected. Exchange of encrypted data from/to Jammy using BF OFB/CFB will therefore lead to decryption issues. [Test plan] On Focal, run the following and copy the output to your clipboard for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do echo "Test with ${cipher}" | openssl enc -${cipher} -k test -pbkdf2 -out "pouet.${cipher}"; done tar c pouet.bf-* | xz | base64 -w 60 You can also run this on Lunar or Mantic if you add "-provider legacy -provider default" to the "openssl enc" invocation. On Jammy, run the following and paste your clipboard base64 -d | xz -d | tar x for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do openssl enc -d -provider legacy -provider default -${cipher} -k test -pbkdf2 -d -in "pouet.${cipher}"; done Only "Test with bf-cbc" and "Test with bf-ecb" will be properly decrypted: the other two will result in garbage on screen. Here is the result of the enc + tar + xz + base64 on Focal (works with Lunar/Mantic too but you need to added ): /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARBdADgbyxDlZ/1Xd7bAmZw7 8pbqQTu5j8StVybo1p1B2ydBc5VcodF6fu0hEp801tvirgSFNMSAHk5HMN/w hCgU1BIr/nK51g3A3Lkdv7QNbaUw2ux1AmO/MpCLKLffCB9ElFZH4tuOS5AR m9CJMzi6LQOw9wytGKm2IK3Ph7WpU6JQ/3HJilffQwHbFLnukiWGpLNO5v0O D/4AJikrU9iemfChT0jXDbIRZ8a8VpVhJqu0u6eYOheVTqmSRiHHpIC/p1VA ecFb0mACF/TQhjxcMUWGSGO/mtof+VaLiyg0KB87GKlChfwXTEvgbNuP9hmu GL64VhX568Oy9EakSxlcXiIRk14kJKv0MdHQqY1R22wAACzqSr/nzpwqAAGs AoBQAACjzq5WscRn+wIABFla Here is the same but from Jammy if you want to test encryption on Jammy and decryption on Lunar/Mantic: /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARFdADgbyxDlZ/1Xd7bAmZw7 8pbqQTu5j8StVybo1p1B2ydBc1zK4HR2g3CiLJet+R++nZy/gph6RscQ6hI3 HySjdDOFRfjIVttiNK3DvRsZb37r8SXkj/JCYWicZGjWPZxVE3OAZhEed5qe jrFv871QAbm4jVGD4oIc4cOb5V/xDN7KWgwEzpWQy6+tcfPm3KLPQvULx56N 2qQf60hP//p5EXS3RpCitUsrGUoYzTynjOUIRy2yCmgZDh62RmchUshyWePa k0nEYlDbl5/dSHXbWEWESqW+QDj136MZRwQRY+QC4MvLXg2Bo8H+Dl/xvNDF /5J4layZdFlh76lWOtFRVoIbX6JtpAP34g4zx1422GSNAABRzyqPdCqX 1AABrQKAUAAABh3ynbHEZ/sCAARZWg== The contents are expected to be different due to the use of randomness. Don't try to compare the base64 outputs: I'm only using them to ease testing across containers. [Where problems could occur] This patch makes openssl match the documented default (see "man openssl-enc" and search for "Blowfish" for instance) and fixes decryption from an up-to-date Jammy to pretty much everything else, but it also create an issue for data encrypted on Jammy without this patch and Jammy with this patch. There are two possible cases: encrypted data being streamed across this boundary or data at rest being transferred or read later. Streaming is probably not an issue in practice because it's rather the current situation that has been an issue and it's easy to remedy by updating everything (which is relatively few machines since that's only Jammy and not any other OS or distribution). Data at rest is more annoying since updating Jammy will make it impossible to read the data again without updates to other pieces of software. That sounds like a really bad thing and it kind of is but at the same, the benefits are much larger than the issues. Indeed, there is already an incompatibility at the moment between Jammy and everything else and the more time passes by, the more such problematic files can be created. Luckily very few people are using blowfish nowadays and it's not even enabled by default anymore in openssl. Moreover the software update to work around the issue should be a single API call which is documented in the upstream bug report ( https://github.com/openssl/openssl/issues/18359 ). Finally, I have warned the two projects that I am aware are impacted; this is made easier by the fact that they encountered the initial incompatibility. [Patches] The patches come directly from upstream and apply cleanl
[Touch-packages] [Bug 2033422] Re: openssl: backport to jammy "clear method store / query cache confusion"
Thanks for the contribution, Adrien. I find the naming scheme you chose for the patches a bit confusing. For example, you're using the prefix "jammy-sru-0001-" on several patches that are actually not strictly related. You also don't mention any patch explicitly in the d/changelog entry, which forces the reader to open d/p/series and look at the comments there. Moreover, the patches are missing DEP-3 headers (which, in this case, would be very useful when trying to understand the context when looking at a single patch). Could you please address the concerns above before we proceed with the upload? Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2033422 Title: openssl: backport to jammy "clear method store / query cache confusion" Status in openssl package in Ubuntu: New Status in openssl source package in Jammy: In Progress Status in openssl source package in Lunar: Fix Released Bug description: === SRU information === [Meta] This bug is part of a series of four bugs for a single SRU. This ( #2033422 ) is the "central" bug with the global information and debdiff. This SRU addresses four issues with Jammy's openssl version: - http://pad.lv/1990216: Blowfish OFB/CFB decryption - http://pad.lv/1994165: ignored SMIME signature errors - http://pad.lv/2023545: imbca engine dumps core - http://pad.lv/2033422: very high CPU usage for concurrent TLS connections The SRU information has been added to the four bug reports and I am attaching the debdiff here only for all four. All the patches have been included in subsequent openssl 3.0.x releases which in turn have been included in subsequent Ubuntu releases. There has been no report of issues when updating to these Ubuntu releases. I have rebuilt the openssl versions and used abi-compliance-checker to compare the ABIs of the libraries in jammy and the one for the SRU. Both matched completely (FYI, mantic's matched completely too). The patch related to blowfish presents an annoying situation: jammy's openssl creates incompatible files and cannot read other files but fixing it will lead to files created on jammy so far to become unreadable. Fortunately, blowfish is long-deprecated and applications can be improved to handle this situation if the need arises in practice. This is stated in the SRU information in the bug and in d/changelog. The current situation in Jammy could be a security issue but due to the aforementioned deprecation, the low usage of blowfish and the fact that upstream didn't consider this worthy of a security notice, we (this includes the security team) chose not to pursue that path either. I have also pushed the code to git (without any attempt to make it git-ubuntu friendly). https://code.launchpad.net/~adrien-n/ubuntu/+source/openssl/+git/openssl/+ref/jammy- sru I asked Brian Murray about phasing speed and he concurs a slow roll-out is probably better for openssl. There is a small uncertainty because a security update could come before the phasing is over, effectively fast-forwarding the SRU. Still, unless there is already a current pre-advisory, this is probably better than a 10% phasing which is over after only a couple days anyway. NB: at the moment openssl doesn't phase slowly so this needs to be implemented. [Impact] Severely degraded performance for concurrent operations compared to openssl 1.1. The performance is so degraded that some workloads fail due to timeouts or insufficient resources (noone magically has 5 times more machines). As a consequence, a number of people use openssl 1.1 instead and do not get security updates. [Test plan] Rafael Lopez has shared a simple benchmarks in http://pad.lv/2009544 with https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2009544/+attachment/5690224/+files/main.py . Using this, I get the following numbers on my laptop: 3.0.2: real 2m5.567s user 4m3.948s sys 2m0.233s this SRU: real 0m23.966s user 2m35.687s sys 0m1.920s As can be easily seen, the speed-up is massive: system time is divided by 60 and overall wall clock time is roughly five times lower. In http://pad.lv/2009544 , Rafael also shared his performance numbers and they are relatable to these. He used slightly different versions (upstreams rather than patched with cherry-picks) but at least one of the version used does not include other performance change. He also used different hardware and this performance issue seems to depend on the number of CPUs available but also obtained a performance several times better. Results on a given machine vary also very little across runs (less than 2% variation on runs of size 10). They are also very similar on a Raspberry Pi 4 (8GB). The benchmark uses https://www.google.com/humans.txt w
[Touch-packages] [Bug 1994165] Re: CMS_final: do not ignore CMS_dataFinal result
Hello, ubuntu-sponsors is subscribed to this bug but I couldn't find anything actionable. I'm unsubscribing ubuntu-sponsors; feel free to subscribe it again if there's anything that needs sponsoring. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1994165 Title: CMS_final: do not ignore CMS_dataFinal result Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: In Progress Status in openssl source package in Kinetic: Won't Fix Status in openssl source package in Lunar: Fix Released Bug description: === SRU information === [Meta] This bug is part of a series of four bugs for a single SRU. The "central" bug with the global information and debdiff is http://pad.lv/2033422 [Impact] S/MIME signature can fail silently The commit by upstream propagates the return code of some functions rather than ignore it. [Test plan] This issue is not very simple to reproduce because "openssl cms" cannot be used to do so. This has to be done with the openssl API instead. At least the bug reportere here and the one on openssl's bug tracker have confirmed the patch solves the issue. Additionally, the bug reporter here has tested the PPA that contains the patche and validated it. Finally, I read through the patch attentively. [Where problems could occur] At this point it is unlikely an error would appear. The openssl bug tracker mentions nothing related to this patch which landed more than a year ago. The patch is simple and doesn't change the code logic. [Patches] The patches come directly from upstream and apply cleanly. https://github.com/openssl/openssl/pull/18876 * https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-sru-0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0 * https://git.launchpad.net/~adrien-n/ubuntu/+source/openssl/tree/debian/patches/jammy-sru-0002-Handle-SMIME_crlf_copy-return-code.patch?h=jammy-sru&id=04ef023920ab08fba214817523fba897527dfff0 === Original description === https://github.com/openssl/openssl/pull/18876 The CMS_dataFinal result is important as signature may fail, however, it is ignored while returning success from CMS_final. Please add this fix to The openssl 3.0.2 "Jammy Jellyfish (supported)" Thanks Upstream commit: ``` commit 67c0460b89cc1b0644a1a59af78284dfd8d720af Author: Alon Bar-Lev Date: Tue Jul 26 15:17:06 2022 +0300 Handle SMIME_crlf_copy return code Currently the SMIME_crlf_copy result is ignored in all usages. It does return failure when memory allocation fails. This patch handles the SMIME_crlf_copy return code in all occurrences. Signed-off-by: Alon Bar-Lev Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/18876) ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1994165/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1990216] Re: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy
Hello, ubuntu-sponsors is subscribed to this bug but I couldn't find anything actionable. I'm unsubscribing ubuntu-sponsors; feel free to subscribe it again if there's anything that needs sponsoring. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1990216 Title: backport fix for "OpenSSL 3 cannot decrypt data encrypted with OpenSSL 1.1 with blowfish in OFB or CFB modes" to Jammy Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Jammy: In Progress Status in openssl source package in Lunar: Fix Released Bug description: === SRU information === [Meta] This bug is part of a series of four bugs for a single SRU. The "central" bug with the global information and debdiff is http://pad.lv/2033422 [Impact] Decryption for Blowfish with OFB and CFB modes fails due to using a key shorter than expected by default. Encryption will also use a key shorter than expected. Exchange of encrypted data from/to Jammy using BF OFB/CFB will therefore lead to decryption issues. [Test plan] On Focal, run the following and copy the output to your clipboard for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do echo "Test with ${cipher}" | openssl enc -${cipher} -k test -pbkdf2 -out "pouet.${cipher}"; done tar c pouet.bf-* | xz | base64 -w 60 You can also run this on Lunar or Mantic if you add "-provider legacy -provider default" to the "openssl enc" invocation. On Jammy, run the following and paste your clipboard base64 -d | xz -d | tar x for cipher in bf-cbc bf-cfb bf-ecb bf-ofb; do openssl enc -d -provider legacy -provider default -${cipher} -k test -pbkdf2 -d -in "pouet.${cipher}"; done Only "Test with bf-cbc" and "Test with bf-ecb" will be properly decrypted: the other two will result in garbage on screen. Here is the result of the enc + tar + xz + base64 on Focal (works with Lunar/Mantic too but you need to added ): /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARBdADgbyxDlZ/1Xd7bAmZw7 8pbqQTu5j8StVybo1p1B2ydBc5VcodF6fu0hEp801tvirgSFNMSAHk5HMN/w hCgU1BIr/nK51g3A3Lkdv7QNbaUw2ux1AmO/MpCLKLffCB9ElFZH4tuOS5AR m9CJMzi6LQOw9wytGKm2IK3Ph7WpU6JQ/3HJilffQwHbFLnukiWGpLNO5v0O D/4AJikrU9iemfChT0jXDbIRZ8a8VpVhJqu0u6eYOheVTqmSRiHHpIC/p1VA ecFb0mACF/TQhjxcMUWGSGO/mtof+VaLiyg0KB87GKlChfwXTEvgbNuP9hmu GL64VhX568Oy9EakSxlcXiIRk14kJKv0MdHQqY1R22wAACzqSr/nzpwqAAGs AoBQAACjzq5WscRn+wIABFla Here is the same but from Jammy if you want to test encryption on Jammy and decryption on Lunar/Mantic: /Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4Cf/ARFdADgbyxDlZ/1Xd7bAmZw7 8pbqQTu5j8StVybo1p1B2ydBc1zK4HR2g3CiLJet+R++nZy/gph6RscQ6hI3 HySjdDOFRfjIVttiNK3DvRsZb37r8SXkj/JCYWicZGjWPZxVE3OAZhEed5qe jrFv871QAbm4jVGD4oIc4cOb5V/xDN7KWgwEzpWQy6+tcfPm3KLPQvULx56N 2qQf60hP//p5EXS3RpCitUsrGUoYzTynjOUIRy2yCmgZDh62RmchUshyWePa k0nEYlDbl5/dSHXbWEWESqW+QDj136MZRwQRY+QC4MvLXg2Bo8H+Dl/xvNDF /5J4layZdFlh76lWOtFRVoIbX6JtpAP34g4zx1422GSNAABRzyqPdCqX 1AABrQKAUAAABh3ynbHEZ/sCAARZWg== The contents are expected to be different due to the use of randomness. Don't try to compare the base64 outputs: I'm only using them to ease testing across containers. [Where problems could occur] This patch makes openssl match the documented default (see "man openssl-enc" and search for "Blowfish" for instance) and fixes decryption from an up-to-date Jammy to pretty much everything else, but it also create an issue for data encrypted on Jammy without this patch and Jammy with this patch. There are two possible cases: encrypted data being streamed across this boundary or data at rest being transferred or read later. Streaming is probably not an issue in practice because it's rather the current situation that has been an issue and it's easy to remedy by updating everything (which is relatively few machines since that's only Jammy and not any other OS or distribution). Data at rest is more annoying since updating Jammy will make it impossible to read the data again without updates to other pieces of software. That sounds like a really bad thing and it kind of is but at the same, the benefits are much larger than the issues. Indeed, there is already an incompatibility at the moment between Jammy and everything else and the more time passes by, the more such problematic files can be created. Luckily very few people are using blowfish nowadays and it's not even enabled by default anymore in openssl. Moreover the software update to work around the issue should be a single API call which is documented in the upstream bug report ( https://github.com/openssl/openssl/issues/18359 ). Finally, I have warned the two projects that I am aware are impacted; this is made easier by the fact that they encountered the initial incompa
[Touch-packages] [Bug 2026757] Re: dnsmasq on Ubuntu Jammy/Lunar crashes on neutron-dhcp-agent updates
Hi, I'm marking the status of this bug to Incomplete to reflect the fact that we're waiting for information from the reporter. @yatin, please let me know when you are able to give my PPA a try. Thanks. ** Changed in: dnsmasq (Ubuntu Jammy) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2026757 Title: dnsmasq on Ubuntu Jammy/Lunar crashes on neutron-dhcp-agent updates Status in Ironic: New Status in neutron: New Status in dnsmasq package in Ubuntu: Invalid Status in dnsmasq source package in Jammy: Incomplete Status in dnsmasq source package in Kinetic: Won't Fix Status in dnsmasq source package in Lunar: Invalid Status in dnsmasq source package in Mantic: Invalid Bug description: The Ironic project's CI has been having major blocking issues moving to utilizing Ubuntu Jammy and with some investigation we were able to isolate the issues down to the dhcp updates causing dnsmasq to crash on Ubuntu Jammy, which ships with dnsmasq 2.86. This issue sounds similar to an issue known about to the dnsmasq maintainers, where dnsmasq would crash with updates occurring due to configuration refresh[0]. This resulted in us upgrading dnsmasq to the version which ships with Ubuntu Lunar. Which was no better. Dnsmasq still crashed upon record updates for addresses and ports getting configuration added/changed/removed. We later downgraded to the version of dnsmasq shipped in Ubuntu Focal, and dnsmasq stopped crashing and appeared stable enough to utilize for CI purposes. ** Kernel log from Ubuntu Jammy Package ** [229798.876726] dnsmasq[81586]: segfault at 7c28 ip 7f6e8313147e sp 7fffb3d6f830 error 4 in libc.so.6[7f6e830b4000+195000] [229798.876745] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [229805.444912] dnsmasq[401428]: segfault at dce8 ip 7fe63bf6a47e sp 7ffdb105b440 error 4 in libc.so.6[7fe63beed000+195000] [229805.444933] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [230414.213448] dnsmasq[401538]: segfault at 78b8 ip 7f12160e447e sp 7ffed6ef2190 error 4 in libc.so.6[7f1216067000+195000] [230414.213467] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [230465.098989] dnsmasq[402665]: segfault at c378 ip 7f81458f047e sp 7fff0db334a0 error 4 in libc.so.6[7f8145873000+195000] [230465.099005] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [231787.247374] dnsmasq[402863]: segfault at 7318 ip 7f3940b9147e sp 7ffc8df4f010 error 4 in libc.so.6[7f3940b14000+195000] [231787.247392] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [231844.886399] dnsmasq[405182]: segfault at dc58 ip 7f32a29e147e sp 7ffddedd7480 error 4 in libc.so.6[7f32a2964000+195000] [231844.886420] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [234692.482154] dnsmasq[405289]: segfault at 67d8 ip 7fab0c5c447e sp 7fffd6fd8fa0 error 4 in libc.so.6[7fab0c547000+195000] [234692.482173] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a ** Kernel log entries from Ubuntu Lunar package ** [234724.842339] dnsmasq[409843]: segfault at fffd ip 7f35a147647e sp 7ffd536038c0 error 5 in libc.so.6[7f35a13f9000+195000] [234724.842368] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [234784.918116] dnsmasq[410019]: segfault at fffd ip 7f634233947e sp 7fff33877f20 error 5 in libc.so.6[7f63422bc000+195000] [234784.918133] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17
[Touch-packages] [Bug 2033325] Re: systemd fails to set unit as inactive when using socket activation and the main process has exited
** No longer affects: libvirt (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2033325 Title: systemd fails to set unit as inactive when using socket activation and the main process has exited Status in systemd: Fix Released Status in systemd package in Ubuntu: Fix Released Bug description: systemd 253.5 on Mantic is affected by a bug which makes it fail to mark a unit as inactive even when its main process exited (when using socket activation). This is affecting libvirt and possibly other services. Upstream has a bug: https://github.com/systemd/systemd/issues/27953 which has been fixed by: https://github.com/systemd/systemd/pull/28000 To reproduce the problem: $ lxc launch ubuntu-daily:mantic libvirt-hang --vm $ lxc shell libvirt-hang # apt update && apt upgrade -y # apt install -y libvirt-daemon-system # systemctl status libvirtd.service You'll notice that there is a libvirt process running: ... CGroup: /system.slice/libvirtd.service ├─ 870 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper ├─ 871 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper └─1020 /usr/sbin/libvirtd --timeout 120 ... Wait for two minutes (or edit /etc/default/libvirtd and reduce the timeout), then check the status again. You'll notice that the libvirtd process has exited, but the unit is still marked as active: root@libvirt-hang:~# systemctl status libvirtd.service ● libvirtd.service - Virtualization daemon Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; preset: enabled) Active: active (running) since Mon 2023-08-28 23:06:23 UTC; 57s ago TriggeredBy: ● libvirtd-admin.socket ● libvirtd.socket ● libvirtd-ro.socket Docs: man:libvirtd(8) https://libvirt.org Process: 1020 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS) Main PID: 1020 (code=exited, status=0/SUCCESS) Tasks: 2 (limit: 32768) Memory: 22.4M CPU: 161ms CGroup: /system.slice/libvirtd.service ├─870 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper └─871 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper ... libvirtd.service is socket-activated, but the fact that it is still considered to be active after the main process exited means that the socket won't be actively listening, and you end up seeing libvirt-related commands hang indefinitely, effectively rendering libvirt useless until you manually restart the service. To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/2033325/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2033325] [NEW] systemd fails to set unit as inactive when using socket activation and the main process has exited
Public bug reported: systemd 253.5 on Mantic is affected by a bug which makes it fail to mark a unit as inactive even when its main process exited (when using socket activation). This is affecting libvirt and possibly other services. Upstream has a bug: https://github.com/systemd/systemd/issues/27953 which has been fixed by: https://github.com/systemd/systemd/pull/28000 To reproduce the problem: $ lxc launch ubuntu-daily:mantic libvirt-hang --vm $ lxc shell libvirt-hang # apt update && apt upgrade -y # apt install -y libvirt-daemon-system # systemctl status libvirtd.service You'll notice that there is a libvirt process running: ... CGroup: /system.slice/libvirtd.service ├─ 870 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper ├─ 871 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper └─1020 /usr/sbin/libvirtd --timeout 120 ... Wait for two minutes (or edit /etc/default/libvirtd and reduce the timeout), then check the status again. You'll notice that the libvirtd process has exited, but the unit is still marked as active: root@libvirt-hang:~# systemctl status libvirtd.service ● libvirtd.service - Virtualization daemon Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; preset: enabled) Active: active (running) since Mon 2023-08-28 23:06:23 UTC; 57s ago TriggeredBy: ● libvirtd-admin.socket ● libvirtd.socket ● libvirtd-ro.socket Docs: man:libvirtd(8) https://libvirt.org Process: 1020 ExecStart=/usr/sbin/libvirtd $LIBVIRTD_ARGS (code=exited, status=0/SUCCESS) Main PID: 1020 (code=exited, status=0/SUCCESS) Tasks: 2 (limit: 32768) Memory: 22.4M CPU: 161ms CGroup: /system.slice/libvirtd.service ├─870 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper └─871 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper ... libvirtd.service is socket-activated, but the fact that it is still considered to be active after the main process exited means that the socket won't be actively listening, and you end up seeing libvirt-related commands hang indefinitely, effectively rendering libvirt useless until you manually restart the service. ** Affects: systemd Importance: Unknown Status: Fix Released ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Affects: systemd (Ubuntu) Importance: Critical Status: New ** Bug watch added: github.com/systemd/systemd/issues #27953 https://github.com/systemd/systemd/issues/27953 ** Also affects: systemd via https://github.com/systemd/systemd/issues/27953 Importance: Unknown Status: Unknown ** Also affects: libvirt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2033325 Title: systemd fails to set unit as inactive when using socket activation and the main process has exited Status in systemd: Fix Released Status in libvirt package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: systemd 253.5 on Mantic is affected by a bug which makes it fail to mark a unit as inactive even when its main process exited (when using socket activation). This is affecting libvirt and possibly other services. Upstream has a bug: https://github.com/systemd/systemd/issues/27953 which has been fixed by: https://github.com/systemd/systemd/pull/28000 To reproduce the problem: $ lxc launch ubuntu-daily:mantic libvirt-hang --vm $ lxc shell libvirt-hang # apt update && apt upgrade -y # apt install -y libvirt-daemon-system # systemctl status libvirtd.service You'll notice that there is a libvirt process running: ... CGroup: /system.slice/libvirtd.service ├─ 870 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper ├─ 871 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper └─1020 /usr/sbin/libvirtd --timeout 120 ... Wait for two minutes (or edit /etc/default/libvirtd and reduce the timeout), then check the status again. You'll notice that the libvirtd process has exited, but the unit is still marked as active: root@libvirt-hang:~# systemctl status libvirtd.service ● libvirtd.service - Virtualization daemon Loaded: loaded (/lib/systemd/system/libvi
[Touch-packages] [Bug 2016252] Re: qemu-system-x86_64 crashes inside systemd autopkgtest (nested VM)
Spoke too soon: that commit is already present in qemu 8.0, of course. The rest of what I wrote still applies, though: I need to see if I can reproduce the failure here. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2016252 Title: qemu-system-x86_64 crashes inside systemd autopkgtest (nested VM) Status in qemu package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: Systemd package has autopkgtests the upstream-2 test cases use upstream systemd testsuite, i.e. make -C str/test/TEST-70-TPM2 setup run it launches a nested VM to do quick tests inside it. It appears that qemu-system-x86_64 crashes in such cases: TEST-70-TPM2 RUN: cryptenroll/cryptsetup with TPM2 devices + timeout --foreground 1800 /bin/qemu-system-x86_64 -smp 4 -net none -m 1024M -nographic -vga none -kernel /boot/vmlinuz-6.2.0-1003-lowlatency -drive format=raw,cache=unsafe,file=/var/tmp/systemd-test.G2RH6i/tpm2.img -device virtio-rng-pci,max-bytes=1024,period=1000 -chardev socket,id=chrtpm,path=/tmp/tmp.cRBa43SrLC/sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 -initrd /boot/initrd.img-6.2.0-1003-lowlatency -append 'root=LABEL=systemd_boot rw raid=noautodetect rd.luks=0 loglevel=2 init=/lib/systemd/systemd console=ttyS0 SYSTEMD_UNIT_PATH=/usr/lib/systemd/tests/testdata/testsuite-70.units:/usr/lib/systemd/tests/testdata/units: systemd.unit=testsuite.target systemd.wants=testsuite-70.service oops=panic panic=1 softlockup_panic=1 systemd.wants=end.service' qemu-system-x86_64: ../../util/cacheflush.c:208: init_cache_info: Assertion `(isize & (isize - 1)) == 0' failed. timeout: the monitored command dumped core ..//test-functions: line 377: 152120 Aborted ( set -x; "${qemu_cmd[@]}" "${qemu_options[@]}" -append "${kernel_params[*]}" ) E: qemu failed with exit code 134 The important bit seems to be: qemu-system-x86_64: ../../util/cacheflush.c:208: init_cache_info: Assertion `(isize & (isize - 1)) == 0' failed. Which is an assert inside qemu source code. Is the systemd test suite VM setup doing something wrong, or is there something wrong in qemu? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2016252/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016252] Re: qemu-system-x86_64 crashes inside systemd autopkgtest (nested VM)
The following upstream commit looks interesting: https://github.com/qemu/qemu/commit/00b5032eaddb7193f03f0a28b10286244d2e2a7b I'll see if I can reproduce the issue here, and then check if backporting the commit above makes any difference. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2016252 Title: qemu-system-x86_64 crashes inside systemd autopkgtest (nested VM) Status in qemu package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: Systemd package has autopkgtests the upstream-2 test cases use upstream systemd testsuite, i.e. make -C str/test/TEST-70-TPM2 setup run it launches a nested VM to do quick tests inside it. It appears that qemu-system-x86_64 crashes in such cases: TEST-70-TPM2 RUN: cryptenroll/cryptsetup with TPM2 devices + timeout --foreground 1800 /bin/qemu-system-x86_64 -smp 4 -net none -m 1024M -nographic -vga none -kernel /boot/vmlinuz-6.2.0-1003-lowlatency -drive format=raw,cache=unsafe,file=/var/tmp/systemd-test.G2RH6i/tpm2.img -device virtio-rng-pci,max-bytes=1024,period=1000 -chardev socket,id=chrtpm,path=/tmp/tmp.cRBa43SrLC/sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 -initrd /boot/initrd.img-6.2.0-1003-lowlatency -append 'root=LABEL=systemd_boot rw raid=noautodetect rd.luks=0 loglevel=2 init=/lib/systemd/systemd console=ttyS0 SYSTEMD_UNIT_PATH=/usr/lib/systemd/tests/testdata/testsuite-70.units:/usr/lib/systemd/tests/testdata/units: systemd.unit=testsuite.target systemd.wants=testsuite-70.service oops=panic panic=1 softlockup_panic=1 systemd.wants=end.service' qemu-system-x86_64: ../../util/cacheflush.c:208: init_cache_info: Assertion `(isize & (isize - 1)) == 0' failed. timeout: the monitored command dumped core ..//test-functions: line 377: 152120 Aborted ( set -x; "${qemu_cmd[@]}" "${qemu_options[@]}" -append "${kernel_params[*]}" ) E: qemu failed with exit code 134 The important bit seems to be: qemu-system-x86_64: ../../util/cacheflush.c:208: init_cache_info: Assertion `(isize & (isize - 1)) == 0' failed. Which is an assert inside qemu source code. Is the systemd test suite VM setup doing something wrong, or is there something wrong in qemu? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2016252/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2028721] Re: Merge openldap from Debian experimental for mantic
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/447816 ** Changed in: openldap (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2028721 Title: Merge openldap from Debian experimental for mantic Status in openldap package in Ubuntu: In Progress Bug description: I uploaded version 2.6.5 to Debian experimental yesterday. This bug is a reminder to merge it. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2028721/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2026757] Re: dnsmasq on Ubuntu Jammy/Lunar crashes on neutron-dhcp-agent updates
Hello and thanks for taking the time to report this bug. I read the discussion above and would like to clarify a few things: 1) Does the segfault happen with the dnsmasq package from Lunar/Mantic? I see tasks for both systems added to this bug (and the Mantic one is set as Confirmed), but it's not clear from the messages above whether the failure really happens there. 2) Assuming that the segfault does *not* happen in Lunar/Mantic, I can prepare a PPA with the backported patch from upstream and ask you to test it. 3) If the failure *does* happen in Lunar/Mantic, we will need to investigate it further. FWIW, Kinetic has reached its end of standard support so I will set its task as Won't Fix. Thank you. ** Changed in: dnsmasq (Ubuntu Kinetic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2026757 Title: dnsmasq on Ubuntu Jammy/Lunar crashes on neutron-dhcp-agent updates Status in Ironic: New Status in neutron: New Status in dnsmasq package in Ubuntu: Confirmed Status in dnsmasq source package in Jammy: New Status in dnsmasq source package in Kinetic: Won't Fix Status in dnsmasq source package in Lunar: New Status in dnsmasq source package in Mantic: Confirmed Bug description: The Ironic project's CI has been having major blocking issues moving to utilizing Ubuntu Jammy and with some investigation we were able to isolate the issues down to the dhcp updates causing dnsmasq to crash on Ubuntu Jammy, which ships with dnsmasq 2.86. This issue sounds similar to an issue known about to the dnsmasq maintainers, where dnsmasq would crash with updates occurring due to configuration refresh[0]. This resulted in us upgrading dnsmasq to the version which ships with Ubuntu Lunar. Which was no better. Dnsmasq still crashed upon record updates for addresses and ports getting configuration added/changed/removed. We later downgraded to the version of dnsmasq shipped in Ubuntu Focal, and dnsmasq stopped crashing and appeared stable enough to utilize for CI purposes. ** Kernel log from Ubuntu Jammy Package ** [229798.876726] dnsmasq[81586]: segfault at 7c28 ip 7f6e8313147e sp 7fffb3d6f830 error 4 in libc.so.6[7f6e830b4000+195000] [229798.876745] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [229805.444912] dnsmasq[401428]: segfault at dce8 ip 7fe63bf6a47e sp 7ffdb105b440 error 4 in libc.so.6[7fe63beed000+195000] [229805.444933] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [230414.213448] dnsmasq[401538]: segfault at 78b8 ip 7f12160e447e sp 7ffed6ef2190 error 4 in libc.so.6[7f1216067000+195000] [230414.213467] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [230465.098989] dnsmasq[402665]: segfault at c378 ip 7f81458f047e sp 7fff0db334a0 error 4 in libc.so.6[7f8145873000+195000] [230465.099005] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [231787.247374] dnsmasq[402863]: segfault at 7318 ip 7f3940b9147e sp 7ffc8df4f010 error 4 in libc.so.6[7f3940b14000+195000] [231787.247392] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [231844.886399] dnsmasq[405182]: segfault at dc58 ip 7f32a29e147e sp 7ffddedd7480 error 4 in libc.so.6[7f32a2964000+195000] [231844.886420] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a [234692.482154] dnsmasq[405289]: segfault at 67d8 ip 7fab0c5c447e sp 7fffd6fd8fa0 error 4 in libc.so.6[7fab0c547000+195000] [234692.482173] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e fa 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 39 17 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 18 39 17 00 64 48 83 3a ** Kernel log entries from Ubuntu Lunar package ** [234724.842339] dnsmasq[409843]: segfault at fffd ip 7f35a147647e sp 7ffd536038c0 error 5 in libc.so.6[7f35a13f9000+195000] [234724.842368] Code: 98 13 00 e8 04 b9 ff ff 0f 1f 40 00 f3 0f 1e f
[Touch-packages] [Bug 2028721] [NEW] Merge openldap from Debian experimental for mantic
Public bug reported: I uploaded version 2.6.5 to Debian experimental yesterday. This bug is a reminder to merge it. ** Affects: openldap (Ubuntu) Importance: Undecided Assignee: Sergio Durigan Junior (sergiodj) Status: New ** Tags: needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2028721 Title: Merge openldap from Debian experimental for mantic Status in openldap package in Ubuntu: New Bug description: I uploaded version 2.6.5 to Debian experimental yesterday. This bug is a reminder to merge it. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2028721/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2027079] Re: New upstream microrelease 2.5.15
As is usual with these MREs, the verification phase is considered done when all dep8 tests pass. This is now true for the Jammy upload. Therefore, tagging the bug accordingly. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2027079 Title: New upstream microrelease 2.5.15 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/ZQC6MWMJMETDFWV3UHDKESBFPHHTNO5S/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/d0fbbc3599148e1033218ec097bf5ab5f6236c76/pipelines?ref=OPENLDAP_REL_ENG_2_5_15 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/message/HUNFQO6GJR7CCJAYKMTRXE44ZPHBKKMD/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/676793029/buildlog_ubuntu-jammy-amd64.openldap_2.5.15+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.14+dfsg-0ubuntu0.22.04.2 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2027079/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2019010] Re: environment variable SSH_ORIGINAL_COMMAND on server side set with wrong value
Hello Andrey, This seems to be more of a support question than a bug per se, so I am keeping this bug marked as Expired. There are many places where you can obtain help for the questions you are having; you can take a look at https://www.ubuntu.com/support/community and choose one of the available fora. Thank you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2019010 Title: environment variable SSH_ORIGINAL_COMMAND on server side set with wrong value Status in openssh package in Ubuntu: Expired Bug description: After updating to Ubuntu 23.04 when running scp command environment variable SSH_ORIGINAL_COMMAND on server side is set with SSH_ORIGINAL_COMMAND=/usr/libexec/openssh/sftp-server. With previous version this environment variable was set to "scp -t " or "scp -f " depends on if it was push or get command to copy file from or to remote system SSH_ORIGINAL_COMMAND environment variable is used to validate scp command on server side. System information: lsb_release -rd No LSB modules are available. Description: Ubuntu 23.04 Release: 23.04 apt-cache policy openssh-client openssh-client: Installed: 1:9.0p1-1ubuntu8 Candidate: 1:9.0p1-1ubuntu8 Version table: *** 1:9.0p1-1ubuntu8 500 500 http://us.archive.ubuntu.com/ubuntu lunar/main amd64 Packages 100 /var/lib/dpkg/status To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2019010/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1983618] Re: New upstream microrelease 2.5.13
** Tags removed: needs-mre-backport -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1983618 Title: New upstream microrelease 2.5.13 Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Jammy: Fix Released Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4887/+build/24250107 * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4895 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1983618/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2027079] Re: New upstream microrelease 2.5.15
** Changed in: openldap (Ubuntu) Status: New => Invalid ** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/446555 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2027079 Title: New upstream microrelease 2.5.15 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/ZQC6MWMJMETDFWV3UHDKESBFPHHTNO5S/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/d0fbbc3599148e1033218ec097bf5ab5f6236c76/pipelines?ref=OPENLDAP_REL_ENG_2_5_15 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/message/HUNFQO6GJR7CCJAYKMTRXE44ZPHBKKMD/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/676793029/buildlog_ubuntu-jammy-amd64.openldap_2.5.15+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.14+dfsg-0ubuntu0.22.04.2 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2027079/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2027079] Re: New upstream microrelease 2.5.15
** Description changed: [ Impact ] - * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] - * See the list of bugs fixed in this release here: + * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/ZQC6MWMJMETDFWV3UHDKESBFPHHTNO5S/ [ Test Plan ] - * Upstream gitlab pipeline results: + * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/d0fbbc3599148e1033218ec097bf5ab5f6236c76/pipelines?ref=OPENLDAP_REL_ENG_2_5_15 - * Upstream "call for testing": + * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/message/HUNFQO6GJR7CCJAYKMTRXE44ZPHBKKMD/ - * As described in the MRE wiki page for OpenLDAP, the test plan is to + * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. - * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - - TBD + * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: + - https://launchpadlibrarian.net/676793029/buildlog_ubuntu-jammy-amd64.openldap_2.5.15+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz [ Where problems could occur ] - * Upstream tests are always executed during build-time. There are many + * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for links to previous OpenLDAP + * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. - * CVEs fixed by this release: -- None. + * CVEs fixed by this release: + - None. Current versions in supported releases that got updates: - openldap | 2.5.14+dfsg-0ubuntu0.22.04.2 | jammy-updates | source + openldap | 2.5.14+dfsg-0ubuntu0.22.04.2 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2027079 Title: New upstream microrelease 2.5.15 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/ZQC6MWMJMETDFWV3UHDKESBFPHHTNO5S/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/d0fbbc3599148e1033218ec097bf5ab5f6236c76/pipelines?ref=OPENLDAP_REL_ENG_2_5_15 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/message/HUNFQO6GJR7CCJAYKMTRXE44ZPHBKKMD/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/676793029/buildlog_ubuntu-jammy-amd64.openldap_2.5.15+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current
[Touch-packages] [Bug 2027079] [NEW] New upstream microrelease 2.5.15
Public bug reported: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/ZQC6MWMJMETDFWV3UHDKESBFPHHTNO5S/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/d0fbbc3599148e1033218ec097bf5ab5f6236c76/pipelines?ref=OPENLDAP_REL_ENG_2_5_15 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/message/HUNFQO6GJR7CCJAYKMTRXE44ZPHBKKMD/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.14+dfsg-0ubuntu0.22.04.2 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Jammy) Importance: Undecided Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Tags: server-todo ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Tags added: server-todo ** Changed in: openldap (Ubuntu Jammy) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2027079 Title: New upstream microrelease 2.5.15 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.15. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/ZQC6MWMJMETDFWV3UHDKESBFPHHTNO5S/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/d0fbbc3599148e1033218ec097bf5ab5f6236c76/pipelines?ref=OPENLDAP_REL_ENG_2_5_15 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/message/HUNFQO6GJR7CCJAYKMTRXE44ZPHBKKMD/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.14+dfsg-0ubuntu0.22.04.2 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/
[Touch-packages] [Bug 2020913] Re: /etc/profile.d/debuginfd.{sh, csh} are created with 600 permissions
You're correct, but your message made me look a bit deeper into the issue and made me remember that, for Jammy, installing libdebuginfod- common alone won't configure the system to use our debuginfod service. I would like to turn this bug into a broader "make sure we enable support for debuginfod.ubuntu.com when installing libdebuginfod-common" thing. WDYT (as an SRU team member)? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/2020913 Title: /etc/profile.d/debuginfd.{sh,csh} are created with 600 permissions Status in elfutils package in Ubuntu: Fix Released Status in elfutils source package in Jammy: In Progress Bug description: [ Impact ] Users installing libdebuginfod-common (the package that ships the shell snippets responsible for configuring the DEBUGINFOD_URLS environment variable, which will ultimately be used by GDB to contact the Ubuntu debuginfod service) experience a problem caused by permissions being set too tightly for /etc/profile.d/debuginfod.{sh,csh}. This results in DEBUGINFOD_URLS not being set for non-root users. [ Test Plan ] Inside a Jammy container: # apt install -y libdebuginfod-common # ls -lah /etc/profile.d/debuginfod* Verify that the permission of both files allow them to be world- readable. [ Where problems could occur ] Care has been taken to not modify existing file permissions unnecessarily by using "g+r,o+r" when invoking chmod, but it is still possible to conceive a scenario where upgrading the package would make the files world-readable when the user is actually expecting otherwise. However, such "regression" would arguably not be something supported because if the intention is to prevent non-root users from making use of debuginfod, there are better ways to achieve it. [ Original Description ] In a fresh container, installing libdebuginfod-common gives a /etc/profile.d that looks like this: ``` root@32f34f7e271e:/etc/profile.d# ls -lah total 24K drwxr-xr-x 1 root root 4.0K May 26 17:23 . drwxr-xr-x 1 root root 4.0K May 26 17:23 .. -rw-r--r-- 1 root root 96 Oct 15 2021 01-locale-fix.sh -rw--- 1 root root 677 May 26 17:23 debuginfod.csh -rw--- 1 root root 692 May 26 17:23 debuginfod.sh ``` when I login as a nonprivledged user, DEBUGINFOD_URLS is not set because the permissions are incorrect on the profile files. ``` # dpkg -l | grep libdebug ii libdebuginfod-common0.186-1build1 all configuration to enable the Debian debug info server ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/2020913/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2020913] Re: /etc/profile.d/debuginfd.{sh, csh} are created with 600 permissions
** Description changed: + [ Impact ] + + Users installing libdebuginfod-common (the package that ships the shell + snippets responsible for configuring the DEBUGINFOD_URLS environment + variable, which will ultimately be used by GDB to contact the Ubuntu + debuginfod service) experience a problem caused by permissions being set + too tightly for /etc/profile.d/debuginfod.{sh,csh}. This results in + DEBUGINFOD_URLS not being set for non-root users. + + [ Test Plan ] + + Inside a Jammy container: + + # apt install -y libdebuginfod-common + # ls -lah /etc/profile.d/debuginfod* + + Verify that the permission of both files allow them to be world- + readable. + + [ Where problems could occur ] + + Care has been taken to not modify existing file permissions + unnecessarily by using "g+r,o+r" when invoking chmod, but it is still + possible to conceive a scenario where upgrading the package would make + the files world-readable when the user is actually expecting otherwise. + However, such "regression" would arguably not be something supported + because if the intention is to prevent non-root users from making use of + debuginfod, there are better ways to achieve it. + + [ Original Description ] + In a fresh container, installing libdebuginfod-common gives a /etc/profile.d that looks like this: ``` root@32f34f7e271e:/etc/profile.d# ls -lah total 24K drwxr-xr-x 1 root root 4.0K May 26 17:23 . drwxr-xr-x 1 root root 4.0K May 26 17:23 .. -rw-r--r-- 1 root root 96 Oct 15 2021 01-locale-fix.sh -rw--- 1 root root 677 May 26 17:23 debuginfod.csh -rw--- 1 root root 692 May 26 17:23 debuginfod.sh ``` when I login as a nonprivledged user, DEBUGINFOD_URLS is not set because the permissions are incorrect on the profile files. ``` # dpkg -l | grep libdebug ii libdebuginfod-common0.186-1build1 all configuration to enable the Debian debug info server ``` ** Changed in: elfutils (Ubuntu Jammy) Status: Triaged => In Progress ** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/2020913 Title: /etc/profile.d/debuginfd.{sh,csh} are created with 600 permissions Status in elfutils package in Ubuntu: Fix Released Status in elfutils source package in Jammy: In Progress Bug description: [ Impact ] Users installing libdebuginfod-common (the package that ships the shell snippets responsible for configuring the DEBUGINFOD_URLS environment variable, which will ultimately be used by GDB to contact the Ubuntu debuginfod service) experience a problem caused by permissions being set too tightly for /etc/profile.d/debuginfod.{sh,csh}. This results in DEBUGINFOD_URLS not being set for non-root users. [ Test Plan ] Inside a Jammy container: # apt install -y libdebuginfod-common # ls -lah /etc/profile.d/debuginfod* Verify that the permission of both files allow them to be world- readable. [ Where problems could occur ] Care has been taken to not modify existing file permissions unnecessarily by using "g+r,o+r" when invoking chmod, but it is still possible to conceive a scenario where upgrading the package would make the files world-readable when the user is actually expecting otherwise. However, such "regression" would arguably not be something supported because if the intention is to prevent non-root users from making use of debuginfod, there are better ways to achieve it. [ Original Description ] In a fresh container, installing libdebuginfod-common gives a /etc/profile.d that looks like this: ``` root@32f34f7e271e:/etc/profile.d# ls -lah total 24K drwxr-xr-x 1 root root 4.0K May 26 17:23 . drwxr-xr-x 1 root root 4.0K May 26 17:23 .. -rw-r--r-- 1 root root 96 Oct 15 2021 01-locale-fix.sh -rw--- 1 root root 677 May 26 17:23 debuginfod.csh -rw--- 1 root root 692 May 26 17:23 debuginfod.sh ``` when I login as a nonprivledged user, DEBUGINFOD_URLS is not set because the permissions are incorrect on the profile files. ``` # dpkg -l | grep libdebug ii libdebuginfod-common0.186-1build1 all configuration to enable the Debian debug info server ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/2020913/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2020913] Re: /etc/profile.d/debuginfd.{sh, csh} are created with 600 permissions
** Also affects: elfutils (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: elfutils (Ubuntu Jammy) Status: New => Triaged ** Changed in: elfutils (Ubuntu) Status: Confirmed => Fix Released ** Changed in: elfutils (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: elfutils (Ubuntu Jammy) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/2020913 Title: /etc/profile.d/debuginfd.{sh,csh} are created with 600 permissions Status in elfutils package in Ubuntu: Fix Released Status in elfutils source package in Jammy: Triaged Bug description: In a fresh container, installing libdebuginfod-common gives a /etc/profile.d that looks like this: ``` root@32f34f7e271e:/etc/profile.d# ls -lah total 24K drwxr-xr-x 1 root root 4.0K May 26 17:23 . drwxr-xr-x 1 root root 4.0K May 26 17:23 .. -rw-r--r-- 1 root root 96 Oct 15 2021 01-locale-fix.sh -rw--- 1 root root 677 May 26 17:23 debuginfod.csh -rw--- 1 root root 692 May 26 17:23 debuginfod.sh ``` when I login as a nonprivledged user, DEBUGINFOD_URLS is not set because the permissions are incorrect on the profile files. ``` # dpkg -l | grep libdebug ii libdebuginfod-common0.186-1build1 all configuration to enable the Debian debug info server ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/2020913/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007529] Re: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1
Thank you very much for the quick reply, Oleksii. >From what you describe, it really seems like this was a local configuration issue, possibly with some other component from your system. I will close this bug as Invalid based on that observation, but feel free to reopen it if you encounter the problem again. Thanks! ** Changed in: openldap (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007529 Title: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1 Status in openldap package in Ubuntu: Invalid Bug description: The system asked me to send a report about a failure. Here it is. ProblemType: Package DistroRelease: Ubuntu 20.04 Package: slapd 2.4.49+dfsg-2ubuntu1.9 ProcVersionSignature: Ubuntu 5.15.0-60.66~20.04.1-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.25 AptOrdering: gir1.2-webkit2-4.0:amd64: Install gir1.2-javascriptcoregtk-4.0:amd64: Install NULL: ConfigurePending Architecture: amd64 CNConfig: Error: command ['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'] failed with exit code 255: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) CasperMD5CheckResult: skip Date: Wed Feb 15 06:54:50 2023 ErrorMessage: installed slapd package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2022-02-20 (360 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-5.15.0-60-generic root=UUID=02b06a5b-7026-48f6-9745-993e04e5aba6 ro quiet splash Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3.2 apt 2.0.9 SourcePackage: openldap Title: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.slapd: 2022-10-24T00:13:25.321836 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007529/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007529] Re: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1
Thank you for taking the time to submit a bug report. I'm afraid we're going to need more information before we can act on it, though. It's not entirely clear to me what happened here. Do you still have access to the logs from when you've experienced the issue? Something that caught my attention is the fact that several dpkg operations seem to be failing on your system (based on DpkgHistoryLog.txt). It seems that slapd did not successfully restart after the upgrade, but it's not possible to determine what caused this problem. Can you reproduce the bug? If yes, could you please provide steps explaining how to do it? Thanks in advance. ** Changed in: openldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007529 Title: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1 Status in openldap package in Ubuntu: Incomplete Bug description: The system asked me to send a report about a failure. Here it is. ProblemType: Package DistroRelease: Ubuntu 20.04 Package: slapd 2.4.49+dfsg-2ubuntu1.9 ProcVersionSignature: Ubuntu 5.15.0-60.66~20.04.1-generic 5.15.78 Uname: Linux 5.15.0-60-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.25 AptOrdering: gir1.2-webkit2-4.0:amd64: Install gir1.2-javascriptcoregtk-4.0:amd64: Install NULL: ConfigurePending Architecture: amd64 CNConfig: Error: command ['/usr/bin/ldapsearch', '-Q', '-LLL', '-Y EXTERNAL', '-H ldapi:///', '-b cn=config'] failed with exit code 255: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) CasperMD5CheckResult: skip Date: Wed Feb 15 06:54:50 2023 ErrorMessage: installed slapd package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2022-02-20 (360 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-5.15.0-60-generic root=UUID=02b06a5b-7026-48f6-9745-993e04e5aba6 ro quiet splash Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3.2 apt 2.0.9 SourcePackage: openldap Title: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: installed slapd package post-installation script subprocess returned error exit status 1 UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.slapd: 2022-10-24T00:13:25.321836 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007529/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2015380] Re: slapd crash when using pwdMinDelay of ppolicy
Fixed in 2.6.5 (upcoming release) by: https://git.openldap.org/openldap/openldap/-/commit/f12d6c047c31c7b0009f10e3be05ae066bac61ac Fixed in 2.5.15 (upcoming release) by: https://git.openldap.org/openldap/openldap/-/commit/e765972f ** Also affects: openldap (Ubuntu Mantic) Importance: Medium Assignee: Sergio Durigan Junior (sergiodj) Status: New ** Also affects: openldap (Ubuntu Lunar) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Kinetic) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu Kinetic) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu Lunar) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2015380 Title: slapd crash when using pwdMinDelay of ppolicy Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: New Status in openldap source package in Kinetic: New Status in openldap source package in Lunar: New Status in openldap source package in Mantic: New Bug description: Bug reported upstream[1], and confirmed in the mailing list[2]. PR at [3]. From the mailing list post[2], we can see that slapd crashes: """ But if I test with a wrong password ( yyy) I got: root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w yyy |wc -l ldap_result: Can't contact LDAP server (-1) 0 my openldap stop working.Active: inactive (dead) root@zeus:/usr/lib/python3/dist-packages# systemctl status -l slapd ○ slapd.service - LSB: OpenLDAP standalone server (Lightweight Director> Loaded: loaded (/etc/init.d/slapd; generated) Drop-In: /usr/lib/systemd/system/slapd.service.d └─slapd-remain-after-exit.conf Active: inactive (dead) since Tue 2023-04-04 14:44:49 -03; 20s ago Docs: man:systemd-sysv-generator(8) Process: 986673 ExecStart=/etc/init.d/slapd start (code=exited, sta> Process: 986688 ExecStop=/etc/init.d/slapd stop (code=exited, statu> CPU: 47ms """ 1. https://bugs.openldap.org/show_bug.cgi?id=10028 2. https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/thread/3LYIPMT6TYJM4C7NUFXVYJS7YMODB5ZH/ 3. https://git.openldap.org/openldap/openldap/-/merge_requests/609 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2015380/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018093] Re: Merge openldap from Debian unstable for mantic
** Changed in: openldap (Ubuntu) Status: New => In Progress ** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/445156 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2018093 Title: Merge openldap from Debian unstable for mantic Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.4+dfsg-1~exp1 Ubuntu: 2.6.3+dfsg-1~exp1ubuntu2 Debian new has 2.6.4+dfsg-1~exp1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium * Build the passwd/sha2 contrib module with -fno-strict-aliasing to avoid computing an incorrect SHA256 hash with some versions of the compiler (LP: #2000817): - d/t/{control,sha2-contrib}: test to verify the SHA256 hash produced by passwd/sha2 - d/rules: set -fno-strict-aliasing only when buil
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
All dep8 failures have been resolved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: Fix Released Status in curl source package in Lunar: Fix Committed Status in curl source package in Mantic: Fix Released Status in curl package in Debian: Fix Released Bug description: [ Impact ] Users of applications that link against libcurl's NSS flavour might experience issues when trying to contact HTTPS servers. This can lead to scenarios where the application is unable to connect. [ Test Plan ] First, let's verify that the GNUTLS flavour of libcurl does the right thing: $ lxc launch ubuntu-daily:lunar curl-bug2016439 $ lxc shell curl-bug2016439 # apt update && apt install -y libcurl4-gnutls-dev gcc # cat > curl-test.c << __EOF__ #include #include int main(void) { CURL *curl; CURLcode res; curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";); /* example.com is redirected, so we tell libcurl to follow redirection */ curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); /* Perform the request, res will get the return code */ res = curl_easy_perform(curl); /* Check for errors */ if(res != CURLE_OK) fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); /* always cleanup */ curl_easy_cleanup(curl); } return 0; } __EOF__ # gcc curl-test.c -o curl-test -lcurl # ./curl-test Example Domain ... # You should see the HTML dump of example.com. Now, let's install the NSS flavour of libcurl and recompile the test program against it: # apt install -y libcurl4-nss-dev # gcc curl-test.c -o curl-test -lcurl # ./curl-test curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK As we can see, there was an error when validating the TLS certificate. [ Where problems could occur ] The adjustment needed to the downstream patch is pretty simple and has been tested extensively. The original reporter mentioned that the issue did not happen before this patch was applied, so in the unlikely event of a regression the best route would be to revert the patch entirely. [ More Info ] This happens because of an error in one of our patches (authored by me) to teach libcurl where to properly find libnsspem.so and libnssckbi.so. The problem is that libnsspem.so is installed under /usr/lib/$(DEB_HOST_ARCH)/nss/, while libnssckbi.so is installed under /usr/lib/$(DEB_HOST_ARCH)/, but I mistakenly pointed libcurl to look under the "/nss/" directory for both libraries. As it turns out, libnssckbi.so is necessary in order to use the Mozilla's root certificate. [ Original Description ] [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2016439/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
Verifying the bug for Lunar. First, make sure we can reproduce the problem. After following the steps outlined in the Test Plan, we see: # ./curl-test curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK # apt policy libcurl4-nss-dev libcurl4-nss-dev: Installed: 7.88.1-8ubuntu1 Candidate: 7.88.1-8ubuntu1 Version table: *** 7.88.1-8ubuntu1 500 500 http://archive.ubuntu.com/ubuntu lunar/universe amd64 Packages 100 /var/lib/dpkg/status Now, install libcurl4-nss-dev from -proposed and verify that the new package fixes the issue: # apt policy libcurl4-nss-dev libcurl4-nss-dev: Installed: 7.88.1-8ubuntu2 Candidate: 7.88.1-8ubuntu2 Version table: *** 7.88.1-8ubuntu2 400 400 http://archive.ubuntu.com/ubuntu lunar-proposed/universe amd64 Packages 100 /var/lib/dpkg/status 7.88.1-8ubuntu1 500 500 http://archive.ubuntu.com/ubuntu lunar/universe amd64 Packages # gcc curl-test.c -o curl-test -lcurl # ./curl-test Example Domain
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
Thanks for the review and for accepting the SRU, Andreas. The bug can be considered fixed in Mantic, although the change present there is not exactly the same as the one I uploaded to Lunar (it still uses $(DEB_HOST_ARCH) instead of $(DEB_TARGET_ARCH), and it unnecessarily patches the load path for libnssckbi.so). I'm a bit weary of introducing another delta to the package only to address these minor details, so I will instead upload a small change to the patch in Debian and later merge it into Mantic. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: Fix Released Status in curl source package in Lunar: Fix Committed Status in curl source package in Mantic: Fix Released Status in curl package in Debian: Fix Released Bug description: [ Impact ] Users of applications that link against libcurl's NSS flavour might experience issues when trying to contact HTTPS servers. This can lead to scenarios where the application is unable to connect. [ Test Plan ] First, let's verify that the GNUTLS flavour of libcurl does the right thing: $ lxc launch ubuntu-daily:lunar curl-bug2016439 $ lxc shell curl-bug2016439 # apt update && apt install -y libcurl4-gnutls-dev gcc # cat > curl-test.c << __EOF__ #include #include int main(void) { CURL *curl; CURLcode res; curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";); /* example.com is redirected, so we tell libcurl to follow redirection */ curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); /* Perform the request, res will get the return code */ res = curl_easy_perform(curl); /* Check for errors */ if(res != CURLE_OK) fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); /* always cleanup */ curl_easy_cleanup(curl); } return 0; } __EOF__ # gcc curl-test.c -o curl-test -lcurl # ./curl-test Example Domain ... # You should see the HTML dump of example.com. Now, let's install the NSS flavour of libcurl and recompile the test program against it: # apt install -y libcurl4-nss-dev # gcc curl-test.c -o curl-test -lcurl # ./curl-test curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK As we can see, there was an error when validating the TLS certificate. [ Where problems could occur ] The adjustment needed to the downstream patch is pretty simple and has been tested extensively. The original reporter mentioned that the issue did not happen before this patch was applied, so in the unlikely event of a regression the best route would be to revert the patch entirely. [ More Info ] This happens because of an error in one of our patches (authored by me) to teach libcurl where to properly find libnsspem.so and libnssckbi.so. The problem is that libnsspem.so is installed under /usr/lib/$(DEB_HOST_ARCH)/nss/, while libnssckbi.so is installed under /usr/lib/$(DEB_HOST_ARCH)/, but I mistakenly pointed libcurl to look under the "/nss/" directory for both libraries. As it turns out, libnssckbi.so is necessary in order to use the Mozilla's root certificate. [ Original Description ] [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2016439/+subscriptions -- Mailing list: https://launchpad.net
[Touch-packages] [Bug 2017434] Re: README.Debian.gz instructions for disabling socket activation inaccurate
** Changed in: openssh (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2017434 Title: README.Debian.gz instructions for disabling socket activation inaccurate Status in openssh package in Ubuntu: Triaged Bug description: The documentation about how to roll back socket activation of sshd became inaccurate after version 1:9.0p1-1ubuntu4 when we started using a drop-in file to finalize activation rather than this being configured statically in ssh.service. The drop-in file /etc/systemd/system/ssh.service.d/00-socket.conf must also be removed first. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2017434/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2018093] Re: Merge openldap from Debian unstable for mantic
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2018093 Title: Merge openldap from Debian unstable for mantic Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.4+dfsg-1~exp1 Ubuntu: 2.6.3+dfsg-1~exp1ubuntu2 Debian new has 2.6.4+dfsg-1~exp1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.3+dfsg-1~exp1ubuntu2) lunar; urgency=medium * Build the passwd/sha2 contrib module with -fno-strict-aliasing to avoid computing an incorrect SHA256 hash with some versions of the compiler (LP: #2000817): - d/t/{control,sha2-contrib}: test to verify the SHA256 hash produced by passwd/sha2 - d/rules: set -fno-strict-aliasing only when building the passwd/sha2 contrib module * d/t/smbk5pwd: Allow the openldap user to read th
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
** Description changed: [ Impact ] Users of applications that link against libcurl's NSS flavour might experience issues when trying to contact HTTPS servers. This can lead to scenarios where the application is unable to connect. [ Test Plan ] - TBD. + First, let's verify that the GNUTLS flavour of libcurl does the right + thing: + + $ lxc launch ubuntu-daily:lunar curl-bug2016439 + $ lxc shell curl-bug2016439 + # apt update && apt install -y libcurl4-gnutls-dev gcc + # cat > curl-test.c << __EOF__ + #include + #include + + int main(void) + { + CURL *curl; + CURLcode res; + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";); + /* example.com is redirected, so we tell libcurl to follow redirection */ + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + + /* Perform the request, res will get the return code */ + res = curl_easy_perform(curl); + /* Check for errors */ + if(res != CURLE_OK) + fprintf(stderr, "curl_easy_perform() failed: %s\n", + curl_easy_strerror(res)); + + /* always cleanup */ + curl_easy_cleanup(curl); + } + return 0; + } + __EOF__ + # gcc curl-test.c -o curl-test -lcurl + # ./curl-test + + + + Example Domain + ... + # + + You should see the HTML dump of example.com. Now, let's install the NSS + flavour of libcurl and recompile the test program against it: + + # apt install -y libcurl4-nss-dev + # gcc curl-test.c -o curl-test -lcurl + # ./curl-test + curl_easy_perform() failed: SSL peer certificate or SSH remote key was not OK + + As we can see, there was an error when validating the TLS certificate. [ Where problems could occur ] The adjustment needed to the downstream patch is pretty simple and has been tested extensively. The original reporter mentioned that the issue did not happen before this patch was applied, so in the unlikely event of a regression the best route would be to revert the patch entirely. [ More Info ] This happens because of an error in one of our patches (authored by me) to teach libcurl where to properly find libnsspem.so and libnssckbi.so. The problem is that libnsspem.so is installed under /usr/lib/$(DEB_HOST_ARCH)/nss/, while libnssckbi.so is installed under /usr/lib/$(DEB_HOST_ARCH)/, but I mistakenly pointed libcurl to look under the "/nss/" directory for both libraries. As it turns out, libnssckbi.so is necessary in order to use the Mozilla's root certificate. [ Original Description ] [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: In Progress Status in curl package in Debian: Fix Released Bug description: [ Impact ] Users of applications that link against libcurl's NSS flavour might experience issues when trying to contact HTTPS servers. This can lead to scenarios where the application is unable to connect. [ Test Plan ] First, let's verify that the GNUTLS flavour of libcurl does the right thing: $ lxc launch ubuntu-daily:lunar curl-bug2016439 $ lxc shell curl-bug2016439 # apt update && apt install -y libcurl4-gnutls-dev gcc # cat > curl-test.c << __EOF__ #include #include int main(void) { CURL *curl; CURLcode res; curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://example.com";); /* example.com is redirected,
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
** Description changed: + [ Impact ] + + Users of applications that link against libcurl's NSS flavour might + experience issues when trying to contact HTTPS servers. This can lead + to scenarios where the application is unable to connect. + + [ Test Plan ] + + TBD. + + [ Where problems could occur ] + + The adjustment needed to the downstream patch is pretty simple and has + been tested extensively. The original reporter mentioned that the issue + did not happen before this patch was applied, so in the unlikely event + of a regression the best route would be to revert the patch entirely. + + [ More Info ] + + This happens because of an error in one of our patches (authored by me) + to teach libcurl where to properly find libnsspem.so and libnssckbi.so. + The problem is that libnsspem.so is installed under + /usr/lib/$(DEB_HOST_ARCH)/nss/, while libnssckbi.so is installed under + /usr/lib/$(DEB_HOST_ARCH)/, but I mistakenly pointed libcurl to look + under the "/nss/" directory for both libraries. As it turns out, + libnssckbi.so is necessary in order to use the Mozilla's root + certificate. + + [ Original Description ] + [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium - * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: - Prepend "/nss/" before the library name. + * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: + Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ - --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace + --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ - 20230306T145638Z 20230306T203828Z \ - 'chroot "$1" bash -exuc " + 20230306T145638Z 20230306T203828Z \ + 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' ** Changed in: curl (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: In Progress Status in curl package in Debian: Fix Released Bug description: [ Impact ] Users of applications that link against libcurl's NSS flavour might experience issues when trying to contact HTTPS servers. This can lead to scenarios where the application is unable to connect. [ Test Plan ] TBD. [ Where problems could occur ] The adjustment needed to the downstream patch is pretty simple and has been tested extensively. The original reporter mentioned that the issue did not happen before this patch was applied, so in the unlikely event of a regression the best route would be to revert the patch entirely. [ More Info ] This happens because of an error in one of our patches (authored by me) to teach libcurl where to properly find libnsspem.so and libnssckbi.so. The problem is that libnsspem.so is installed under /usr/lib/$(DEB_HOST_ARCH)/nss/, while libnssckbi.so is installed under /usr/lib/$(DEB_HOST_ARCH)/, but I mistakenly pointed libcurl to look under the "/nss/" directory for both libraries. As it turns out, libnssckbi.so is necessary in order to use the Mozilla's root certificate. [ Original Description ] [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for pro
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
Kinetic doesn't seem to be affected. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Triaged Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&&upgrade, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. -- netflix-nov6.conf: # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2015562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post
[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
I see that Miriam will work on this one (thanks!). I was able to reproduce the issue (thank you Gordon for the great bug description), and confirmed that it manifests on Jammy but is fixed in Lunar. I'm trying to reproduce it on Kinetic; will update the bug with results once I have them. ** Also affects: dnsmasq (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: dnsmasq (Ubuntu Jammy) Status: New => Triaged ** Changed in: dnsmasq (Ubuntu Jammy) Assignee: (unassigned) => Miriam España Acebal (mirespace) ** Changed in: dnsmasq (Ubuntu) Status: New => Fix Released ** Changed in: dnsmasq (Ubuntu) Assignee: Miriam España Acebal (mirespace) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: Triaged Bug description: Hi folks, I've been using dnsmasq for my home DNS needs, which includes returning null entries for certain domain queries. The specific case in which I found this segfault was returning null records for Netflix (to ensure Netflix does not try to use my IPv6 tunnel to egress traffic through). I've been using very simple configuration snippet to achieve this, this is attached as netflix-nov6.conf (the full file contains more entries). Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept segfaulting at random occasions. I also attempted do an apt update&&upgrade, but there are no newer versions of this package available. Further research into this issue showed that a surefire way to trigger this segfault was to go to a website blocked via this method (for testing purposes, a dig query works quite well). The segfault can be reproduced reliably, and always occurs after one or a few queries towards the "blocked" domain entries. I found a commit in the upstream dnsmasq git repo which seems to fix this issue, the fix made it into 2.87: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b Would it be possible to backport this into the version used in the current LTS Ubuntu release? Thanks! -- $ lsb_release -d Description: Ubuntu 22.04.2 LTS $ apt-cache policy dnsmasq dnsmasq: Installed: 2.86-1.1ubuntu0.2 Candidate: 2.86-1.1ubuntu0.2 Version table: *** 2.86-1.1ubuntu0.2 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages 100 /var/lib/dpkg/status 2.86-1.1ubuntu0.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 Packages 2.86-1.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages -- Excerpt from the dnsmasq logs, with debugging enabled, after I loaded fast.com: Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] fast.dradis.netflix.com from 192.168.10.82 Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network error) Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] ichnaea-web.netflix.com from 192.168.10.82 Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 'core-dump'. Core dump is also attached. Reproduction steps: - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 2.86) - 1.5. Configure one or multiple DNS servers for dnsmasq - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/ - 3. Restart/reload dnsmasq - 3.5 Verify that dnsmasq resolves domains correctly: root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@budgie:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server once or twice: root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused ;; no servers could be reached - 5. Check logs to verify segfault: Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network error) Ap
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: Triaged Status in curl package in Debian: Fix Released Bug description: [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2016439/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016439] Re: Regression finding system certificates
** Bug watch added: Debian Bug tracker #1034359 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ** Also affects: curl (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: Triaged Status in curl package in Debian: Fix Released Bug description: [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2016439/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2016439] [NEW] Regression finding system certificates
Public bug reported: [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' ** Affects: curl (Ubuntu) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2016439 Title: Regression finding system certificates Status in curl package in Ubuntu: Triaged Bug description: [ Clone of https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034359 ] Between 7.88.1-2 and 7.88.1-5, there was a change to where curl with nss looks for loadable libraries: curl (7.88.1-4) unstable; urgency=medium * d/p/Use-correct-path-when-loading-libnss-pem-ckbi-.so.patch: Prepend "/nss/" before the library name. Before the change to the load path, curl could find /lib/x86_64-linux-gnu/libnssckbi.so but not /lib/x86_64-linux-gnu/nss/libnsspem.so, after the change it's the reverse. libnssckbi.so is enough to get a trust root (the mozilla certificate store is compiled inside that library), whereas libnsspem.so (1.0.8+1-1) isn't. This makes it impossible to connect to https servers by default for programs that use curl with NSS. Here is a way to test the regression: debbisect -v --cache=./cache \ --depends=libcurl4-nss-dev,git,pkg-config,libssl-dev,ca-certificates,cargo,nss-plugin-pem,p11-kit-modules,strace \ 20230306T145638Z 20230306T203828Z \ 'chroot "$1" bash -exuc " git clone --depth 1 https://github.com/alexcrichton/curl-rust.git cd curl-rust time cargo fetch time cargo build --offline --example https strace -efile target/debug/examples/https >/dev/null "' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2016439/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2015380] Re: slapd crash when using pwdMinDelay of ppolicy
I'll see if I can work on this one tomorrow. ** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2015380 Title: slapd crash when using pwdMinDelay of ppolicy Status in openldap package in Ubuntu: New Bug description: Bug reported upstream[1], and confirmed in the mailing list[2]. PR at [3]. From the mailing list post[2], we can see that slapd crashes: """ But if I test with a wrong password ( yyy) I got: root@zeus:/usr/lib/python3/dist-packages# ldapsearch -xLLLZZD uid=pauloric,ou=users,dc=contatogs,dc=com,dc=br -w yyy |wc -l ldap_result: Can't contact LDAP server (-1) 0 my openldap stop working.Active: inactive (dead) root@zeus:/usr/lib/python3/dist-packages# systemctl status -l slapd ○ slapd.service - LSB: OpenLDAP standalone server (Lightweight Director> Loaded: loaded (/etc/init.d/slapd; generated) Drop-In: /usr/lib/systemd/system/slapd.service.d └─slapd-remain-after-exit.conf Active: inactive (dead) since Tue 2023-04-04 14:44:49 -03; 20s ago Docs: man:systemd-sysv-generator(8) Process: 986673 ExecStart=/etc/init.d/slapd start (code=exited, sta> Process: 986688 ExecStop=/etc/init.d/slapd stop (code=exited, statu> CPU: 47ms """ 1. https://bugs.openldap.org/show_bug.cgi?id=10028 2. https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/thread/3LYIPMT6TYJM4C7NUFXVYJS7YMODB5ZH/ 3. https://git.openldap.org/openldap/openldap/-/merge_requests/609 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2015380/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012140] Re: The documented DEFCCNAME is not the actual credential cache name
Thanks for taking the time to report the bug. I am going to reassign the bug to sssd, and set its priority to low. Feel free to file a bug against Debian's sssd package (which is where this problem should be addressed, IMHO). Thanks. ** Package changed: krb5 (Ubuntu) => sssd (Ubuntu) ** Changed in: sssd (Ubuntu) Status: New => Triaged ** Changed in: sssd (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2012140 Title: The documented DEFCCNAME is not the actual credential cache name Status in sssd package in Ubuntu: Triaged Status in krb5 package in Debian: Unknown Bug description: The krb5 documentation says that DEFCCNAME is /tmp/krb5cc_%{uid}. But actual credential cache file names look like: /tmp/krb5cc_127408622_wH2NwY Setting [libdefaults] default_ccache_name to krb5cc_%{uid} in /etc/krb5.conf produces the expected credential cache file. Unless you know this, using "mutiuser" in fstab with cifs/samba/smb mounts is nigh impossible. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: krb5-user 1.19.2-2ubuntu0.1 ProcVersionSignature: Ubuntu 5.15.0-67.74-generic 5.15.85 Uname: Linux 5.15.0-67-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: pass Date: Sat Mar 18 17:33:32 2023 InstallationDate: Installed on 2023-03-09 (9 days ago) InstallationMedia: Ubuntu-Server 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1) ProcEnviron: SHELL=/bin/bash LANG=en_US.UTF-8 TERM=xterm-256color PATH=(custom, no user) SourcePackage: krb5 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2012140/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012140] Re: The documented DEFCCNAME is not the actual credential cache name
** Also affects: krb5 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033164 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2012140 Title: The documented DEFCCNAME is not the actual credential cache name Status in krb5 package in Ubuntu: New Status in krb5 package in Debian: Unknown Bug description: The krb5 documentation says that DEFCCNAME is /tmp/krb5cc_%{uid}. But actual credential cache file names look like: /tmp/krb5cc_127408622_wH2NwY Setting [libdefaults] default_ccache_name to krb5cc_%{uid} in /etc/krb5.conf produces the expected credential cache file. Unless you know this, using "mutiuser" in fstab with cifs/samba/smb mounts is nigh impossible. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: krb5-user 1.19.2-2ubuntu0.1 ProcVersionSignature: Ubuntu 5.15.0-67.74-generic 5.15.85 Uname: Linux 5.15.0-67-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: pass Date: Sat Mar 18 17:33:32 2023 InstallationDate: Installed on 2023-03-09 (9 days ago) InstallationMedia: Ubuntu-Server 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1) ProcEnviron: SHELL=/bin/bash LANG=en_US.UTF-8 TERM=xterm-256color PATH=(custom, no user) SourcePackage: krb5 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2012140/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012119] Re: imageinfo fails in Ubuntu 23.04 with a "no such file or directory" error
Thank you for taking the time to file a bug report. I did some investigation and noticed that the problem is actually with imageinfo. From imageinfo.c: filename = poptGetArg(poptctxt); if (poptGetArg(poptctxt) != NULL) { fprintf(stderr, "imageinfo: must specify a single filename\n"); poptFreeContext(poptctxt); exit(2); } poptFreeContext(poptctxt); if (!filename) { fprintf(stderr, "imageinfo: must specify a filename\n"); exit(3); } This excerpt is saving a pointer to the the "filename" string that's found inside "poptctxt", but then it calls "poptFreeContext", which will invoke "free" on that same string. ** Package changed: popt (Ubuntu) => imageinfo (Ubuntu) ** Changed in: imageinfo (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to popt in Ubuntu. https://bugs.launchpad.net/bugs/2012119 Title: imageinfo fails in Ubuntu 23.04 with a "no such file or directory" error Status in imageinfo package in Ubuntu: Triaged Bug description: imageinfo fails in Ubuntu 23.04 with a "no such file or directory" error, eg: $ imageinfo --size /usr/share/backgrounds/Lunar-lobster-side_by_Gixo-dark.png imageinfo: unable to open image `��s��U': No such file or directory @ error/blob.c/OpenBlob/2924. $ imageinfo --size /usr/share/backgrounds/Copper_Mountain_by_Eduardo_Battaglia.jpg imageinfo: unable to open image `�=�V': No such file or directory @ error/blob.c/OpenBlob/2924. The filename it complains is not found seems to be random and changes each time. Under WSL, it fails but just says "unable to open image `': No such file", ie it doesn't show the random text. ProblemType: Bug DistroRelease: Ubuntu 23.04 Package: imageinfo 0.04-0ubuntu12 ProcVersionSignature: Ubuntu 6.1.0-16.16-generic 6.1.6 Uname: Linux 6.1.0-16-generic x86_64 ApportVersion: 2.26.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Mar 18 16:31:02 2023 InstallationDate: Installed on 2021-09-28 (536 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Beta amd64 (20210924) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= SourcePackage: imageinfo UpgradeStatus: Upgraded to lunar on 2023-03-16 (1 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imageinfo/+bug/2012119/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007272] Re: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-42898. On which release/path of Ubuntu can I expect them to be fixed ?
Thank you for taking the time to report a bug. The CVE mentioned affects only 32-bit systems. Are you running a samba 32-bit binary? Are you on amd64? If yes to both question, then this is an unsupported scenario. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/2007272 Title: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-42898. On which release/path of Ubuntu can I expect them to be fixed ? Status in heimdal package in Ubuntu: Confirmed Bug description: I have ubuntu 22.04 on my system and it has the following vulnerability : CVE-2022-42898. Here is the link to the Ubuntu CVE link : https://ubuntu.com/security/CVE-2022-42898. On which version/patch of Ubuntu can I expect this to get fixed ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2007272/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
As is usual with these MREs, the verification phase is considered done when all dep8 tests pass. This is now true for both Kinetic and Jammy uploads. Therefore, tagging the bug accordingly. ** Tags removed: verification-needed verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done verification-done-jammy verification-done-kinetic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Status in openldap source package in Kinetic: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Changed in: openldap (Ubuntu Kinetic) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
I believe this addresses everything that was needed to move forward with the MRE. Let me know otherwise, and apologies for the half-baked MRE. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Update on Kinetic dep8 retriggers: - balsa @ amd64: Passed. - balsa @ arm64: Passed. - dogtag-pki @ amd64: Passed. - exim4 @ ppc64el: Passed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Analysis of the dep8 failures in Jammy: - cyrus-imapd @ amd64: Neutral in Jammy. - libaws @ amd64: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ arm64: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ armhf: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ ppc64el: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ s390x: Failure is unrelated to openldap; triggered a migration-reference/0. - nss-pam-ldapd @ arm64: Already failing in Jammy. - pdns @ arm64: Already failing in Jammy. - pdns @ armhf: Already failing in Jammy. - pdns @ s390x: Already failing in Jammy. - courier @ armhf: Neutral in Jammy. - nss-pam-ldapd @ armhf: Already failing in Jammy. - squid @ armhf: Already failing in Jammy. - sudo @ armhf: Already failing in Jammy. - kopanocore @ s390x: Already failing in Jammy. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Analysis of the dep8 failures in Kinetic: - balsa @ amd64: Retriggered. - balsa @ arm64: Retriggered. - cyrus-imapd @ amd64: Already neutral in Kinetic. - dogtag-pki @ amd64: Retriggered. - pdns @ amd64: Already failing in Kinetic. - pdns @ armhf: Already failing in Kinetic. - pdns @ s390x: Already failing in Kinetic. - nss-pam-ldapd @ arm64: Already failing in Kinetic. - nss-pam-ldapd @ ppc64el: Already failing in Kinetic. - nss-pam-ldapd @ s390x: Already failing in Kinetic. - squid @ armhf: Already failing in Kinetic. - volatildap @ armhf: Already failing in Kinetic. - exim4 @ ppc64el: Retriggered. - kopanocore @ s390x: Already failing in Kinetic. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Sorry, due to bileto's demise I ended up mixing results from my personal PPA and the PPA generated by bileto (https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4986/+packages). You can find Jammy's dep8 results by inspecting the PPA above. For Kinetic, you can find its dep8 results by inspecting https://launchpad.net/~sergiodj/+archive/ubuntu/openldap. I'll post an analysis of each failure soon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz + - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz + - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz - * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 + * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/2560101
[Touch-packages] [Bug 2008465] Re: apt repository broken when having only jammy and jammy-security apt-repos enabled
** Package changed: openldap (Ubuntu) => ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2008465 Title: apt repository broken when having only jammy and jammy-security apt- repos enabled Status in Ubuntu: New Bug description: Having installed Ubuntu 22 server from server-live-cd https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso (md5sum e8d2a77c51b599c10651608a5d8c286f) without network connection to internet (so no connection to ubuntu apt repositories). After offline installation completed, we remove the "jammy-updates" from the /etc/apt/sources.list so it looks like so: # cat /etc/apt/sources.list deb http://de.archive.ubuntu.com/ubuntu jammy main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu jammy-security main restricted universe multiverse Now we give the host network access and do "apt update" to refresh the apt repository. We assume that the installed package libldap-2.5-0 version 2.5.12+dfsg-0ubuntu0.22.04.1 was installed from the ubuntu installer cd which is a version from jammy-updates. Now we are unable to install package "ldap-utils" because that depends on package libldap-2.5-0 version 2.5.11+dfsg-1~exp1ubuntu3.1 (which is older than the offline installed version 2.5.12+dfsg-0ubuntu0.22.04.1) # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 22.04.1 LTS Release:22.04 Codename: jammy # apt-cache policy libldap-2.5-0 libldap-2.5-0: Installed: 2.5.12+dfsg-0ubuntu0.22.04.1 Candidate: 2.5.12+dfsg-0ubuntu0.22.04.1 Version table: *** 2.5.12+dfsg-0ubuntu0.22.04.1 100 100 /var/lib/dpkg/status 2.5.11+dfsg-1~exp1ubuntu3.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages 2.5.11+dfsg-1~exp1ubuntu3 500 500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages # apt install --simulate ldap-utils Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: ldap-utils : Depends: libldap-2.5-0 (= 2.5.11+dfsg-1~exp1ubuntu3.1) but 2.5.12+dfsg-0ubuntu0.22.04.1 is to be installed E: Unable to correct problems, you have held broken packages. -- The problem is solved when adding line deb http://de.archive.ubuntu.com/ubuntu jammy-updates main restricted universe multiverse to /etc/apt/sources.list But we want _only_ security updates, to keep the updates minimal. Other workaround is "apt remove libldap-2.5-0", then when installing ldap-utils that fetches the older libldap-2.5-0 version 2.5.11+dfsg-1~exp1ubuntu3.1 and repo is consistent. Questions: - Can you confirm that the package version from the server-live-cd see above is the version from the jammy-updates repository? - Do you agree that when the above question is answered yes, having jammy-updates apt-repository is mandatory? - if jammy-updates repo should be mandatory should this be documented? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2008465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Also affects: openldap (Ubuntu Kinetic) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Kinetic) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu Kinetic) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007837] Re: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4
Thanks for the heads up, Simon. I talked to Marc and he confirmed that he intends to MRE rsync, so I reassigned this bug to him. ** Changed in: rsync (Ubuntu Jammy) Assignee: Sergio Durigan Junior (sergiodj) => Marc Deslauriers (mdeslaur) ** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4 Status in rsync package in Ubuntu: Fix Released Status in rsync source package in Jammy: Triaged Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Description changed: [ Impact ] - * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] - * See the list of bugs fixed in this release here: + * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] - * Upstream gitlab pipeline results: + * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 - * Upstream "call for testing": + * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ - * As described in the MRE wiki page for OpenLDAP, the test plan is to + * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. - * Build log (amd64) confirming that the build-time testsuite has been + * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD - * Bileto ticket: TBD + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 [ Where problems could occur ] - * Upstream tests are always executed during build-time. There are many + * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for links to previous OpenLDAP + * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. - * CVEs fixed by this release: -- None. + * CVEs fixed by this release: + - None. Current versions in supported releases that got updates: - openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source + openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users.
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/437540 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] [NEW] New upstream microrelease 2.5.14
Public bug reported: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Jammy) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Tags: server-todo ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Jammy) Status: New => In Progress ** Changed in: openldap (Ubuntu Jammy) Importance: Undecided => High ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => (unassigned) ** Changed in: openldap (Ubuntu) Importance: High => Undecided ** Changed in: openldap (Ubuntu) Status: In Progress => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doe
[Touch-packages] [Bug 1979610] Re: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build.
** Bug watch added: Debian Bug tracker #1030827 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030827 ** Also affects: perl (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030827 Importance: Unknown Status: Unknown ** No longer affects: perl (Debian) ** Also affects: pspp (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030827 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to perl in Ubuntu. https://bugs.launchpad.net/bugs/1979610 Title: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build. Status in pspp: Unknown Status in perl package in Ubuntu: New Status in pspp package in Ubuntu: New Status in pspp package in Debian: Unknown Bug description: During the build of the pspp 1.6.0-1 package for kinetic the regression fails for the armhf architecture in the perl module tests. The reported error is: +PSPP.c: loadable library and perl binaries are mismatched (got handshake key 0xa480080, needed 0xa380080) This happens only for the armhf architecture. The package build status of the pspp 1.6.0-1 package is here: https://launchpad.net/ubuntu/+source/pspp/1.6.0-1 You can also find the buildlogs for armhf and the architectures there. Is it possible that some perl modules have not been recompiled with the current perl version? Or is there any idea why this could fail only on armhf? Regards Friedrich To manage notifications about this bug go to: https://bugs.launchpad.net/pspp/+bug/1979610/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979610] Re: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build.
** Bug watch added: GNU Savannah Bug Tracker #63392 http://savannah.gnu.org/bugs/?63392 ** Also affects: pspp via http://savannah.gnu.org/bugs/?63392 Importance: Unknown Status: Unknown ** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to perl in Ubuntu. https://bugs.launchpad.net/bugs/1979610 Title: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build. Status in pspp: Unknown Status in perl package in Ubuntu: New Status in pspp package in Ubuntu: New Bug description: During the build of the pspp 1.6.0-1 package for kinetic the regression fails for the armhf architecture in the perl module tests. The reported error is: +PSPP.c: loadable library and perl binaries are mismatched (got handshake key 0xa480080, needed 0xa380080) This happens only for the armhf architecture. The package build status of the pspp 1.6.0-1 package is here: https://launchpad.net/ubuntu/+source/pspp/1.6.0-1 You can also find the buildlogs for armhf and the architectures there. Is it possible that some perl modules have not been recompiled with the current perl version? Or is there any idea why this could fail only on armhf? Regards Friedrich To manage notifications about this bug go to: https://bugs.launchpad.net/pspp/+bug/1979610/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2003756] Re: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142."
FWIW, because Focal's deb-systemd-invoke doesn't use --quiet we end up getting a clearer error there: # dpkg-reconfigure krb5-kdc Job for krb5-kdc.service failed because the control process exited with error code. See "systemctl status krb5-kdc.service" and "journalctl -xe" for details. invoke-rc.d: initscript krb5-kdc, action "start" failed. ● krb5-kdc.service - Kerberos 5 Key Distribution Center Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2023-02-02 18:32:34 UTC; 7ms ago Process: 2000 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid $DAEMON_ARGS (code=exited, status=1/FAILURE) CPU: 10ms Feb 02 18:32:34 bla systemd[1]: Starting Kerberos 5 Key Distribution Center... Feb 02 18:32:34 bla krb5kdc[2000]: Cannot open DB2 database '/var/lib/krb5kdc/principal': No such file or directory - while initializing database for realm LXD Feb 02 18:32:34 bla krb5kdc[2000]: krb5kdc: cannot initialize realm LXD - see log file for details Feb 02 18:32:34 bla systemd[1]: krb5-kdc.service: Control process exited, code=exited, status=1/FAILURE Feb 02 18:32:34 bla systemd[1]: krb5-kdc.service: Failed with result 'exit-code'. Feb 02 18:32:34 bla systemd[1]: Failed to start Kerberos 5 Key Distribution Center. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: New Status in krb5 package in Ubuntu: New Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2003756] Re: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142."
I did a little debugging, and the problem happens because krb5-kdc.service fails to start with: Feb 02 15:22:34 krb5-test systemd[1]: Starting Kerberos 5 Key Distribution Center... Feb 02 15:22:34 krb5-test krb5kdc[3957]: Cannot open DB2 database '/var/lib/krb5kdc/principal': No such file or directory - while initializing database for realm LXD Feb 02 15:22:34 krb5-test krb5kdc[3957]: krb5kdc: cannot initialize realm LXD - see log file for details Feb 02 15:22:34 krb5-test systemd[1]: krb5-kdc.service: Control process exited, code=exited, status=1/FAILURE Feb 02 15:22:34 krb5-test systemd[1]: krb5-kdc.service: Failed with result 'exit-code'. Feb 02 15:22:34 krb5-test systemd[1]: Failed to start Kerberos 5 Key Distribution Center. systemd-invoke will try to run systemctl like this: systemctl --quiet --system restart krb5-kdc.service which fails because of the problem mentioned above. I don't think this is a problem with init-system-helpers, but rather an issue with krb5-kdc indeed. Also, I believe it's worth reporting this bug to Debian, since they suffer from it too. ** Also affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: New Status in krb5 package in Ubuntu: New Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2004035] Re: package openssh-server 1:8.9p1-3ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status
Thank you for taking the time to file a bug report. According to the logs you posted: Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Not replacing deleted config file /etc/ssh/sshd_config dpkg: error processing package openssh-server (--configure): installed openssh-server package post-installation script subprocess returned error exit status 1 This problem usually happens when you remove a package using "apt-get remove", and then manually remove its configuration files. If you would like to remove a package *and* its configuration files, you should normally use "apt-get purge". When dpkg detects that openssh's config files have been manually removed, it decides not to reinstall them. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2004035 Title: package openssh-server 1:8.9p1-3ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status 1 Status in openssh package in Ubuntu: Incomplete Bug description: The following NEW packages will be installed: ncurses-term openssh-server openssh-sftp-server ssh-import-id 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. Need to get 750 kB of archives. After this operation, 6,046 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-sftp-server amd64 1:8.9p1-3ubuntu0.1 [38.7 kB] Get:2 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-server amd64 1:8.9p1-3ubuntu0.1 [434 kB] Get:3 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 ncurses-term all 6.3-2 [267 kB] Get:4 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 ssh-import-id all 5.11-0ubuntu1 [10.1 kB] Fetched 750 kB in 0s (2,652 kB/s) Preconfiguring packages ... Selecting previously unselected package openssh-sftp-server. (Reading database ... 143729 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a8.9p1-3ubuntu0.1_amd64.deb ... Unpacking openssh-sftp-server (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package openssh-server. Preparing to unpack .../openssh-server_1%3a8.9p1-3ubuntu0.1_amd64.deb ... Unpacking openssh-server (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package ncurses-term. Preparing to unpack .../ncurses-term_6.3-2_all.deb ... Unpacking ncurses-term (6.3-2) ... Selecting previously unselected package ssh-import-id. Preparing to unpack .../ssh-import-id_5.11-0ubuntu1_all.deb ... Unpacking ssh-import-id (5.11-0ubuntu1) ... Setting up openssh-sftp-server (1:8.9p1-3ubuntu0.1) ... Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Not replacing deleted config file /etc/ssh/sshd_config dpkg: error processing package openssh-server (--configure): installed openssh-server package post-installation script subprocess returned error exit status 1 Setting up ssh-import-id (5.11-0ubuntu1) ... Setting up ncurses-term (6.3-2) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for ufw (0.36.1-4build1) ... Errors were encountered while processing: openssh-server ProblemType: Package DistroRelease: Ubuntu 22.04 Package: openssh-server 1:8.9p1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.15.0-58.64-generic 5.15.74 Uname: Linux 5.15.0-58-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 AptOrdering: openssh-sftp-server:amd64: Install openssh-server:amd64: Install ncurses-term:amd64: Install ssh-import-id:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: unknown Date: Fri Jan 27 08:22:28 2023 DuplicateSignature: package:openssh-server:1:8.9p1-3ubuntu0.1 Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Not replacing deleted config file /etc/ssh/sshd_config dpkg: error processing package openssh-server (--configure): installed openssh-server package post-installation script subprocess returned error exit status 1 ErrorMessage: installed openssh-server package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2022-01-20 (371 days ago) InstallationMedia: