[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Changed in: openldap (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw profile. - d/{
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/460126 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile.
[Touch-packages] [Bug 2052482] Re: Bad packet length 2424479189 Connection corrupted
Thank you for taking the time to report a bug and make Ubuntu better. I tried reproducing the bug locally using an Oracle 8 container and an Ubuntu container. Here are the versions of the packages: Oracle: # rpm -qa | grep ssh openssh-server-8.0p1-19.el8_8.x86_64 openssh-8.0p1-19.el8_8.x86_64 openssh-clients-8.0p1-19.el8_8.x86_64 libssh-config-0.9.6-13.el8_9.noarch libssh-0.9.6-13.el8_9.x86_64 Ubuntu: # dpkg -l | grep ssh ii openssh-client 1:8.9p1-3ubuntu0.6 amd64 secure shell (SSH) client, for secure access to remote machines Everything worked as expected and I was able to ssh into the Oracle container. After some research, I found that this specific error you're getting might be related to CVE-2023-48795 (Terrapin attack). More specifically, it has to do with the cipher suites being chosen by the client/server at the time of the login: https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error https://unix.stackexchange.com/questions/765347/how-do-you-mitigate-the-terrapin-ssh-attack Even when I explicitly disable the use of CHACHA20 on the server, I still can login successfully and I see that another cipher has been chosen during the key exchange: ... debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: aes128-ctr MAC: umac-...@openssh.com compression: none debug1: kex: client->server cipher: aes128-ctr MAC: umac-...@openssh.com compression: none ... This leads me to believe that there might be some local configuration on your system that's affecting the choice of a suitable cipher. Another option would be some bogus configuration on the server side, I think. Could you please tell us more details about your environment? Did you explicitly configure your ssh client to require CHACHA20 when connecting to this specific server? I'm going to mark this bug as Incomplete for to reflect the fact that we're waiting on more details from you. Please set it back to New when you provide the requested information. Thanks. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-48795 ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2052482 Title: Bad packet length 2424479189 Connection corrupted Status in openssh package in Ubuntu: Incomplete Bug description: ssh-clent: uname -a :5.15.0-48-generic #54-Ubuntu ``` Ubuntu 22.04.3 LTS OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 ``` ssh-server: ``` OracleLinux 8.9 OpenSSH_8.0p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 ``` ``` userxxx@userxxx-H3C-X7-030s-0274:~$ ssh 192.168.xxx.xxx -vvv OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug2: resolve_canonicalize: hostname 192.168.xxx.xxx is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/userxxx/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/userxxx/.ssh/known_hosts2' debug3: ssh_connect_direct: entering debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x10 debug1: Connection established. debug1: identity file /home/userxxx/.ssh/id_rsa type 0 debug1: identity file /home/userxxx/.ssh/id_rsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa type 2 debug1: identity file /home/userxxx/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519 type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519-cert type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk type -1 debug1: identity file /home/userxxx/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/userxxx/.ssh/id_xmss type -1 debug1: identity file /home/userxxx/.ssh/id_xmss-cert type -1 debug1: identity file /home/userxxx/.ssh/id_dsa type -1 debug1: identity file /home/userxxx/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 192.168.xxx.xxx:22 as 'userxxx' debug3: record_hostkey: found key type ED25519 in file /home/userxxx
[Touch-packages] [Bug 2051895] Re: Lenovo XT99 BT headset can't work in HFP profile
Hello Hui, The changes look good to me, but I have a few minor requests: - Could you please expand the changelog entry and explain what the patch fixes? It doesn't need to be a long text or anything like that; just a small sentence is enough. - Could you add DEP-3 headers to the patch, please? You can find more information here: https://dep-team.pages.debian.net/deps/dep3/ but basically, I'm looking for something like: Origin: upstream, https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/d7dc04e8f5c404b1fa16409f69dcde7c56312f02 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2051895 I'm unsubscribing ubuntu-sponsors from the bug for now. Please resubscribe it once you've addressed the points above. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2051895 Title: Lenovo XT99 BT headset can't work in HFP profile Status in HWE Next: New Status in pulseaudio package in Ubuntu: In Progress Status in pulseaudio source package in Jammy: In Progress Status in pulseaudio source package in Mantic: In Progress Status in pulseaudio source package in Noble: In Progress Bug description: [Summary] When use the ThinkPluse xt99 bluetooth head set to run the test com.canonical.certification::bluetooth/audio_record_playback, it cannot record the sound and playback. It seems this device cannot switch to Hand free mode in this platform. [Steps to reproduce] Connect the ThinkPluse xt99, use the Handfree mode, then try to record some voice. [Expected result] The bluetooth headset ThinkPluse xt99 can use as a MIC to input sound. [Actual result] The bluetooth headset xt99 cannot work in the Handfree mode. [Failure rate] 100% [Impact] With the current Ubuntu 22.04 oem image, we try to connect the LENOVO XT99 bt headset and let it work in HFP mode, we select HFP profile from gnome sound-setting, but the microphone will not auto change to bt microphone and the bt output could not work too. So this BT headset could only work in A2DP mode with the current 22.04 OEM image. And we tried ubuntu 22.04 generic image, mantic image and noble image, none of them could make the headset work in HFP mode. [Fix] Cherry-pick a pulseaudio commit from upstream. [Test] Install the patched pulseaudio and reboot, connect to the LENOVO XT99 bt headset, select it to work in HFP mode, tested playback and capture, all worked well. [Where problems could occur] This change will impact bt headset negotiation process in the pulseaudio, so the possiblity of regression is limited to bt headset, it could make the bt headset fail to connect, but this possibility is very low, we tested the patch with different bt headset and bt speaker, all worked well. To manage notifications about this bug go to: https://bugs.launchpad.net/hwe-next/+bug/2051895/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040465] Re: MRE updates of openldap for noble
** Description changed: - Backport openldap as MRE to noble once the update for noble has been - completed. + [ Impact ] - + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. - [Impact] - TBD + This update includes bugfixes only following the SRU policy exception + defined at https://wiki.ubuntu.com/OpenLDAPUpdates. - [Major Changes] - TBD + [ Major Changes ] - [Test Plan] - TBD + * See the list of bugs fixed in this release here: - [Regression Potential] - Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. - + https://lists.openldap.org/hyperkitty/list/openldap- + annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ + + [ Test Plan ] + + * Upstream gitlab pipeline results: + + https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 + + * Upstream "call for testing": + + https://lists.openldap.org/hyperkitty/list/openldap- + techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ + + * As described in the MRE wiki page for OpenLDAP, the test plan is to + build the package in a PPA and make sure that (1) all build-time tests + pass and (2) all autopkgtest runs (from reverse dependencies) also pass. + + * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: + - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz + + [ Where problems could occur ] + + * Upstream tests are always executed during build-time. There are many + reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage + is good. Nevertheless, there is always a risk for something to break + since we are dealing with a microrelease upgrade. Whenever a test + failure is detected, we will be on top of it and make sure it doesn't + affect existing users. + + [ Other Info ] + + * This is a reoccurring MRE. See below for links to previous OpenLDAP + MREs. + + * CVEs fixed by this release: +- None. + + Current versions in supported releases that got updates: + openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source + + Special cases: + - None. + + Previous MREs for OpenLDAP: + - https://pad.lv/1977627 + - https://pad.lv/1983618 + - https://pad.lv/2007625 + - https://pad.lv/2027079 + - https://pad.lv/2029170 + + As usual we test and prep from the PPA and then push through + SRU/Security as applicable. ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** No longer affects: openldap (Ubuntu Noble) ** Changed in: openldap (Ubuntu) Status: New => Invalid ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Summary changed: - MRE updates of openldap for noble + New upstream microrelease 2.5.17 ** Changed in: openldap (Ubuntu Jammy) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Triaged Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a r
[Touch-packages] [Bug 2040465] Re: New upstream microrelease 2.5.17
dep8 results: Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/?format=plain) openldap @ amd64: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/amd64/o/openldap/20240209_225823_2ec27@/log.gz 09.02.24 22:58:23 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ arm64: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/arm64/o/openldap/20240209_230358_34851@/log.gz 09.02.24 23:03:58 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ armhf: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/armhf/o/openldap/20240209_230114_34851@/log.gz 09.02.24 23:01:14 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ ppc64el: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/ppc64el/o/openldap/20240209_231213_2ec27@/log.gz 09.02.24 23:12:13 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 openldap @ s390x: http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-openldap/jammy/s390x/o/openldap/20240209_225840_2ec27@/log.gz 09.02.24 22:58:40 ✅ Triggers: openldap/2.5.17+dfsg-0ubuntu0.22.04.1~ppa1 ** Changed in: openldap (Ubuntu Jammy) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 - https://pad.lv/2027079 - https://pad.lv/2029170 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040465] Re: New upstream microrelease 2.5.17
As per Steve's reply here: https://lists.ubuntu.com/archives/ubuntu-devel/2023-December/042854.html I'm not going to run autopkgtest against all reverse dependencies of the package. Instead, I will rely on the results from the archive and act accordingly. Therefore, I've just uploaded the package to Jammy unapproved. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 - https://pad.lv/2027079 - https://pad.lv/2029170 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Changed in: openldap (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: Fix Committed Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add ufw prof
[Touch-packages] [Bug 2040465] Re: New upstream microrelease 2.5.17
As is usual with these MREs, the verification phase is considered done when all dep8 tests pass. This is now true for the Jammy upload. Therefore, tagging the bug accordingly. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040465 Title: New upstream microrelease 2.5.17 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.17. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/XRQE4CVQDLTG4EYPKVEU2L76DYGIFR2Q/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/commit/99a124bb434052a71cf4ff115d0f949f6c6b7208/pipelines?ref=OPENLDAP_REL_ENG_2_5 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/4744NWC2HJP7L24WOUMZF4VCYGGUMRI7/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in a PPA and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/679769800/buildlog_ubuntu-jammy-amd64.openldap_2.5.16+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.16+dfsg-0ubuntu0.22.04.2 | jammy-security | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 - https://pad.lv/2007625 - https://pad.lv/2027079 - https://pad.lv/2029170 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2040465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2056152] Re: errors when starting thunderbird, directly after boot. error message: package dnsmasq 2.90-0ubuntu0.22.04.1 failed to install/upgrade: end of file on stdin at conffi
Thank you for taking the time to file a bug report. >From DpkgTerminalLog.txt, we see the following message: *** dnsmasq.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package dnsmasq (--configure): end of file on stdin at conffile prompt This indicates that there was no reply to the question posed by dpkg (debconf). The upgrade process had to ask the question because there is some local modification on your /etc/dnsmasq.conf, and it could not figure out how to merge your modifications with the new configuration file provided by the package. As such, it expects you to answer how the conflict should be resolved. Since the answer provided was an EOF, it errored out. In other words, you have to be able to properly answer dpkg's question in order to proceed with the upgrade. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: dnsmasq (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2056152 Title: errors when starting thunderbird, directly after boot. error message: package dnsmasq 2.90-0ubuntu0.22.04.1 failed to install/upgrade: end of file on stdin at conffile prompt Status in dnsmasq package in Ubuntu: Incomplete Bug description: see summary. after skipping the error message, thunderbird seems to work well ProblemType: Package DistroRelease: Ubuntu 22.04 Package: dnsmasq 2.90-0ubuntu0.22.04.1 ProcVersionSignature: Ubuntu 6.5.0-21.21~22.04.1-generic 6.5.8 Uname: Linux 6.5.0-21-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.11-0ubuntu82.5 AptOrdering: dnsmasq:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: pass Date: Tue Mar 5 09:50:12 2024 DpkgHistoryLog: Start-Date: 2024-03-05 09:50:11 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq:amd64 (2.86-1.1ubuntu0.5, 2.90-0ubuntu0.22.04.1) ErrorMessage: end of file on stdin at conffile prompt InstallationDate: Installed on 2022-11-08 (482 days ago) InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1) PackageArchitecture: all Python3Details: /usr/bin/python3.10, Python 3.10.12, python3-minimal, 3.10.6-1~22.04 PythonDetails: N/A RelatedPackageVersions: dpkg 1.21.1ubuntu2.2 apt 2.4.11 SourcePackage: dnsmasq Title: package dnsmasq 2.90-0ubuntu0.22.04.1 failed to install/upgrade: end of file on stdin at conffile prompt UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.dnsmasq: 2022-11-15T02:41:03.690882 mtime.conffile..etc.dnsmasq.conf: 2022-11-15T02:41:10.043282 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2056152/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I was able to reproduce the bug on Focal, and since we seem to carry the same version on Jammy/Mantic (and likely Noble), it's probable that the bug also happens in those releases. For future reference: # apt install -y libvirt-daemon-system bind9 dnsmasq Reboot, and try bringing up the "default" network on libvirt: # virsh net-start default error: Failed to start network default error: internal error: Child process (VIR_BRIDGE_NAME=virbr0 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper) unexpected exit status 2: dnsmasq: failed to create listening socket for 192.168.122.1: Address already in use -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Confirmed Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon
[Touch-packages] [Bug 2055776] Re: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM.
I talked to Marc to understand whether the security team had any plans to "fix" this problem, and he raised a valid point: from his perspective (and the Security team's as well, I gather), this is not a bug because we have two services trying to listen on the same port. The "fix" here is to adjust the local configuration, as mentioned in the comments above. I'm reverting this bug's state to Invalid, then. ** Changed in: dnsmasq (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2055776 Title: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Status in dnsmasq package in Ubuntu: Confirmed Bug description: phenomenon: After updating ubuntu, the network to which the subnet address is assigned does not become active in KVM. Cause: This is because the following dnsmasq update operation performed by apt's automatic update causes an error. It worked properly with dnsmasq 2.80, but does not work properly with 2.90. $ cat /var/log/apt/history.log (snip) Start-Date: 2024-02-27 06:17:31 Commandline: /usr/bin/unattended-upgrade Upgrade: dnsmasq-base:amd64 (2.80-1.1ubuntu1.7, 2.90-0ubuntu0.20.04.1) End-Date: 2024-02-27 06:17:44 (snip) $ Cause details: As a premise, bind-dynamic is set in the dnsmasq config file for KVM. Below is an example. $ cat default.conf ##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE ##OVERWRITTEN AND LOST. Changes to this configuration should be made using: ##virsh net-edit default ## or other application using the libvirt API. ## ## dnsmasq conf file created by libvirt strict-order user=libvirt-dnsmasq pid-file=/run/libvirt/network/default.pid except-interface=lo bind-dynamic interface=virbr0 dhcp-range=192.168.122.2,192.168.122.254,255.255.255.0 dhcp-no-override dhcp-authoritative dhcp-lease-max=253 dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts $ When starting the network with KVM (virsh net-start), dnsmasq started from KVM executes the make_sock function twice as shown below. $ cat network.c (snip) 1087 static struct listener *create_listeners(union mysockaddr *addr, int do_ 1087 tftp, int dienow) 1088 { 1089 struct listener *l = NULL; 1090 int fd = -1, tcpfd = -1, tftpfd = -1; 1091 1092 (void)do_tftp; 1093 1094 if (daemon->port != 0) 1095 { 1096 fd = make_sock(addr, SOCK_DGRAM, dienow); 1097 tcpfd = make_sock(addr, SOCK_STREAM, dienow); 1098 } (snip) The following code causes an issue with the update made in dnsmasq 2.90. $ cat network.c (snip) 895 static int make_sock(union mysockaddr *addr, int type, int dienow) 896 { (snip) 934 if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) 935 { 936 if (dienow) 937 die(s, daemon->addrbuff, EC_BADNET); 938 else 939 my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno))939 ; 940 } (snip) function "make_sock" in network.c:1096 binds the socket to 192.168.122.1/24, and then make_sock in network.c:1097 tries to bind to the same address. However, in network.c:934, when errno==98 occurs, network.c:937 is executed, so dnsmasq does not cause a startup error. As a result, virsh net-start fails. As a temporary workaround, it will work if you try not to die. $ diff -u network_c_back network.c --- network_c_back 2024-02-29 15:36:05.156467935 + +++ network.c 2024-02-29 15:36:38.733324350 + @@ -934,7 +934,8 @@ if (!option_bool(OPT_CLEVERBIND) || errno != EADDRNOTAVAIL) { if (dienow) - die(s, daemon->addrbuff, EC_BADNET); + my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); + //die(s, daemon->addrbuff, EC_BADNET); else my_syslog(LOG_WARNING, s, daemon->addrbuff, strerror(errno)); } $ If bind-dynamic is set, it should be modified so that it works even if errno==98. For reference, in the case of dnsmasq 2.80, the code is as follows, so no error occurs. network.c 699 static int make_sock(union mysockaddr *addr, int type, int dienow) 700 { 701 int family = addr->sa.sa_family; 702 int fd, rc, opt = 1; (snip) 715 err: 716 errsave = errno; 717 port = prettyprint_addr(addr, daemon->addrbuff); 718 if (!option_bool(OPT_NOWILD) && !option_bool(OPT_CLEVERBIND))
[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory
** Also affects: cyrus-sasl2 (Ubuntu) Importance: Undecided Status: New ** Changed in: cyrus-sasl2 (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: cyrus-sasl2 (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1912256 Title: Missing channel binding prevents authentication to ActiveDirectory Status in cyrus-sasl2 package in Ubuntu: Confirmed Status in openldap package in Ubuntu: Confirmed Bug description: > Are you uncertain if your issue is really a bug? Effect is an authentication error. Root case is a "missing feature" (see below) and requires updating dependencies, downporting. > If you are certain this is a bug please include the source package the bug is in. It's in the interaction between three libraries: openldap, cyrus-sasl, krb5 > 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu Broken in 18.04 and also in 20.10 (I guess it's also broken in anything inbetween) > 2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center libsasl2-modules-gssapi-mit: 2.1.27+dfsg-2ubuntu1 ldap-utils: 2.4.53+dfsg-1ubuntu1.2 libgssapi-krb5-2: 1.17-10ubuntu0.1 > 3) What you expected to happen # kinit $ export LDAPSASL_CBINDING=tls-endpoint $ ldapwhoami -O minssf=0,maxssf=0 -N -Y GSSAPI -H ldaps:// SASL/GSSAPI authentication started SASL username: SASL SSF: 0 u: > 4) What happened instead SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: 80090346: LdapErr: DSID-0C090597, comment: AcceptSecurityContext error, data 80090346, v4563 --- Microsoft ActiveDirectory has "LDAP Channel Binding" and recommends activating this as a required feature. See https://access.redhat.com/articles/4661861 Authentication to any AD DC which has mandatory channel binding fails. Channel binding requires at least an update to cyrus-sasl, which is not in any release as far as I can see: https://github.com/cyrusimap/cyrus- sasl/commit/975edbb69070eba6b035f08776de771a129cfb57 It also needs this commit in openldap: https://git.openldap.org/openldap/openldap/-/commit/3cd50fa8b32a21040a9892e2a8a7a9dfc7541ce6 Which as far as I can tell is v2.5 (branch OPENLDAP_REL_ENG_2_5). RH also mentions it needs up-to-date krb5 libraries, but I can't tell what minimum version this needs. I can build all libraries from source, current master (except for krb5 where I've used 1.18.3) and can confirm that channel binding works when using those libraries. I'm not sure if Samba is affected, but at least adcli, ldap-utils, and I would guess by extension also SSSD and realmd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1912256/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory
Thank you, Christian. As discussed with Andreas, I've added a cyrus-sasl2 task to this bug and assigned him to it. This bug is probably going to involve modifications on cyrus-sasl2 only; after channel binding has been implemented there, we should be able to enable it in openldap by just rebuilding the package. Either way, I'm leaving the openldap task open and assigned to myself just in case. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1912256 Title: Missing channel binding prevents authentication to ActiveDirectory Status in cyrus-sasl2 package in Ubuntu: Confirmed Status in openldap package in Ubuntu: Confirmed Bug description: > Are you uncertain if your issue is really a bug? Effect is an authentication error. Root case is a "missing feature" (see below) and requires updating dependencies, downporting. > If you are certain this is a bug please include the source package the bug is in. It's in the interaction between three libraries: openldap, cyrus-sasl, krb5 > 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu Broken in 18.04 and also in 20.10 (I guess it's also broken in anything inbetween) > 2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center libsasl2-modules-gssapi-mit: 2.1.27+dfsg-2ubuntu1 ldap-utils: 2.4.53+dfsg-1ubuntu1.2 libgssapi-krb5-2: 1.17-10ubuntu0.1 > 3) What you expected to happen # kinit $ export LDAPSASL_CBINDING=tls-endpoint $ ldapwhoami -O minssf=0,maxssf=0 -N -Y GSSAPI -H ldaps:// SASL/GSSAPI authentication started SASL username: SASL SSF: 0 u: > 4) What happened instead SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: 80090346: LdapErr: DSID-0C090597, comment: AcceptSecurityContext error, data 80090346, v4563 --- Microsoft ActiveDirectory has "LDAP Channel Binding" and recommends activating this as a required feature. See https://access.redhat.com/articles/4661861 Authentication to any AD DC which has mandatory channel binding fails. Channel binding requires at least an update to cyrus-sasl, which is not in any release as far as I can see: https://github.com/cyrusimap/cyrus- sasl/commit/975edbb69070eba6b035f08776de771a129cfb57 It also needs this commit in openldap: https://git.openldap.org/openldap/openldap/-/commit/3cd50fa8b32a21040a9892e2a8a7a9dfc7541ce6 Which as far as I can tell is v2.5 (branch OPENLDAP_REL_ENG_2_5). RH also mentions it needs up-to-date krb5 libraries, but I can't tell what minimum version this needs. I can build all libraries from source, current master (except for krb5 where I've used 1.18.3) and can confirm that channel binding works when using those libraries. I'm not sure if Samba is affected, but at least adcli, ldap-utils, and I would guess by extension also SSSD and realmd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cyrus-sasl2/+bug/1912256/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1977627] [NEW] New upstream microrelease 2.5.12
Public bug reported: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for previous MRE's links. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Standing MRE - Consider last updates as template: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Affects: openldap (Ubuntu) Importance: High Status: Invalid ** Affects: openldap (Ubuntu Jammy) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: Confirmed ** Tags: needs-mre-backport server-todo ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Jammy) Status: New => Confirmed ** Changed in: openldap (Ubuntu Jammy) Importance: Undecided => High ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => (unassigned) ** Changed in: openldap (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Confirmed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for previous MRE's links. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Standing MRE - Consider last updates as template: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions -- Mailing list: https://launchpad.net/~touch-pa
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
** Changed in: openldap (Ubuntu) Status: Invalid => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: Confirmed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for previous MRE's links. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Standing MRE - Consider last updates as template: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971305] Re: Merge openldap from Debian unstable for kinetic
** Changed in: openldap (Ubuntu) Status: New => In Progress ** Changed in: openldap (Ubuntu) Milestone: ubuntu-22.07 => ubuntu-22.06 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1971305 Title: Merge openldap from Debian unstable for kinetic Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.11+dfsg-1 Ubuntu: 2.5.11+dfsg-1~exp1ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not yet compatible with autoconf 2.71. (Closes: #993032) * Stop disabling automake in debian/rules now that upstream removed the AM_INIT_AUTOMAKE invocation. * Drop custom config.{guess,sub} handling. dh_update_autotools_config does the right thing for us. * Update Standards-Version to 4.6.0; no changes required. * debian/not-installed: Add the ldapvc.1 man page. -- Ryan Tandy Mon, 30 Aug 2021 18:54:25 -0700 openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium [ Ryan Tandy ] * New upstream release. * Export the cn=config database to LDIF format before upgrading from 2.4. * slapd.README.Debian: - Remove text about the dropped evolution-ntlm patch. - Add guidance for recovering from upgrade failures. * Remove the debconf warning and README text about the unsafe ACL configured by default in versions before jessie. * Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the ppolicy schema. It's obsolete since the schema has been internalized. [ Sergio Durigan Junior ] * Implement the 'escape hatch' mechanism. - d/po/*.po: Update PO files given the new template note. - d/po/templates.pot: Update file. - d/slapd.templates: Add note warning user about a postinst failure, its possible cause and what to do. - d/slapd.postinst: Make certain upgrade functions return failure instead of exiting, which allows the postinst script to gracefully fail when applicable. Also, when the general configuration upgrade fails, display a critical warning to the user. Implement ignore_init_failure function. - d/slapd.prerm: Implement ignore_init_failure function. - d/slapd.scripts-common: Make certain functions return failure instead of exiting. - d/rules: Use dh_installinit's --error-handler to instruct it on how to handle possible errors with the init script. - d/slapd.NEWS: Add excerpt mentioning that the postinst script might error out if it can't migrate the existing (old) database backend. -- Ryan Tandy Mon, 16 Aug 2021 18:32:29 -0700 openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium * New upstream release. - Drop patches applied upstream: ITS#9544, ITS#9548. * Mark slapd-contrib as breaking the old version of slapd to reduce the chance of upgrade failure due to slapd-contrib being unpacked first. -- Ryan Tandy Fri, 11 Jun 2021 11:43:15 -0700 openldap (2.5.4+dfsg-1~exp1) experimental; urgency=medium * New upstream release. - Changing olcAuthzRegexp dynamically is supported. (Closes: #761407) - Support for LANMAN password hashes has been removed. (Closes: #988033) - Added pkg-config files for liblber and libldap. (Closes: #670824) - libldap_r has been merged into libldap. The Debian package will continue to install a libldap_r.so symlink for backwards compatibility with applications that still link with -lldap_r. - The Berkeley DB backends, slapd-bdb(5) and slapd-hdb(5), have been removed. - The shell backend, slapd-shell(5), has been removed. - New backend: slapd-asyncmeta(5). - New core overlays: slapd-homedir(5), slapd-otp(5), and slapd-r
[Touch-packages] [Bug 1971305] Re: Merge openldap from Debian unstable for kinetic
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/424013 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1971305 Title: Merge openldap from Debian unstable for kinetic Status in openldap package in Ubuntu: In Progress Bug description: Upstream: tbd Debian: 2.5.11+dfsg-1 Ubuntu: 2.5.11+dfsg-1~exp1ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not yet compatible with autoconf 2.71. (Closes: #993032) * Stop disabling automake in debian/rules now that upstream removed the AM_INIT_AUTOMAKE invocation. * Drop custom config.{guess,sub} handling. dh_update_autotools_config does the right thing for us. * Update Standards-Version to 4.6.0; no changes required. * debian/not-installed: Add the ldapvc.1 man page. -- Ryan Tandy Mon, 30 Aug 2021 18:54:25 -0700 openldap (2.5.6+dfsg-1~exp1) experimental; urgency=medium [ Ryan Tandy ] * New upstream release. * Export the cn=config database to LDIF format before upgrading from 2.4. * slapd.README.Debian: - Remove text about the dropped evolution-ntlm patch. - Add guidance for recovering from upgrade failures. * Remove the debconf warning and README text about the unsafe ACL configured by default in versions before jessie. * Remove upgrade code for adding the pwdMaxRecordedFailure attribute to the ppolicy schema. It's obsolete since the schema has been internalized. [ Sergio Durigan Junior ] * Implement the 'escape hatch' mechanism. - d/po/*.po: Update PO files given the new template note. - d/po/templates.pot: Update file. - d/slapd.templates: Add note warning user about a postinst failure, its possible cause and what to do. - d/slapd.postinst: Make certain upgrade functions return failure instead of exiting, which allows the postinst script to gracefully fail when applicable. Also, when the general configuration upgrade fails, display a critical warning to the user. Implement ignore_init_failure function. - d/slapd.prerm: Implement ignore_init_failure function. - d/slapd.scripts-common: Make certain functions return failure instead of exiting. - d/rules: Use dh_installinit's --error-handler to instruct it on how to handle possible errors with the init script. - d/slapd.NEWS: Add excerpt mentioning that the postinst script might error out if it can't migrate the existing (old) database backend. -- Ryan Tandy Mon, 16 Aug 2021 18:32:29 -0700 openldap (2.5.5+dfsg-1~exp1) experimental; urgency=medium * New upstream release. - Drop patches applied upstream: ITS#9544, ITS#9548. * Mark slapd-contrib as breaking the old version of slapd to reduce the chance of upgrade failure due to slapd-contrib being unpacked first. -- Ryan Tandy Fri, 11 Jun 2021 11:43:15 -0700 openldap (2.5.4+dfsg-1~exp1) experimental; urgency=medium * New upstream release. - Changing olcAuthzRegexp dynamically is supported. (Closes: #761407) - Support for LANMAN password hashes has been removed. (Closes: #988033) - Added pkg-config files for liblber and libldap. (Closes: #670824) - libldap_r has been merged into libldap. The Debian package will continue to install a libldap_r.so symlink for backwards compatibility with applications that still link with -lldap_r. - The Berkeley DB backends, slapd-bdb(5) and slapd-hdb(5), have been removed. - The shell backend, slapd-shell(5), has been removed. - New backend: slapd-asyncmeta(5). - New core overlays: slapd-homedir(5), slapd-otp(5), and slapd-remoteauth(5). - The ppoli
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
Bileto ticket: https://bileto.ubuntu.com/#/ticket/4866 ** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/424341 ** Changed in: openldap (Ubuntu Jammy) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for previous MRE's links. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Standing MRE - Consider last updates as template: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
** Description changed: [ Impact ] - * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] - * See the list of bugs fixed in this release here: + * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ [ Test Plan ] - * Upstream gitlab pipeline results: + * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 - * Upstream "call for testing": + * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ - * As described in the MRE wiki page for OpenLDAP, the test plan is to + * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. + * Build log (amd64) confirming that the build-time testsuite has been + performed and completed successfully: + https://launchpadlibrarian.net/606268441/buildlog_ubuntu-jammy- + amd64.openldap_2.5.12+dfsg-1ubuntu0.22.04.1_BUILDING.txt.gz + [ Where problems could occur ] - * Upstream tests are always executed during build-time. There are many + * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for previous MRE's links. - * CVEs fixed by this release: -- CVE-2022-29155, which has already been addressed in Jammy + * This is a reoccurring MRE. See below for previous MRE's links. + * CVEs fixed by this release: + - CVE-2022-29155, which has already been addressed in Jammy Current versions in supported releases that got updates: - openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source + openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Standing MRE - Consider last updates as template: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ + * In particular, this release includes the fix for CVE-2022-29155, but + since the CVE has already been addressed by the currently OpenLDAP + version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify + as a security upload. + [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. - * Build log (amd64) confirming that the build-time testsuite has been + * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606268441/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-1ubuntu0.22.04.1_BUILDING.txt.gz [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for previous MRE's links. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - https://launchpadlibrarian.net/606268441/buildlog_ubuntu-jammy- - amd64.openldap_2.5.12+dfsg-1ubuntu0.22.04.1_BUILDING.txt.gz + https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- + amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz + + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for previous MRE's links. + * This is a reoccurring MRE. See below for links to previous OpenLDAP + MREs. + * CVEs fixed by this release: - - CVE-2022-29155, which has already been addressed in Jammy + - CVE-2022-29155, which has already been addressed in Jammy. Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring M
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception - defined at https://wiki.ubuntu.com/StableReleaseUpdates/OpenLDAPUpdates. + defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz - * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy. Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy. Current vers
[Touch-packages] [Bug 1792544] Re: demotion of pcre3 (8.x) a.k.a pcre (without the 3) in favor of pcre2 (10.x)
This has been fixed since sssd 2.4.0. ** Changed in: sssd (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1792544 Title: demotion of pcre3 (8.x) a.k.a pcre (without the 3) in favor of pcre2 (10.x) Status in aide package in Ubuntu: Incomplete Status in anope package in Ubuntu: Incomplete Status in apache2 package in Ubuntu: Triaged Status in apr-util package in Ubuntu: Fix Released Status in clamav package in Ubuntu: Fix Released Status in exim4 package in Ubuntu: In Progress Status in freeradius package in Ubuntu: Incomplete Status in git package in Ubuntu: Fix Released Status in glib2.0 package in Ubuntu: Incomplete Status in grep package in Ubuntu: Incomplete Status in haproxy package in Ubuntu: Fix Released Status in libpam-mount package in Ubuntu: Fix Released Status in libselinux package in Ubuntu: Fix Released Status in nginx package in Ubuntu: Incomplete Status in nmap package in Ubuntu: Incomplete Status in pcre3 package in Ubuntu: Confirmed Status in php-defaults package in Ubuntu: Fix Released Status in php7.2 package in Ubuntu: Won't Fix Status in postfix package in Ubuntu: Incomplete Status in python-pyscss package in Ubuntu: Incomplete Status in quagga package in Ubuntu: Invalid Status in rasqal package in Ubuntu: Incomplete Status in slang2 package in Ubuntu: Incomplete Status in sssd package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Invalid Status in tilix package in Ubuntu: New Status in ubuntu-core-meta package in Ubuntu: New Status in vte2.91 package in Ubuntu: Fix Released Status in wget package in Ubuntu: Fix Released Status in zsh package in Ubuntu: Incomplete Status in zsh package in Debian: Confirmed Bug description: https://people.canonical.com/~ubuntu- archive/transitions/html/pcre2-main.html demotion of pcre3 in favor of pcre2. These packages need analysis what needs to be done for the demotion of pcre3: Packages which are ready to build with pcre2 should be marked as 'Triaged', packages which are not ready should be marked as 'Incomplete'. -- For clarification: pcre2 is actually newer than pcre3. pcre3 is just poorly named. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aide/+bug/1792544/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
As usual with non-security updates, we use the results of autopkgtest in order to perform the verification. In this case, all tests succeeded for openldap in Jammy. Therefore, tagging as verification-done-jammy. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy. Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1977627] Re: New upstream microrelease 2.5.12
** Changed in: openldap (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1977627 Title: New upstream microrelease 2.5.12 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/ * In particular, this release includes the fix for CVE-2022-29155, but since the CVE has already been addressed by the currently OpenLDAP version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify as a security upload. [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4298 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy- amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - CVE-2022-29155, which has already been addressed in Jammy. Current versions in supported releases that got updates: openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - None so far. As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971319] Re: Merge rsync from Debian unstable for kinetic
This bug was fixed in the package rsync - 3.2.4-1 --- rsync (3.2.4-1) unstable; urgency=medium [ Samuel Henrique ] * New upstream version 3.2.4 - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc mounted (closes: #995046). - rsync.1: remove prepended backticks which broke --stop-after and --stop-at formatting (closes: #1007990). * Ship new python-based rrsync with --with-rrsync: - rrsync was previouysly written in bash. - A manpage is now shipped for rrsync. - python3 and python3-cmarkgfm are new B-Ds since they're needed to generate the manpage. * d/control: - Add version requirement for some libxxhash-dev and libzstd-dev as per upstream docs. - Add python3-braceexpand to Suggests as it can be used by rrsync. * d/rsync.install: cull_options has been renamed to cull-options. * d/patches: - Refresh the following patches: ~ disable_reconfigure_req.diff; ~ perl_shebang.patch; ~ skip_devices_test.patch; - Drop the following patches, applied upstream now: ~ CVE-2020-14387.patch; ~ copy-devices.diff; ~ fix_delay_updates.patch; ~ fix_ftcbfs_configure.patch; ~ fix_mkpath.patch; ~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch; ~ fix_sparse_inplace.patch; ~ manpage_upstream_fixes.patch; ~ update_rrsync_options.patch; ~ workaround_glibc_lchmod_regression.patch; [ Sergio Durigan Junior ] * d/rules: Disable ASM optimizations when building. This is not needed because the only ASM-optimized implementation available is the MD5 hash, which is actually a no-op because we link against OpenSSL and rsync ends up using that library's implementation of the hash. Even then, the final binary ends up with the ASM-optimized version included, which makes it become CET-incompatible. Thanks to Dimitri John Ledkov -- Samuel Henrique Mon, 18 Apr 2022 14:44:44 +0100 ** Changed in: rsync (Ubuntu) Status: New => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-14387 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1971319 Title: Merge rsync from Debian unstable for kinetic Status in rsync package in Ubuntu: Fix Released Bug description: Upstream: tbd Debian: 3.2.4-1 Ubuntu: 3.2.3-8ubuntu3 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. ### New Debian Changes ### rsync (3.2.4-1) unstable; urgency=medium [ Samuel Henrique ] * New upstream version 3.2.4 - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc mounted (closes: #995046). - rsync.1: remove prepended backticks which broke --stop-after and --stop-at formatting (closes: #1007990). * Ship new python-based rrsync with --with-rrsync: - rrsync was previouysly written in bash. - A manpage is now shipped for rrsync. - python3 and python3-cmarkgfm are new B-Ds since they're needed to generate the manpage. * d/control: - Add version requirement for some libxxhash-dev and libzstd-dev as per upstream docs. - Add python3-braceexpand to Suggests as it can be used by rrsync. * d/rsync.install: cull_options has been renamed to cull-options. * d/patches: - Refresh the following patches: ~ disable_reconfigure_req.diff; ~ perl_shebang.patch; ~ skip_devices_test.patch; - Drop the following patches, applied upstream now: ~ CVE-2020-14387.patch; ~ copy-devices.diff; ~ fix_delay_updates.patch; ~ fix_ftcbfs_configure.patch; ~ fix_mkpath.patch; ~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch; ~ fix_sparse_inplace.patch; ~ manpage_upstream_fixes.patch; ~ update_rrsync_options.patch; ~ workaround_glibc_lchmod_regression.patch; [ Sergio Durigan Junior ] * d/rules: Disable ASM optimizations when building. This is not needed because the only ASM-optimized implementation available is the MD5 hash, which is actually a no-op because we link against OpenSSL and rsync ends up using that library's implementation of the hash. Even then, the final binary ends up with the ASM-optimized version included, which makes it become CET-incompatible. Thanks to Dimitri John Ledkov -- Samuel Henrique Mon, 18 Apr 2022 14:44:44 +0100 rsync (3.2.3-8) unstable; urgency=medium * debian/patches: - manpage_upstream_fixes.patch: Import multiple upstream patches to fix manpage. - copy-devices.diff: Add missing manpage changes to patch - CVE-2020-14387.patch: Add Forwarded DEP
[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"
** Changed in: cyrus-sasl2 (Ubuntu Impish) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/827151 Title: Annoying log message "DIGEST-MD5 common mech free" Status in Cyrus-sasl2: Fix Released Status in cyrus-sasl2 package in Ubuntu: Fix Released Status in cyrus-sasl2 source package in Trusty: Won't Fix Status in cyrus-sasl2 source package in Xenial: Won't Fix Status in cyrus-sasl2 source package in Yakkety: Fix Released Status in cyrus-sasl2 source package in Focal: Triaged Status in cyrus-sasl2 source package in Impish: Won't Fix Status in cyrus-sasl2 source package in Jammy: Triaged Status in cyrus-sasl2 package in Debian: Fix Released Bug description: I recently updated the libsasl2-modules to 2.1.24~rc1.dfsg1+cvs2011-05-23-4ubuntu1 in oneiric. That triggered the bug also described in Debian here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631932 The annoying message is logged in auth.log. In my case, it is associated with svnserve: svnserve: DIGEST-MD5 common mech free I'm not exactly sure what action triggers the message, but I can investigate more if required. $ lsb_release -rd Description:Ubuntu oneiric (development branch) Release:11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/cyrus-sasl2/+bug/827151/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1983618] [NEW] New upstream microrelease 2.5.13
Public bug reported: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Affects: openldap (Ubuntu) Importance: High Status: Invalid ** Affects: openldap (Ubuntu Jammy) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Jammy) Status: New => In Progress ** Changed in: openldap (Ubuntu Jammy) Importance: Undecided => High ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu) Status: In Progress => Invalid ** Changed in: openldap (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1983618 Title: New upstream microrelease 2.5.13 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+
[Touch-packages] [Bug 1983618] Re: New upstream microrelease 2.5.13
** Description changed: [ Impact ] - * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] - * See the list of bugs fixed in this release here: + * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] - * Upstream gitlab pipeline results: + * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 - * Upstream "call for testing": + * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ - * As described in the MRE wiki page for OpenLDAP, the test plan is to + * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. - * Build log (amd64) confirming that the build-time testsuite has been - performed and completed successfully: TBD + * Build log (amd64) confirming that the build-time testsuite has been + performed and completed successfully: https://launchpad.net/~ci-train- + ppa-service/+archive/ubuntu/4887/+build/24250107 - * Bileto ticket: TBD + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4887 [ Where problems could occur ] - * Upstream tests are always executed during build-time. There are many + * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for links to previous OpenLDAP + * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. - * CVEs fixed by this release: -- None. + * CVEs fixed by this release: + - None. Current versions in supported releases that got updates: - openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source + openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Tags added: server-todo ** Tags added: needs-mre-backport ** Changed in: openldap (Ubuntu) Milestone: ubuntu-22.08 => None -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1983618 Title: New upstream microrelease 2.5.13 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4887/+build/24250107 * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4887 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in
[Touch-packages] [Bug 1983618] Re: New upstream microrelease 2.5.13
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/427967 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1983618 Title: New upstream microrelease 2.5.13 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4887/+build/24250107 * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4887 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1983618/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1983618] Re: New upstream microrelease 2.5.13
** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4887/+build/24250107 - * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4887 + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4895 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1983618 Title: New upstream microrelease 2.5.13 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4887/+build/24250107 * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4895 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1983618/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1980146] Re: dnsmasq often using 100% of CPU
Thanks for the extra details, I was able to reproduce the problem here. Here are the steps: $ lxc launch ubuntu-daily:jammy dnsmasq-cpu-bug $ lxc shell dnsmasq-cpu-bug # apt update # apt install -y dnsmasq # systemctl disable --now systemd-resolved.service # systemctl start dnsmasq.service # dig gnu.org In another terminal, you can shell into the container and do an "htop" to check that dnsmasq will be using 100% of one CPU core. I was able to reproduce this all the way back to Focal, but Bionic isn't impacted by this bug. I believe it's worth trying to report it upstream and seeing if this rings any bells. I'm going to include this bug in our backlog; right now everybody from the Ubuntu Server team is busy with the upcoming Kinetic release. mixmastamyk, if you feel like reporting this upstream please post the link to the email thread here so that we can keep an eye on it. Thanks. ** Also affects: dnsmasq (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: dnsmasq (Ubuntu Kinetic) Importance: Undecided Status: Incomplete ** Also affects: dnsmasq (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: dnsmasq (Ubuntu Focal) Status: New => Triaged ** Changed in: dnsmasq (Ubuntu Jammy) Status: New => Triaged ** Changed in: dnsmasq (Ubuntu Kinetic) Status: Incomplete => Triaged ** Changed in: dnsmasq (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: dnsmasq (Ubuntu Kinetic) Importance: Undecided => Medium ** Changed in: dnsmasq (Ubuntu Jammy) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/1980146 Title: dnsmasq often using 100% of CPU Status in dnsmasq package in Ubuntu: Triaged Status in dnsmasq source package in Focal: Triaged Status in dnsmasq source package in Jammy: Triaged Status in dnsmasq source package in Kinetic: Triaged Bug description: Release: 22.04 Codename: jammy Kernel: Linux 5.15.0-40-generic x86_64 ⏵ apt-cache policy dnsmasq Installed: 2.86-1.1ubuntu0.1 dnsmasq is caught in a loop after every dns request, resulting in 100% CPU usage for several minutes each time. This leads to a hot and lethargic computer. During this time thousands of the following messages (see below) are printed from strace. The loop tends to obsess on denied connections, but there are so many I'm not 100% sure. systemd-resolved is _not_ running, some bugs refer to that. ⏵ head /etc/dnsmasq.d/foo.conf address=/#/127.0.0.2 port=53 resolv-file=/var/run/NetworkManager/resolv.conf ⏵ sudo strace -p 3519 (dnsmasq) poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}, {fd=7, events=POLLIN}, {fd=8, events=POLLIN}, {fd=9, events=POLLIN}, {fd=13, events=POLLIN}, {fd=14, events=POLLIN}], 9, -1) = 1 ([{fd=4, revents=POLLIN}]) recvmsg(4, {msg_name={sa_family=AF_INET, sin_port=htons(60224), sin_addr=inet_addr("127.0.0.1")}, msg_namelen=28 => 16, msg_iov=[{iov_base="\302\221\1\0\0\1\0\0\0\0\0\0\17classify- client\10ser"..., iov_len=4096}], msg_iovlen=1, msg_control=[{cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=IP_PKTINFO, cmsg_data={ipi_ifindex=if_nametoindex("lo"), ipi_spec_dst=inet_addr("127.0.0.53"), ipi_addr=inet_addr("127.0.0.53")}}], msg_controllen=32, msg_flags=0}, 0) = 54 ioctl(4, SIOCGIFNAME, {ifr_ifindex=1, ifr_name="lo"}) = 0 sendto(14, "\302\221\1\0\0\1\0\0\0\0\0\0\17classify-client\10ser"..., 54, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 54 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1980146/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed
Thanks for taking the time to report the bug and make Ubuntu better. I can reproduce the bug using your testcase, but that requires a VM with a graphical environment installed. Another way to reproduce the bug is (from the upstream bug report): $ lxc launch ubuntu-daily:jammy ssh-cpu $ lxc shell ssh-cpu # ssh HOST 2> >({exec 1>&2}) You can shell into the container from another terminal and use "htop" to verify that ssh is using 100% of one of the CPU cores. This seems to have been fixed upstream by the following commit: https://github.com/openssh/openssh- portable/commit/d6556de1db0822c76ba2745cf5c097d9472adf7c I confirmed that this only happens on Jammy. Focal and Kinetic are not affected. ** Also affects: openssh (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openssh (Ubuntu) Status: New => Fix Released ** Changed in: openssh (Ubuntu Jammy) Status: New => Triaged ** Changed in: openssh (Ubuntu Jammy) Importance: Undecided => Medium ** Bug watch added: OpenSSH Portable Bugzilla #3405 https://bugzilla.mindrot.org/show_bug.cgi?id=3405 ** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=3405 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1986521 Title: ssh client spins if output fd closed Status in portable OpenSSH: Unknown Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Jammy: Triaged Bug description: The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the bug described at https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and https://bugzilla.mindrot.org/show_bug.cgi?id=3405 A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up an xterm, ask for whatever authentication is needed, close the xterm, and leave the ssh client spinning consuming CPU time for 60 seconds before it exits. It should leave the ssh client idle for 60 seconds. Many uses of ssh to launch graphical applications will be caught by this bug. This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its release notes at https://www.openssh.com/txt/release-9.0 To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1983618] Re: New upstream microrelease 2.5.13
As usual with non-security updates, we use the results of autopkgtest in order to perform the verification. In this case, all tests succeeded for openldap in Jammy. Therefore, tagging as verification-done-jammy. ** Tags removed: server-todo verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1983618 Title: New upstream microrelease 2.5.13 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.13. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/3PLJDVP7QWTRFHC2GPQTGBLEQFCBUZZ2/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4504 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap- techni...@openldap.org/thread/RXOSXVLKTIDM4XJUA5EZZ42677JXRHYN/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4887/+build/24250107 * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4895 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.12+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1983618/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1987356] [NEW] [BPO] elfutils/0.187-1 from Kinetic
Public bug reported: [Impact] * elfutils ships many ELF/DWARF related tools that are interesting for users and developers of low level code. * More specifically, elfutils ships the debuginfod library and server. Ubuntu is going to have a debuginfod server soon (see https://blog.sergiodj.net/2022/08/14/debuginfod-is-coming-to- ubuntu.html), and there have been many important changes that impact debuginfod's performance on 0.187. [Scope] * I will backport elfutils/0.187 from Kinetic. * I will backport elfutils/0.187 to Jammy. [Other Info] * None so far. ** Affects: elfutils (Ubuntu) Importance: Undecided Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Changed in: elfutils (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/1987356 Title: [BPO] elfutils/0.187-1 from Kinetic Status in elfutils package in Ubuntu: In Progress Bug description: [Impact] * elfutils ships many ELF/DWARF related tools that are interesting for users and developers of low level code. * More specifically, elfutils ships the debuginfod library and server. Ubuntu is going to have a debuginfod server soon (see https://blog.sergiodj.net/2022/08/14/debuginfod-is-coming-to- ubuntu.html), and there have been many important changes that impact debuginfod's performance on 0.187. [Scope] * I will backport elfutils/0.187 from Kinetic. * I will backport elfutils/0.187 to Jammy. [Other Info] * None so far. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/1987356/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1976508] Re: sasl/gssapi tests are disabled due to missing build-deps
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1976508 Title: sasl/gssapi tests are disabled due to missing build-deps Status in openldap package in Ubuntu: In Progress Bug description: Openldap has an extensive test suite that is run during build. The sasl/gssapi tests are being skipped because of missing build dependencies: >>>>> Starting test077-sasl-gssapi for mdb... running defines.sh Starting KDC for SASL/GSSAPI tests... Trying Heimdal KDC... Trying MIT KDC... No KDC available, skipping GSSAPI tests >>>>> test077-sasl-gssapi completed OK for mdb after 0 seconds. With this diff, the test was finally run: --- a/debian/control +++ b/debian/control @@ -22,7 +22,12 @@ Build-Depends: debhelper-compat (= 12), perl:any, pkg-config (>= 0.29), po-debconf, - unixodbc-dev + unixodbc-dev , + krb5-admin-server, + krb5-user, + krb5-kdc, + libsasl2-modules-gssapi-mit, + sasl2-bin Build-Conflicts: libbind-dev, bind-dev, autoconf2.13 Standards-Version: 4.6.0 Homepage: https://www.openldap.org/ Result: >>>>> Starting test077-sasl-gssapi for mdb... running defines.sh Starting KDC for SASL/GSSAPI tests... Trying Heimdal KDC... Trying MIT KDC... Configuring slapd... Starting ldap:/// slapd on TCP/IP port 9011 and ldaps:/// slapd on 9012... Using ldapsearch to check that slapd is running... supportedSASLMechanisms: GSSAPI Using ldapwhoami with SASL/GSSAPI: success Validating mapped SASL/GSSAPI ID: success Using ldapwhoami with SASL/GSSAPI with start-tls: success Using ldapwhoami with SASL/GSSAPI with ldaps: success SASL has no channel-binding support in GSSAPI, test skipped >>>>> Test succeeded >>>>> test077-sasl-gssapi completed OK for mdb after 2 seconds. About the missing channel binding support, I filed bug #1976507 against cyrus-sasl2. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1976508/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1971932] Re: error in rsync protocol data stream
There are a few upstream issues that seem to be related to this one, but https://github.com/WayneD/rsync/issues/86 seems like the most likely candidate. Not using "-z" was determined to be a possible workaround here. If any of you (who can actually reproduce the issue) can check if "-zz" also works, then we can establish the relation between both bugs. Thanks. ** Bug watch added: github.com/WayneD/rsync/issues #86 https://github.com/WayneD/rsync/issues/86 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/1971932 Title: error in rsync protocol data stream Status in rsync package in Ubuntu: Confirmed Bug description: When synchronizing to other systems, rsync exits with "error in rsync protocol data stream (code 12)". The problem occurs since ubuntu 22.04 LTS with two different destination systems not running ubuntu but plain debian. The error did not occur under 20.04 LTS. Synchronisation runs fine for most other files, but always stops at the same (relative large) file. The file itself has also been changed on a test basis to make sure the file is not the problem itself. Log snippet: ... chunk[46131] len=46120 offset=2127561720 sum1=2f48caf4 chunk[46132] len=46120 offset=2127607840 sum1=5dfcb4ee chunk[46133] len=46120 offset=2127653960 sum1=d1037d81 chunk[46134] len=8870 offset=2127700080 sum1=6deedc97 send_files mapped /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX of size 2135722584 calling match_sums /path/backup/subdir/.thunderbird/profile/ImapMail/imap.domain.com/INBOX built hash table hash search b=46120 len=2135722584 sum=1e1722dc k=46120 hash search s->blength=46120 len=2135722584 count=46135 potential match at 0 i=0 sum=1e1722dc match at 0 last_match=0 j=0 len=46120 n=0 potential match at 46120 i=1 sum=c482d6b6 match at 46120 last_match=46120 j=1 len=46120 n=0 potential match at 92240 i=2 sum=b21c7e11 match at 92240 last_match=92240 j=2 len=46120 n=0 potential match at 138360 i=3 sum=d066473a match at 138360 last_match=138360 j=3 len=46120 n=0 potential match at 184480 i=4 sum=a32a2984 match at 184480 last_match=184480 j=4 len=46120 n=0 potential match at 230600 i=5 sum=39cc049f match at 230600 last_match=230600 j=5 len=46120 n=0 potential match at 276720 i=6 sum=ad3de98a match at 276720 last_match=276720 j=6 len=46120 n=0 potential match at 322840 i=7 sum=83e16fa9 match at 322840 last_match=322840 j=7 len=46120 n=0 deflate on token returned 0 (8512 bytes left) rsync error: error in rsync protocol data stream (code 12) at token.c(476) [sender=3.2.3] [sender] _exit_cleanup(code=12, file=token.c, line=476): entered [sender] _exit_cleanup(code=12, file=token.c, line=476): about to call exit(12) Sender system: (rsync 3.2.3-8ubuntu3) - rsync version 3.2.3 protocol version 31 Copyright (C) 1996-2020 by Andrew Tridgell, Wayne Davison, and others. Web site: https://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, hardlink-specials, symlinks, IPv6, atimes, batchfiles, inplace, append, ACLs, xattrs, optional protect-args, iconv, symtimes, prealloc, stop-at, no crtimes Optimizations: SIMD, no asm, openssl-crypto Checksum list: xxh128 xxh3 xxh64 (xxhash) md5 md4 none Compress list: zstd lz4 zlibx zlib none rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. Recipient systems: (rsync 3.1.3-6) -- rsync version 3.1.3 protocol version 31 Copyright (C) 1996-2018 by Andrew Tridgell, Wayne Davison, and others. Web site: http://rsync.samba.org/ Capabilities: 64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints, socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace, append, ACLs, xattrs, iconv, symtimes, prealloc rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the GNU General Public Licence for details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1971932/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988144] Re: klist not showing tgt after reboot
Thanks for taking the time to report a bug and make Ubuntu better. I tried reproducing the problem here but it seems there's something I'm missing. I have a Samba AD DC setup (running Focal, but that shouldn't matter) and I setup a Bionic client. I then obtained a ticket using "kinit", verified that the ticket is listed using "klist", and then reboot the VM. When it came back online, the ticket was gone. The same behaviour happens if I setup a Focal client, BTW. I may be wrong, but looking at the ticket you got on the Bionic machine it seems to me that there's some extra configuration in your /etc/krb5.conf that may be causing this behaviour. Would it be possible for you to come up with a step-by-step reproducer for this problem, please? Thanks in advance. ** Changed in: krb5 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1988144 Title: klist not showing tgt after reboot Status in krb5 package in Ubuntu: Incomplete Bug description: Hello, iam not sure if this is a bug, but iam noticed a different behaviour of kinit/klist between Ubuntu 18.04 and 22.04 I already talked to sam hartman who is maintainer of krb5 packages at debian and he told that basically there is no difference between different version of kinit/klist and one should dig in Ubuntu environment. Let me decribe the notice: We use kinit/klist/krb5 keytab as base for sssd and ssh access controlled by AD. In Ubuntu 18.04 LTS i could do: "kinit myprincipal" and created a valid tgt. This tgt was stable and survived a reboot which can be viewed by "klist". I log in as unprivileged user, doing "sudo -i" and see: myhost: # klist Ticket cache: FILE:/tmp/krb5cc_27465975_uqBiyq File /tmp/krb5cc_27465975_uqBiyq is existent and owned by my unprivileged username and group domainusers. Ubuntu 18.04 LTS is using 1.16-2ubuntu0.2 of krb5-user. i have to say, that first login as unprivileged user is done by using ssh-keypair, so no sssd is involved. But by using "sudo -i" sssd is used and worked like expected. Now we switched to Ubuntu 22.04 LTS, Version of krb5-user is 1.19.2-2 Doing kinit myprincipal on 22.04 leads to: myhost: # klist Ticket cache: FILE:/tmp/krb5cc_0 File /tmp/krb5cc_0 is owned by root:root After reboot i can still login successful as unprivileged user make "sudo -i" and klist says: myhost: # klist klist: No credentials cache found (filename: /tmp/krb5cc_0 File /tmp/krb5cc_0 is gone (deleted from unknown), but i see a file /tmp/krb5cc_27465975_nGySkP which is owned by my unprivileged username and group is domainusers. is this expected? It seems that newer klist always wants to use the default name /tmp/krb5cc_0. It creates tgt with this name and tries to read this filename. but after reboot file is recreated with different name and default klist command fails. First login as unprivilged user was done with ssh-keypair without sssd, but "sudo -i" uses sssd agin. Whole thing only works like in 18.04 if you dont use ssh-keypairs and do all logins by hand with manually login, so sssd is forced to use in every step. What do you think? Is this a bug or wrong use? Behaviour of 18.04 was absolutely satisfying. Thanks, Hans To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1988144/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988608] [NEW] [FFe] Sync version 0.187-2 from Debian unstable
Public bug reported: With the upcoming release of a debuginfod service for Ubuntu (see https://blog.sergiodj.net/2022/08/14/debuginfod-is-coming-to- ubuntu.html), we need to adjust our tooling to offer users the possibility of using the service out-of-the-box, without too much configuration. I have recently uploaded elfutils to Debian unstable in order to improve the way it handles the debuginfod shell profiles, and also to preemptively implement support for Ubuntu's debuginfod server. Now, I would like to request a feature freeze exception to bring these updates to Ubuntu Kinetic. The package builds fine on Debian (https://buildd.debian.org/status/package.php?p=elfutils), and also on Kinetic. elfutils doesn't have autopkgtests associated with it, but I have tested installing/uninstalling/upgrading/purging the package inside a container to make sure that these operations are still OK. There is a new debconf question that will be introduced by this sync. I marked it as high priority because I believe this is an important feature and users will initially not be aware of it. We can consider lowering the priority later. elfutils generates many binary packages, and as such it has many reverse dependencies. They should not be affected by this sync, though, because all modifications were focused on debuginfod-related maintainer scripts in the package. ** Affects: elfutils (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/1988608 Title: [FFe] Sync version 0.187-2 from Debian unstable Status in elfutils package in Ubuntu: New Bug description: With the upcoming release of a debuginfod service for Ubuntu (see https://blog.sergiodj.net/2022/08/14/debuginfod-is-coming-to- ubuntu.html), we need to adjust our tooling to offer users the possibility of using the service out-of-the-box, without too much configuration. I have recently uploaded elfutils to Debian unstable in order to improve the way it handles the debuginfod shell profiles, and also to preemptively implement support for Ubuntu's debuginfod server. Now, I would like to request a feature freeze exception to bring these updates to Ubuntu Kinetic. The package builds fine on Debian (https://buildd.debian.org/status/package.php?p=elfutils), and also on Kinetic. elfutils doesn't have autopkgtests associated with it, but I have tested installing/uninstalling/upgrading/purging the package inside a container to make sure that these operations are still OK. There is a new debconf question that will be introduced by this sync. I marked it as high priority because I believe this is an important feature and users will initially not be aware of it. We can consider lowering the priority later. elfutils generates many binary packages, and as such it has many reverse dependencies. They should not be affected by this sync, though, because all modifications were focused on debuginfod-related maintainer scripts in the package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/1988608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1988608] Re: [FFe] Sync version 0.187-2 from Debian unstable
This bug was fixed in the package elfutils - 0.187-2 --- elfutils (0.187-2) unstable; urgency=medium * Pass --sysconfdir to configure and install elfutils.urls. - d/rules: Pass --sysconfdir to configure; don't delete elfutils.urls. - d/libdebuginfod-common.install: Adjust paths and install elfutils.urls. * d/rules: Cleanup debuginfod code and support Ubuntu's debuginfod. * d/libdebuginfod-common.templates: New question for Ubuntu's debuginfod. * d/libdebuginfod-common.config: Ask about Ubuntu's debuginfod. * d/libdebuginfod-common.post{inst,rm}: Cleanup code, fix problems and support Ubuntu. Thanks to наб (Closes: #987787) -- Sergio Durigan Junior Fri, 02 Sep 2022 17:11:29 -0400 ** Changed in: elfutils (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/1988608 Title: [FFe] Sync version 0.187-2 from Debian unstable Status in elfutils package in Ubuntu: Fix Released Bug description: With the upcoming release of a debuginfod service for Ubuntu (see https://blog.sergiodj.net/2022/08/14/debuginfod-is-coming-to- ubuntu.html), we need to adjust our tooling to offer users the possibility of using the service out-of-the-box, without too much configuration. I have recently uploaded elfutils to Debian unstable in order to improve the way it handles the debuginfod shell profiles, and also to preemptively implement support for Ubuntu's debuginfod server. Now, I would like to request a feature freeze exception to bring these updates to Ubuntu Kinetic. The package builds fine on Debian (https://buildd.debian.org/status/package.php?p=elfutils), and also on Kinetic. elfutils doesn't have autopkgtests associated with it, but I have tested installing/uninstalling/upgrading/purging the package inside a container to make sure that these operations are still OK. There is a new debconf question that will be introduced by this sync. I marked it as high priority because I believe this is an important feature and users will initially not be aware of it. We can consider lowering the priority later. elfutils generates many binary packages, and as such it has many reverse dependencies. They should not be affected by this sync, though, because all modifications were focused on debuginfod-related maintainer scripts in the package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/1988608/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2064096] Re: rsyslog service timeout on noble numbat
Andreas and I spent some time this afternoon investigating this issue. Here are our findings. First, we noticed that the paths being reported by apparmor on dmesg appear to be relative to /run. This is just an impression, though: I believe that, for some reason, apparmor/systemd/something-else is actually seeing the paths as "/systemd/notify" instead of "/run/systemd/notify". Therefore, we decided to try to list those paths inside the apparmor profile, like: /systemd/journal/dev-log rwkl, /systemd/notify rwkl, Note that we're using "rwkl" just because we don't want to deal with limiting the scope of each access. After adding these paths to /etc/apparmor.d/usr.sbin.rsyslogd and reloading the profile, the service can finally be (re)started. This indicates that there's a discrepancy between the paths seeing by apparmor/systemd/Linux and those seeing by the userspace application. With that in mind, our next idea was to try to use "systemd-run" to mimic what's happening with rsyslogd. This could help us determine which component is problematic, but unfortunately we were unable to make the failure happen. We tried many combinations of commands; some of them are listed below: # Try to "ls" the notify socket using different paths systemd-run -p AppArmorProfile=rsyslogd ls /run/systemd/notify systemd-run -p AppArmorProfile=rsyslogd ls /systemd/notify # Likewise, but running the command using the syslog user systemd-run --uid 102 -p AppArmorProfile=rsyslogd ls /run/systemd/notify systemd-run --uid 102 -p AppArmorProfile=rsyslogd ls /systemd/notify Strangely, "ls" was able to properly list the contents of /run/systemd/notify on both cases (which it shouldn't, because the apparmor profile doesn't allow it). It also reported that "/systemd/notify", which is correct but unexpected (because we thought that systemd might be the problematic component which doesn't use "/run" in the paths). We also double checked and confirmed that the processes started by "systemd-run" have "systemd" as their parent, so in theory we should have seen the same problem here. There is also the fact that these file accesses are being denied even when the apparmor profile is running in complain mode. AFAIU, this shouldn't happen. Unless apparmor is affecting the path resolution that happens when the service tries to connect to the socket, effectively mangling the final path... but that would be very weird, I believe. Either way, it is unclear: 1) Why we're seeing these "partial" paths in the logs. 2) Why these accesses are being denied even when the apparmor profile is in complain mode. 3) Why "systemd-run" can't seem to reproduce the problem. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsyslog in Ubuntu. https://bugs.launchpad.net/bugs/2064096 Title: rsyslog service timeout on noble numbat Status in rsyslog package in Ubuntu: Confirmed Bug description: This might be related to #2064088 The rsyslog service is continually timing out and restarting. If I use a service drop-in file and change the 'Type' from 'notify' to 'simple', the service starts and appears to work normally. In the journal, I can see the attached apparmor errors. I can't make sense of them, but if it's a similar issue to #2064088, then I suspect apparmor is preventing the systemd notify function from alerting systemd that the service is up and running. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: rsyslog 8.2312.0-3ubuntu9 ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1 Uname: Linux 6.8.0-31-generic x86_64 ApportVersion: 2.28.1-0ubuntu2 Architecture: amd64 CasperMD5CheckMismatches: ./boot/grub/grub.cfg CasperMD5CheckResult: fail CurrentDesktop: ubuntu:GNOME Date: Mon Apr 29 10:37:46 2024 ProcEnviron: LANG=en_GB.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= SourcePackage: rsyslog UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/2064096/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2064457] Re: Merge rsync from Debian unstable for oracular
** Changed in: rsync (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2064457 Title: Merge rsync from Debian unstable for oracular Status in rsync package in Ubuntu: New Bug description: Upstream: tbd Debian: 3.3.0-1 Ubuntu: 3.2.7-1ubuntu1 Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### rsync (3.3.0-1) unstable; urgency=medium [ Aquila Macedo Costa ] * d/control: Bump Standards-Version to 4.6.2 [ Samuel Henrique ] * New upstream version 3.3.0 (closes: #1068630) * Bump Standards-Version to 4.7.0 * Update patches * d/patches: Drop merged patches * d/control: Drop dependency on lsb-base * d/rsync.lintian-overrides: Update overrides -- Samuel Henrique Fri, 12 Apr 2024 00:28:29 +0100 rsync (3.2.7-1) unstable; urgency=medium [ Juri Grabowski ] * New upstream version 3.2.7 * Remove patches included in new release [ Helmut Grohne ] * Fix FTCBFS: Use native instances for python build depends (closes: #1022988). [ Samuel Henrique ] * d/rsync.lintian-overrides: Update findings as per lintian changes * d/patches: Add two upstream patches to fix issues post 3.2.7 release: - trust_the_sender_on_a_local_transfer.patch - avoid_quoting_of_tilde_when_its_a_destination_arg.patch -- Samuel Henrique Sun, 18 Dec 2022 14:10:54 + rsync (3.2.6-4) unstable; urgency=medium * Upload to unstable - d/patches: ~ fix_files_from.patch: Upstream patch to address the files-from issue. ~ fix_relative.patch: Upstream patch to fix exclusion of /. with --relative. ~ fix_remote_filter_rules_validation.patch: Upstream patch to fix bug with validating remote filter rules. (closes: #1018296, #1019561) -- Samuel Henrique Wed, 21 Sep 2022 18:58:57 +0100 rsync (3.2.6-3) experimental; urgency=medium * d/patches: - fix_files_from.patch: Upstream patch to address the files-from issue, likely to also be related to #1019561 and #1018296 - fix_relative.patch: Upstream patch to fix exclusion of /. with --relative -- Samuel Henrique Wed, 14 Sep 2022 19:25:19 +0100 rsync (3.2.6-2) experimental; urgency=medium * d/p/fix_remote_filter_rules_validation.patch: New upstream patch to try to fix #1019561 and #1018296 -- Samuel Henrique Tue, 13 Sep 2022 20:55:01 +0100 rsync (3.2.6-1) unstable; urgency=medium * New upstream version 3.2.6 - Added a safety check that prevents the sender from removing destination files when a local copy using --remove-source-files has some files that are shared between the sending & receiving hierarchies, including the case where the source dir & destination dir are identical (closes: #1016102) * Bump Standards-Version to 4.6.1 -- Samuel Henrique Sat, 10 Sep 2022 20:03:51 +0100 rsync (3.2.5-1) unstable; urgency=medium * New upstream version 3.2.5 - Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host) (closes: #1016543, CVE-2022-29154). - The build date that goes into the manpages is now based on the developer's release date, not on the build's local-timezone interpretation of the date (closes: #1009981) -- Samuel Henrique Tue, 16 Aug 2022 11:03:48 +0100 rsync (3.2.4-1) unstable; urgency=medium [ Samuel Henrique ] * New upstream version 3.2.4 - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc mounted (closes: #995046). - rsync.1: remove prepended backticks which broke --stop-after and --stop-at formatting (closes: #1007990). ### Old Ubuntu Delta ###
[Touch-packages] [Bug 2064434] Re: Merge openldap from Debian unstable for oracular
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2064434 Title: Merge openldap from Debian unstable for oracular Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.17+dfsg-12.6.7+dfsg-1~exp1 Ubuntu: 2.6.7+dfsg-1~exp1ubuntu8 Debian new has 2.6.7+dfsg-1~exp1, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### openldap (2.5.17+dfsg-1) unstable; urgency=medium * New upstream release. - fixed slapo-dynlist so it can't be global (ITS#10091) (Closes: #1040382) * debian/copyright: Exclude doc/guide/admin/guide.html from the upstream source, because the tool required to build it from source is not packaged in Debian. Fixes a Lintian error (source-is-missing). * Update Swedish debconf translation. (Closes: #1056955) Thanks to Martin Bagge and Anders Jonsson. * debian/salsa-ci.yml: Enable Salsa CI pipeline. -- Ryan Tandy Fri, 26 Apr 2024 16:09:29 -0700 openldap (2.5.16+dfsg-2) unstable; urgency=medium * debian/patches/64-bit-time-t-compat: handle sizeof(time_t) > sizeof(long) in format strings. -- Steve Langasek Tue, 12 Mar 2024 06:26:07 + openldap (2.5.16+dfsg-1) unstable; urgency=medium [ Ryan Tandy ] * New upstream release. - fixed possible null pointer dereferences if strdup fails (ITS#9904) (Closes: #1036995, CVE-2023-2953) - fixed unaligned accesses in LMDB on sparc64 (ITS#9916) (Closes: #1020319) * Update Turkish debconf translation. (Closes: #1029758) Thanks to Atila KOÇ. * Add Romanian debconf translation. (Closes: #1033177) Thanks to Remus-Gabriel Chelu. * Create an autopkgtest covering basic TLS functionality. Thanks to John Scott. * Drop transitional package slapd-smbk5pwd. (Closes: #1032742) * Drop dbgsym migration for slapd-dbg. * Build and install the ppm module in slapd-contrib. (Closes: #1039740) * Fix implicit declaration of kadm5_s_init_with_password_ctx. (Closes: #1065633) [ Sergio Durigan Junior ] * d/control: Bump Standards-Version to 4.6.2; no changes needed. * d/control: Bump debhelper-compat to 13. * d/control: Drop lsb-base from slapd's Depends. * Enable SASL/GSSAPI tests. Thanks to Andreas Hasenack -- Ryan Tandy Fri, 08 Mar 2024 21:46:26 -0800 openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. ### Old Ubuntu Delta ### openldap (2.6.
[Touch-packages] [Bug 2077036] [NEW] powerpc cross tools generate bogus string table
Public bug reported: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 00 00 0 0 0 [19] NULL 00 00 00 0 0 0 [20] NULL 00 00 00 0 0 0 [21] NULL 00 00 00 0 0 0 [22] NULL 00 00 00 0 0 0 ** Affects: binutils (Ubuntu) Importance: High Status: New ** Affects: gcc-14 (Ubuntu) Importance: Undecided Status: New ** Affects: qemu (Ubuntu) Importance: Undecided Status: New ** Also affects: gcc-14 (Ubuntu) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu) Importance: Undecided Status: New -- You received this
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
Adding gcc-14 as a task just in case. Adding qemu as a task to make sure we track the impact of this bug. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: New Status in gcc-14 package in Ubuntu: New Status in qemu package in Ubuntu: New Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 00 00 0 0 0 [19] NULL0
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
I think I found the reason for this failure. I'm doing a test build and will post the results here soon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: New Status in gcc-14 package in Ubuntu: New Status in qemu package in Ubuntu: New Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 00 00 0 0 0 [19] NULL00
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
** Tags added: server-todo ** Changed in: qemu (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: New Status in gcc-14 package in Ubuntu: New Status in qemu package in Ubuntu: New Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 00 00 00 0 0 0 [15] NULL 00 00 00 0 0 0 [16] NULL 00 00 00 0 0 0 [17] NULL 00 00 00 0 0 0 [18] NULL 00 0
[Touch-packages] [Bug 2077036] Re: powerpc cross tools generate bogus string table
The problem was the new ELF_PACKAGE_METADATA interacting weirdly with the PPC cross linker. I don't exactly know why, and IMHO this shouldn't really happen, but I will mark this bug as Invalid for both gcc and binutils because it's fixed in QEMU. ** Changed in: qemu (Ubuntu) Status: New => Fix Committed ** Changed in: gcc-14 (Ubuntu) Status: New => Invalid ** Changed in: binutils (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/2077036 Title: powerpc cross tools generate bogus string table Status in binutils package in Ubuntu: Invalid Status in gcc-14 package in Ubuntu: Invalid Status in qemu package in Ubuntu: Fix Committed Bug description: I'm still not entirely sure whether this problem is caused by binutils or gcc-14, but my suspicion is that it's the former. QEMU is being affected by this problem, as can be seen in the following build log: https://launchpadlibrarian.net/743528322/buildlog_ubuntu-oracular- amd64.qemu_1%3A9.0.2+ds-2ubuntu1~ppa6_BUILDING.txt.gz The interesting part is this one: ... powerpc-linux-gnu-objcopy -O srec u-boot u-boot.srec powerpc-linux-gnu-objcopy --gap-fill=0xff -O binary u-boot u-boot.bin powerpc-linux-gnu-objcopy: warning: u-boot has a corrupt string table index powerpc-linux-gnu-objcopy: unable to modify 'u-boot' due to errors make[1]: *** [Makefile:300: u-boot.srec] Error 1 ... So far I have confirmed that using the previous versions of binutils (2.42.90.20240720-2ubuntu1) and gcc-14 (14.2.0-1ubuntu1) make the QEMU build work again. Using powerpc-linux-gnu-readelf to compare the u-boot binary generated by the "good" binutils+gcc against the "bad" ones, I see: Good binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] .text PROGBITSfff8 80 046098 00 AX 0 0 16 [ 2] .rodata PROGBITSfffc6098 046118 00b9f9 00 A 0 0 4 [ 3] .relocPROGBITSfffd1b00 051b80 003678 00 WA 0 0 4 [ 4] .data PROGBITSfffd5178 0551f8 004c94 00 WA 0 0 4 [ 5] .u_boot_cmd PROGBITSfffd9e0c 059e8c 0003d8 00 WA 0 0 4 [ 6] .bootpg PROGBITSf000 07f080 0002bc 00 AX 0 0 1 [ 7] .resetvec PROGBITSfffc 08007c 04 00 AX 0 0 1 [ 8] .bss NOBITS 0100 080100 012ba0 00 WA 0 0 256 [ 9] .debug_line PROGBITS 080080 045fed 00 0 0 1 [10] .debug_line_str PROGBITS 0c606d 000100 01 MS 0 0 1 [11] .debug_info PROGBITS 0c616d 084c69 00 0 0 1 [12] .debug_abbrev PROGBITS 14add6 0167bc 00 0 0 1 [13] .debug_arangesPROGBITS 161598 003820 00 0 0 8 [14] .debug_strPROGBITS 164db8 00fb90 01 MS 0 0 1 [15] .debug_rnglists PROGBITS 174948 005518 00 0 0 1 [16] .debug_loclists PROGBITS 179e60 03b8d0 00 0 0 1 [17] .comment PROGBITS 1b5730 25 01 MS 0 0 1 [18] .gnu.attributes GNU_ATTRIBUTES 1b5755 10 00 0 0 1 [19] .symtab SYMTAB 1b5768 007b40 10 20 537 4 [20] .strtab STRTAB 1bd2a8 006d85 00 0 0 1 [21] .shstrtab STRTAB 1c402d e2 00 0 0 1 Bad binary: Section Headers: [Nr] Name TypeAddr OffSize ES Flg Lk Inf Al [ 0] NULL 00 00 00 0 0 0 [ 1] NULL 00 00 00 0 0 0 [ 2] NULL 00 00 00 0 0 0 [ 3] NULL 00 00 00 0 0 0 [ 4] NULL 00 00 00 0 0 0 [ 5] NULL 00 00 00 0 0 0 [ 6] NULL 00 00 00 0 0 0 [ 7] NULL 00 00 00 0 0 0 [ 8] NULL 00 00 00 0 0 0 [ 9] NULL 00 00 00 0 0 0 [10] NULL 00 00 00 0 0 0 [11] NULL 00 00 00 0 0 0 [12] NULL 00 00 00 0 0 0 [13] NULL 00 00 00 0 0 0 [14] NULL 0
[Touch-packages] [Bug 2073316] Re: Backport of openldap for focal, jammy and noble
** No longer affects: openldap (Ubuntu Focal) ** No longer affects: openldap (Ubuntu Noble) ** Summary changed: - Backport of openldap for focal, jammy and noble + Backport of openldap for noble ** Summary changed: - Backport of openldap for noble + Backport of openldap for Jammy ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2073316 Title: Backport of openldap for Jammy Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: New Bug description: Backport openldap to focal, jammy and noble once the update for oracular has been completed. [Impact] TBD [Major Changes] TBD [Test Plan] TBD [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations, such as in relation to the versions of dependencies available and other packaging-specific matters. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2073316/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078261] [NEW] Merge openldap from Debian experimental for oracular
Public bug reported: Merge openldap 2.6.8+dfsg-1~exp4 from Debian experimental, which also fixes an FTBFS with i386. ** Affects: openldap (Ubuntu) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Tags: ftbfs needs-merge upgrade-software-version -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2078261 Title: Merge openldap from Debian experimental for oracular Status in openldap package in Ubuntu: In Progress Bug description: Merge openldap 2.6.8+dfsg-1~exp4 from Debian experimental, which also fixes an FTBFS with i386. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2078261/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2078771] Re: ssh-add fails with "Error loading key "/home/x/.ssh/x.pub": error in libcrypto
Hey Thomas, I think the issue is happening because you're trying to add a public key to the agent. I can reproduce the failure here all the way back to Jammy if I try to do the same. However, ssh-add expects to receive the private key to be added. I'm marking this bug as Incomplete because it seems to be a local thing, but please revert its status back to New if you really think there's an issue here. Cheers. ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2078771 Title: ssh-add fails with "Error loading key "/home/x/.ssh/x.pub": error in libcrypto Status in openssh package in Ubuntu: Incomplete Bug description: I upgraded recenty from Noble to Oracular and since then, I can no longer add my ssh key to the ssh-agent with ssh-add. The error is: $ ssh-add ~/.ssh/x.pub Error loading key "/home/x/.ssh/.xpub": error in libcrypto Adding other keys works fine. ProblemType: Bug DistroRelease: Ubuntu 24.10 Package: openssh-client 1:9.7p1-7ubuntu3 ProcVersionSignature: Ubuntu 6.8.0-41.41-generic 6.8.12 Uname: Linux 6.8.0-41-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.30.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Tue Sep 3 06:55:32 2024 InstallationDate: Installed on 2024-07-18 (47 days ago) InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/usr/bin/zsh TERM=xterm-256color XDG_RUNTIME_DIR= RelatedPackageVersions: ssh-askpass N/A libpam-sshN/A keychain N/A ssh-askpass-gnome N/A SSHClientVersion: OpenSSH_9.7p1 Ubuntu-7ubuntu3, OpenSSL 3.3.1 4 Jun 2024 SourcePackage: openssh UpgradeStatus: Upgraded to oracular on 2024-08-26 (8 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2078771/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2079970] Re: Debug symbols are unavailable for 3.0.2-0ubuntu1.18 (security update)
Marking as Fix Released. ** Changed in: openssl (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2079970 Title: Debug symbols are unavailable for 3.0.2-0ubuntu1.18 (security update) Status in openssl package in Ubuntu: Fix Released Bug description: The latest debug symbols (libssl3-dbgsym) available are for 3.0.2-0ubuntu1.17. Since they have a hard dependency on that version of the library, the installation currently fails with: libssl3-dbgsym : Depends: libssl3 (= 3.0.2-0ubuntu1.17) but 3.0.2-0ubuntu1.18 is to be installed Should there be an updated package in a (currently non-existing) jammy-security repository on http://ddebs.ubuntu.com/? Or should an updated package be in jammy-updates but is missing for some reason? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2079970/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2003266] Re: 22.04 package lacks GSSAPI support
** Also affects: neon27 (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to neon27 in Ubuntu. https://bugs.launchpad.net/bugs/2003266 Title: 22.04 package lacks GSSAPI support Status in neon27 package in Ubuntu: Confirmed Status in neon27 source package in Jammy: New Bug description: [ Impact ] * GSSAPI was disabled by accident as a side-effect of packaging a new release. Upstream renamed the environment variable used to setup the feature and the flag was not updated in d/rules. * Users get caught off-guard when updating from 20.04 to 22.04, 24.04 is not affected. [ Test Plan ] * Did not test the binary, confirmed the fix is effective by analyzing the build logs. * I've confirmed that the issue is solved by checking for the presence of the following string in the build logs: checking for krb5-config... /usr/bin/krb5-config.mit Whereas a build with the issue will instead output: checking for krb5-config... none * I believe the fix is non-intrusive enough that no further testing is needed. [ Where problems could occur ] * Enabling a new feature could have a side effect of disabling another mutually-exclusive feature, but I did not identify any. * Enabling a new feature could break a different feature which changes its behavior when this new feature is present, I also did not identify any such case. [ Other Info ] * Upstream bug reports: - https://github.com/notroj/neon/issues/102 - https://github.com/notroj/neon/issues/52 * Upstream breaking change: - https://github.com/notroj/neon/commit/b9b7425de38b35249e689c03c30c8fd8adfae806 * Upstream change to avoid this from happening again: - https://github.com/notroj/neon/commit/4fdcff4a0ccbb0924f7dabcf8d213452aa33ab82 * Launchpad bug: - https://bugs.launchpad.net/ubuntu/+source/neon27/+bug/2003266 [ Original description ] For more information, please see https://github.com/notroj/neon/issues/102. The 22.04 built package of neon lacks GSSAPI support, whereas previous versions (e.g. 18.04) had this support built-in. This appears to be due to a recent-ish change in the build logic for neon, which changes when GSSAPI is compiled in to the library (https://github.com/notroj/neon/commit/b9b7425de38b35249e689c03c30c8fd8adfae806) We were able to get a work around building from source with the following envvar during build-time: KRB5_CONF_TOOL=/usr/bin/krb5-config.mit ./configure. TL;DR: KRB5_CONFIG became KRB5_CONF_TOOL. Version information: $ lsb_release -rd Description: Ubuntu 22.04.1 LTS Release: 22.04 $ apt show libneon27 Package: libneon27 Version: 0.32.2-1 Priority: optional Section: universe/libs Source: neon27 Origin: Ubuntu Maintainer: Ubuntu Developers Original-Maintainer: Laszlo Boszormenyi (GCS) Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 233 kB Depends: libc6 (>= 2.33), libssl3 (>= 3.0.0~~alpha1), libxml2 (>= 2.7.4), zlib1g (>= 1:1.1.4) Homepage: https://notroj.github.io/neon/ Download-Size: 102 kB APT-Manual-Installed: no APT-Sources: [corporate Launchpad mirror] Description: HTTP and WebDAV client library To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neon27/+bug/2003266/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2000817] Re: Wrong SHA256-value computed on kinetic
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2000817 Title: Wrong SHA256-value computed on kinetic Status in openldap package in Ubuntu: Triaged Bug description: The OpenLDAP-contrib module sha2 (located in contrib/slapd- modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu kinetic. This breaks our current password-authentication in ldap. The problematic computation: $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2 {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54= The (correct) reference-value on the same system (or older ubuntu Versions): $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64 K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing. so most probably the gcc-version on kinetic (v12.2.0) is the reason. The workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". Then the correct value is computed. An example taken from a git-compiled version of OpenLDAP 2.5.13: $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols= Ubuntu: Description:Ubuntu 22.10 Release:22.10 OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2004035] Re: package openssh-server 1:8.9p1-3ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status
Thank you for taking the time to file a bug report. According to the logs you posted: Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Not replacing deleted config file /etc/ssh/sshd_config dpkg: error processing package openssh-server (--configure): installed openssh-server package post-installation script subprocess returned error exit status 1 This problem usually happens when you remove a package using "apt-get remove", and then manually remove its configuration files. If you would like to remove a package *and* its configuration files, you should normally use "apt-get purge". When dpkg detects that openssh's config files have been manually removed, it decides not to reinstall them. Since it seems likely to me that this is a local configuration problem, rather than a bug in Ubuntu, I am marking this bug as 'Incomplete'. However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New". For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community ** Changed in: openssh (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2004035 Title: package openssh-server 1:8.9p1-3ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status 1 Status in openssh package in Ubuntu: Incomplete Bug description: The following NEW packages will be installed: ncurses-term openssh-server openssh-sftp-server ssh-import-id 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. Need to get 750 kB of archives. After this operation, 6,046 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-sftp-server amd64 1:8.9p1-3ubuntu0.1 [38.7 kB] Get:2 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-server amd64 1:8.9p1-3ubuntu0.1 [434 kB] Get:3 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 ncurses-term all 6.3-2 [267 kB] Get:4 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 ssh-import-id all 5.11-0ubuntu1 [10.1 kB] Fetched 750 kB in 0s (2,652 kB/s) Preconfiguring packages ... Selecting previously unselected package openssh-sftp-server. (Reading database ... 143729 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a8.9p1-3ubuntu0.1_amd64.deb ... Unpacking openssh-sftp-server (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package openssh-server. Preparing to unpack .../openssh-server_1%3a8.9p1-3ubuntu0.1_amd64.deb ... Unpacking openssh-server (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package ncurses-term. Preparing to unpack .../ncurses-term_6.3-2_all.deb ... Unpacking ncurses-term (6.3-2) ... Selecting previously unselected package ssh-import-id. Preparing to unpack .../ssh-import-id_5.11-0ubuntu1_all.deb ... Unpacking ssh-import-id (5.11-0ubuntu1) ... Setting up openssh-sftp-server (1:8.9p1-3ubuntu0.1) ... Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Not replacing deleted config file /etc/ssh/sshd_config dpkg: error processing package openssh-server (--configure): installed openssh-server package post-installation script subprocess returned error exit status 1 Setting up ssh-import-id (5.11-0ubuntu1) ... Setting up ncurses-term (6.3-2) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for ufw (0.36.1-4build1) ... Errors were encountered while processing: openssh-server ProblemType: Package DistroRelease: Ubuntu 22.04 Package: openssh-server 1:8.9p1-3ubuntu0.1 ProcVersionSignature: Ubuntu 5.15.0-58.64-generic 5.15.74 Uname: Linux 5.15.0-58-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 AptOrdering: openssh-sftp-server:amd64: Install openssh-server:amd64: Install ncurses-term:amd64: Install ssh-import-id:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: unknown Date: Fri Jan 27 08:22:28 2023 DuplicateSignature: package:openssh-server:1:8.9p1-3ubuntu0.1 Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Not replacing deleted config file /etc/ssh/sshd_config dpkg: error processing package openssh-server (--configure): installed openssh-server package post-installation script subprocess returned error exit status 1 ErrorMessage: installed openssh-server package post-installation script subprocess returned error exit status 1 InstallationDate: Installed on 2022-01-20 (371 days ago) InstallationMedia:
[Touch-packages] [Bug 2003756] Re: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142."
I did a little debugging, and the problem happens because krb5-kdc.service fails to start with: Feb 02 15:22:34 krb5-test systemd[1]: Starting Kerberos 5 Key Distribution Center... Feb 02 15:22:34 krb5-test krb5kdc[3957]: Cannot open DB2 database '/var/lib/krb5kdc/principal': No such file or directory - while initializing database for realm LXD Feb 02 15:22:34 krb5-test krb5kdc[3957]: krb5kdc: cannot initialize realm LXD - see log file for details Feb 02 15:22:34 krb5-test systemd[1]: krb5-kdc.service: Control process exited, code=exited, status=1/FAILURE Feb 02 15:22:34 krb5-test systemd[1]: krb5-kdc.service: Failed with result 'exit-code'. Feb 02 15:22:34 krb5-test systemd[1]: Failed to start Kerberos 5 Key Distribution Center. systemd-invoke will try to run systemctl like this: systemctl --quiet --system restart krb5-kdc.service which fails because of the problem mentioned above. I don't think this is a problem with init-system-helpers, but rather an issue with krb5-kdc indeed. Also, I believe it's worth reporting this bug to Debian, since they suffer from it too. ** Also affects: krb5 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to init-system-helpers in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: New Status in krb5 package in Ubuntu: New Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2003756] Re: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142."
FWIW, because Focal's deb-systemd-invoke doesn't use --quiet we end up getting a clearer error there: # dpkg-reconfigure krb5-kdc Job for krb5-kdc.service failed because the control process exited with error code. See "systemctl status krb5-kdc.service" and "journalctl -xe" for details. invoke-rc.d: initscript krb5-kdc, action "start" failed. ● krb5-kdc.service - Kerberos 5 Key Distribution Center Loaded: loaded (/lib/systemd/system/krb5-kdc.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2023-02-02 18:32:34 UTC; 7ms ago Process: 2000 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid $DAEMON_ARGS (code=exited, status=1/FAILURE) CPU: 10ms Feb 02 18:32:34 bla systemd[1]: Starting Kerberos 5 Key Distribution Center... Feb 02 18:32:34 bla krb5kdc[2000]: Cannot open DB2 database '/var/lib/krb5kdc/principal': No such file or directory - while initializing database for realm LXD Feb 02 18:32:34 bla krb5kdc[2000]: krb5kdc: cannot initialize realm LXD - see log file for details Feb 02 18:32:34 bla systemd[1]: krb5-kdc.service: Control process exited, code=exited, status=1/FAILURE Feb 02 18:32:34 bla systemd[1]: krb5-kdc.service: Failed with result 'exit-code'. Feb 02 18:32:34 bla systemd[1]: Failed to start Kerberos 5 Key Distribution Center. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: New Status in krb5 package in Ubuntu: New Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979610] Re: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build.
** Bug watch added: GNU Savannah Bug Tracker #63392 http://savannah.gnu.org/bugs/?63392 ** Also affects: pspp via http://savannah.gnu.org/bugs/?63392 Importance: Unknown Status: Unknown ** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to perl in Ubuntu. https://bugs.launchpad.net/bugs/1979610 Title: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build. Status in pspp: Unknown Status in perl package in Ubuntu: New Status in pspp package in Ubuntu: New Bug description: During the build of the pspp 1.6.0-1 package for kinetic the regression fails for the armhf architecture in the perl module tests. The reported error is: +PSPP.c: loadable library and perl binaries are mismatched (got handshake key 0xa480080, needed 0xa380080) This happens only for the armhf architecture. The package build status of the pspp 1.6.0-1 package is here: https://launchpad.net/ubuntu/+source/pspp/1.6.0-1 You can also find the buildlogs for armhf and the architectures there. Is it possible that some perl modules have not been recompiled with the current perl version? Or is there any idea why this could fail only on armhf? Regards Friedrich To manage notifications about this bug go to: https://bugs.launchpad.net/pspp/+bug/1979610/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1979610] Re: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build.
** Bug watch added: Debian Bug tracker #1030827 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030827 ** Also affects: perl (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030827 Importance: Unknown Status: Unknown ** No longer affects: perl (Debian) ** Also affects: pspp (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030827 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to perl in Ubuntu. https://bugs.launchpad.net/bugs/1979610 Title: armhf: perl modules not rebuild? Loadable Library and Binary mismatch for pspp build. Status in pspp: Unknown Status in perl package in Ubuntu: New Status in pspp package in Ubuntu: New Status in pspp package in Debian: Unknown Bug description: During the build of the pspp 1.6.0-1 package for kinetic the regression fails for the armhf architecture in the perl module tests. The reported error is: +PSPP.c: loadable library and perl binaries are mismatched (got handshake key 0xa480080, needed 0xa380080) This happens only for the armhf architecture. The package build status of the pspp 1.6.0-1 package is here: https://launchpad.net/ubuntu/+source/pspp/1.6.0-1 You can also find the buildlogs for armhf and the architectures there. Is it possible that some perl modules have not been recompiled with the current perl version? Or is there any idea why this could fail only on armhf? Regards Friedrich To manage notifications about this bug go to: https://bugs.launchpad.net/pspp/+bug/1979610/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] [NEW] New upstream microrelease 2.5.14
Public bug reported: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Affects: openldap (Ubuntu Jammy) Importance: High Assignee: Sergio Durigan Junior (sergiodj) Status: In Progress ** Tags: server-todo ** Also affects: openldap (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Jammy) Status: New => In Progress ** Changed in: openldap (Ubuntu Jammy) Importance: Undecided => High ** Changed in: openldap (Ubuntu Jammy) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu) Assignee: Sergio Durigan Junior (sergiodj) => (unassigned) ** Changed in: openldap (Ubuntu) Importance: High => Undecided ** Changed in: openldap (Ubuntu) Status: In Progress => New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doe
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Merge proposal linked: https://code.launchpad.net/~sergiodj/ubuntu/+source/openldap/+git/openldap/+merge/437540 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: TBD [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Description changed: [ Impact ] - * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. + * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] - * See the list of bugs fixed in this release here: + * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] - * Upstream gitlab pipeline results: + * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 - * Upstream "call for testing": + * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ - * As described in the MRE wiki page for OpenLDAP, the test plan is to + * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. - * Build log (amd64) confirming that the build-time testsuite has been + * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD - * Bileto ticket: TBD + * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 [ Where problems could occur ] - * Upstream tests are always executed during build-time. There are many + * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] - * This is a reoccurring MRE. See below for links to previous OpenLDAP + * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. - * CVEs fixed by this release: -- None. + * CVEs fixed by this release: + - None. Current versions in supported releases that got updates: - openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source + openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users.
[Touch-packages] [Bug 2007837] Re: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4
Thanks for the heads up, Simon. I talked to Marc and he confirmed that he intends to MRE rsync, so I reassigned this bug to him. ** Changed in: rsync (Ubuntu Jammy) Assignee: Sergio Durigan Junior (sergiodj) => Marc Deslauriers (mdeslaur) ** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to rsync in Ubuntu. https://bugs.launchpad.net/bugs/2007837 Title: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4 Status in rsync package in Ubuntu: Fix Released Status in rsync source package in Jammy: Triaged Status in rsync package in Debian: Unknown Bug description: rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling, leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04) to surface [1]. It practically makes using BackupPC 3 impossible with clients using rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04 can't be used to back up machines with 22.04 is rather surprising and has bitten other users [2]. It's unclear whether the bug will be fixed in 18.04's and 20.04's libfile-rsyncp-perl package (for status, see [3]). Because of this, the rsync maintainer has included a patch in 3.2.4 that fixes this regression [4] (even though not strictly an rsync bug). As a result, rsync 3.2.3 is the only affected version, which happens to be the one packaged in 22.04. This report is to request backporting that fix [4] to Ubuntu 22.04, so that things don't silently break in scenarios where the backup server is left at 20.04, and some backup clients happen to upgrade to 22.04. I'm not sure what the criteria for security releases are, but as the issue causes backup denial of service and has easy mitigation, I think it would make sense to put it through the security channel. [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358 [2]: https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html [3]: https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833 [4]: https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Also affects: openldap (Ubuntu Kinetic) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu Kinetic) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) ** Changed in: openldap (Ubuntu Kinetic) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: TBD * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2008465] Re: apt repository broken when having only jammy and jammy-security apt-repos enabled
** Package changed: openldap (Ubuntu) => ubuntu -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2008465 Title: apt repository broken when having only jammy and jammy-security apt- repos enabled Status in Ubuntu: New Bug description: Having installed Ubuntu 22 server from server-live-cd https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso (md5sum e8d2a77c51b599c10651608a5d8c286f) without network connection to internet (so no connection to ubuntu apt repositories). After offline installation completed, we remove the "jammy-updates" from the /etc/apt/sources.list so it looks like so: # cat /etc/apt/sources.list deb http://de.archive.ubuntu.com/ubuntu jammy main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu jammy-security main restricted universe multiverse Now we give the host network access and do "apt update" to refresh the apt repository. We assume that the installed package libldap-2.5-0 version 2.5.12+dfsg-0ubuntu0.22.04.1 was installed from the ubuntu installer cd which is a version from jammy-updates. Now we are unable to install package "ldap-utils" because that depends on package libldap-2.5-0 version 2.5.11+dfsg-1~exp1ubuntu3.1 (which is older than the offline installed version 2.5.12+dfsg-0ubuntu0.22.04.1) # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 22.04.1 LTS Release:22.04 Codename: jammy # apt-cache policy libldap-2.5-0 libldap-2.5-0: Installed: 2.5.12+dfsg-0ubuntu0.22.04.1 Candidate: 2.5.12+dfsg-0ubuntu0.22.04.1 Version table: *** 2.5.12+dfsg-0ubuntu0.22.04.1 100 100 /var/lib/dpkg/status 2.5.11+dfsg-1~exp1ubuntu3.1 500 500 http://de.archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages 2.5.11+dfsg-1~exp1ubuntu3 500 500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages # apt install --simulate ldap-utils Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: ldap-utils : Depends: libldap-2.5-0 (= 2.5.11+dfsg-1~exp1ubuntu3.1) but 2.5.12+dfsg-0ubuntu0.22.04.1 is to be installed E: Unable to correct problems, you have held broken packages. -- The problem is solved when adding line deb http://de.archive.ubuntu.com/ubuntu jammy-updates main restricted universe multiverse to /etc/apt/sources.list But we want _only_ security updates, to keep the updates minimal. Other workaround is "apt remove libldap-2.5-0", then when installing ldap-utils that fetches the older libldap-2.5-0 version 2.5.11+dfsg-1~exp1ubuntu3.1 and repo is consistent. Questions: - Can you confirm that the package version from the server-live-cd see above is the version from the jammy-updates repository? - Do you agree that when the above question is answered yes, having jammy-updates apt-repository is mandatory? - if jammy-updates repo should be mandatory should this be documented? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2008465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Description changed: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz + - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz + - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz - * Bileto ticket: https://bileto.ubuntu.com/#/ticket/4986 + * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/2560101
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Sorry, due to bileto's demise I ended up mixing results from my personal PPA and the PPA generated by bileto (https://launchpad.net/~ci-train- ppa-service/+archive/ubuntu/4986/+packages). You can find Jammy's dep8 results by inspecting the PPA above. For Kinetic, you can find its dep8 results by inspecting https://launchpad.net/~sergiodj/+archive/ubuntu/openldap. I'll post an analysis of each failure soon. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Analysis of the dep8 failures in Kinetic: - balsa @ amd64: Retriggered. - balsa @ arm64: Retriggered. - cyrus-imapd @ amd64: Already neutral in Kinetic. - dogtag-pki @ amd64: Retriggered. - pdns @ amd64: Already failing in Kinetic. - pdns @ armhf: Already failing in Kinetic. - pdns @ s390x: Already failing in Kinetic. - nss-pam-ldapd @ arm64: Already failing in Kinetic. - nss-pam-ldapd @ ppc64el: Already failing in Kinetic. - nss-pam-ldapd @ s390x: Already failing in Kinetic. - squid @ armhf: Already failing in Kinetic. - volatildap @ armhf: Already failing in Kinetic. - exim4 @ ppc64el: Retriggered. - kopanocore @ s390x: Already failing in Kinetic. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Analysis of the dep8 failures in Jammy: - cyrus-imapd @ amd64: Neutral in Jammy. - libaws @ amd64: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ arm64: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ armhf: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ ppc64el: Failure is unrelated to openldap; triggered a migration-reference/0. - libaws @ s390x: Failure is unrelated to openldap; triggered a migration-reference/0. - nss-pam-ldapd @ arm64: Already failing in Jammy. - pdns @ arm64: Already failing in Jammy. - pdns @ armhf: Already failing in Jammy. - pdns @ s390x: Already failing in Jammy. - courier @ armhf: Neutral in Jammy. - nss-pam-ldapd @ armhf: Already failing in Jammy. - squid @ armhf: Already failing in Jammy. - sudo @ armhf: Already failing in Jammy. - kopanocore @ s390x: Already failing in Jammy. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
Update on Kinetic dep8 retriggers: - balsa @ amd64: Passed. - balsa @ arm64: Passed. - dogtag-pki @ amd64: Passed. - exim4 @ ppc64el: Passed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
I believe this addresses everything that was needed to move forward with the MRE. Let me know otherwise, and apologies for the half-baked MRE. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: New Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
** Changed in: openldap (Ubuntu Kinetic) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: New Status in openldap source package in Jammy: In Progress Status in openldap source package in Kinetic: In Progress Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007625] Re: New upstream microrelease 2.5.14
As is usual with these MREs, the verification phase is considered done when all dep8 tests pass. This is now true for both Kinetic and Jammy uploads. Therefore, tagging the bug accordingly. ** Tags removed: verification-needed verification-needed-jammy verification-needed-kinetic ** Tags added: verification-done verification-done-jammy verification-done-kinetic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2007625 Title: New upstream microrelease 2.5.14 Status in openldap package in Ubuntu: Invalid Status in openldap source package in Jammy: Fix Committed Status in openldap source package in Kinetic: Fix Committed Bug description: [ Impact ] * MRE for the latest stable OpenLDAP 2.5.x release, 2.5.14. This update includes bugfixes only following the SRU policy exception defined at https://wiki.ubuntu.com/OpenLDAPUpdates. [ Major Changes ] * See the list of bugs fixed in this release here: https://lists.openldap.org/hyperkitty/list/openldap- annou...@openldap.org/thread/TZQHR4SIWUA5BZTKDAKSFDOOGDVU4TU7/ [ Test Plan ] * Upstream gitlab pipeline results: https://git.openldap.org/openldap/openldap/-/pipelines/4816 * Upstream "call for testing": https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/ZJTFCIIY3HHUZIHENR3TUDGGFWIVJOCF/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/XVFN3TCIDUZCWJA7RKFTZI2762UELAGM/ https://lists.openldap.org/hyperkitty/list/openldap-techni...@openldap.org/message/YZIFGANGSBCV2E547KS5C6DJGJ4Z4CEX/ * As described in the MRE wiki page for OpenLDAP, the test plan is to build the package in bileto and make sure that (1) all build-time tests pass and (2) all autopkgtest runs (from reverse dependencies) also pass. * Build log (amd64) confirming that the build-time testsuite has been performed and completed successfully: - kinetic: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25633699/+files/buildlog_ubuntu-kinetic-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.10.1~ppa1_BUILDING.txt.gz - jammy: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap/+build/25601017/+files/buildlog_ubuntu-jammy-amd64.openldap_2.5.14+dfsg-0ubuntu0.22.04.1~ppa1_BUILDING.txt.gz * Bileto ticket: N/A (bileto is not working at the moment) [ Where problems could occur ] * Upstream tests are always executed during build-time. There are many reverse dependencies whose dep8 tests depend on OpenLDAP so the coverage is good. Nevertheless, there is always a risk for something to break since we are dealing with a microrelease upgrade. Whenever a test failure is detected, we will be on top of it and make sure it doesn't affect existing users. [ Other Info ] * This is a reoccurring MRE. See below for links to previous OpenLDAP MREs. * CVEs fixed by this release: - None. Current versions in supported releases that got updates: openldap | 2.5.13+dfsg-0ubuntu0.22.04.1 | jammy-updates | source Special cases: - None. Previous MREs for OpenLDAP: - https://pad.lv/1977627 - https://pad.lv/1983618 As usual we test and prep from the PPA and then push through SRU/Security as applicable. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2007625/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2007272] Re: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-42898. On which release/path of Ubuntu can I expect them to be fixed ?
Thank you for taking the time to report a bug. The CVE mentioned affects only 32-bit systems. Are you running a samba 32-bit binary? Are you on amd64? If yes to both question, then this is an unsupported scenario. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to heimdal in Ubuntu. https://bugs.launchpad.net/bugs/2007272 Title: I have ubuntu 22.04 on my system and have the following vulnerability : CVE-2022-42898. On which release/path of Ubuntu can I expect them to be fixed ? Status in heimdal package in Ubuntu: Confirmed Bug description: I have ubuntu 22.04 on my system and it has the following vulnerability : CVE-2022-42898. Here is the link to the Ubuntu CVE link : https://ubuntu.com/security/CVE-2022-42898. On which version/patch of Ubuntu can I expect this to get fixed ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2007272/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012119] Re: imageinfo fails in Ubuntu 23.04 with a "no such file or directory" error
Thank you for taking the time to file a bug report. I did some investigation and noticed that the problem is actually with imageinfo. From imageinfo.c: filename = poptGetArg(poptctxt); if (poptGetArg(poptctxt) != NULL) { fprintf(stderr, "imageinfo: must specify a single filename\n"); poptFreeContext(poptctxt); exit(2); } poptFreeContext(poptctxt); if (!filename) { fprintf(stderr, "imageinfo: must specify a filename\n"); exit(3); } This excerpt is saving a pointer to the the "filename" string that's found inside "poptctxt", but then it calls "poptFreeContext", which will invoke "free" on that same string. ** Package changed: popt (Ubuntu) => imageinfo (Ubuntu) ** Changed in: imageinfo (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to popt in Ubuntu. https://bugs.launchpad.net/bugs/2012119 Title: imageinfo fails in Ubuntu 23.04 with a "no such file or directory" error Status in imageinfo package in Ubuntu: Triaged Bug description: imageinfo fails in Ubuntu 23.04 with a "no such file or directory" error, eg: $ imageinfo --size /usr/share/backgrounds/Lunar-lobster-side_by_Gixo-dark.png imageinfo: unable to open image `��s��U': No such file or directory @ error/blob.c/OpenBlob/2924. $ imageinfo --size /usr/share/backgrounds/Copper_Mountain_by_Eduardo_Battaglia.jpg imageinfo: unable to open image `�=�V': No such file or directory @ error/blob.c/OpenBlob/2924. The filename it complains is not found seems to be random and changes each time. Under WSL, it fails but just says "unable to open image `': No such file", ie it doesn't show the random text. ProblemType: Bug DistroRelease: Ubuntu 23.04 Package: imageinfo 0.04-0ubuntu12 ProcVersionSignature: Ubuntu 6.1.0-16.16-generic 6.1.6 Uname: Linux 6.1.0-16-generic x86_64 ApportVersion: 2.26.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Mar 18 16:31:02 2023 InstallationDate: Installed on 2021-09-28 (536 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Beta amd64 (20210924) ProcEnviron: LANG=en_US.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= SourcePackage: imageinfo UpgradeStatus: Upgraded to lunar on 2023-03-16 (1 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/imageinfo/+bug/2012119/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012140] Re: The documented DEFCCNAME is not the actual credential cache name
** Also affects: krb5 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033164 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2012140 Title: The documented DEFCCNAME is not the actual credential cache name Status in krb5 package in Ubuntu: New Status in krb5 package in Debian: Unknown Bug description: The krb5 documentation says that DEFCCNAME is /tmp/krb5cc_%{uid}. But actual credential cache file names look like: /tmp/krb5cc_127408622_wH2NwY Setting [libdefaults] default_ccache_name to krb5cc_%{uid} in /etc/krb5.conf produces the expected credential cache file. Unless you know this, using "mutiuser" in fstab with cifs/samba/smb mounts is nigh impossible. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: krb5-user 1.19.2-2ubuntu0.1 ProcVersionSignature: Ubuntu 5.15.0-67.74-generic 5.15.85 Uname: Linux 5.15.0-67-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: pass Date: Sat Mar 18 17:33:32 2023 InstallationDate: Installed on 2023-03-09 (9 days ago) InstallationMedia: Ubuntu-Server 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1) ProcEnviron: SHELL=/bin/bash LANG=en_US.UTF-8 TERM=xterm-256color PATH=(custom, no user) SourcePackage: krb5 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/2012140/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2012140] Re: The documented DEFCCNAME is not the actual credential cache name
Thanks for taking the time to report the bug. I am going to reassign the bug to sssd, and set its priority to low. Feel free to file a bug against Debian's sssd package (which is where this problem should be addressed, IMHO). Thanks. ** Package changed: krb5 (Ubuntu) => sssd (Ubuntu) ** Changed in: sssd (Ubuntu) Status: New => Triaged ** Changed in: sssd (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2012140 Title: The documented DEFCCNAME is not the actual credential cache name Status in sssd package in Ubuntu: Triaged Status in krb5 package in Debian: Unknown Bug description: The krb5 documentation says that DEFCCNAME is /tmp/krb5cc_%{uid}. But actual credential cache file names look like: /tmp/krb5cc_127408622_wH2NwY Setting [libdefaults] default_ccache_name to krb5cc_%{uid} in /etc/krb5.conf produces the expected credential cache file. Unless you know this, using "mutiuser" in fstab with cifs/samba/smb mounts is nigh impossible. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: krb5-user 1.19.2-2ubuntu0.1 ProcVersionSignature: Ubuntu 5.15.0-67.74-generic 5.15.85 Uname: Linux 5.15.0-67-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 CasperMD5CheckResult: pass Date: Sat Mar 18 17:33:32 2023 InstallationDate: Installed on 2023-03-09 (9 days ago) InstallationMedia: Ubuntu-Server 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230217.1) ProcEnviron: SHELL=/bin/bash LANG=en_US.UTF-8 TERM=xterm-256color PATH=(custom, no user) SourcePackage: krb5 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2012140/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
** Changed in: openldap (Ubuntu) Assignee: (unassigned) => Sergio Durigan Junior (sergiodj) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile: add u
[Touch-packages] [Bug 2041396] Re: gdb 12.1 generates SIGILL on armhf
** Merge proposal linked: https://code.launchpad.net/~liushuyu-011/ubuntu/+source/gdb/+git/gdb/+merge/454654 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdb in Ubuntu. https://bugs.launchpad.net/bugs/2041396 Title: gdb 12.1 generates SIGILL on armhf Status in gdb: Fix Released Status in gdb package in Ubuntu: New Status in gdb source package in Jammy: New Bug description: [ Impact ] * GDB 12.1 introduced a regression where it will break program execution when the program contains mixed ARM code and THUMB code. * Upstream stated they tested the changes on Ubuntu 20.04 and it went okay. [ Test Plan ] Considering the following C program: ``` __attribute__((target("arm"), noinline)) int thumb_func() { return 42; } __attribute__((target("thumb"))) int main() { return thumb_func(); } ``` If you build it using `gcc repro.c -ggdb3 -Og -o repro` and run the GDB using the following commands ... ``` b 3 r c ``` (you can save the contents above to a file and run GDB using `gdb -x script ./repro`) ... you will notice GDB broke the program and threw SIGILL. If you run the program without GDB, the program exits normally. [ Where problems could occur ] * GDB is a complex software. As the patch suggests, it may break other use cases (like single-stepping) entirely. * Since this is an ARM-only patch, it's unlikely to affect other CPU architectures. However, it is possible that this fix may break ARM64 execution. [ Other Info ] * This bug has been fixed in GDB 13, but the fix was never backported to GDB 12. You can find the upstream bug in the remote bug watch. To manage notifications about this bug go to: https://bugs.launchpad.net/gdb/+bug/2041396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2041396] Re: gdb 12.1 generates SIGILL on armhf
After several hours trying to obtain access to an ARM64 machine where I could test the fix, vorlon kindly provided me with credentials to a machine that's capable of launching an armhf container. I could reproduce the bug: # gdb -q ./a.out -ex 'b 3' -ex r -ex c Reading symbols from ./a.out... Breakpoint 1, thumb_func () at 1.c:3 3 return 42; Continuing. Program received signal SIGILL, Illegal instruction. 0x00401004 in ?? () ... And also verify that Liu's package fixes the problem: # gdb -q ./a.out -ex 'b 3' -ex r -ex c Reading symbols from ./a.out... Breakpoint 1 at 0x4d8: file 1.c, line 3. Starting program: /root/a.out [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1". Breakpoint 1, thumb_func () at 1.c:3 3 return 42; Continuing. [Inferior 1 (process 2666) exited with code 052] Therefore, I sponsored the upload for him. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gdb in Ubuntu. https://bugs.launchpad.net/bugs/2041396 Title: gdb 12.1 generates SIGILL on armhf Status in gdb: Fix Released Status in gdb package in Ubuntu: New Status in gdb source package in Jammy: New Bug description: [ Impact ] * GDB 12.1 introduced a regression where it will break program execution when the program contains mixed ARM code and THUMB code. * Upstream stated they tested the changes on Ubuntu 20.04 and it went okay. [ Test Plan ] Considering the following C program: ``` __attribute__((target("arm"), noinline)) int thumb_func() { return 42; } __attribute__((target("thumb"))) int main() { return thumb_func(); } ``` If you build it using `gcc repro.c -ggdb3 -Og -o repro` and run the GDB using the following commands ... ``` b 3 r c ``` (you can save the contents above to a file and run GDB using `gdb -x script ./repro`) ... you will notice GDB broke the program and threw SIGILL. If you run the program without GDB, the program exits normally. [ Where problems could occur ] * GDB is a complex software. As the patch suggests, it may break other use cases (like single-stepping) entirely. * Since this is an ARM-only patch, it's unlikely to affect other CPU architectures. However, it is possible that this fix may break ARM64 execution. [ Other Info ] * This bug has been fixed in GDB 13, but the fix was never backported to GDB 12. You can find the upstream bug in the remote bug watch. To manage notifications about this bug go to: https://bugs.launchpad.net/gdb/+bug/2041396/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2043114] Re: sshd segmentation fault on 20.04.6 (focal)
Thank you for providing more information. Unfortunately I am still unable to reproduce the problem. I tried using a container and a VM, to no avail. But I did open the coredump: (gdb) bt #0 _int_free (av=av@entry=0x7fcbaccd8b80 , p=p@entry=0x558afb81e0c0, have_lock=, have_lock@entry=1) at malloc.c:4341 #1 0x7fcbacb84f22 in _int_realloc (av=av@entry=0x7fcbaccd8b80 , oldp=oldp@entry=0x558afb81e070, oldsize=oldsize@entry=8208, nb=80) at malloc.c:4644 #2 0x7fcbacb86fb6 in __GI___libc_realloc (oldmem=0x558afb81e080, bytes=64) at malloc.c:3226 #3 0x7fcbacb77748 in _IO_mem_finish (fp=0x558afb805e80, dummy=) at memstream.c:131 #4 0x7fcbacb6de41 in _IO_new_fclose (fp=fp@entry=0x558afb805e80) at libioP.h:948 #5 0x7fcbacc03ddb in __vsyslog_internal (pri=, fmt=0x558afa13ac80 "%.500s", ap=0x7ffd8170e5c0, mode_flags=2) at ../misc/syslog.c:237 #6 0x7fcbacc04363 in __syslog_chk (pri=pri@entry=7, flag=flag@entry=1, fmt=fmt@entry=0x558afa13ac80 "%.500s") at ../misc/syslog.c:136 #7 0x558afa0f8b78 in syslog (__fmt=0x558afa13ac80 "%.500s", __pri=7) at /usr/include/x86_64-linux-gnu/bits/syslog.h:31 #8 do_log (level=level@entry=SYSLOG_LEVEL_DEBUG1, fmt=, args=args@entry=0x7ffd8170ef00) at ../../log.c:476 #9 0x558afa0f8ff8 in debug (fmt=) at ../../log.c:229 #10 0x558afa0ae3fe in server_accept_loop (config_s=0x7ffd8170f050, newsock=, sock_out=, sock_in=) at ../../sshd.c:1338 #11 main (ac=, av=) at ../../sshd.c:2040 This stack trace is a bit intriguing. It's realloc that is crashing, way too deep into glibc. It seems to point at some weird interaction between your setup and the memory management involved in syslog. I spent time trying to find upstream bugs to see if there was anything remotely similar, but couldn't find anything either. Can you provide more details on the setup you're using to reproduce the problem? For example, are you using a VM, a container, bare metal? How many (v)CPUs? What about memory? If it's a container/VM, what's the underlying host? Also, since you can reproduce the issue pretty reliably, could you perhaps check if the same crash happens on Jammy? Thank you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2043114 Title: sshd segmentation fault on 20.04.6 (focal) Status in openssh package in Ubuntu: Confirmed Bug description: We have a physical server running Ubuntu 20.04.6 LTS (amd64) and openssh-server 1:8.2p1-4ubuntu0.9. Sometimes sshd crashes with a segmentation fault on remote login with key authentication: [193107.651745] sshd[1229630]: segfault at 5557eba6a008 ip 7f2326a2ca53 sp 7ffcba40c510 error 4 in libc-2.31.so[7f23269b8000+178000] We’ve changed only the following values in the stock sshd_config file: LogLevel DEBUG PasswordAuthentication no MaxStartups 100:30:100 The server is used for automated software testing, and sometimes our test suite might make a large amount of SSH connections in a short period of time, which seems to be correlated with the crashes. But at the same time, I have to note that the connection count was not near the MaxStartups limit, and we’ve had crashes before adding that setting. Since the backtrace shows the debug logging function in the stack, we’re currently experimenting with using `LogLevel INFO` to try and isolate the issue. I am attaching the backtrace. I could provide the full dump file, although I am hesitant due to the possibility of private keys or other sensitive information leaking. # apt-cache policy openssh-server openssh-server: Installed: 1:8.2p1-4ubuntu0.9 Candidate: 1:8.2p1-4ubuntu0.9 Version table: *** 1:8.2p1-4ubuntu0.9 500 500 http://mirrors.storpool.com/ubuntu/archive focal-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 100 /var/lib/dpkg/status 1:8.2p1-4 500 500 http://mirrors.storpool.com/ubuntu/archive focal/main amd64 Packages --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu27.27 Architecture: amd64 CasperMD5CheckResult: skip DistroRelease: Ubuntu 20.04 Package: openssh-server 1:8.2p1-4ubuntu0.9 PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 5.4.0-128.144-generic 5.4.210 Tags: focal Uname: Linux 5.4.0-128-generic x86_64 UpgradeStatus: Upgraded to focal on 2021-01-13 (1030 days ago) UserGroups: N/A _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2043114/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2038834] Re: GPU acceleration via VirGL is broken in qemu
Hello Mate, I see that the debdiff you provided applies to Noble, but this bug is also marked as affecting Mantic. Could you provide an updated debdiff for the Mantic version? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to mesa in Ubuntu. https://bugs.launchpad.net/bugs/2038834 Title: GPU acceleration via VirGL is broken in qemu Status in Release Notes for Ubuntu: New Status in mesa package in Ubuntu: Fix Released Status in mesa source package in Mantic: New Status in mesa source package in Noble: Fix Released Bug description: [ Impact ] * Enabling GPU acceleration can cause host-side crashes on mantic/noble VMs * This was reported by someone else upstream and is already fixed by https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/25580. [ Test Plan ] * I've tested the patch on an affected macOS host running Ubuntu in UTM with OpenGL enabled on both Mantic and Noble VMs. * Anyone else can do the same on an affected host by simply installing the patched package and booting to the desktop. [ Where problems could occur ] * This patch fixes an upstream mesa regression which caused libvirglrendrer to crash on the host side. * This makes a non-working use case work, VirGL on affected hosts cannot regress as it simply didn't work before. * Risk of breakage is mainly from other packages possible affected by a mesa rebuild. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/2038834/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2030684] Re: tzname[1] empty after tzset() with env TZ="UTC"
According to comment #10 from Athos, the php8.2 task has been added to this bug only to serve as a reminder for a future investigation when time permits. Since everything else affected by the bug has been marked as Fix Released, I removed the update-excuses tag. ** Tags removed: update-excuse -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2030684 Title: tzname[1] empty after tzset() with env TZ="UTC" Status in django-mailman3 package in Ubuntu: Fix Released Status in php8.2 package in Ubuntu: Triaged Status in postgresql-15 package in Ubuntu: Fix Committed Status in python-django package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Invalid Status in tzdata package in Ubuntu: Fix Released Status in tzdata package in Debian: Fix Released Bug description: The following program prints different output when run with tzdata 2023c-7ubuntu1 from mantic, versus tzdata 2023c-8ubuntu1 from mantic- proposed: root@mantic:~# cat bug.c #include #include #include #include #include int main(void) { int r; r = setenv("TZ", ":UTC", 1); if (r < 0) { printf("Failed to set TZ env var: %s\n", strerror(errno)); return 1; } tzset(); printf("timezone = %lu, daylight = %d\n", timezone, daylight); printf("tzname[0] = %s, tzname[1] = %s\n", tzname[0], tzname[1]); } root@mantic:~# gcc bug.c root@mantic:~# ./a.out timezone = 0, daylight = 0 tzname[0] = UTC, tzname[1] = UTC root@mantic:~# apt-cache policy tzdata tzdata: Installed: 2023c-7ubuntu1 Candidate: 2023c-7ubuntu1 Version table: *** 2023c-7ubuntu1 500 500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages 100 /var/lib/dpkg/status If I install tzdata from mantic-proposed, I get different output: root@mantic:~# vi /etc/apt/sources.list root@mantic:~# apt update && apt install tzdata Hit:1 http://archive.ubuntu.com/ubuntu mantic InRelease Hit:2 http://security.ubuntu.com/ubuntu mantic-security InRelease Get:3 http://archive.ubuntu.com/ubuntu mantic-proposed InRelease [118 kB] Hit:4 http://archive.ubuntu.com/ubuntu mantic-updates InRelease Hit:5 http://archive.ubuntu.com/ubuntu mantic-backports InRelease Get:6 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages [35.9 kB] Get:7 http://archive.ubuntu.com/ubuntu mantic-proposed/main Translation-en [14.8 kB] Get:8 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 DEP-11 Metadata [2376 B] Get:9 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 c-n-f Metadata [1004 B] Get:10 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 Packages [15.9 kB] Get:11 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted Translation-en [3564 B] Get:12 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 c-n-f Metadata [336 B] Fetched 192 kB in 1s (324 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 72 packages can be upgraded. Run 'apt list --upgradable' to see them. root@mantic:~# apt install tzdata=2023c-8ubuntu1 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libefiboot1 libefivar1 Use 'apt autoremove' to remove them. The following packages will be upgraded: tzdata 1 upgraded, 0 newly installed, 0 to remove and 72 not upgraded. Need to get 269 kB of archives. After this operation, 142 kB disk space will be freed. Get:1 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 tzdata all 2023c-8ubuntu1 [269 kB] Fetched 269 kB in 0s (867 kB/s) Preconfiguring packages ... (Reading database ... 39935 files and directories currently installed.) Preparing to unpack .../tzdata_2023c-8ubuntu1_all.deb ... Unpacking tzdata (2023c-8ubuntu1) over (2023c-7ubuntu1) ... Setting up tzdata (2023c-8ubuntu1) ... Current default time zone: 'Etc/UTC' Local time is now: Mon Aug 7 21:18:35 UTC 2023. Universal Time is now: Mon Aug 7 21:18:35 UTC 2023. Run 'dpkg-reconfigure tzdata' if you wish to change it. Scanning processes... Scanning candidates... Restarting services... Service restart
[Touch-packages] [Bug 2044654] Re: No debugging symbols found in libgdk-3.so.0
I've added ubuntu-debuginfod as an affected project and marked the bug as Invalid for gtk-3. BTW, this is a known issue that's being worked on. Hopefully it should be resolved in the next days. Thanks for reporting the bug! ** Also affects: ubuntu-debuginfod Importance: Undecided Status: New ** Changed in: gtk+3.0 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu. https://bugs.launchpad.net/bugs/2044654 Title: No debugging symbols found in libgdk-3.so.0 Status in ubuntu-debuginfod: New Status in gtk+3.0 package in Ubuntu: Invalid Bug description: Attach gdb to a running yelp process! (gdb) share libgdk Reading symbols from /lib/x86_64-linux-gnu/libgdk-3.so.0... (No debugging symbols found in /lib/x86_64-linux-gnu/libgdk-3.so.0) ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libgtk-3-0 3.24.33-1ubuntu2 ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-azure 6.2.16 Uname: Linux 6.2.0-1016-azure x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Sun Nov 26 13:11:15 2023 ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=pl_PL.UTF-8 SHELL=/bin/bash SourcePackage: gtk+3.0 UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-debuginfod/+bug/2044654/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2040405] Re: Merge openldap from Debian unstable for noble
Nothing to merge yet. ** Changed in: openldap (Ubuntu) Milestone: ubuntu-23.12 => ubuntu-24.01 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/2040405 Title: Merge openldap from Debian unstable for noble Status in openldap package in Ubuntu: New Bug description: Upstream: tbd Debian: 2.5.13+dfsg-52.6.6+dfsg-1~exp2 Ubuntu: 2.6.6+dfsg-1~exp1ubuntu1 Debian new has 2.6.6+dfsg-1~exp2, which may be available for merge soon. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. ### New Debian Changes ### openldap (2.5.13+dfsg-5) unstable; urgency=medium * Fix sha2-contrib autopkgtest failure. Call slappasswd using its full path. (Closes: #1030814) * Disable flaky test test069-delta-multiprovider-starttls. -- Ryan Tandy Tue, 07 Feb 2023 17:56:12 -0800 openldap (2.5.13+dfsg-4) unstable; urgency=medium [ Andreas Hasenack ] * d/rules: Fix passwd/sha2 build (Closes: #1030716, LP: #2000817) * d/t/sha2-contrib: add test for sha2 module -- Ryan Tandy Mon, 06 Feb 2023 19:21:05 -0800 openldap (2.5.13+dfsg-3) unstable; urgency=medium [ Ryan Tandy ] * Disable flaky test test063-delta-multiprovider. Mitigates #1010608. [ Gioele Barabucci ] * slapd.scripts-common: Avoid double-UTF8-encoding org name (Closes: #1016185) * d/slapd.scripts-common: Remove outdated `migrate_to_slapd_d_style` * d/slapd.postinst: Remove test for ancient version * slapd.scripts-common: Remove unused `normalize_ldif` * d/slapd.scripts-common: Use sed instead of perl in `release_diagnostics` -- Ryan Tandy Fri, 13 Jan 2023 16:29:59 -0800 openldap (2.5.13+dfsg-2) unstable; urgency=medium * d/tests/smbk5pwd: Grant slapd access to /var/lib/heimdal-kdc. Fixes the autopkgtest failure due to heimdal setting mode 700 on this directory. (Closes: #1020442) * d/source/lintian-overrides: Add wildcards to make overrides compatible with both older and newer versions of lintian. * d/slapd-contrib.lintian-overrides: Remove unused custom-library-search-path override now that krb5-config no longer sets -rpath. -- Ryan Tandy Sat, 24 Sep 2022 12:40:21 -0700 openldap (2.5.13+dfsg-1) unstable; urgency=medium * d/rules: Remove get-orig-source, now unnecessary. * Check PGP signature when running uscan. * d/watch: Modernize watch file; use repacksuffix. * d/copyright: Update according to DEP-5. * d/control: Add myself to Uploaders. * New upstream release. -- Sergio Durigan Junior Sun, 18 Sep 2022 18:29:46 -0400 openldap (2.5.12+dfsg-2) unstable; urgency=medium * Stop slapd explicitly in prerm as a workaround for #1006147, which caused dpkg-reconfigure to not restart the service, so the new configuration was not applied. See also #994204. (Closes: #1010971) -- Ryan Tandy Mon, 23 May 2022 10:14:53 -0700 openldap (2.5.12+dfsg-1) unstable; urgency=medium * New upstream release. - Fixed SQL injection in back-sql (ITS#9815) (CVE-2022-29155) * Update debconf translations: - German, thanks to Helge Kreutzmann. (Closes: #1007728) - Spanish, thanks to Camaleón. (Closes: #1008529) - Dutch, thanks to Frans Spiesschaert. (Closes: #1010034) -- Ryan Tandy Wed, 04 May 2022 18:00:16 -0700 openldap (2.5.11+dfsg-1) unstable; urgency=medium * Upload to unstable. -- Ryan Tandy Fri, 11 Mar 2022 19:38:02 -0800 openldap (2.5.11+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Add openssl to Build-Depends to enable more checks in test067-tls. * Update slapd-contrib's custom-library-search-path override to work with current Lintian. -- Ryan Tandy Sun, 23 Jan 2022 17:16:05 -0800 openldap (2.5.8+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Update slapd-contrib's custom-library-search-path override to work with Lintian 2.108.0. -- Ryan Tandy Wed, 13 Oct 2021 18:42:55 -0700 openldap (2.5.7+dfsg-1~exp1) experimental; urgency=medium * New upstream release. * Don't run autoreconf in contrib/ldapc++. We don't build it, and it is not ### Old Ubuntu Delta ### openldap (2.6.6+dfsg-1~exp1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2028721). Remaining changes: - Enable AppArmor support: + d/apparmor-profile: add AppArmor profile + d/rules: use dh_apparmor + d/control: Build-Depends on dh-apparmor + d/slapd.README.Debian: add note about AppArmor - Enable ufw support: + d/control: suggest ufw. + d/rules: install ufw profile. + d/slapd.ufw.profile:
Re: [Touch-packages] [Bug 2015562] Re: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)
On Friday, December 08 2023, Timo Aaltonen wrote: > man/dnsmasq.8.orig | 2582 > + > > this must be a leftover from applying the commit? Hm, I don't see this difference. In fact, if I look at the dnsmasq package that's currently shipped in Jammy, man/dnsmasq.8.orig already exists there. -- Sergio GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dnsmasq in Ubuntu. https://bugs.launchpad.net/bugs/2015562 Title: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) Status in dnsmasq package in Ubuntu: Fix Released Status in dnsmasq source package in Jammy: In Progress Bug description: [ Impact ] Some users may face an unpleasant segmentation fault if they combine configurations options like server=/domain/# with server|address=/domain/ since the domain matching functionality was rewritten in version 2.86. The special server address ’#’ means "use the standard servers". The SEGV occurs due to the struct server datastructure associated with it is passed to forward_query() call without been properly reserved and filled due to resolvconf servers didn't belong to the priority list. Without resolving this, dnsmasq stops running due to the SEGV and (non-experienced) users might not notice it. [ Test Plan ] #0.Prepare a VM or Container. i.e: # lxc launch ubuntu-daily:jammy Jdnsmasq #1. Install dnsmasq # apt update && apt upgrade -y # apt install -y dnsmasq #2. Disable systemd-resolved service and enabling resolution through dnsmasq, configuring DNS servers through it. # systemctl disable --now systemd-resolved.service # rm -f /etc/resolv.conf # cat > /etc/resolv.conf << __EOF__ nameserver 127.0.0.1 __EOF__ # echo "server=8.8.8.8" >> /etc/dnsmasq.conf (or edit the file to add it if you prefer) # (Optional) echo "log-queries" >> /etc/dnsmasq.conf # (optional) echo "log-debug" >> /etc/dnsmasq.conf # systemctl start dnsmasq.service 3. Copy netflix-nov6.conf into /etc/dnsmasq.d/ # cat > /etc/dnsmasq.d/netflix-nov6.conf << __EOF__ # Null response on these domains server=/netflix.com/# address=/netflix.com/:: server=/netflix.net/# address=/netflix.net/:: server=/nflxext.com/# address=/nflxext.com/:: server=/example.com/# address=/example.com/:: __EOF__ #4. Restart/reload dnsmasq # systemctl restart dnsmasq #5. Verify that dnsmasq resolves domains correctly: root@Jdnsmasq:~# dig +short -tA ubuntu.com @127.0.0.1 185.125.190.21 185.125.190.20 185.125.190.29 root@Jdnsmasq:~# dig +short -t ubuntu.com @127.0.0.1 2620:2d:4000:1::28 2620:2d:4000:1::26 2620:2d:4000:1::27 #6. Perform a type65 / HTTPS recordtype query for netflix.com towards the dnsmasq server twice: root@Jdnsmasq:~# dig A netflix.com @127.0.0.1 ; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 48730 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 23 (Network Error) ;; QUESTION SECTION: ;netflix.com. IN A ;; Query time: 23 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed Nov 15 16:46:19 UTC 2023 ;; MSG SIZE rcvd: 46 root@Jdnsmasq-checking:~# dig A netflix.com @127.0.0.1 ;; communications error to 127.0.0.1#53: timed out ;; communications error to 127.0.0.1#53: connection refused ;; communications error to 127.0.0.1#53: connection refused #7. Check logs to verify segfault: # journalctl -u dnsmasq Apr 27 11:22:52 Jdnsmasq systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. Apr 27 11:22:53 Jdnsmasq dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 27 11:22:53 Jdnsmasq dnsmasq[111585]: config error is REFUSED (EDE: network error) Apr 27 11:22:54 Jdnsmasq dnsmasq[111585]: query[type=65] netflix.com from 127.0.0.1 Apr 27 11:22:54 Jdnsmasq systemd[1]: dnsmasq.service: Main process exited, code=dumped, status=11/SEGV Apr 27 11:22:54 Jdnsmasq systemd[1]: dnsmasq.service: Failed with result 'core-dump'. [ Where problems could occur ] This cherry picked commit from upstream incorporates a rewrite of the server priority list in the dnsmasq header file. Fortunately, that headers are not exported outside dnsmasq, so it cannot impact other third-party pieces of software. However, it can lend to think about the matching domain functionality that is being patched: could it be affect in some way to other types of server displaced on that list? Does anything change for the rest? In other words... Is the matching domain functionality working as expected,
[Touch-packages] [Bug 2020913] Re: /etc/profile.d/debuginfd.{sh, csh} are created with 600 permissions
** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to elfutils in Ubuntu. https://bugs.launchpad.net/bugs/2020913 Title: /etc/profile.d/debuginfd.{sh,csh} are created with 600 permissions Status in elfutils package in Ubuntu: Fix Released Status in elfutils source package in Jammy: Incomplete Bug description: [ Impact ] Users installing libdebuginfod-common (the package that ships the shell snippets responsible for configuring the DEBUGINFOD_URLS environment variable, which will ultimately be used by GDB to contact the Ubuntu debuginfod service) experience a problem caused by permissions being set too tightly for /etc/profile.d/debuginfod.{sh,csh}. This results in DEBUGINFOD_URLS not being set for non-root users. [ Test Plan ] Inside a Jammy container: # apt install -y libdebuginfod-common # ls -lah /etc/profile.d/debuginfod* Verify that the permission of both files allow them to be world- readable. [ Where problems could occur ] Care has been taken to not modify existing file permissions unnecessarily by using "g+r,o+r" when invoking chmod, but it is still possible to conceive a scenario where upgrading the package would make the files world-readable when the user is actually expecting otherwise. However, such "regression" would arguably not be something supported because if the intention is to prevent non-root users from making use of debuginfod, there are better ways to achieve it. [ Original Description ] In a fresh container, installing libdebuginfod-common gives a /etc/profile.d that looks like this: ``` root@32f34f7e271e:/etc/profile.d# ls -lah total 24K drwxr-xr-x 1 root root 4.0K May 26 17:23 . drwxr-xr-x 1 root root 4.0K May 26 17:23 .. -rw-r--r-- 1 root root 96 Oct 15 2021 01-locale-fix.sh -rw--- 1 root root 677 May 26 17:23 debuginfod.csh -rw--- 1 root root 692 May 26 17:23 debuginfod.sh ``` when I login as a nonprivledged user, DEBUGINFOD_URLS is not set because the permissions are incorrect on the profile files. ``` # dpkg -l | grep libdebug ii libdebuginfod-common0.186-1build1 all configuration to enable the Debian debug info server ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/2020913/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2003756] Re: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142."
I'm changing my opinion here. I feel like this is indeed a problem with how init-system-helpers (more specifically, deb-systemd-invoke) warns users about errors. Since it uses "--quiet" when invoking systemctl, I believe it needs to be a bit more verbose to explain what happened. What's interesting that I can't reproduce the apt failure. For example, "apt install proftpd" will warn me about deb-systemd-invoke, but the command will finish successfully. ISTR having seen this behaviour before, but I don't remember my conclusion at the time. Anyway, this needs to be forwarded to Debian. I don't believe Ubuntu should diverge from Debian in this case. ** Changed in: init-system-helpers (Ubuntu) Status: Confirmed => Triaged ** Changed in: krb5 (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/2003756 Title: Cannot configure krb5-kdc on Ubuntu Jammy 22.04.01, "Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142." Status in init-system-helpers package in Ubuntu: Triaged Status in krb5 package in Ubuntu: Triaged Bug description: I have a fresh install of Ubuntu Server 22.04.01 LTS. After installing the server and running all updates, I run the following command: apt -y install slapd ldap-utils schema2ldif sasl2-bin libsasl2-modules-gssapi-mit krb5-kdc-ldap krb5-admin-server krb5-kdc This will be installing krb5-kdc 1.19.2-2. This is in preparation for setting up an OpenLDAP server, a Kerberos server with an LDAP backend, and saslauthd for pass-through authentication. krb5-kdc was auto-selected when running the steps in the guide here in my development environment: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend When installing that, I get the following in the output: Setting up krb5-kdc (1.19.2-2) ... Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /lib/systemd/system/krb5-kdc.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I do get the prompts for the realm, kdc, and admin server hostnames, and they are reflected in /etc/krb5.conf. If I then run the following: dpkg-reconfigure krb5-kdc I am prompted for whether I want the package to create the Kerberos KDC configuration automatically, and when I say yes, it then repeats the following error: Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 142. I cannot find any further debug in the syslog or anything to indicate what the root cause is; the list of packages here are all installed together on a separate development server where I experimented with the configuration I will be deploying here in production so I don't think it's incompatible packages in the install list, but I am open to feedback on that. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/init-system-helpers/+bug/2003756/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2030684] Re: tzname[1] empty after tzset() with env TZ="UTC"
postgresql-15 has been Fix Released a while ago. Marking the task accordingly. ** Changed in: postgresql-15 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/2030684 Title: tzname[1] empty after tzset() with env TZ="UTC" Status in django-mailman3 package in Ubuntu: Fix Released Status in php8.2 package in Ubuntu: Triaged Status in postgresql-15 package in Ubuntu: Fix Released Status in python-django package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Invalid Status in tzdata package in Ubuntu: Fix Released Status in tzdata package in Debian: Fix Released Bug description: The following program prints different output when run with tzdata 2023c-7ubuntu1 from mantic, versus tzdata 2023c-8ubuntu1 from mantic- proposed: root@mantic:~# cat bug.c #include #include #include #include #include int main(void) { int r; r = setenv("TZ", ":UTC", 1); if (r < 0) { printf("Failed to set TZ env var: %s\n", strerror(errno)); return 1; } tzset(); printf("timezone = %lu, daylight = %d\n", timezone, daylight); printf("tzname[0] = %s, tzname[1] = %s\n", tzname[0], tzname[1]); } root@mantic:~# gcc bug.c root@mantic:~# ./a.out timezone = 0, daylight = 0 tzname[0] = UTC, tzname[1] = UTC root@mantic:~# apt-cache policy tzdata tzdata: Installed: 2023c-7ubuntu1 Candidate: 2023c-7ubuntu1 Version table: *** 2023c-7ubuntu1 500 500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages 100 /var/lib/dpkg/status If I install tzdata from mantic-proposed, I get different output: root@mantic:~# vi /etc/apt/sources.list root@mantic:~# apt update && apt install tzdata Hit:1 http://archive.ubuntu.com/ubuntu mantic InRelease Hit:2 http://security.ubuntu.com/ubuntu mantic-security InRelease Get:3 http://archive.ubuntu.com/ubuntu mantic-proposed InRelease [118 kB] Hit:4 http://archive.ubuntu.com/ubuntu mantic-updates InRelease Hit:5 http://archive.ubuntu.com/ubuntu mantic-backports InRelease Get:6 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages [35.9 kB] Get:7 http://archive.ubuntu.com/ubuntu mantic-proposed/main Translation-en [14.8 kB] Get:8 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 DEP-11 Metadata [2376 B] Get:9 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 c-n-f Metadata [1004 B] Get:10 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 Packages [15.9 kB] Get:11 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted Translation-en [3564 B] Get:12 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 c-n-f Metadata [336 B] Fetched 192 kB in 1s (324 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 72 packages can be upgraded. Run 'apt list --upgradable' to see them. root@mantic:~# apt install tzdata=2023c-8ubuntu1 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libefiboot1 libefivar1 Use 'apt autoremove' to remove them. The following packages will be upgraded: tzdata 1 upgraded, 0 newly installed, 0 to remove and 72 not upgraded. Need to get 269 kB of archives. After this operation, 142 kB disk space will be freed. Get:1 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 tzdata all 2023c-8ubuntu1 [269 kB] Fetched 269 kB in 0s (867 kB/s) Preconfiguring packages ... (Reading database ... 39935 files and directories currently installed.) Preparing to unpack .../tzdata_2023c-8ubuntu1_all.deb ... Unpacking tzdata (2023c-8ubuntu1) over (2023c-7ubuntu1) ... Setting up tzdata (2023c-8ubuntu1) ... Current default time zone: 'Etc/UTC' Local time is now: Mon Aug 7 21:18:35 UTC 2023. Universal Time is now: Mon Aug 7 21:18:35 UTC 2023. Run 'dpkg-reconfigure tzdata' if you wish to change it. Scanning processes... Scanning candidates... Restarting services... Service restarts being deferred: systemctl restart systemd-logind.service systemctl restart unattended-upgrades.service No containers need
[Touch-packages] [Bug 2050874] Re: "Illegal characters in username" breaks sftp upload
Thank you for taking the time to report a bug. As you mentioned yourself, this is indeed a security feature and not a bug. It would be wrong for Ubuntu (or any other GNU/Linux distro out there, IMHO) to revert this change. It also seems to me that your request less a "bug report" and more a "request for help". As such, I am taking the liberty of marking this bug as Invalid. My suggestion would be to look for help on the appropriate technical forums (either Ubuntu's or upstream's). Finally, you mentioned that using ~/.ssh/config is not ideal because there's no obvious way to set the password. I would strongly recommend using key-based authentication instead. Thank you. ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2050874 Title: "Illegal characters in username" breaks sftp upload Status in openssh package in Ubuntu: Invalid Bug description: A new error message appeared in 1:8.2p1-4ubuntu0.11, "remote username contains invalid characters". The underlying commit seems to be this: https://github.com/openbsd/src/commit/ba05a7aae989020b8d05cc93cc6200109bba5a7b I need to work with an sftp connection where the username includes "|". The lftp client uses ssh to connect, triggering the error. It's possible to whitelist the username by adding it to a config file (e.g. ~/.ssh/config), but in that case, there's no obvious way to set the password. I suppose this is in fact a feature more than it is a bug, but it is really inconvenient. Any hints on how to handle it would be welcome. Regards, Jakob Lund Ubuntu 20.04.3 LTS openssh-client: Installed: 1:8.2p1-4ubuntu0.11 lftp: Installed: 4.8.4-2build3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2050874/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers
Dan, let me know if you need help driving the Linux kernel SRU forward. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1916485 Title: test -x fails inside shell scripts in containers Status in Ubuntu on IBM z Systems: New Status in docker.io package in Ubuntu: New Status in glibc package in Ubuntu: Opinion Status in libseccomp package in Ubuntu: Fix Committed Status in runc package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Status in docker.io source package in Xenial: New Status in libseccomp source package in Xenial: New Status in runc source package in Xenial: New Status in systemd source package in Xenial: Invalid Status in docker.io source package in Bionic: New Status in libseccomp source package in Bionic: New Status in runc source package in Bionic: Fix Released Status in systemd source package in Bionic: Fix Released Status in docker.io source package in Focal: New Status in libseccomp source package in Focal: New Status in runc source package in Focal: Fix Released Status in systemd source package in Focal: Fix Released Status in docker.io source package in Groovy: New Status in libseccomp source package in Groovy: New Status in runc source package in Groovy: Fix Released Status in systemd source package in Groovy: Fix Released Status in docker.io source package in Hirsute: New Status in libseccomp source package in Hirsute: Fix Committed Status in runc source package in Hirsute: Fix Released Status in systemd source package in Hirsute: Fix Released Status in systemd package in Debian: Fix Released Bug description: (SRU template for systemd) [impact] bash (and some other shells) builtin test command -x operation fails [test case] on any affected host system, start nspawn container, e.g.: $ sudo apt install systemd-container $ wget https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64-root.tar.xz $ mkdir h $ cd h $ tar xvf ../hirsute-server-cloudimg-amd64-root.tar.xz $ sudo systemd-nspawn Then from a bash shell, verify if test -x works: root@h:~# ls -l /usr/bin/gpg -rwxr-xr-x 1 1000 1000 1083472 Jan 16 09:53 /usr/bin/gpg root@h:~# test -x /usr/bin/gpg || echo "fail" fail [regression potential] any regression would likely occur during a syscall, most likely faccessat2(), or during other syscalls. [scope] this is needed for b/f this is fixed upstream by commit bcf08acbffdee0d6360d3c31d268e73d0623e5dc which is in 247 and later, so this is fixed in h this was pulled into Debian at version 246.2 in commit e80c5e5371ab77792bae94e0f8c5e85a4237e6eb, so this is fixed in g in x, the entire systemd seccomp code is completely different and the patch doesn't apply, nor does it appear to be needed, as the problem doesn't reproduce in a h container under x. [other info] this needs fixing in libseccomp as well [original description] glibc regression causes test -x to fail inside scripts inside docker/podman, dash and bash are broken, mksh and zsh are fine: root@0df2ce5d7a46:/# test -x /usr/bin/gpg || echo Fail root@0df2ce5d7a46:/# dash -c "test -x /usr/bin/gpg || echo Fail" Fail root@0df2ce5d7a46:/# bash -c "test -x /usr/bin/gpg || echo Fail" Fail root@0df2ce5d7a46:/# mksh -c "test -x /usr/bin/gpg || echo Fail" root@0df2ce5d7a46:/# zsh -c "test -x /usr/bin/gpg || echo Fail" root@0df2ce5d7a46:/# root@0df2ce5d7a46:/# zsh -c "[ -x /usr/bin/gpg ] || echo Fail" root@0df2ce5d7a46:/# mksh -c "[ -x /usr/bin/gpg ] || echo Fail" root@0df2ce5d7a46:/# dash -c "[ -x /usr/bin/gpg ] || echo Fail" Fail root@0df2ce5d7a46:/# bash -c "[ -x /usr/bin/gpg ] || echo Fail" Fail The -f flag works, as does /usr/bin/test: # bash -c "test -f /usr/bin/gpg || echo Fail" # bash -c "/usr/bin/test -x /usr/bin/gpg || echo Fail" # [Original bug report] root@84b750e443f8:/# lsb_release -rd Description: Ubuntu Hirsute Hippo (development branch) Release: 21.04 root@84b750e443f8:/# dpkg -l gnupg apt Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==-===--== ii apt2.1.20 amd64commandline package manager ii gnupg 2.2.20-1ubuntu2 all GNU privacy guard - a free PGP replacement Hi, for 3 days our CI pipelines to recreate Docker images fails for the Hirsute images. From comparison this seems to be caused by apt 2.1.20. The build fails with: 0E: gnupg, gnupg2 and unupg1 do not seem to be installed, but one of them is required for
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
Thank you for taking the time to file a bug report. This one looks like a rabbit hole :-(. I've also found many (very) old reports of similar problems, but they all appear to have been fixed a while ago (before Bionic was released). I even found a possible patch (from 2005) to fix the issue, and was able to determine that Bionic's openldap already carries an improved version of the patch (unsurprisingly). I've also found an old Launchpad bug (#15270) and the related Debian bug (https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=255276) that reports the same problem as you, and is marked having been fixed in Debian (also back in 2005). I am a bit surprised that you're experiencing this problem on Bionic. I understand that it is hard to provide steps for reproducing this problem, but I would like to ask you to provide as much information as you can, please. For example: - Your full openldap configuration (please remove any confidential bits, of course). - Any log messages from slapd or related services. - If you can, please install the debug symbols for openldap/slapd and run "gdb -p $PROCESS_PID" (where "$PROCESS_PID" is slapd's PID), then run a "bt" command and attach the output to this bug. - More information about what is going on in the system when the problem happens. For example, I've read that this might happen when the system load is high; do you notice that as well? Meanwhile, I will mark this bug as Incomplete. Feel free to revert its status back to New once you provide more info. Thanks! ** Bug watch added: Debian Bug tracker #255276 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=255276 ** Changed in: openldap (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Incomplete Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers
Hello! The kernel team has applied the fix to their pre-release branch. They have a 5-week release cycle, so we should be seeing a new Bionic Linux kernel with the fix in the following 3-4 weeks. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1916485 Title: test -x fails inside shell scripts in containers Status in Ubuntu on IBM z Systems: New Status in docker.io package in Ubuntu: New Status in glibc package in Ubuntu: Opinion Status in libseccomp package in Ubuntu: Fix Committed Status in runc package in Ubuntu: Fix Released Status in systemd package in Ubuntu: Fix Released Status in docker.io source package in Xenial: New Status in libseccomp source package in Xenial: New Status in runc source package in Xenial: New Status in systemd source package in Xenial: Invalid Status in docker.io source package in Bionic: New Status in libseccomp source package in Bionic: New Status in runc source package in Bionic: Fix Released Status in systemd source package in Bionic: Fix Released Status in docker.io source package in Focal: New Status in libseccomp source package in Focal: New Status in runc source package in Focal: Fix Released Status in systemd source package in Focal: Fix Released Status in docker.io source package in Groovy: New Status in libseccomp source package in Groovy: New Status in runc source package in Groovy: Fix Released Status in systemd source package in Groovy: Fix Released Status in docker.io source package in Hirsute: New Status in libseccomp source package in Hirsute: Fix Committed Status in runc source package in Hirsute: Fix Released Status in systemd source package in Hirsute: Fix Released Status in systemd package in Debian: Fix Released Bug description: (SRU template for systemd) [impact] bash (and some other shells) builtin test command -x operation fails [test case] on any affected host system, start nspawn container, e.g.: $ sudo apt install systemd-container $ wget https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64-root.tar.xz $ mkdir h $ cd h $ tar xvf ../hirsute-server-cloudimg-amd64-root.tar.xz $ sudo systemd-nspawn Then from a bash shell, verify if test -x works: root@h:~# ls -l /usr/bin/gpg -rwxr-xr-x 1 1000 1000 1083472 Jan 16 09:53 /usr/bin/gpg root@h:~# test -x /usr/bin/gpg || echo "fail" fail [regression potential] any regression would likely occur during a syscall, most likely faccessat2(), or during other syscalls. [scope] this is needed for b/f this is fixed upstream by commit bcf08acbffdee0d6360d3c31d268e73d0623e5dc which is in 247 and later, so this is fixed in h this was pulled into Debian at version 246.2 in commit e80c5e5371ab77792bae94e0f8c5e85a4237e6eb, so this is fixed in g in x, the entire systemd seccomp code is completely different and the patch doesn't apply, nor does it appear to be needed, as the problem doesn't reproduce in a h container under x. [other info] this needs fixing in libseccomp as well [original description] glibc regression causes test -x to fail inside scripts inside docker/podman, dash and bash are broken, mksh and zsh are fine: root@0df2ce5d7a46:/# test -x /usr/bin/gpg || echo Fail root@0df2ce5d7a46:/# dash -c "test -x /usr/bin/gpg || echo Fail" Fail root@0df2ce5d7a46:/# bash -c "test -x /usr/bin/gpg || echo Fail" Fail root@0df2ce5d7a46:/# mksh -c "test -x /usr/bin/gpg || echo Fail" root@0df2ce5d7a46:/# zsh -c "test -x /usr/bin/gpg || echo Fail" root@0df2ce5d7a46:/# root@0df2ce5d7a46:/# zsh -c "[ -x /usr/bin/gpg ] || echo Fail" root@0df2ce5d7a46:/# mksh -c "[ -x /usr/bin/gpg ] || echo Fail" root@0df2ce5d7a46:/# dash -c "[ -x /usr/bin/gpg ] || echo Fail" Fail root@0df2ce5d7a46:/# bash -c "[ -x /usr/bin/gpg ] || echo Fail" Fail The -f flag works, as does /usr/bin/test: # bash -c "test -f /usr/bin/gpg || echo Fail" # bash -c "/usr/bin/test -x /usr/bin/gpg || echo Fail" # [Original bug report] root@84b750e443f8:/# lsb_release -rd Description: Ubuntu Hirsute Hippo (development branch) Release: 21.04 root@84b750e443f8:/# dpkg -l gnupg apt Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==-===--== ii apt2.1.20 amd64commandline package manager ii gnupg 2.2.20-1ubuntu2 all GNU privacy guard - a free PGP replacement Hi, for 3 days our CI pipelines to recreate Docker images fails for the Hirsute images. From comparison this seems to be caused by apt 2
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
Thanks for following up. It is hard to say what might be happening and whether switching to MDB will help or not. I'm still puzzled that you're seeing this hang on a relatively new version of OpenLDAP. The fact that it didn't happen on Trusty may be helpful when diagnosing the issue, but I can't say for sure. I will wait until you are able to provide a backtrace or more information. I will see about talking to other OpenLDAP experts here and see if this bug rings any bells for them. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Incomplete Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
Thanks for the further investigation, Stephane and Ryan. Much appreciated! It would be interesting to know if lincvz could test an openldap built with Ryan's patch, to check if he can still reproduce the bug with it. I am going to prepare a PPA with Ryan's patch and let you know ASAP. Ryan, IIUC the patch you're proposing fixes the issue experienced by Stephane, but we're not entirely sure that it's the same issue being reported in this bug. Am I right? If that's correct, and if we verify that lincvz can still reproduce the bug even with the fix proposed by Ryan, then the best way forward would be for Stephane to open a new bug so that I can act on it. Thanks. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Confirmed Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
OK, here it is: https://launchpad.net/~sergiodj/+archive/ubuntu/openldap-bug1926265 lincvz, could you please give this a try and check if this package fixes the issue? Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Confirmed Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
Hi lincvz, We are still trying to determine the best approach here. This is on my TODO list, and hopefully I can put something together by the end of this week. Thank you for your patience. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Confirmed Status in openldap source package in Bionic: Triaged Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
Hello lincvz, Sorry about the delay. I have been busy with other stuff and did not have time to follow up on this bug. Here is the lay of the land right now: 1) Unfortunately, it is unlikely that we will be able to get the SRU team to accept an upload that reintroduces an issue. This means that removing the patch that causes the infinite loop is something that we would rather not do, because another problem will reappear. 2) The ideal course of action here would be to investigate whether it would be possible to backport the patch at https://github.com/openldap/openldap/commit/735e1ab14bb055344b4e767a216aa410aa7d1503 and make it fully work. This is probably a non-trivial task, as Ryan himself said. I am still looking into a possible solution for this, but I cannot guarantee anything for now, I'm sorry (I'm very busy with other stuff, including updating OpenLDAP in Impish to 2.5!) Given that I have provided a PPA with a package that fixes the issue for you, I would say that for now you are better off using it. Last, but not least: if you feel like giving it a try and trying to backport https://github.com/openldap/openldap/commit/735e1ab14bb055344b4e767a216aa410aa7d1503 to the openldap version that's in Bionic, that would be awesome. We can review whatever you have and guide you through the SRU process. Thank you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Confirmed Status in openldap source package in Bionic: Triaged Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1932980] Re: window title in mate terminal not change after I logout from ssh
Thank you for the bug report. It seems to me that this is a MATE-specific configuration, and not something related to openssh. When you ssh into a host, ssh takes control of the terminal and the PS1 variable becomes something else, which is reflected on the window title. When you log out of the ssh connection, PS1 doesn't get overwritten again because the control is now back to your shell. Maybe there are ways to force the window title to be "refreshed" when you disconnect, but I don't know offhand, sorry. I'm setting the bug as Invalid for openssh. ** Changed in: openssh (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1932980 Title: window title in mate terminal not change after I logout from ssh Status in Ubuntu MATE: New Status in mate-terminal package in Ubuntu: New Status in openssh package in Ubuntu: Invalid Bug description: I use Ubuntu Mate 20.04. I always update my system. When, I open mate terminal and login into my server via ssh, the window title is change to my server @. But, its not change after I logout. In this report I attach a proof. Thanks. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-mate/+bug/1932980/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1926265] Re: slapd enter in infinite loop on sched_yield syscall
Hi lincvz, Unfortunately I don't plan to maintain the packages on the PPA; it would be too cumbersome to keep monitoring security updates and rebuilding the package every time. My intention with the PPA was to facilitate the diagnostic of the bug, and also to provide a hotfix for you. I will try to talk to the SRU team again and see if we can reach some sort of consensus on how to deal with this bug, but unfortunately I cannot make promises here. Sorry about that. ** Changed in: openldap (Ubuntu Bionic) Importance: High => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1926265 Title: slapd enter in infinite loop on sched_yield syscall Status in openldap package in Ubuntu: Confirmed Status in openldap source package in Bionic: Triaged Bug description: On a production server, sometimes slapd become unbresponsive, some threads loops in sched_yield syscall and consumme all CPU. To recover, slapd needs to restart. No related information is reported in log file. All same issues in OpenLDAP upstream project are old and fixed. So maybe this issue affects only Ubuntu package. It occurs randomly, so I have no steps to reproduce. OS : Bionic Openldap version: libldap-2.4-2:amd642.4.45+dfsg-1ubuntu1.10 libldap-common 2.4.45+dfsg-1ubuntu1.10 slapd 2.4.45+dfsg-1ubuntu1.10 Modules loaded: olcModuleLoad: {0}back_bdb olcModuleLoad: {1}syncprov olcModuleLoad: {2}back_monitor olcModuleLoad: {3}memberof.la olcModuleLoad: {4}refint.la olcModuleLoad: {5}rwm olcModuleload: {6}back_ldap Backend is BDB. slapd run in (single) master - (multi) slave mode. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1926265/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp