[Touch-packages] [Bug 1928346] Re: package libseccomp2:amd64 2.5.1-1ubuntu1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configura

2021-05-13 Thread Alex Murray
Thanks for reporting this issue - can you please try running the following in a terminal and see if this resolves the problem: sudo apt-get install -f --reinstall libseccomp2 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1926820]

2021-05-02 Thread Alex Murray
Thank you for taking the time to report this bug and helping to make Ubuntu better. Reviewing your dmesg attachment to this bug report it seems that there may be a problem with your hardware. I'd recommend performing a back up and then investigating the situation. Measures you might take

[Touch-packages] [Bug 1926820] Re: package libseccomp2:amd64 2.4.3-1ubuntu3.20.04.3 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting c

2021-05-02 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-04-13 Thread Alex Murray
libseccomp on bionic looks good from what I can see on https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html#libseccomp - can this please migrate now? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-04-13 Thread Alex Murray
similarly for xenial there is only one failure for libseccomp autopkgtests which is systemd/i386 - https://people.canonical.com /~ubuntu-archive/proposed- migration/xenial/update_excuses.html#libseccomp - and this looks reasonably flaky in recent history

[Touch-packages] [Bug 1908818] Re: pure packaging of libnss3

2021-04-05 Thread Alex Murray
@paelzer - we just got another duplicate of this filed for nss in groovy - is the server team working on a fix for this for groovy? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu.

[Touch-packages] [Bug 1922553] Re: libnss3 package contains invalid library paths

2021-04-05 Thread Alex Murray
*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-03-29 Thread Alex Murray
For the focal autopkgtest failures above: docker.io/19.03.8-0ubuntu1.20.04.2 (arm64) systemd/245.4-4ubuntu3.5 (ppc64el) The docker.io/arm64 failed due to network issues in the test infrastructure: + lxc launch ubuntu-daily:focal/arm64 docker -c security.nesting=true Creating docker Error:

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-03-29 Thread Alex Murray
The systemd/229-4ubuntu21.29 (i386) test looks very flaky - this seems to fail more often than not looking at https://autopkgtest.ubuntu.com/packages/s/systemd/xenial/i386 - and the tests which failed for the libseccomp 2.5.1-1ubuntu1~16.04.1 run (boot- and-services and boot-smoke) also failed for

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-03-29 Thread Alex Murray
Regarding the failing autopkgtests from bionic reported in comment #28: - the containerd and chrony ones on s390x are transient failures due to networking issues in the test infrastructure so should hopefully pass on a re-run. - I can't reproduce the flatpak/amd64 failure locally so I assume

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-03-29 Thread Alex Murray
Tested for libseccomp as follows: cat

[Touch-packages] [Bug 1891810] Re: Backport 2.5.1 to fix missing openat2 syscall, causing problems for fuse-overlayfs in nspawn containers

2021-03-29 Thread Alex Murray
The fix for systemd's LP: #1918696 is not in the systemd xenial SRU since, as noted in that bug, systemd in xenial doesn't include upstream commit 469830d1426a91e0897c321fdc8ee428f0a750c1 which reworked the code to switch from seccomp_rule_add to seccomp_rule_add_exact. In this case systemd could

[Touch-packages] [Bug 1918696] Re: libseccomp 2.5.1 will break unit tests on ppc

2021-03-29 Thread Alex Murray
Yes this is not needed for xenial since that version of systemd is not new enough to be affected by this issue (see the bug description for more details). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-03-28 Thread Alex Murray
** Changed in: libseccomp (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Bionic) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Focal) Status: Confirmed => In Progress ** Changed in: libseccomp (Ubuntu Groovy)

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-03-14 Thread Alex Murray
** Patch added: "libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476579/+files/libseccomp_2.5.1-1ubuntu1~20.10.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-03-14 Thread Alex Murray
** Description changed: - The version of libseccomp2 in bionic does not know about the openat2 - syscall. + [Impact] - In my particular usecase, I was trying to run podman/buildah in an - nspawn container, using fuse-overlayfs. This leads to peculiar failure - modes as described in this issue:

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-03-14 Thread Alex Murray
** Patch added: "libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476578/+files/libseccomp_2.5.1-1ubuntu1~20.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-03-14 Thread Alex Murray
** Patch added: "libseccomp_2.5.1-1ubuntu1~18.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810/+attachment/5476577/+files/libseccomp_2.5.1-1ubuntu1~18.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers

2021-03-14 Thread Alex Murray
@oded-geek - yes, the libseccomp SRU to backport 2.5.1 to these releases is being handled in https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1891810 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-03-14 Thread Alex Murray
Updating libseccomp to 2.5.1 breaks the systemd unit tests on ppc64el since the behaviour around filtering of the multiplexed socket() system call changes - as such a fix for systemd in https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1918696 is also required. -- You received this bug

[Touch-packages] [Bug 1919078] Re: Ubuntu SSO login - not working (Throws "Error connecting to server"

2021-03-14 Thread Alex Murray
** Package changed: ubuntu => gnome-online-accounts (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnome-online-accounts in Ubuntu. https://bugs.launchpad.net/bugs/1919078 Title: Ubuntu SSO login - not working

[Touch-packages] [Bug 1917920] Re: magic-proxy broke with iptables 1.8.7-1ubuntu2

2021-03-09 Thread Alex Murray
Good point re google.com - I just repeated the above test but replacing www.google.com with http://neverssl.com and verified it worked as expected so it doesn't look like http->https redirect affected the results. Hmmm perhaps there is something else at play compared to when testing locally vs on

[Touch-packages] [Bug 1917920] Re: magic-proxy broke with iptables 1.8.7-1ubuntu2

2021-03-08 Thread Alex Murray
I tried to reproduce this in an up-to-date bionic VM as follows: # inside the bionic VM sudo snap install lxd sudo lxd init # accept defauls sudo lxc launch ubuntu-daily:hirsute hirsute sudo lxc exec hirsute /bin/bash # then inside the hirsute container install livecd-rootfs apt update apt

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-02-28 Thread Alex Murray
** Also affects: libseccomp (Ubuntu Hirsute) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: New ** Changed in: libseccomp (Ubuntu Hirsute) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch see

[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers

2021-02-28 Thread Alex Murray
As I understand it I don't see there is any issue here with libseccomp in Ubuntu as it currently stands - whilst the aforementioned runc workaround commit description specifies a number of shortcomings with libseccomp and the inability to easily handle and distinguish newly added syscalls between

[Touch-packages] [Bug 1916669] [NEW] autopkgtests flaky for hirsute across various architectures

2021-02-23 Thread Alex Murray
Public bug reported: Currently the lxc 1:4.0.4-1:4.0.4-0ubuntu3 and 1:4.0.6-0ubuntu1 autopkgtests for hirsute are quite flaky across most architectures: amd64 - https://autopkgtest.ubuntu.com/packages/l/lxc/hirsute/amd64 --- only 3

[Touch-packages] [Bug 1915874] Re: autopkgtest fails in hirsute on armhf with glibc 2.33

2021-02-22 Thread Alex Murray
** Changed in: libseccomp (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1915874 Title: autopkgtest fails in hirsute on

[Touch-packages] [Bug 1915906] Re: Ensure SRP BN_mod_exp follows the constant time path

2021-02-17 Thread Alex Murray
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1915906 Title: Ensure SRP BN_mod_exp follows the constant time

[Touch-packages] [Bug 1915874] Re: autopkgtest fails in hirsute on armhf with glibc 2.33

2021-02-16 Thread Alex Murray
I'm in the process of preparing libseccomp 2.5.1 for hirsute so will add this patch for it's autopkgtests as part of that. Thanks. ** Changed in: libseccomp (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubu

[Touch-packages] [Bug 1915801] Re: version 1.9.5p2-2ubuntu1 broke system

2021-02-16 Thread Alex Murray
*** This bug is a duplicate of bug 1915250 *** https://bugs.launchpad.net/bugs/1915250 ** This bug has been marked a duplicate of bug 1915250 buildd file owner/group for shared libraries -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1915792] Re: sudo is no longer owned by root so it no longer works

2021-02-16 Thread Alex Murray
*** This bug is a duplicate of bug 1915250 *** https://bugs.launchpad.net/bugs/1915250 ** This bug has been marked a duplicate of bug 1915250 buildd file owner/group for shared libraries -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1915307] Re: Please merge sudo 1.9.5p2-2 (main) from Debian unstable (main)

2021-02-15 Thread Alex Murray
@iLogin - this is likely caused by https://bugs.launchpad.net/ubuntu/+source/fakeroot/+bug/1915250 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1915307 Title: Please merge

[Touch-packages] [Bug 1915250] Re: buildd file owner/group for shared libraries

2021-02-14 Thread Alex Murray
$ dpkg -c snapd_2.49+21.04_amd64.deb | grep buildd -rwxr-xr-x buildd/buildd 30952 2021-02-10 20:17 ./lib/systemd/system-generators/snapd-generator -rwxr-xr-x buildd/buildd 19558008 2021-02-10 20:17 ./usr/bin/snap -rwxr-xr-x buildd/buildd43304 2021-02-10 20:17 ./usr/bin/snapfuse -rwxr-xr-x

[Touch-packages] [Bug 1915250] Re: buildd file owner/group for shared libraries

2021-02-14 Thread Alex Murray
Oh I see - this was for shared libraries but I suspect it is also affecting setuid binaries as well? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils in Ubuntu. https://bugs.launchpad.net/bugs/1915250 Title: buildd

[Touch-packages] [Bug 1915250] Re: buildd file owner/group for shared libraries

2021-02-14 Thread Alex Murray
This is currently affecting snapd 2.49+21.04 which is in hirsute- proposed - https://forum.snapcraft.io/t/snapd-from-hirsute-proposed- wont-allow-snaps-to-run/22733/8 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to binutils

[Touch-packages] [Bug 1914961] Re: Contains literal path: /usr/lib/${DEB_HOST_MULTIARCH}

2021-02-07 Thread Alex Murray
*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1914652] Re: Broken dir and symlinks in package

2021-02-04 Thread Alex Murray
*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1908818] Re: pure packaging of libnss3

2021-02-04 Thread Alex Murray
** Also affects: nss (Ubuntu Hirsute) Importance: Undecided Status: Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1908818 Title: pure packaging of

[Touch-packages] [Bug 1909334] Re: bug

2021-01-28 Thread Alex Murray
Thank you for using Ubuntu and taking the time to report a bug. Your report should contain, at a minimum, the following information so we can better find the source of the bug and work to resolve it. Submitting the bug about the proper source package is essential. For help see

[Touch-packages] [Bug 1909602] Re: package unattended-upgrades 1.1ubuntu1.18.04.7~16.04.6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128

2021-01-28 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1910943] Re: package util-linux 2.34-0.1ubuntu9.1 failed to install/upgrade: package util-linux is not ready for configuration cannot configure (current status 'half-installed')

2021-01-28 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1910975] Re: package libflite1:amd64 2.2-1 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration

2021-01-28 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1913493] Re: pc

2021-01-28 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1913339] Re: wrong path install location for groovy package

2021-01-26 Thread Alex Murray
*** This bug is a duplicate of bug 1908818 *** https://bugs.launchpad.net/bugs/1908818 ** This bug has been marked a duplicate of bug 1908818 pure packaging of libnss3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2021-01-19 Thread Alex Murray
I have packages for 2.5.1 in the ubuntu-security-proposed PPA at https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa if you would like to give them a try I would appreciate any feedback etc. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 48734] Re: Home permissions too open

2021-01-19 Thread Alex Murray
As noted in the discourse thread on this https://discourse.ubuntu.com/t /private-home-directories-for-ubuntu-21-04-onwards/19533 - I think a similar ACL approach should be able to be used to give the www-data user or similar access to your home dir for ~/public_html or for samba as needed. --

[Touch-packages] [Bug 675560] Re: Home dirs shouldn't be world readable

2021-01-13 Thread Alex Murray
*** This bug is a duplicate of bug 48734 *** https://bugs.launchpad.net/bugs/48734 ** This bug has been marked a duplicate of bug 48734 Home permissions too open -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to adduser

[Touch-packages] [Bug 48734] Re: Home permissions too open

2021-01-13 Thread Alex Murray
s: Fix Committed => Fix Released ** Changed in: shadow (Ubuntu Hirsute) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: adduser (Ubuntu Hirsute) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubun

[Touch-packages] [Bug 1904192] Re: ebtables can not rename just created chain

2020-11-24 Thread Alex Murray
** Also affects: iptables (Ubuntu Hirsute) Importance: Undecided Assignee: Alex Murray (alexmurray) Status: Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https

[Touch-packages] [Bug 1904192] Re: ebtables can not rename just created chain

2020-11-17 Thread Alex Murray
Yep I'll take this @Christian ** Changed in: iptables (Ubuntu Groovy) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.

[Touch-packages] [Bug 1891953] Re: CVE-2019-8936

2020-11-17 Thread Alex Murray
Excellent - thank you :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1891953 Title: CVE-2019-8936 Status in ntp package in Ubuntu: Confirmed Status in ntp source

[Touch-packages] [Bug 1891953] Re: CVE-2019-8936

2020-11-17 Thread Alex Murray
@rokclimb15 - are you still looking at producing debdiff's for focal + groovy as well? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1891953 Title: CVE-2019-8936 Status in

[Touch-packages] [Bug 1904288] Re: package bluez 5.53-0ubuntu3 failed to install/upgrade: il sottoprocesso installato pacchetto bluez script post-installation ha restituito lo stato di errore 1

2020-11-15 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-12 Thread Alex Murray
jdstrand sponsored this to groovy-proposed and autopkgtests have all passed - ~ubuntu-sru - could you please review? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1898547

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-12 Thread Alex Murray
** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 Status

[Touch-packages] [Bug 1904068] [NEW] apt(-get) source fails to use credentials from /etc/apt/auth.conf(.d)

2020-11-12 Thread Alex Murray
Public bug reported: I have configured apt-src access to the private ESM PPAs via entries in /etc/apt/sources.list.d/ubuntu-security.list as follows: deb-src https://private-ppa.launchpad.net/ubuntu-esm/esm-infra- security/ubuntu trusty main and then added credentials as follows to

[Touch-packages] [Bug 1903484] Re: package python-six 1.14.0-2 failed to install/upgrade: installed python-six package post-installation script subprocess returned error exit status 127

2020-11-11 Thread Alex Murray
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-05 Thread Alex Murray
FYI the two autopkgtest failures for arm64 (sshuttle & firewalld) both appear to be transient failures so these are currently being retried... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu.

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-05 Thread Alex Murray
** Description changed: [Impact] With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start. The log file shows many errors like: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr: iptables-restore: line 29 failed

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-04 Thread Alex Murray
** Description changed: - Ubuntu Groovy (20.10) - kernel 5.8.0-20-generic - neutron-linuxbridge-agent: 2:17.0.0~git2020091014.215a541bd4-0ubuntu1 - iptables: 1.8.5-3ubuntu1 (nf_tables) - iptables-restore points to xtables-nft-multi + [Impact] - After upgrading iptables from 1.8.4 to 1.8.5 and

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-04 Thread Alex Murray
** Changed in: iptables (Ubuntu Groovy) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent

[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5

2020-11-02 Thread Alex Murray
** Changed in: iptables (Ubuntu Groovy) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: iptables (Ubuntu Hirsute) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1879980] Re: Fail to boot with LUKS on top of RAID1 if the array is broken/degraded

2020-10-05 Thread Alex Murray
I can't see any potential security impact from this - yes it will now do another round of asking for passwords but 9 tries doesn't really help (from an attacker point-of-view) any more than 6 tries assuming this is a long passphrase - so consider this an ACK from the security team. -- You

[Touch-packages] [Bug 1897666] Re: FTBFS: nss for groovy ftbfs due to erroneous nonnull check arising from glibc getcwd() annotation

2020-09-28 Thread Alex Murray
See attached for a debdiff (note this uses ubuntu3 instead of ubuntu2 since I already burned that version in the security-proposed PPA whilst preparing this) ** Patch added: "nss_3.55-1ubuntu3.debdiff"

[Touch-packages] [Bug 1897666] Re: FTBFS: nss for groovy ftbfs due to erroneous nonnull check arising from glibc getcwd() annotation

2020-09-28 Thread Alex Murray
This has also been uploaded to the security-proposed PPA - https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+sourcepub/11635176/+listing-archive-extra -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in

[Touch-packages] [Bug 1897666] [NEW] FTBFS: nss for groovy ftbfs due to erroneous nonnull check arising from glibc getcwd() annotation

2020-09-28 Thread Alex Murray
Public bug reported: As per the archive test rebuild done recently by doko, nss FTBFS due to a compiler warning raised by gcc-10 (and this fails the build due to the use of -Werror in CFLAGS): https://launchpad.net/ubuntu/+archive/test- rebuild-20200925-groovy/+build/20033437 nsinstall.c: In

[Touch-packages] [Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)

2020-09-23 Thread Alex Murray
Good point about the changelog - I have removed that line and rebuilt. Attaching the debdiff here for the release team to review. ** Patch added: "iptables_1.8.5-3ubuntu1.debdiff"

[Touch-packages] [Bug 1894195] Re: FFe: Merge iptables 1.8.5-3 (main) from Debian sid (main)

2020-09-22 Thread Alex Murray
I have done the merge and uploaded it to the security-proposed PPA - https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa - and have confirmed the iptables autopkgtest tests all pass as well as the ufw tests. Oibaf - since you requested this, would you be able to also test this?

[Touch-packages] [Bug 1895967] Re: Apparmor 3.0.0 does not load profiles in containers anymore

2020-09-22 Thread Alex Murray
Christian - thanks for your work on debugging this - can you please remove the block-proposed tag if you are happy that 3.0.0~beta1-0ubuntu6 resolves this issue? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in

[Touch-packages] [Bug 1887577] Re: DEP8: Invalid capability setuid

2020-09-21 Thread Alex Murray
This is now passing: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac /autopkgtest- groovy/groovy/amd64/a/apparmor/20200921_175620_e825f@/log.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-21 Thread Alex Murray
Yes (barring bugs), there is no intention to break anything :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release Status in

[Touch-packages] [Bug 1891953] Re: CVE-2019-8936

2020-09-21 Thread Alex Murray
Thanks for the debdiff - I am happy to sponsor this for you - one quick thing, there is no need to reference the debian bug report in the changelog so I have cleaned it up to look like the following: ntp (1:4.2.8p10+dfsg-5ubuntu7.3) bionic-security; urgency=medium * SECURITY UPDATE: Null

[Touch-packages] [Bug 1895839] Re: CVE-2020-24977

2020-09-16 Thread Alex Murray
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1895839 Title: CVE-2020-24977 Status in libxml2

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-15 Thread Alex Murray
Apologies for posting the description as a comment above... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1895060 Title: [FFe] apparmor 3 upstream release Status in

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-15 Thread Alex Murray
As per the draft upstream release notes: AppArmor 3.0 is a major new release of the AppArmor user space that makes an important change to policy development and support. Its focus is transitioning policy to the new features ABI and as such other new features have been limited. Apprmor 3.0 is a

[Touch-packages] [Bug 1895060] Re: [FFe] apparmor 3 upstream release

2020-09-15 Thread Alex Murray
** Attachment added: "groovy-proposed-apparmor-install.log" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1895060/+attachment/5411197/+files/groovy-proposed-apparmor-install.log ** Description changed: As per the draft upstream release notes: AppArmor 3.0 is a major new

[Touch-packages] [Bug 1893728] Re: Ubuntu CVE Tracker krb5 1.17-6ubuntu4 CVE-2018-20217 false positive

2020-09-06 Thread Alex Murray
This was fixed in the https://launchpad.net/ubuntu-cve-tracker in commit https://git.launchpad.net/ubuntu-cve- tracker/commit/?id=6d3a00335ca58346a10a09ad3c94046820490f8f ** No longer affects: krb5 (Ubuntu) ** No longer affects: krb5 (Ubuntu Bionic) ** Changed in: krb5 (Ubuntu Focal)

[Touch-packages] [Bug 1891810] Re: Missing openat2 syscall, causes problems for fuse-overlayfs in nspawn containers

2020-08-17 Thread Alex Murray
I was planning on doing an SRU to backport b3206ad5645dceda89538ea8acc984078ab697ab for openat2 etc anyway so assigning this to me. ** Changed in: libseccomp (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubu

[Touch-packages] [Bug 1890047] Re: Sessions crash, all X11 remote users disconnected

2020-08-05 Thread Alex Murray
** Changed in: glib-networking (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib-networking in Ubuntu. https://bugs.launchpad.net/bugs/1890047 Title: Sessions crash, all X11

[Touch-packages] [Bug 1890047] Re: Sessions crash, all X11 remote users disconnected

2020-08-03 Thread Alex Murray
How are your users connecting to the X server? From the description you mention lightdm - can you explain the setup and I will see if I can reproduce it? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to glib-networking in

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-06 Thread Alex Murray
Thanks - in Ubuntu releases 18.04 onwards debug symbols are provided via the separate -dbgsyms packages which require extra configuration - https://wiki.ubuntu.com/DebuggingProgramCrash TL;DR: echo "deb http://ddebs.ubuntu.com $(lsb_release -cs) main restricted universe multiverse" | sudo tee

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-06 Thread Alex Murray
Ok, since I can't reproduce this locally, if you are interested / able to help with debugging it, could you please attach the core dump. Or if this contains potentially sensitive details, you could install the dbg versions of the packages and reproduce the crash and this would provide a more

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-03 Thread Alex Murray
I am confused - in the initial bug report you mention /etc/systemd/system/dbus-org.freedesktop.resolve1.service as the systemd unit but now you also mention /etc/systemd/system/dbus- org.freedesktop.ModemManager1.service - can you confirm which one you have had to disable the SystemCallFilter?

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-02 Thread Alex Murray
You can specify the package name using `-p` - so perhaps: apport-collect -p systemd 1886115 apport-collect -p libseccomp2 1886115 Would do the trick? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-02 Thread Alex Murray
If this is indeed related to the Gentoo bug, I cannot see anywhere in libseccomp where the environment is being modified. As such I suspect this is likely actually a bug in systemd where it is modifying the environment across the exec() and the libseccomp update has just caused it to actually

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-02 Thread Alex Murray
To capture some more details that might help debug this issue, could you please run apport-collect 1886115 in a terminal? This should automatically capture various details and upload them to this bug report. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1886115] Re: libseccomp 2.4.3-1ubuntu3.18.04.2 causes systemd to segfault on boot

2020-07-02 Thread Alex Murray
Thanks for reporting this issue. I am not able to reproduce it myself - have you customised the syscall filtering in this profile at all? ** Changed in: libseccomp (Ubuntu) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a mem

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-30 Thread Alex Murray
I am not sure how packages.ubuntu.com generates its list but they were published for all architectures on launchpad: https://launchpad.net/ubuntu/+source/libseccomp/2.4.3-1ubuntu3.20.04.2 Also the debs are present on ports.ubuntu.com: http://ports.ubuntu.com

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-29 Thread Alex Murray
Ping @jdstrand / @sil2100 - I am not sure what more I need to do to try and progress this SRU - I believe the systemd/eoan update still needs to be sponsored from the security-proposed PPA - but I don't have permission to upload this myself - could one of you please do that on my behalf? Also if

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-24 Thread Alex Murray
@ddstreet - is there anything I can / still need to do to get this into -updates? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1877633 Title: libseccomp 2.4.3 (and

[Touch-packages] [Bug 1877633] Re: libseccomp 2.4.3 (and 2.4.2) is not correctly resolving (at least) the getrlimit syscall on arm64

2020-06-23 Thread Alex Murray
Ah thanks Dan! - I realise now that perhaps I should have had just the 1 bug report for both issues to make things simpler as having two seems to have complicated things too much. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-22 Thread Alex Murray
The systemd update for eoan is not in -proposed but the libseccomp updates (for all releases) are - the systemd update for eoan needs to be released in conjunction with the libseccomp update as it fixes a regression in systemd/eoan/i386 when used in conjunction with the libseccomp updates. The

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-19 Thread Alex Murray
Yes, like previous libseccomp updates, we plan to publish this to both -security and -updates. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1876055 Title: SRU: Backport

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-18 Thread Alex Murray
systemd-242-7ubuntu3.11 passes autopkgtest for eoan/i386 and resolves the FTBFS for arm64 - https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac /autopkgtest-eoan-ubuntu-security-proposed- ppa/eoan/i386/s/systemd/20200615_102850_82300@/log.gz @jdstrand can you

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-15 Thread Alex Murray
@jdstrand - thanks but unfortunately that version FTBFS on arm64 - I've uploaded an updated verion (ubuntu3.11 - https://launchpadlibrarian.net/484321608/systemd_242-7ubuntu3.11_source.changes) to the security-proposed PPA with an additional upstream fix for the arm64 FTBFS - this is currently

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-14 Thread Alex Murray
** Also affects: systemd (Ubuntu) Importance: Undecided Status: New ** No longer affects: systemd (Ubuntu Xenial) ** No longer affects: systemd (Ubuntu Bionic) ** No longer affects: systemd (Ubuntu Focal) ** No longer affects: systemd (Ubuntu Groovy) -- You received this bug

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-12 Thread Alex Murray
** Patch added: "systemd_242-7ubuntu3.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5383164/+files/systemd_242-7ubuntu3.10.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-12 Thread Alex Murray
** Attachment added: "systemd-242-7ubuntu3.10-i386-autopkgtest-libseccomp-proposed-upgrade.log.gz" https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876055/+attachment/5383166/+files/systemd-242-7ubuntu3.10-i386-autopkgtest-libseccomp-proposed-upgrade.log.gz -- You received this

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-12 Thread Alex Murray
I have confirmed the attached debdiff for systemd resolves this failure on i386 with libseccomp 2.4.3 - see attached for the autopkgtest log of a local run. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in

[Touch-packages] [Bug 1876055] Re: SRU: Backport 2.4.3-1ubuntu3 from groovy to focal/eoan/bionic/xenial for newer syscalls for core20 base and test suite robustness

2020-06-12 Thread Alex Murray
@jdstrand - could you please review and sponsor the systemd debdiff to eoan-proposed? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libseccomp in Ubuntu. https://bugs.launchpad.net/bugs/1876055 Title: SRU: Backport

  1   2   3   >