[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-09-28 Thread Andreas Hasenack
** Description changed: [Impact] When attempting to authenticate against a Windows Active Directory server configured to require SASL channel binding over SSL/TLS ldap connections (ldaps), authentication will fail stating invalid credentials as the cause. This is due to

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-09-28 Thread Andreas Hasenack
** Description changed: [Impact] - When attempting to bind to a SASL channel using GSSAPI or GSS-SPNEGO for - Windows Active Directory, authentication will fail stating invalid + When attempting to authenticate against a Windows Active Directory + server configured to require SASL channel

[Touch-packages] [Bug 1990692] [NEW] samba profile needs updating

2022-09-23 Thread Andreas Hasenack
Public bug reported: kinetic apparmor 3.0.7-1ubuntu1 sudo apt install apparmor-profiles apparmor-utils apparmor-profiles-extra sudo apt install samba smbclient cups cups-client Create a fake printer: sudo lpadmin -p testprinter -E -v /dev/null Set a password for the samba "root" user: printf

[Touch-packages] [Bug 1980494] Re: krb5-multidev is not multi-arch installable due to differences in /usr/bin/krb5-config.mit

2022-09-15 Thread Andreas Hasenack
> @Andreas - you subscribed the Foundations team to his bug report back in July. What were you looking for from the Foundations team? I don't know how this should be fixed, and was hoping Foundations could help, since it's an issue that is happening because of the introduction of LTO, and

[Touch-packages] [Bug 1964506] Re: Ping: checks payloads incorrectly, ignores all mismatch replies

2022-09-14 Thread Andreas Hasenack
I checked that jammy and later indeed has the same commit reverted. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iputils in Ubuntu. https://bugs.launchpad.net/bugs/1964506 Title: Ping: checks payloads incorrectly,

[Touch-packages] [Bug 1551020] Re: IpUtils Ping can be in wait forever

2022-09-14 Thread Andreas Hasenack
Upstream bug: https://github.com/iputils/iputils/pull/67 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iputils in Ubuntu. https://bugs.launchpad.net/bugs/1551020 Title: IpUtils Ping can be in wait forever Status in

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-09-09 Thread Andreas Hasenack
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy:

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-09-09 Thread Andreas Hasenack
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy:

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-09-09 Thread Andreas Hasenack
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy:

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-09-09 Thread Andreas Hasenack
** Description changed: [Impact] Users who have: a) opted in to confining samba with apparmor (by installing apparmor-profiles); and b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode; will experience an error in starting the smbd service in jammy:

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-09-09 Thread Andreas Hasenack
** Description changed: [Impact] - Path to samba-bgqd is wrong on 22.04. - Changing from /usr/lib*/samba/samba-bgqd into /usr/lib/@{multiarch}/samba/samba-bgqd to align different architectures. - The @{multiarch} was initialized at the code before. - Before fixing it might confuse users

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-09-09 Thread Andreas Hasenack
Removing the samba task as there is nothing to do there for jammy. ** No longer affects: samba (Ubuntu Jammy) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1979879

[Touch-packages] [Bug 1988119] Re: Update to systemd 237-3ubuntu10.54 broke dns

2022-08-30 Thread Andreas Hasenack
** Tags added: regression-update -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1988119 Title: Update to systemd 237-3ubuntu10.54 broke dns Status in systemd package in

[Touch-packages] [Bug 1895302] Re: groovy debootstrap leaves /e/d/motd-news.wasremoved around

2022-08-24 Thread Andreas Hasenack
Please reject the xenial upload. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to base-files in Ubuntu. https://bugs.launchpad.net/bugs/1895302 Title: groovy debootstrap leaves /e/d/motd-news.wasremoved around Status in

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-08-24 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu Jammy) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subs

[Touch-packages] [Bug 1984327] Re: Component mismatch: new lerc support requires universe package

2022-08-18 Thread Andreas Hasenack
Uploaded: Uploading tiff_4.4.0-4ubuntu2.dsc Uploading tiff_4.4.0-4ubuntu2.debian.tar.xz Uploading tiff_4.4.0-4ubuntu2_source.buildinfo Uploading tiff_4.4.0-4ubuntu2_source.changes I decided to retain the ubuntu suffix (see discussion at [1]), and will sync the package the next time there is a

[Touch-packages] [Bug 1984327] Re: Component mismatch: new lerc support requires universe package

2022-08-18 Thread Andreas Hasenack
Yes, will do today -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1984327 Title: Component mismatch: new lerc support requires universe package Status in tiff package in

Re: [Touch-packages] [Bug 1986860] Re: [MIR] krb5 (bin:krb5-user)

2022-08-17 Thread Andreas Hasenack
bution=ubuntu; sourcepackage=krb5; component=main; > status=New; importance=Undecided; assignee=andr...@canonical.com; > Launchpad-Bug-Information-Type: Public > Launchpad-Bug-Private: no > Launchpad-Bug-Security-Vulnerability: no > Launchpad-Bug-Commenters: ahasenack vorlon >

[Touch-packages] [Bug 1986860] [NEW] [MIR] krb5 (bin:krb5-user)

2022-08-17 Thread Andreas Hasenack
Public bug reported: Placeholder bug to MIR bin:krb5-user (src:krb5 is in main already). ** Affects: krb5 (Ubuntu) Importance: Undecided Assignee: Andreas Hasenack (ahasenack) Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-08-16 Thread Andreas Hasenack
openldap@jammy also needs no further changes ** Changed in: openldap (Ubuntu Jammy) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu.

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-08-16 Thread Andreas Hasenack
openldap in kinetic needs no further changes, marking that task as fix released. ** Changed in: openldap (Ubuntu) Status: Confirmed => Fix Released ** Also affects: cyrus-sasl2 (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Jammy)

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-08-12 Thread Andreas Hasenack
Ok, got it working in jammy, it was a local problem. I had installed the heimdal sasl gssapi module, instead of MIT. Heimdal is another issue to fix later at some point, but now I'm concentrating on MIT. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1984327] Re: Component mismatch: new lerc support requires universe package

2022-08-10 Thread Andreas Hasenack
Hm, I had searched for it, but missed it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1984327 Title: Component mismatch: new lerc support requires universe package

[Touch-packages] [Bug 1984327] Re: Component mismatch: new lerc support requires universe package

2022-08-10 Thread Andreas Hasenack
I subscribed to the MIR, and when it's approved, if nobody beats me to it, I'll remove the delta I added to tiff. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1984327 Title:

[Touch-packages] [Bug 1984322] [NEW] Component mismatch: new lerc support requires universe package

2022-08-10 Thread Andreas Hasenack
*** This bug is a duplicate of bug 1984327 *** https://bugs.launchpad.net/bugs/1984327 Public bug reported: tiff is in sync with debian, and version tiff 4.4.0-1[1] enabled lerc support. Unfortunately lerc is in ubuntu universe, and tiff is in main, so we either MIR lerc, or disable it in

[Touch-packages] [Bug 1984327] [NEW] Component mismatch: new lerc support requires universe package

2022-08-10 Thread Andreas Hasenack
/4.4.0-1 2. https://launchpad.net/ubuntu/+source/lerc ** Affects: tiff (Ubuntu) Importance: Undecided Assignee: Andreas Hasenack (ahasenack) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-08-01 Thread Andreas Hasenack
Hm, I see, it's obviously not just samba-bgqd. Hmm... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1979879 Title: Apparmor profile in 22.04 jammy - fails to start when

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-08-01 Thread Andreas Hasenack
The other argument I have against fixing this in apparmor, is that this fix is for jammy only. It's not present in kinetic. But the samba fix (correct path for that binary) is in jammy. Then the question boils down to which update will cause the less amount of disruption for users... a)

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-08-01 Thread Andreas Hasenack
That being said, it's also likely that all desktop users have some samba library installed :/ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1979879 Title: Apparmor

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

2022-08-01 Thread Andreas Hasenack
Initially I was also in favor of changing the apparmor profile instead of the samba packaging, but after I saw MichaƂ's MP (with this approach), I'm kind of changing my mind, and here is my reasoning: With the change to apparmor, all ubuntu users, regardless if they use samba or not, will get the

[Touch-packages] [Bug 1953065] Re: 2.13.0 FTBFS

2022-07-29 Thread Andreas Hasenack
** Merge proposal unlinked: https://code.launchpad.net/~ahasenack/ubuntu/+source/ust/+git/ust/+merge/427642 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ust in Ubuntu. https://bugs.launchpad.net/bugs/1953065 Title:

[Touch-packages] [Bug 1977751] Re: Merge ust from Debian for 22.10

2022-07-29 Thread Andreas Hasenack
** Merge proposal linked: https://code.launchpad.net/~ahasenack/ubuntu/+source/ust/+git/ust/+merge/427642 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ust in Ubuntu. https://bugs.launchpad.net/bugs/1977751 Title:

[Touch-packages] [Bug 1977751] Re: Merge ust from Debian for 22.10

2022-07-29 Thread Andreas Hasenack
** Changed in: ust (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ust in Ubuntu. https://bugs.launchpad.net/bugs/1977751 Title: Merge ust from Debian for 22.10 Status in ust

[Touch-packages] [Bug 1969676] Re: Stash file /etc/krb5kdc/stash uses DEPRECATED enctype des3-cbc-sha1

2022-07-29 Thread Andreas Hasenack
*** This bug is a duplicate of bug 1981697 *** https://bugs.launchpad.net/bugs/1981697 ** This bug has been marked a duplicate of bug 1981697 KDC: weak crypto in default settings -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

2022-07-28 Thread Andreas Hasenack
This was fixed in Kinetic with https://launchpad.net/ubuntu/+source/krb5/1.20-1 krb5 (1.20-1) unstable; urgency=medium * New Upstream Version * Do not specify master key type to avoid weak crypto, Closes: #1009927 -- Sam Hartman Fri, 22 Jul 2022 16:32:38 -0600 ** Also affects: krb5

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-07-26 Thread Andreas Hasenack
I tried the same set of patches on jammy's cyrus-sasl (2.1.27). They applied, but I couldn't get gssapi + ldaps to work against AD 2016. It kept complaining that the channel binding token was not there. Weird. I then tried fedora 36, and centos 9, which I thought were the "benchmark" for this, but

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

2022-07-26 Thread Andreas Hasenack
** Tags added: bitesize server-todo ** Also affects: krb5 (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: krb5 (Ubuntu Jammy) Status: New => Triaged ** Changed in: krb5 (Ubuntu) Importance: Undecided => Medium ** Changed in: krb5 (Ubuntu Jammy)

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

2022-07-25 Thread Andreas Hasenack
Actually, looks like it could be simple, as in, do nothing out of the ordinary. The config file is not shipped as /etc/krb5kdc/kdc.conf: db_get krb5-kdc/debconf DEBCONF="$RET" if [ ! -f /etc/krb5kdc/kdc.conf ] && [ $DEBCONF = "true" ] ; then sed -e

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

2022-07-25 Thread Andreas Hasenack
This was fixed in debian and is currently in kinetic-proposed: https://launchpad.net/ubuntu/+source/krb5/1.20-1 I'm unsure how to approach this from an SRU perspective, given it's a configuration setting in the default config file that is ship: --- a/debian/kdc.conf +++ b/debian/kdc.conf @@

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-07-22 Thread Andreas Hasenack
I'm concerned about interoperability issues... https://github.com/cyrusimap/cyrus-imapd/issues/3317 ** Bug watch added: github.com/cyrusimap/cyrus-imapd/issues #3317 https://github.com/cyrusimap/cyrus-imapd/issues/3317 -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-07-22 Thread Andreas Hasenack
Ok, the -o SASL_CBINDING command-line parameter seems to work. Against that window 2016 server the ldapwhoami command only works when I set the channel binding mode to tls-unique: ubuntu@k1:~$ ldapwhoami -H ldaps://WIN-KRIET1E5ELO.internal.example.fake -Y GSSAPI -O maxssf=0 -o SASL_CBINDING=none

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-07-22 Thread Andreas Hasenack
I have a build for kinetic which has two changes: - enable channel binding - allow setting maxssf=0 when using GSS-SPNEGO The later might not be needed, as GSSAPI already supports maxssf=0, and adcli will forcibly select GSSAPI instead of GSS-SPNEGO if ldaps (ssl) is being used, exactly because

[Touch-packages] [Bug 1912256] Re: Missing channel binding prevents authentication to ActiveDirectory

2022-07-21 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1912256 Title: Missing channel binding

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

2022-07-19 Thread Andreas Hasenack
Here is a collection of guides from upstream MIT kerberos: https://web.mit.edu/kerberos/krb5-latest/doc/admin/enctypes.html#migrating- away-from-older-encryption-types -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in

[Touch-packages] [Bug 1977751] Re: Merge ust from Debian for 22.10

2022-07-19 Thread Andreas Hasenack
** Changed in: ust (Ubuntu) Milestone: None => ubuntu-22.07 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ust in Ubuntu. https://bugs.launchpad.net/bugs/1977751 Title: Merge ust from Debian for 22.10 Status in ust

[Touch-packages] [Bug 1889548] Re: ssh using gssapi will enforce FILE: credentials cache

2022-07-11 Thread Andreas Hasenack
Toby, you are mostly interested in this because you have some sort of policy, perhaps one that doesn't allow secrets to be stored on disk in clear text and protected just by filesystem permissions? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1889548] Re: ssh using gssapi will enforce FILE: credentials cache

2022-07-08 Thread Andreas Hasenack
** Also affects: openssh via https://bugzilla.mindrot.org/show_bug.cgi?id=3203 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu.

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
** Changed in: systemd (Ubuntu Jammy) Status: In Progress => New ** Changed in: systemd (Ubuntu Jammy) Assignee: Andreas Hasenack (ahasenack) => (unassigned) ** Changed in: mariadb-10.6 (Ubuntu Jammy) Status: Triaged => In Progress ** Description changed:

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
** Description changed: [Impact] Jammy's MariaDB will fail to build, and also fail to start, if the underlying kernel is 5.4.x (focal's) and if it's running in an unprivileged container (lxd, docker). It will also fail to build in launchpad builders. Common scenarios where this

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
** Description changed: [Impact] - * An explanation of the effects of the bug on users and + Jammy's MariaDB was built with io_uring support, and it tries to enable + it at runtime if it deems it's running on a supported kernel. There is a + range of kernel versions it checks, but of

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
** Description changed: + [Impact] + + * An explanation of the effects of the bug on users and + + * justification for backporting the fix to the stable release. + + * In addition, it is helpful, but not required, to include an +explanation of how the upload fixes this bug. + + [Test

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
Ok, phew, my test was incorrect, the bug is present in jammy. That makes this SRU simpler. I'll proceed with it, without a block-proposed tag. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
I got a report on IRC that the existing jammy package of mariadb does exhibit this problem: (link will expire soon)

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
Ok, a plain jammy rebuild in a launchpad ppa failed: 2022-06-17 14:18:27 0 [Warning] mariadbd: io_uring_queue_init() failed with ENOMEM: try larger memory locked limit, ulimit -l, or https://mariadb.com/kb/en/systemd/#configuring-limitmemlock under systemd (262144 bytes required) The binary

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
I can't reproduce this bug anymore with the package currently in jammy (1:10.6.7-2ubuntu1): lxc launch ubuntu:focal f --vm lxc shell f lxd init # just hit enter for all questions lxc launch ubuntu:jammy j lxc shell j ulimit -l # confirm it's less than 256 apt update && apt install mariadb-server

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
Hi Michal, I'm going over the test procedure for this bug and turns out the scenario where we encountered it is a bit convoluted, specially for users: you need to be running a 5.4 kernel on a jammy userspace (jammy itself has 5.15 kernel). Could you please elaborate on how this bug affects you?

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-17 Thread Andreas Hasenack
** Changed in: systemd (Ubuntu Jammy) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: systemd (Ubuntu Jammy) Status: New => In Progress ** Changed in: systemd (Ubuntu Jammy) Importance: Undecided => High -- You received this bug notification be

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-06-15 Thread Andreas Hasenack
** Also affects: systemd (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: mariadb-10.6 (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: mariadb-10.6 (Ubuntu Jammy) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Chan

[Touch-packages] [Bug 1647285] Re: SSL trust not system-wide

2022-06-06 Thread Andreas Hasenack
Related: https://bugs.launchpad.net/ubuntu/+source/crypto- policies/+bug/1926664 (I might create a task here for crypto-policies and close the bug above) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in

[Touch-packages] [Bug 1977751] [NEW] Merge ust from Debian for 22.10

2022-06-06 Thread Andreas Hasenack
* [92abdd1] New upstream version 2.13.3 -- Michael Jeanson Fri, 03 Jun 2022 16:37:11 -0400 ** Affects: ust (Ubuntu) Importance: Undecided Assignee: Andreas Hasenack (ahasenack) Status: New ** Tags: needs-merge ** Changed in: ust (Ubuntu) Assignee: (unassigned

[Touch-packages] [Bug 1976507] Re: Missing channel binding for gssapi

2022-06-02 Thread Andreas Hasenack
*** This bug is a duplicate of bug 1912256 *** https://bugs.launchpad.net/bugs/1912256 ** This bug has been marked a duplicate of bug 1912256 Missing channel binding prevents authentication to ActiveDirectory -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1976509] [NEW] totp test not run, claims python env not found

2022-06-01 Thread Andreas Hasenack
Public bug reported: > Starting test081-totp for mdb... running defines.sh ../../../tests/scripts/test081-totp: 31: cannot create /home/ubuntu/git/packages/openldap/openldap/debian/build/tests/testrun/test.out: Directory nonexistent ../../../tests/scripts/test081-totp: 31: cannot create

[Touch-packages] [Bug 1976507] [NEW] Missing channel binding for gssapi

2022-06-01 Thread Andreas Hasenack
Public bug reported: The cyrus-sasl2 package in Ubuntu is still lacking the channel binding support in gssapi, which was/is required by a certain patch level of Windows Active Directory. I have an old ppa[1] of when I was working on this, before I was moved to other projects. The patches I used

[Touch-packages] [Bug 1976508] [NEW] sasl/gssapi tests are disabled due to missing build-deps

2022-06-01 Thread Andreas Hasenack
Public bug reported: Openldap has an extensive test suite that is run during build. The sasl/gssapi tests are being skipped because of missing build dependencies: > Starting test077-sasl-gssapi for mdb... running defines.sh Starting KDC for SASL/GSSAPI tests... Trying Heimdal

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-26 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu Jammy) Assignee: Andreas Hasenack (ahasenack) => (unassigned) ** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: Confirmed => Triaged ** Changed in: cyrus-sasl2 (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-25 Thread Andreas Hasenack
Got a reply[1] from upstream, and this is expected. I'll go ahead and MP this patch. 1. https://github.com/cyrusimap/cyrus- sasl/commit/cb549ef71c5bb646fe583697ebdcaba93267a237#r74534186 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-25 Thread Andreas Hasenack
I applied that patch in cyrus-sasl2 2.1.28 from kinetic, and it did get rid of the other DIGEST-MD5 messages. But I'm having difficulties in finding a client sasl app where I can set log_level to see if with a high log_level I can restore that logging, to make sure it's working. I tried

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-25 Thread Andreas Hasenack
Ok, specifically this log message is fixed in 2.1.28: DIGEST-MD5 common mech free Via https://git.launchpad.net/ubuntu/+source/cyrus- sasl2/tree/debian/patches/0001-plugins-digestmd5-Remove-debug-log-mech- free.patch That patch is just in Ubuntu Kinetic for now. But I still see a lot of

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-25 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: In Progress => Fix Released ** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: Fix Released => Confirmed ** Changed in: cyrus-sasl2 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-23 Thread Andreas Hasenack
Fixed in https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.28+dfsg-6 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/827151 Title: Annoying log message "DIGEST-MD5

[Touch-packages] [Bug 1971272] Re: Merge cyrus-sasl2 from Debian unstable for kinetic

2022-05-23 Thread Andreas Hasenack
ing key * Reset repacksuffix * New upstream version 2.1.28+dfsg (CVE-2022-24407) * Rebase 0027-properly-create-libsasl2.pc.patch -- Bastian Germann Tue, 22 Feb 2022 23:40:47 +0100 cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium [ Andreas Hasenack ] * Fix configure

[Touch-packages] [Bug 1677781] Re: Missing dep8 tests

2022-05-23 Thread Andreas Hasenack
Fixed in https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.28+dfsg-6 ** Changed in: cyrus-sasl2 (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-23 Thread Andreas Hasenack
Fixed in https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.28+dfsg-6 ** Changed in: cyrus-sasl2 (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-20 Thread Andreas Hasenack
A fixed cyrus-sasl2 is in kinetic-proposed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title: Crash when using DIGEST-MD5 with SSF>=128 Status in

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-19 Thread Andreas Hasenack
Bileto is green: https://bileto.ubuntu.com/#/ticket/4852 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title: Crash when using DIGEST-MD5 with SSF>=128

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-19 Thread Andreas Hasenack
Submitted the cyrus-sasl2 fix to Debian via https://salsa.debian.org/debian/cyrus-sasl2/-/merge_requests/11 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-18 Thread Andreas Hasenack
** Bug watch added: Debian Bug tracker #1011249 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249 ** Also affects: cyrus-sasl2 (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011249 Importance: Unknown Status: Unknown -- You received this bug notification

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-18 Thread Andreas Hasenack
Submitted python-bonsai DEP8 fixes to Debian via https://salsa.debian.org/python-team/packages/python- bonsai/-/merge_requests/1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.

[Touch-packages] [Bug 1971272] Re: Merge cyrus-sasl2 from Debian unstable for kinetic

2022-05-18 Thread Andreas Hasenack
repacksuffix * New upstream version 2.1.28+dfsg (CVE-2022-24407) * Rebase 0027-properly-create-libsasl2.pc.patch -- Bastian Germann Tue, 22 Feb 2022 23:40:47 +0100 cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium [ Andreas Hasenack ] * Fix configure.ac for autoconf

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-17 Thread Andreas Hasenack
https://github.com/cyrusimap/cyrus-sasl/pull/668 ** Bug watch added: github.com/cyrusimap/cyrus-sasl/issues #665 https://github.com/cyrusimap/cyrus-sasl/issues/665 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-17 Thread Andreas Hasenack
https://github.com/cyrusimap/cyrus-sasl/pull/653 https://github.com/cyrusimap/cyrus-sasl/issues/665 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1973760 Title:

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>=128

2022-05-17 Thread Andreas Hasenack
Working theory at the moment is that cyrus-sasl2 is using RC4 from OpenSSL, and OpenSSL3 deprecated it: On Kinetic: $ openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) $ echo -ne test | openssl rc4 -k test *** WARNING : deprecated key derivation used. Using -iter or

[Touch-packages] [Bug 1973760] Re: Crash when using DIGEST-MD5 with SSF>0

2022-05-17 Thread Andreas Hasenack
It's also crashing in debian: https://ci.debian.net/data/autopkgtest/unstable/amd64/p/python- bonsai/21842977/log.gz ** Summary changed: - Crash when using DIGEST-MD5 with SSF>0 + Crash when using DIGEST-MD5 with SSF>=128 -- You received this bug notification because you are a member of Ubuntu

[Touch-packages] [Bug 1973760] [NEW] Crash when using DIGEST-MD5 with SSF>=128

2022-05-17 Thread Andreas Hasenack
) Importance: High Assignee: Andreas Hasenack (ahasenack) Status: In Progress ** Tags: server-todo update-excuse update-excuses -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https

[Touch-packages] [Bug 1677781] Re: Missing dep8 tests

2022-05-16 Thread Andreas Hasenack
Sent new dep8 tests to debian, and then synced the package back into ubuntu: https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.28+dfsg-5 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.

[Touch-packages] [Bug 1971272] Re: Merge cyrus-sasl2 from Debian unstable for kinetic

2022-05-16 Thread Andreas Hasenack
version 2.1.28+dfsg (CVE-2022-24407) * Rebase 0027-properly-create-libsasl2.pc.patch -- Bastian Germann Tue, 22 Feb 2022 23:40:47 +0100 cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium [ Andreas Hasenack ] * Fix configure.ac for autoconf 2.70 (Closes: #1003355, #1000152

[Touch-packages] [Bug 827151] Re: Annoying log message "DIGEST-MD5 common mech free"

2022-05-06 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu Jammy) Status: Triaged => In Progress ** Changed in: cyrus-sasl2 (Ubuntu Jammy) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1677781] Re: Missing dep8 tests

2022-05-06 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu) Status: Triaged => In Progress ** Changed in: cyrus-sasl2 (Ubuntu) Importance: Wishlist => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu.

[Touch-packages] [Bug 1971272] Re: Merge cyrus-sasl2 from Debian unstable for kinetic

2022-05-06 Thread Andreas Hasenack
ase 0027-properly-create-libsasl2.pc.patch -- Bastian Germann Tue, 22 Feb 2022 23:40:47 +0100 cyrus-sasl2 (2.1.27+dfsg2-3) unstable; urgency=medium [ Andreas Hasenack ] * Fix configure.ac for autoconf 2.70 (Closes: #1003355, #1000152) -- Bastian Germann Tue, 11 Jan 2022 11:25

[Touch-packages] [Bug 1677781] Re: Missing dep8 tests

2022-05-06 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1677781 Title: Miss

[Touch-packages] [Bug 1971272] Re: Merge cyrus-sasl2 from Debian unstable for kinetic

2022-05-06 Thread Andreas Hasenack
** Changed in: cyrus-sasl2 (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cyrus-sasl2 in Ubuntu. https://bugs.launchpad.net/bugs/1971272 Title: Me

[Touch-packages] [Bug 1953065] Re: 2.13.0 FTBFS

2022-05-05 Thread Andreas Hasenack
** Merge proposal unlinked: https://code.launchpad.net/~ahasenack/ubuntu/+source/ust/+git/ust/+merge/421513 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ust in Ubuntu. https://bugs.launchpad.net/bugs/1953065 Title:

[Touch-packages] [Bug 1970979] Re: compiler flags leaking through krb5-config --libs

2022-05-02 Thread Andreas Hasenack
Post in the upstream mailing list, let's see if this spawns a discussion: https://mailman.mit.edu/pipermail/krbdev/2022-April/013543.html -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu.

[Touch-packages] [Bug 1970979] [NEW] compiler flags leaking through krb5-config --libs

2022-04-29 Thread Andreas Hasenack
Public bug reported: krb5-config --libs is leaking some compiler specific flags that we define in Ubuntu: $ krb5-config --libs -L/usr/lib/x86_64-linux-gnu/mit-krb5 -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -lkrb5 -lk5crypto -lcom_err That ones that concern

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-04-29 Thread Andreas Hasenack
> Could it be -flto/-ffat-lto-objects related (like > https://jira.mariadb.org/browse/MDEV-25633)? > The top part of the stack trace looks the same. Nice catch. Indeed, disabling lto fixes the build and startup in low memlock conditions. I'm still concerned with lto creeping in via

[Touch-packages] [Bug 1970634] Re: FTBFS: mariadb fails to start due to low MEMLOCK limit

2022-04-28 Thread Andreas Hasenack
Since mariadb on the current jammy kernel disables io_uring at startup, I'm considering disabling io_uring entirely in the jammy mariadb build. The only scenario where io_uring would be used by the jammy mariadb is if the user ran a different kernel than the one shipped with jammy. -- You

[Touch-packages] [Bug 1970634] Re: FTBFS: test failure due to low memlock limit

2022-04-28 Thread Andreas Hasenack
I added a task for systemd to consider raising the default RLIMIT_MEMLOCK limit. This upstream commit raises the default limit to 8Mb: https://github.com/systemd/systemd/commit/852b62507b2 The way things are now, the following scenario does NOT work out of the box: - jammy lxd on focal host -

[Touch-packages] [Bug 1970634] Re: FTBFS: test failure due to low memlock limit

2022-04-28 Thread Andreas Hasenack
** Also affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1970634 Title: FTBFS: test failure due to low

[Touch-packages] [Bug 1969676] [NEW] Stash file /etc/krb5kdc/stash uses DEPRECATED enctype des3-cbc-sha1

2022-04-20 Thread Andreas Hasenack
Public bug reported: When provisioning a new realm, this warning is logged in /var/log/syslog: ==> /var/log/syslog <== Apr 20

[Touch-packages] [Bug 1774788] Re: Daemon won't start at boot up (18LTS fully patched)

2022-03-30 Thread Andreas Hasenack
This is a class[1] of bugs for which we cannot come up with a general solution that will safely and sanely apply to all scenarios. For such cases, local configuration changes should be made to accommodate the intended behavior in each case. We believe that, in this particular case, since the

  1   2   3   4   5   6   7   8   9   >