[Touch-packages] [Bug 1973344] Re: Converting PKCS#8 into PKCS#1 fails with openssl 3.0

2022-05-13 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1973344 Title: Converting PKCS#8 into PKCS#1 fails with openssl

[Touch-packages] [Bug 1972884] Re: Err:10 https://ppa.launchpadcontent.net/flatpak/stable/ubuntu jammy Release 404 Not Found [IP: 91.189.95.85 443]

2022-05-10 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1971888] Re: Can not ssh to github.com or gitlab.com when upgrading to 22.04

2022-05-10 Thread Seth Arnold
Alvaro, thanks for reporting back! I'm glad it worked. I don't know the full details of which QoS settings changed in which releases, but this email suggests that there was active interest in changing which exact values were used: http://lists.mindrot.org/pipermail/openssh-unix-

[Touch-packages] [Bug 1971888] Re: Can not ssh to github.com or gitlab.com when upgrading to 22.04

2022-05-09 Thread Seth Arnold
Alvaro, I wonder if your network is dropping packets with unexpected IP QoS flags? Look for 'IPQoS' in ssh_config(5) to see the defaults and available choices. This would be influenced by ssh settings but still operate at TCP level. Thanks -- You received this bug notification because you are a

[Touch-packages] [Bug 1972114]

2022-05-09 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is

[Touch-packages] [Bug 1608200] Re: please merge openssl from Debian

2022-05-09 Thread Seth Arnold
** Changed in: openssl (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1608200 Title: please merge openssl from Debian

[Touch-packages] [Bug 1971221] Re: firefox is flashing

2022-05-06 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1971101] Re: package linux-image-5.13.0-40-generic 5.13.0-40.45~20.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

2022-05-06 Thread Seth Arnold
Hello, note your filesystem is full: Filesystem 1K-blocks Used Available Use% Mounted on udev 9812920981292 0% /dev tmpfs 202808 1508201300 1% /run /dev/sda5 11167656 11000192 0 100% / That causes errors like this: cp: error

Re: [Touch-packages] [Bug 1971888] [NEW] Can not ssh to github.com or gitlab.com when upgrading to 22.04

2022-05-05 Thread Seth Arnold
On Thu, May 05, 2022 at 09:09:07PM -, Alvaro wrote: > acs@lsp-022:~$ ssh -vT g...@github.com > ... > debug1: connect to address 140.82.121.4 port 22: Connection timed out Note that "Connection timed out" is an error at the TCP level, that indicates that your computer wasn't able to establish

[Touch-packages] [Bug 1971650] Re: wrong check for "server" in libssl3.postinst

2022-05-05 Thread Seth Arnold
Possibly related to https://bugs.launchpad.net/bugs/1832421 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1971650 Title: wrong check for "server" in libssl3.postinst

[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

2022-04-26 Thread Seth Arnold
Yes, managing the configurations for the huge variety of cryptography toolkits on a Linux system is definitely something of a chore. It would be nice to give people one command they could use to return to unsafe- but-compatible cryptography -- or enforce only modern cryptography. Our friends at

[Touch-packages] [Bug 1970459] Re: import of ca-certificate in browser does not work

2022-04-26 Thread Seth Arnold
I switched this from ca-certificates to firefox and chromium-browser, since both browsers manage their own certificate lists and don't use the system-provided ca-certificates. (You manage that with different tools, see the first few lines of /etc/ca-certificates.conf for details.) Thanks **

[Touch-packages] [Bug 1969593] Re: rules to prevent non-root users from rebooting not taken into account

2022-04-20 Thread Seth Arnold
** Also affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1969593 Title: rules to prevent non-root

[Touch-packages] [Bug 1969593] Re: rules to prevent non-root users from rebooting not taken into account

2022-04-20 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1969593 Title: rules to prevent non-root users

[Touch-packages] [Bug 1968845] Re: Upgrade to 22.04 from 20.04 ends with dbus installation asking for a reboot

2022-04-19 Thread Seth Arnold
This may be a duplicate of https://launchpad.net/bugs/1969162 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1968845 Title: Upgrade to 22.04 from 20.04 ends with dbus

[Touch-packages] [Bug 1969118] Re: Certificate viewer shows extra bytes for RSA keys

2022-04-19 Thread Seth Arnold
Hello Mikko, thanks for the report; I believe that's working as intended, those bytes are part of the DER encoding; there's an excellent answer at https://crypto.stackexchange.com/a/19982/1400 that describes the meanings of each of those bytes. Thanks ** Information type changed from Private

[Touch-packages] [Bug 1968845] Re: Upgrade to 22.04 from 20.04 ends with dbus installation asking for a reboot

2022-04-19 Thread Seth Arnold
Here's the postinst I've got for that package. Maybe the reload_dbus_config() could use a --reply-timeout=5000 or something? Thanks $ cat /fst/trees/ubuntu/main/d/dbus/dbus_1.12.20-2ubuntu4/debian/dbus.postinst #!/bin/sh # Copyright © 2003 Colin Walters # Copyright © 2006 Sjoerd Simons set

[Touch-packages] [Bug 1968845] Re: Upgrade to 22.04 from 20.04 ends with dbus installation asking for a reboot

2022-04-19 Thread Seth Arnold
Yikes, does it actually *stop* at that point? That's .. not ideal. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1968845 Title: Upgrade to 22.04 from 20.04 ends

[Touch-packages] [Bug 1968305] Re: sshd_config.d overrides not working

2022-04-08 Thread Seth Arnold
This reminds me of several previous bugs; this may or may not be a duplicate, and this may or may not be intentional behaviour. Hopefully these are are useful and save some debugging effort: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1922212

[Touch-packages] [Bug 1968047] Re: Ubuntu 22.04 Beta - Unable to compile ruby version 2.7.5, 3.0.3 and 3.3.3 problem with the openssl-dev package

2022-04-06 Thread Seth Arnold
Hopefully this is helpful for you: https://sources.debian.org/data/main/r/ruby3.0/3.0.3-1/debian/patches/Update- openssl-to-version-3.0.0.patch Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1965661] Re: software-properties-gtk crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages'

2022-03-22 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1965661 Title: software-properties-gtk crashed with

[Touch-packages] [Bug 1965857] Re: software-properties-gtk crashed with AttributeError in packages_for_modalias(): 'Cache' object has no attribute 'packages'

2022-03-22 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1965857 Title: software-properties-gtk crashed with

[Touch-packages] [Bug 1885990] Re: server: Match has no effect in include file (upstream 3122)

2022-03-16 Thread Seth Arnold
I can't speak for the SRU team, but it's entirely possible that if you prepare and test a debdiff, and show that this can be fixed, you could drive an SRU through to completion; see https://wiki.ubuntu.com/StableReleaseUpdates for more information. Thanks -- You received this bug notification

[Touch-packages] [Bug 1964642] Re: Packer virtualbox ssh can't connect to unattended Ubuntu 20.04.1/2/3/4 but can connect to Ubuntu 20.4

2022-03-14 Thread Seth Arnold
Yeah it seems unlikely to be ssh to me -- can you ping the machine? does virtualbox networking do interfaces that can ping? Does virtualbox offer a 'console view' that you can use to debug the system? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1964561] Re: package libpam-runtime 1.3.1-5ubuntu4.3 failed to install/upgrade: installed libpam-runtime package post-installation script subprocess returned error exit status 25

2022-03-11 Thread Seth Arnold
Corruption was my first idea, too, but the Dependencies.txt didn't report debsums mismatches. Thanks for the explanations. ** Also affects: debconf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1964561] Re: package libpam-runtime 1.3.1-5ubuntu4.3 failed to install/upgrade: installed libpam-runtime package post-installation script subprocess returned error exit status 25

2022-03-11 Thread Seth Arnold
These lines from the logs look most relevant: Unpacking libpam-runtime (1.3.1-5ubuntu4.3) over (1.3.1-5ubuntu4.1) ... Setting up libpam-runtime (1.3.1-5ubuntu4.3) ... Can't locate object method "new" via package "Debconf::Element::Noninteractive::Multiselect" (perhaps you forgot to load

[Touch-packages] [Bug 1963751] Re: focal security update 2.34.6-0ubuntu0.20.04.1 cannot be automatically installed due to new dependency

2022-03-07 Thread Seth Arnold
Thanks for doing the digging to confirm the cause; I suspect unattended- upgrades should be modified to perform something similar to apt upgrade, rather than apt-get upgrade, and bring in new dependencies when necessary. A lot of systems never have interactive users any more. Thanks ** Changed

[Touch-packages] [Bug 1963834] Re: openssl 3.0 - SSL: UNSAFE_LEGACY_RENEGOTIATION_DISABLED]

2022-03-07 Thread Seth Arnold
It looks like this was added in: https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad82d6d0c0f3 in order to address servers that have not yet been updated for CVE-2009-3555. It's possible to add a flag at the C level to connect insecurely, SSL_OP_LEGACY_SERVER_CONNECT, but I

[Touch-packages] [Bug 1962036] Re: dbus was stopped during today's jammy update, breaking desktop

2022-02-23 Thread Seth Arnold
This reminds me a lot of https://bugs.launchpad.net/bugs/1871538 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1962036 Title: dbus was stopped during today's jammy update,

[Touch-packages] [Bug 1960863] Re: armv8 paca: poly1305 users see segfaults when pointer authentication in use on AWS Graviton 3 instances

2022-02-16 Thread Seth Arnold
None of us are ARM architecture experts but the upstream code nearby doesn't look like it's changed since this patch was introduced: https://github.com/openssl/openssl/blame/master/crypto/poly1305/asm/poly1305-armv8.pl

[Touch-packages] [Bug 1960264] Re: 503 errors for Jammy PPAs

2022-02-11 Thread Seth Arnold
Are there any log entries in your proxy that might help explain what's happening? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1960264 Title: 503 errors for Jammy

[Touch-packages] [Bug 1959160] Re: package systemd 245.4-4ubuntu3.11 failed to install/upgrade: no se pudieron copiar los datos extraídos de './bin/systemctl' a '/bin/systemctl.dpkg-new': fin de fiche

2022-01-27 Thread Seth Arnold
Thank you for taking the time to report this bug and helping to make Ubuntu better. Reviewing your dmesg attachment to this bug report it seems that there may be a problem with your hardware. I'd recommend performing a back up and then investigating the situation. Measures you might take

[Touch-packages] [Bug 1273258] Re: Hundreds of dbus-daemon processes

2022-01-24 Thread Seth Arnold
Pavel, OMJ, maybe execsnoop-bpfcc from bpfcc-tools can help spot what program is starting your dbus-daemons? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to dbus in Ubuntu. https://bugs.launchpad.net/bugs/1273258

[Touch-packages] [Bug 1668944] Re: The _apt user ignores group membership.

2022-01-20 Thread Seth Arnold
Changing away from 'nogroup' would be good, that's for NFS use (similar to 'nobody'). Using ACLs to grant the _apt user permission to work with specific files sounds good to me. Perhaps not all editors know to maintain those when writing new files with the same name, or perhaps know to fall back

[Touch-packages] [Bug 1707645] Re: system with high numbered uids has huge sparse /var/log/lastlog

2022-01-06 Thread Seth Arnold
Oliver, from the lastlog(8) manpage: The lastlog file is a database which contains info on the last login of each user. You should not rotate it. It is a sparse file, so its size on the disk is usually much smaller than the one shown by "ls -l" (which can indicate a

[Touch-packages] [Bug 288964] Re: sudo does not work with unbinding usb interface from usbhid driver

2021-12-14 Thread Seth Arnold
ALinuxUser, Xiaofan Chen's example was unbinding the usbhid driver via the /sys/bus/usb/drivers/usbhid/unbind control file -- yours is using /sys/bus/usb/drivers/usb/unbind instead. You probably have to use the control file that corresponds to the driver your device is using. (Check lsusb -t

[Touch-packages] [Bug 1953301] Re: Segfault on AArch64 caused by OpenSSL affecting numerous packages

2021-12-07 Thread Seth Arnold
This comment looks promising https://github.com/mesonbuild/meson/issues/9690#issuecomment-986872688 It identifies https://github.com/openssl/openssl/pull/13256 and https://github.com/openssl/openssl/pull/13218 as candidate fixes. ** Bug watch added: github.com/mesonbuild/meson/issues #9690

[Touch-packages] [Bug 1952548] Re: package libgdk-pixbuf2.0-0:i386 2.40.0+dfsg-3ubuntu0.2 failed to install/upgrade: el paquete está en un estado muy malo e inconsistente - debe reinstalarlo antes de

2021-11-29 Thread Seth Arnold
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross

[Touch-packages] [Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

2021-11-18 Thread Seth Arnold
Ah, that's good for the health of your storage :) Please follow up with the debug symbols and reproduction instructions. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu.

[Touch-packages] [Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

2021-11-17 Thread Seth Arnold
Hmm, something else to keep in mind: many aarch64 systems run on SD cards or USB memory sticks and those are notorious garbage. Is this a reasonable hard drive or is this cheap flash storage? Are there messages in dmesg that might indicate filesystem or block storage errors? If this isn't a real

[Touch-packages] [Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

2021-11-17 Thread Seth Arnold
Can you provide more information on your environment and how to reproduce this? I wasn't able to reproduce this on my rpi3b+ running focal, with either libssl1.1 1.1.1f-1ubuntu2.8 or 1.1.1f-1ubuntu2.9: First, 1.1.1f-1ubuntu2.8 installed: $ curl -v https://graph.facebook.com/v12.0/act_111/ *

[Touch-packages] [Bug 1921518] Re: OpenSSL "double free" error

2021-11-15 Thread Seth Arnold
** Attachment added: "archive grep for CONF_modules_load_file" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+attachment/5541087/+files/openssl-conf-modules-load-file-15-10%3A46%3A37.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1950201] Re: Gnugpg does not offer the option to store the private and public keys on two different keycards.

2021-11-08 Thread Seth Arnold
This guide describes how to make a copy of gnupg files in order to create a duplicate card: https://zach.codes/ultimate-yubikey-setup-guide/ It would be nice if such a guide weren't necessary. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 1812095] Re: console login loop after entering username followed by RETURN

2021-10-27 Thread Seth Arnold
*** This bug is a duplicate of bug 1813873 *** https://bugs.launchpad.net/bugs/1813873 daniel-sokolov, this bug was fixed in Ubuntu kernels two and a half years ago. Do you really have such an old kernel? I suggest asking for help in Mint support channels -- hopefully someone can walk you

[Touch-packages] [Bug 1948339] Re: Logon screen can be bypassed using various shortcuts

2021-10-21 Thread Seth Arnold
Your daughter does good work :) Thanks ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/1948339 Title:

[Touch-packages] [Bug 1947526] Re: can't run associated docker-compose

2021-10-18 Thread Seth Arnold
Hello Andrew, I don't understand what exactly is broken; your logs show a lot of AppArmor profiles loading without trouble. What are you trying to do? What's going wrong? Thanks ** Changed in: apparmor (Ubuntu) Status: New => Incomplete -- You received this bug notification because you

[Touch-packages] [Bug 1947394] Re: package ca-certificates 20210119ubuntu0.21.04.1 failed to install/upgrade: triggers looping, abandoned

2021-10-15 Thread Seth Arnold
** Package changed: ca-certificates (Ubuntu) => ubuntu-release-upgrader (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1947394 Title: package

[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite

2021-10-05 Thread Seth Arnold
Now that the security team has some new hires, we're looking at reviving this series of tasks. Looking through the bug I have come up with the following outstanding items: - Add a .symbols file to opensc - try to add vsmartcard-vpicc + vsmartcard-vpcd autopkgtests - a formal list of 'supported

[Touch-packages] [Bug 1860826] Re: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory

2021-09-28 Thread Seth Arnold
Worked for me on my daily workstation: ⏚ [sarnold:~/trees] 100 $ sudo apt install -tfocal-proposed libpam0g libpam-runtime libpam-modules-bin libpam-modules Reading package lists... Done Building dependency tree Reading state information... Done Recommended packages: update-motd The

[Touch-packages] [Bug 1944481] Re: Distrust "DST Root CA X3"

2021-09-24 Thread Seth Arnold
You can find older packages on the "full publishing history" from launchpad: https://launchpad.net/ubuntu/+source/ca-certificates/+publishinghistory You can either download it manually or use the pull-lp-debs(1) command from the ubuntu-dev-tools package. Thanks -- You received this bug

Re: [Touch-packages] [Bug 1934393] Re: systemd-logind network access is blocked, and breaks remote authentication configurations

2021-09-22 Thread Seth Arnold
I initially preferred your option two, a drop-in file in whichever nis and ldap binary packages, on principle of trying to keep the mitigations in place if we can. But your case for a difficult debugging session is persuasive. Reading the various bug reports around this, option three seems pretty

[Touch-packages] [Bug 1944006] Re: focal cloud image on kvm does not have ip_tables kernel module

2021-09-17 Thread Seth Arnold
Hello, can you please look for ip_tables.ko in /lib/modules/*/kernel/net/ipv4/netfilter/ip_tables.ko ? Which linux- modules-* package and which linux-image-* packages do you have installed? Thanks ** Package changed: iptables (Ubuntu) => linux (Ubuntu) -- You received this bug notification

Re: [Touch-packages] [Bug 1792004] Re: built-in PATH seems to have sbin and bin out of order; and inconsistent

2021-08-30 Thread Seth Arnold
On Tue, Aug 31, 2021 at 12:45:38AM -, Ubfan wrote: > Since 20.04, there are no /bin and /sbin directories, they are just > links to /usr/sbin and /usr/bin -- perhaps they should be eliminated > from the default PATH. Does it matter if you upgraded from 18.04 or 19.10 vs a fresh install?

[Touch-packages] [Bug 1933979] Re: [MIR] busybox package

2021-08-10 Thread Seth Arnold
Just how bad are the consequences of not promoting this package to main? The code is fairly gross. There's absolute gobs of writing outside array bounds, resource leaks, potential uses of uninitialized variables, etc. I don't know if there's any security-relevant findings -- busybox is almost

[Touch-packages] [Bug 1935076] Re: ubuntu-bug sends huge amounts of internal data to public bugs without asking for permission

2021-08-10 Thread Seth Arnold
dmesg in bug reports is fantastically helpful: it is a very fast and reliable way to diagnose many classes of hardware problems or filesystem flaws or kernel module incompatibilities that show up to the user as bugs in their programs. Having it available has saved both developers and users a *lot*

[Touch-packages] [Bug 1427600] Re: apport-unpack: ValueError: ['UserGroups'] has no binary content

2021-07-27 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1427600 Title: apport-unpack: ValueError: ['UserGroups'] has no

[Touch-packages] [Bug 1937071] Re: package initramfs-tools 0.136ubuntu6.6 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1

2021-07-21 Thread Seth Arnold
Hello Rucel, my guess is you've installed the lilo package. This is not supported. If you can identify a bugfix it could probably be integrated but honestly it'd be easier to either figure out how to use grub in your environment or switch to another distribution that does support using lilo. Grub

[Touch-packages] [Bug 1937071] Re: package initramfs-tools 0.136ubuntu6.6 failed to install/upgrade: installed initramfs-tools package post-installation script subprocess returned error exit status 1

2021-07-21 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1937071 Title: package initramfs-tools 0.136ubuntu6.6

[Touch-packages] [Bug 1927078] Re: Don't allow useradd to use fully numeric names

2021-07-07 Thread Seth Arnold
Beautiful, thanks for the large range of tests :) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1927078 Title: Don't allow useradd to use fully numeric names Status in

[Touch-packages] [Bug 1927078] Re: Don't allow useradd to use fully numeric names

2021-06-17 Thread Seth Arnold
Ah, that explains that. Would you mind adding tests for a few more usernames? 0root 0 00 0.0 0x0 0-0 0_0 0.o 0xo 0-o 0_o Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu.

[Touch-packages] [Bug 1932342] Re: Feature Request: Rate limit apparmor denial logs

2021-06-17 Thread Seth Arnold
See also https://github.com/snapcrafters/discord/issues/23 -- there may be some other advice buried in there on how to deal with the deluge while also not giving discord permission to see all the processes you're running. Thanks ** Bug watch added: github.com/snapcrafters/discord/issues #23

[Touch-packages] [Bug 1927078] Re: Don't allow useradd to use fully numeric names

2021-06-16 Thread Seth Arnold
Heh, a comment in Jawn's debdiff: * User/group names must match [a-z_][a-z0-9_-]*[$] I found period also worked fine: root@u20:~# useradd 0.0 root@u20:~# getent passwd 0.0 0.0:x:1001:1001::/home/0.0:/bin/sh root@u20:~# userdel 0.0 root@u20:~# getent passwd 0.0 root@u20:~# exit I know

Re: [Touch-packages] [Bug 1927078] Re: Don't allow useradd to use fully numeric names

2021-06-16 Thread Seth Arnold
On Wed, Jun 16, 2021 at 09:15:32PM -, Steve Langasek wrote: > Disallowing leading numeric digits entirely would, unfortunately, > disable a significant class of valid usernames in conflict with > historical usage. Admins are still able to hand-edit /etc/passwd, /etc/shadow, and mv home

[Touch-packages] [Bug 1917904] Re: Arbitrary file reads

2021-06-11 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1917904 Title: Arbitrary file reads Status in apport

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-09 Thread Seth Arnold
Wonderful, thanks Daniel! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage Status

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-09 Thread Seth Arnold
Daniel, are you sure about that fixed-in-5.56 bug tag? I can't spot the referenced commit in the tarballs 5.55, 5.56, 5.57, 5.58 from: http://www.bluez.org/ nor in the github sources: https://github.com/bluez/bluez/blob/master/src/gatt-database.c#L1054 nor the kernel.org sources:

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-08 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read

[Touch-packages] [Bug 1930286] Re: Defensics' synopsys fuzzer testing tool cause openssh to segfault

2021-06-02 Thread Seth Arnold
Hello Eric, thanks for doing the research on this issue. Does the coredump look like this may be exploitable in some fashion? Is the crash something that affects anything beyond the specific process serving the client in question? Thanks -- You received this bug notification because you are a

[Touch-packages] [Bug 1930301] Re: package libpam0g:amd64 1.3.1-5ubuntu4.2 failed to install/upgrade: installed libpam0g:amd64 package post-installation script subprocess returned error exit status 1

2021-06-01 Thread Seth Arnold
** Also affects: debconf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pam in Ubuntu. https://bugs.launchpad.net/bugs/1930301 Title: package libpam0g:amd64

[Touch-packages] [Bug 1930209] Re: Could not open file /var/lib/update-notifier/package-data- downloads/partial/verdan32.exe - open (40: Too many levels of symbolic links)

2021-06-01 Thread Seth Arnold
** Summary changed: - sudo apt install timeshift Reading package lists... Done Building dependency treeReading state information... Done The following NEW packages will be installed: timeshift 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or

[Touch-packages] [Bug 1930103] Re: isc-dhcp-server overwrites /etc/default/isc-dhcp-server during update

2021-05-28 Thread Seth Arnold
Hello Milan, I just tested an upgrade: Unpacking isc-dhcp-server (4.4.1-2.1ubuntu5.20.04.2) over (4.4.1-2.1ubuntu5) ... and my /etc/default/isc-dhcp-server modifications had been left in place. The maintainer scripts will create a new one if the file cannot be read:

[Touch-packages] [Bug 1929758] Re: OpenSSH vulnerabilities

2021-05-28 Thread Seth Arnold
Great, thanks Ian. ** Package changed: ubuntu => openssh (Ubuntu) ** Changed in: openssh (Ubuntu) Status: Incomplete => Invalid ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1152187] Re: [MIR] systemd

2021-05-25 Thread Seth Arnold
The usual way we determine if a package is in main or not is to check the package lists; will the promotion step make the systemd-container binary package visible to package lists or rmadison output? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1928360] Re: Switch to Fcitx 5 for Chinese

2021-05-24 Thread Seth Arnold
Gunnar, indeed, it had much less in it than I expected; I don't know much about the snap packaging for Chromium, but it looked to me like it was trying to do bluetooth things and that's all that was denied. I'm no fcitx expert but I didn't think it looked related. Thanks -- You received this

Re: [Touch-packages] [apparmor] [Bug 1928360] Re: Switch to Fcitx 5 for Chinese

2021-05-18 Thread Seth Arnold
On Tue, May 18, 2021 at 07:39:48PM -, Gunnar Hjalmarsson wrote: > On 2021-05-16 22:23, Gunnar Hjalmarsson wrote: > > As regards apparmor it's possible that no change is needed. > > Well, I simply tested with the Chromium snap. fcitx5 does not work in > Chromium, while fcitx4 does. So

[Touch-packages] [Bug 1873627] Re: auditd fails after moving /var it a new filesystem and turning /var/run into a symlink to /run

2021-05-13 Thread Seth Arnold
Thanks for the strace, these looked like the 'important' parts: sendto(3, {{len=56, type=AUDIT_SET, flags=NLM_F_REQUEST|NLM_F_ACK, seq=3, pid=0}, "\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa2\xb8\x29\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"...}, 56, 0,

[Touch-packages] [Bug 1926254] Re: x509 Certificate verification fails when basicConstraints=CA:FALSE, pathlen:0 on self-signed leaf certs

2021-05-03 Thread Seth Arnold
Matthew, thanks so much! sounds good to me. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1926254 Title: x509 Certificate verification fails when

[Touch-packages] [Bug 1926254] Re: x509 Certificate verification fails when basicConstraints=CA:FALSE, pathlen:0 on self-signed leaf certs

2021-04-30 Thread Seth Arnold
Hello Dan and Matthew, thanks for working on this. I gave the debdiffs a look, skimmed through openssl changes, and don't see any reason to not do this. There *are* larger changes to that function in https://github.com/openssl/openssl/commit/1e41dadfa7b9f792ed0f4714a3d3d36f070cf30e -- but it's a

[Touch-packages] [Bug 1892559] Re: [MIR] ccid libpam-pkcs1 libpcsc-perl opensc pcsc-tools pcsc-lite

2021-04-29 Thread Seth Arnold
Thanks Marco, I'll take pam-pkcs11 off our todo list. (This can be reversed, of course. If it turns out to be necessary for something, someone shout. :) Thanks ** Changed in: pam-pkcs11 (Ubuntu) Status: New => Invalid ** Changed in: pam-pkcs11 (Ubuntu) Assignee: Ubuntu Security Team

[Touch-packages] [Bug 1923273] Re: libcaca buffer-overflow

2021-04-09 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcaca in Ubuntu. https://bugs.launchpad.net/bugs/1923273 Title: libcaca buffer-overflow Status in

[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

2021-04-09 Thread Seth Arnold
Hello, this sounds like surprising advice to me -- afterall the /etc/passwd file is 644. I don't know what would be the point of hiding this 'backup' file. Does the benchmark give a rationale for this? Thanks ** Information type changed from Private Security to Public Security ** Changed in:

[Touch-packages] [Bug 1921552] Re: xscreensavers

2021-04-05 Thread Seth Arnold
Thank you for taking the time to report this bug and helping to make Ubuntu better. Reviewing your dmesg attachment to this bug report it seems that there may be a problem with your hardware. I'd recommend performing a back up and then investigating the situation. Measures you might take

[Touch-packages] [Bug 1922212] Re: SSHD does not honor configuration files

2021-04-01 Thread Seth Arnold
Hello Jeffrey, this reminds me a little of https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1876320 -- but it's also something that should have been addressed last year. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1921423] Re: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: o subprocesso instalado, do pacote sudo, o script post-installation retornou erro do status de saída 1

2021-03-25 Thread Seth Arnold
Hello Alex, I would guess that the reason why the permissions are incorrect is probably whatever tool added four copies of this to your sudoers: ALL ALL=(ALL) NOPASSWD:/usr/share/dtsremoter/remoterserver ALL ALL=(ALL) NOPASSWD:/usr/share/dtsremoter/remoterdelegate Any tool that would do that is

[Touch-packages] [Bug 1766628] Re: apparmor denies VLC to open files in devmode

2021-03-19 Thread Seth Arnold
AppArmor just enforces the policies that were given to it; please report this issue to whoever packaged the snap you're using. Thanks ** Changed in: apparmor (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1899193] Re: local denial of service due to parsing bugs in arfile.cc

2021-02-26 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1899193 Title: local denial of service due to parsing bugs

[Touch-packages] [Bug 1915945] Re: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed sudo package post-installation script subprocess returned error exit status 1

2021-02-23 Thread Seth Arnold
What's the output of: lsattr -l /etc/sudoers Please note that the sudoers file should only ever be edited with visudo, which will perform safety checks on the file when you try to save it. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1916256] Re: NVIDIA Driver not working

2021-02-19 Thread Seth Arnold
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to xorg in Ubuntu. https://bugs.launchpad.net/bugs/1916256 Title: NVIDIA Driver not working Status in xorg package

[Touch-packages] [Bug 1915945] Re: package sudo 1.8.31-1ubuntu1.2 failed to install/upgrade: installed sudo package post-installation script subprocess returned error exit status 1

2021-02-17 Thread Seth Arnold
Hello, chown: alterando o dono de '/etc/sudoers': Operação não permitida Is there any chance you've set attrs on this file to prevent it from being modified? THanks ** Changed in: sudo (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1878194] Re: [Sennheiser HD 4.50 BTNC] Bluetooth headset not working when selecting HSP/HFP audio profile in Focal Fossa

2021-02-17 Thread Seth Arnold
*** This bug is a duplicate of bug 1871794 *** https://bugs.launchpad.net/bugs/1871794 ** Information type changed from Public Security to Public -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.

[Touch-packages] [Bug 1915913] Re: OpenSSL Multiple Denial of Service Vulnerabilities

2021-02-17 Thread Seth Arnold
Hello, there are untested packages in https://launchpad.net/~ubuntu- security-proposed/+archive/ubuntu/ppa/+packages in case you wish to test them in your environment. Thanks ** Information type changed from Private Security to Public Security -- You received this bug notification because you

[Touch-packages] [Bug 1915908] Re: package openssh-server 1:8.2p1-4ubuntu0.1 failed to install/upgrade: installed openssh-server package post-installation script subprocess returned error exit status

2021-02-17 Thread Seth Arnold
Hello, note this line from the automatically added contents: SSHDConfig: Error: command ['/usr/sbin/sshd', '-T'] failed with exit code 255: /etc/ssh/sshd_config line 1: garbage at end of line; "to". It looks like your /etc/ssh/sshd_config file may be incorrect. Thanks ** Changed in: openssh

[Touch-packages] [Bug 1914839] Re: package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically

2021-02-05 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1914839 Title: package upgrade should replace

[Touch-packages] [Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2021-02-02 Thread Seth Arnold
Re test rebuilds, that's certainly the intention, but there are occasional problems: https://launchpad.net/bugs/1910555 https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-340/+bug/1910709 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1910503 (virtualbox, probably not in

[Touch-packages] [Bug 1914148] Re: Firefox connstantly disabled on Apparmor

2021-02-01 Thread Seth Arnold
The Firefox AppArmor profile isn't enabled by default because it forces the user to change how they interact with their browser. Consider that the profile really allows downloads only into ~/Downloads/ directories. (There's other places that are writable, but even less suitable for downloads.)

[Touch-packages] [Bug 1872504] Re: date modified is wrong for files on an exfat formatted drive

2021-01-22 Thread Seth Arnold
I added the linux source package to this bug because I've heard this commit addresses the issue: https://github.com/gregkh/linux/commit/099340d3e758cca06a82bf5dcff8b9a8acbdcb0a Thanks ** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug

[Touch-packages] [Bug 1912855] Re: debugfs shouldn't be mounted by default

2021-01-22 Thread Seth Arnold
I'm inclined to say an admin should ask to mount this explicitly, however stgraber pointed out on irc that lxd premounts /sys/kernel/debug in part to placate upstart in guests. This may have implications for disabling /lib/systemd/system/sys-kernel-debug.mount by default. Thanks -- You received

[Touch-packages] [Bug 1910576] Re: [MIR] libbpf (dependency of iproute2)

2021-01-14 Thread Seth Arnold
Thanks Christian, I think you're right, this probably doesn't need a security review and being centralized in one place will probably be easier to maintain. Thanks ** Changed in: libbpf (Ubuntu) Status: New => Fix Committed ** Changed in: libbpf (Ubuntu) Assignee: Seth Arnold (s

[Touch-packages] [Bug 1911836] Re: package linux-image-5.4.0-62-generic 5.4.0-62.70 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

2021-01-14 Thread Seth Arnold
Hello, I think the core of your problem is this: Error 24 : Write error : cannot write compressed block Caused by a full /boot: /dev/sda2 483946424596 34365 93% /boot Truncate a few older files in /boot (start a shell via sudo -s, then find files with ls -l,

[Touch-packages] [Bug 1908733] Re: CVE-2020-1971 OpenSSL package upgrade issue

2020-12-22 Thread Seth Arnold
Hello, you've replaced the Ubuntu OpenSSL packages with Ondrej's OpenSSL packages. You can ask him if he has performed the corresponding update yet: https://github.com/oerdnj/deb.sury.org Thanks ** Information type changed from Private Security to Public Security ** Changed in: openssl (Ubuntu)

  1   2   3   4   5   6   7   8   9   10   >